ProHoster > Blog > internet news > Firefox 70

Firefox 70

Available Firefox 70 release.

Major changes:

  • Introduced a new password manager - Lockwise:
    • 10 years ago about the weak security of the password manager сообщил Justin Dolske. In 2018, Vladimir Palant (Adblock Plus developer) again raised this issue, discovering that the password manager still uses SHA-1 one-time hashing. This allows you to reset the password of an average user in a few minutes on modern graphics accelerators.
    • Lockwise uses strong SHA-256 and AES-256-GCM algorithms.
    • There is a new page about:logins (style for userContent.css, which allows you to fit more information on the screen), where you can create new entries, import passwords from other browsers, and download applications for Android and iOS. Passwords are synced through your Firefox account.
    • Lockwise suggests generating strong passwords for forms with the autocomplete="new-password" attribute, and notifies (signon.management.page.breach-alerts.enabled = true) if the password saved for a site is older than that site was leaked (that is, if there is a possibility that the user has been affected by the leak). To do this, Firefox Monitor is integrated into it (extensions.fxmonitor.enabled = true), which used to be a separate system add-on.
  • Standard tracking protection settings now include protection from social media trackers (Like buttons, Twitter message widgets). If the page contains blocked content, the icon in the address bar becomes colored. Change has undergone and a panel called when you click on it: now it displays allowed trackers (blocking of which can lead to breakage of sites or individual functions), as well as a link to the about:protections page.
  • Lines that underline text (underline tag or link) are now do not cross characters, but break (layout.css.text-decoration-skip-ink.enabled = true)
  • Since encryption has become the norm in 2019 (information transmitted over insecure channels is available to everyone, for example, due to incorrectly configured SORM equipment), the approach to displaying the connection security status has been changed:
    • If a secure connection is established, a gray icon is displayed instead of green (security.secure_connection_icon_color_gray = true). This will help inexperienced users who perceive green as a signal that the site is trusted, while green only means that the connection is encrypted, but does not guarantee the authenticity of the resource.
    • If an insecure connection is established (HTTP or FTP), a crossed out icon is displayed (security.insecure_connection_icon.enabled = true, security.insecure_connection_icon.pbmode.enabled = true).
  • About EV Certificates (Extended Validation Certificates) moved from address bar to site details panel (security.identityblock.show_extended_validation = false). Research showthat displaying this data in the address bar practically does not help users in any way - they do not pay attention to its absence. In addition, researcher Ian Carroll showedhow easy it is to get an EV certificate in the name of "Stripe, Inc" (a popular payment system) just by registering a company with the same name in another state. In any case, you need to look at the detailed information about the site to find the difference - information from the address bar is not enough. Another researcher, James Burton, received a certificate in the name of the company he registered "Identity Verified", which is also easily misleading users.
  • Firefox will show the icon in the address bar if the site uses geolocation.
  • The address bar automatically corrects common typos in the URL protocol (browser.fixup.typo.scheme = true): ttp → http, ttps → http, tps → https, ps → https, ile → file, le → file.
  • The buttons of search engines in the address bar are centered, the ability to immediately go to their settings has been added.
  • Reorganized Firefox account management menu.
  • Browser service pages have learned to use the dark theme (if the system has dark theme enabled or ui.systemUsesDarkTheme = true).
  • Updated browser logo and name ("Firefox Browser" instead of "Firefox Quantum").
  • An icon has been added to the toolbar (and an item to the main menu), clicking on which displays information about the main innovations of this release (browser.messaging-system.whatsNewPanel.enabled = true).
  • WebRender included by default on Linux systems with video cards from all major manufacturers: AMD, nVIDIA (only with Nouveau driver), Intel. Requires at least Mesa 18.2.
  • New included JavaScript bytecode interpreter. In some cases, page loading speed up to 8%.
  • HTTP cache divided by top-level source to prevent widely used by various services a way to determine if a user is logged into certain sites.
  • Permission requests from the site (for example, to show notifications or access the microphone) will force the browser to exit full screen mode (permissions.fullscreen.allowed = false). These measures are aimed at combating some sites that block the user in full screen mode and force him to give permissions or install a malicious add-on.
  • Following Chrome's Referer header size limited to 4 kilobytes, which is enough for 99.90% of sites.
  • Prohibited opening any files in the browser via FTP protocol. Instead of opening the file, it will be downloaded.
  • macOS:
    • Three times reduced power consumption, which has increased markedly since the first release of Quantum. In addition, page loading speeded up by up to 22%, and resource costs for video playback were reduced by 37% in some cases.
    • Now you can import passwords from Chrome.
  • WebRender is enabled by default on Windows devices with integrated Intel graphics and low screen resolutions (up to 1920x1200).
  • Developer Tools:
    • The accessibility inspector panel has been added to show the accessibility of page elements for people using only the keyboard, as well as a color blind simulator.
    • The inspector highlights CSS definitions that do not affect the selected element, and also explains the reasons for this and gives advice on how to fix it.
    • The debugger can set breakpoints for DOM mutations. They fire when a node or its attributes are changed or removed from the DOM.
    • Addon developers now have the ability to inspect the contents of browser.storage.local.
    • Network Inspector learned look for request and response elements (headers, cookies, body).

Source: linux.org.ru

Add a comment