ProHoster > Blog > internet news > Firefox 74

Firefox 74

Available Firefox 74.

  • The password manager has learned to sort entries in reverse order (Z-A).
  • It's over with extensions installed globally (for all users on the system, for example in %ProgramFiles%Mozilla Firefoxextensions). A similar distribution method is used for pre-installation in distributions, as well as for imposing add-ons when installing third-party software. The developers considered it vicious, because it makes it impossible for the user to remove such add-ons through the add-on manager (for example, if the add-on causes problems, or the user does not like what is being imposed on him). Now the management of add-ons is completely under the control of the user. Already installed add-ons will continue to work (the user is now able to remove them through add-ons management), and newly installed ones will be ignored. Custom distribution builders (Windows) and maintainers (Linux) will be given a special option at build time to return support for globally installed add-ons. Corporate users are given the ability to deploy add-ons through group policies.
  • Addition Facebook Container (automatically opens a social network in a separate container) maintains a custom list of domains that will also be automatically placed in a container.
  • The button for creating a new tab has received a right-click menu (only works when containers) from which you can select a container for the tab you are creating. In addition, the setting "Select a container for each new tab" has been added, which allows you to call such a menu with the left mouse button.
  • Appeared the ability to disable tab unpinning. The inadvertent transformation of a tab into a separate window has annoyed users for many years (the corresponding ticket was opened 9 years ago). The browser.tabs.allowTabDetach setting is provided to disable the detachment of behavior tabs.
  • Add-on hotkeys can now be not only reassigned, but also disabled.
  • For US users, DNS over HTTPS is enabled by default. The default resolver is Cloudflare. In the settings, you can change it to NextDNS or specify the address of your own resolver.
  • Linux builds use technology RLBox. The C++ code of potentially vulnerable third-party libraries is converted into a WebAssembly module with severely restricted permissions, and then the module is compiled to native code and executed in an isolated process. The first such library was Graphite.
  • For touch screen devices implemented scroll acceleration.
  • On Windows and macOS, it became possible to import data from Edgium (Edge on the Chromium engine).
  • Browser no longer reveals local IP address of the machine via WebRTC (a random identifier is used instead of the local address), so users are advised to reset the settings media.peerconnection.ice.default_address_only ΠΈ media.peerconnection.ice.no_host (changing these settings was previously achieved by hiding the local address).
  • Search by history from now on ignores diacritics (for example, searching for the word Χ€Χ‘Χ— will also find all occurrences of Χ€ΦΆΦΌΧ‘Φ·Χ—).
  • As announced a year and a half ago, disabled support for TLS 1.0 and TLS 1.1. If the server does not support TLS 1.2, the user will see an error message about establishing a secure connection and a button that enables support for legacy protocols (their support will be completely removed in the future). Other popular browsers this year also disable support for old (TLS 1.0 appeared in 1999, and TLS 1.1 - in 2006) protocols, since they do not support modern fast and reliable algorithms (ECDHE, AEAD), but require support for old and weak ones (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA , SHA1, MD5). A year ago, the share of traffic using these protocols did not exceed half a percent, and by now it has decreased even more.
  • HTTP:
    • Enabled HTTP header support Feature Policy. With it, the site developer can specify which features and APIs the browser should use or not use (for example, to optimize site performance). Feature Policy is somewhat similar to CSP, but manages browser features, not security. As a consequence, frames ( ) in which another domain is open, can no longer Request access to geolocation, camera, microphone, screen capture, and full screen mode unless explicitly allowed by the Feature Policy.
    • Implemented support Cross-Origin-Resource-Policy (CORP), with its help, sites can block certain requests from third-party sources (for example, prohibit access from third-party resources to scripts and images of the current site), which prevents speculative side-channel attacks (Meltdown and Specter), as well as attacks using cross-site scenarios.
    • Event added languagechange_event, which fires when the user changes their preferred language.
  • CSS:
    • Property support enabled text-underline-position, which allows you to control the position of the underline (for example, set the underline below the subscript characters of a chemical formula).
    • Property values text-underline-offset ΠΈ text-decoration-thickness can now be expressed as a percentage.
    • Property outline style got support for the auto value.
    • discontinued support for -moz-column-* properties, instead of which you should use standard properties without a prefix.
  • JavaScript:
  • Developer Tools:

Source: linux.org.ru

Add a comment