Advertisement

CHANGELOG

What's New in version 78.0.2:

  • Security fix
  • Fixed an accessibility regression in reader mode (bug 1650922)
  • Made the address bar more resilient to data corruption in the user profile (bug 1649981)
  • Fixed a regression opening certain external applications (bug 1650162)

What's New in version 78.0:

New:

  • The Protections Dashboard includes consolidated reports about tracking protection, data breaches, and password management
  • New features let you: Track how many breaches you’ve resolved right from the dashboard. See if any of your saved passwords may have been exposed in a data breach
  • To view your dashboard, type about:protections into the address bar, or select “Protections Dashboard” from the main menu
  • Because we know people try to fix problems by reinstalling Firefox when a simple refresh is more likely to solve the issue, we’ve added a Refresh button to the Uninstaller
  • With this release, your screen saver will no longer interrupt WebRTC calls on Firefox, making conference and video calling in Firefox better
  • We’ve rolled out WebRender to Windows users with Intel GPUs, bringing improved graphics performance to an even larger audience
  • Firefox 78 is also our Extended Support Release (ESR), where the changes made over the course of the previous 10 releases will now roll out to our ESR users. Some of the highlights are
  • Kiosk mode
  • Client certificates
  • Service Worker and Push APIs are now enabled
  • The Block Autoplay feature is enabled
  • Picture-in-picture support
  • View and manage web certificates in about:certificate
  • Pocket recommendations, featuring some of the best stories on the web, will now appear on the Firefox new tab for 100&'37; of our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps

Fixed:

  • Various security fixes
  • We fixed bugs in the search results quality composition and improved search result texts based on recommendations by our partners

Changed:

  • The minimal system requirements on Linux have been updated. Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14 or newer versions
  • As part of our ongoing effort to deprecate obsolete cryptography, we have disabled all remaining DHE-based TLS ciphersuites by default
  • To mitigate web compatibility issues from disabling DHE-based TLS ciphersuites, Firefox 78 enables two more AES-GCM SHA2-based ciphersuites
  • We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page
  • The context menu (accessed by right clicking on a tab) lets you undo multiple tab closings with a single click and places Close Tabs to the Right and Close Other Tabs in a submenu
  • A number of accessibility improvements have been made with this release
  • When using the JAWS screen reader, pressing the down arrow in an HTML input control with a datalist no longer incorrectly moves the cursor to the next element after the input control
  • Screen readers no longer severely lag or freeze when focusing the microphone/camera/screen sharing indicator
  • Large tables with thousands of rows now load much faster for screen reader users
  • Text input controls with custom styling now correctly show the focus outline when appropriate
  • Screen readers no longer sometimes incorrectly switch to document browsing mode unexpectedly when the user enters the main Developer Tools window
  • We reduced a number of animations such as tab hover, search bar expansion, and others to reduce motion for users with migraines and epilepsy

Enterprise:

  • Enable support for client certificates stored on macOS and Windows by setting the experimental preference security.osclientcerts.autoload to true
  • New policies allow you to configure application handlers, disable picture in picture, and require a master password, which will be renamed to ‘primary password’ in future releases

Developer:

  • DevTools Console now logs uncaught promise errors with much more detailed names, stacks, and properties, particularly improving JavaScript framework debugging
  • Debugger’s automatic mapping for minified variable names now also works for Logpoints, which makes debugger of source-mapped projects feel more seamless
  • The Firefox DevTools’ Network panel now highlights which extension or CORS restriction blocked a request, so developers can make their sites more resilient and secure
  • New RegExp engine in SpiderMonkey, adding support for the dotAll flag, Unicode escape sequences, lookbehind references, and named captures

What's New in version 77.0.1:

Fixed:

  • Disabled automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way (bug 1642723)

What's New in version 77.0:

New:

  • Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps.
  • WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440).
  • You can view and manage web certificates more easily on the new about:certificate page.
  • Fixed: Various security fixes.
  • A number of features have been fixed to improve Firefox accessibility.
  • The applications list in Firefox Options is now accessible to screen reader users.
  • Some live regions previously didn't report updated text with the JAWS screen reader. This issue has been fixed.
  • Date/time inputs are now no longer missing labels for users of accessibility tools.

Changed:

  • The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page

What's New in version 76.0:

New:

  • With today’s release, Firefox strengthens protections for your online account logins and passwords, with innovative approaches to managing your accounts during this critical time
  • Firefox displays critical alerts in the Lockwise password manager when a website is breached;
  • If one of your accounts is involved in a website breach and you've used the same password on other websites, you will now be prompted to update your password. A key icon identifies which accounts use that vulnerable password.
  • Automatically generate secure, complex passwords for new accounts across more of the web that are easily saved right in the browser;
  • You have been able to access and see your saved passwords under Logins and Passwords easily under the main menu. If your device happens to be shared among your family or roommates, the latest update helps to prevent casual snooping over your shoulder. If you don’t have a master password set up for Firefox, Windows and macOS now requires a login to your operating system account before showing your saved passwords.
  • Picture-in-Picture allows you to multitask, the small video window following along no matter what you are doing on your computer, across different applications and even workspaces. Now, when you are ready to focus on the video, a double click can take the small window into full screen. Double click again to reduce the size again.
  • Firefox now supports Audio Worklets that will allow more complex audio processing like VR and gaming on the web; and is being adopted by some of your favorite software programs.
  • With this change, you can now join Zoom calls on Firefox without the need for any additional downloads.
  • WebRender continues its roll out to more Firefox for Windows users, now available by default on modern Intel laptops with a small screen (< or = 1920x1200) for improved graphics rendering.

Fixed:

  • Various security fixes

Changed:

Two updates to the address bar improve its usability and visibility:

  • The shadow around the address bar field is reduced in width when a new tab is opened;
  • The bookmarks toolbar has expanded slightly in size to improve its surface area for touchscreens.

Developer:

  • Testing mobile interactions using DevTools’ Responsive Design Mode now mimics the device behavior for handling double-tap to zoom. This builds on previous improvements to correctly rendering meta-viewport tags, allowing developers to optimize their sites for Firefox for Android without a device.
  • Double-clicking table headers in DevTools’ network request table now resizes the column width to fit the content, making it easier to expand the important data.
  • WebSocket inspection now supports ActionCable message preview, adding to the list of automatically formatted protocols like socket.io, SignalR, WAMP, etc.

What's New in version 75.0:

With today's release, a number of improvements will help you search smarter, faster. Type less and find more with Firefox's revamped address bar:

  • Focused, clean search experience that's optimized for smaller laptop screens
  • Top sites now appear when you select the address
  • Improved readability of search suggestions with a focus on new search terms
  • Suggestions include solutions to common Firefox issues
  • On Linux, the behavior when clicking on the Address Bar and the Search Bar now matches other desktop platforms: a single click selects all without primary selection, a double click selects a word, and a triple click selects all with primary selection
  • Firefox will locally cache all trusted Web PKI Certificate Authority certificates known to Mozilla. This will improve HTTPS compatibility with misconfigured web servers and improve security.
  • Firefox is now available in Flatpak, an easier way to install and use Firefox on Linux.
  • Direct Composition is being integrated for our users on Windows to help improve performance and enable our ongoing work to ship WebRender on Windows 10 laptops with Intel graphics cards.

Fixed:

  • Various security fixes

Enterprise:

  • Experimental support for using client certificates from the OS certificate store can be enabled on macOS by setting the preference security.osclientcerts.autoload to true.
  • Enterprise policies may be used to exclude domains from being resolved via TRR (Trusted Recursive Resolver) using DNS over HTTPS.

What's New in version 74.0.1:

Security fixes:

  • CVE-2020-6819: Use-after-free while running the nsDocShell destructor
  • CVE-2020-6820: Use-after-free when handling a ReadableStream

What's New in version 74.0:

New:

  • Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.
  • Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.
  • Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.
  • Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.
  • Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.

Security fixes:

  • CVE-2020-6805: Use-after-free when removing data about origins
  • CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
  • CVE-2020-6807: Use-after-free in cubeb during stream destruction
  • CVE-2020-6808: URL Spoofing via javascript: URL
  • CVE-2020-6809: Web Extensions with the all-urls permission could access local files
  • CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
  • CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  • CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
  • CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
  • CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
  • CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
  • CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74
  • We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.

Changed:

  • When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved allowing you to flip through to the next image of the batch.
  • On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar making keyboard shortcuts more useful for our users.
  • We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

Developer:

  • Firefox’s Debugger added support for debugging Nested Web Workers, so their execution can be paused and stepped through with breakpoints

Web Platform:

  • Firefox has added support for the new JavaScript optional chaining operator (?.) and CSS text-underline-position.

What's New in version 73.0:

New:

  • Today’s Firefox release includes two features that help users view and read website content more easily, quickly. Like all accessibility improvements, these features improve browsing for everyone.
  • Firefox has offered a page zoom feature for more than a decade that allows users to set the zoom level on a per-site basis. For users who need to zoom most websites, having to adjust zoom for each new site can be an annoyance. To address this, we have implemented a new global default zoom level setting. This option is available in about:preferences under 'Language and Appearance' and can be scaled up or down from 100&'37; as needed and sets the default zoom level for all sites. Per-site zoom is still available to make adjustments to individual sites as needed.
  • Many users with low vision rely on Windows' High Contrast Mode to make websites more readable. Traditionally, to increase the readability of text, Firefox has disabled background images when High Contrast Mode is enabled. With today’s release of Firefox 73, we introduce a 'readability backplate' solution which places a block of background color between the text and background image. Now, websites in High Contrast Mode are more readable without disabling background images.

Fixed:

  • Various security fixes.
  • Improved audio quality when playing back audio at a faster or slower speed.
  • Firefox will now only prompt you to save logins if a field in a login form was modified.

Changed:

  • WebRender will roll out to laptops with Nvidia graphics cards with drivers newer than 432.00, and screen sizes smaller than 1920x1200.

Developer:

  • Developer Information
  • WAMP-formatted WebSocket messages (JSON, MsgPack and CBOR) are now nicely decoded for inspection in the Network panel.

Web Platform:

  • Improved auto-detection of legacy text encodings on old web pages which don’t explicitly declare the text encoding.

What's New in version 72.0.2:

  • Various stability fixes
  • Fixed issues opening files with spaces in their path
  • Fixed a hang opening about:logins when a master password is set
  • Fixed a web compatibility issue with CSS Shadow Parts which shipped in Firefox 72
  • Fixed inconsistent playback performance for fullscreen 1080p videos on some systems

What's New in version 72.0.1:

Security fix:

  • CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  • Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.

What's New in version 72.0:

New:

  • Firefox’s Enhanced Tracking Protection marks a major new milestone in our battle against cross-site tracking: we now block fingerprinting scripts by default for all users, taking a new bold step in the fight for our users’ privacy.
  • Firefox replaces annoying notification request pop-ups with a more delightful experience, by default for all users. The pop-ups no longer interrupt your browsing, in its place, a speech bubble will appear in the address bar when you interact with the site.
  • Picture-in-picture video is now also available in Firefox for Mac and Linux: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs or apps. Learn how the feature works.

Fixed:

  • Various security fixes

Changed:

  • Support for blocking images from individual domains has been removed from Firefox, because of low usage and poor user experience.

Enterprise:

  • Experimental support for using client certificates from the OS certificate store can be enabled by setting the preference security.osclientcerts.autoload to true (Windows only).

Developer:

  • Debugger Watchpoints let developers observe object property access and writes for easier to track data flow through an application.
  • Firefox now supports simulation of meta viewport in Responsive Design Mode.

What's New in version 70.0.1:

  • Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)

What's New in version 70.0:

NEW:

More privacy protections from Enhanced Tracking Protection:

  • Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
  • The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.

More security protections from Firefox Lockwise, our digital identity and password management tool:

  • Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers?.
  • Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
  • Complex password generation, to help you create and save strong passwords for new online accounts.

Improvements to core engine components, for better browsing on more sites:

  • A faster Javascript Baseline Interpreter to handle the modern web's
  • large codebases and improve page load performance by as much as 8
  • percent.
  • WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
  • Compositor improvements in Firefox for macOS that reduce power
  • consumption, speed up page load by as much as 22 percent, and reduce resource use for video by up to 37 percent.

More browser features to help you get the most out of Firefox products and services:

  • A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
  • A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
  • When a website uses your geolocation, an indicator is shown in the
  • address bar.

CHANGED:

  • Built-in Firefox pages now follow the system dark mode preference
  • Aliased theme properties have been removed, which may affect some themes
  • Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
  • Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.

Improved privacy and security indicators:

  • A new crossed-out lock icon will indicate sites delivered via
  • insecure HTTP
  • The formerly green lock icon is now grey
  • The Extended Validation (EV) indicator has been moved to the identity
  • popup that appears when clicking the lock icon

DEVELOPER:

  • The Developer Tools Accessibility panel now includes an audit for keyboard accessibility and a color deficiency simulator for systems with WebRender enabled
  • Inactive CSS: The Inspector now grays out CSS declarations that don't affect the selected element and shows a tooltip explaining why -- and even how to fix it.
  • The new DOM Mutation Breakpoints in Developer Tools allows developers to diagnose when scripts add, remove or update page content. This makes debugging of complex script interactions and dependencies a lot easier.
  • WebExtensions developers can now inspect browser.storage.local data using the 'Addon Debugging' Firefox Developer Tools.
  • With new network resource search in Developer Tools, you can quickly find resources based on their request and response data, including headers, cookies and content.

VARIOUS SECURITY FIXES:

  • CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
  • CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
  • CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
  • CVE-2019-11759: Stack buffer overflow in HKDF output
  • CVE-2019-11760: Stack buffer overflow in WebRTC networking
  • CVE-2019-11761: Unintended access to a privileged JSONView object
  • CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
  • CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
  • CVE-2019-11765: Incorrect permissions could be granted to a website
  • CVE-2019-17000: CSP bypass using object tag with data: URI
  • CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
  • CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
  • CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2