The Firefox 102 web browser has been released. Firefox 102 is categorized as a long-term support (ESR) branch with updates being released throughout the year. In addition, an update of the previous branch with a long support period 91.11.0 has been formed (two more updates 91.12 and 91.13 are expected in the future). The Firefox 103 branch, which is scheduled for release on July 26, will be transferred to the beta testing stage in the coming hours.
Key innovations in Firefox 102:
- The ability to disable the automatic opening of the panel with information about downloaded files at the start of each new download has been provided.
- Added protection against tracking the transition to other pages by setting parameters in the URL. Protection comes down to the removal of parameters used for tracking (such as utm_source) from the URL and is activated when the strict mode of blocking unwanted content is enabled in the settings (Enhanced Tracking Protection -> Strict) or when the site is opened in private browsing mode. Optionally, stripping can also be enabled via the privacy.query_stripping.enabled setting in about:config.
- Sound decoding functions are moved to a separate process with stricter sandbox isolation.
- Picture-in-picture mode provides subtitles when watching videos from HBO Max, Funimation, Dailymotion, Tubi, Disney+ Hotstar and SonyLIV. Previously, subtitles were only shown for YouTube, Prime Video, Netflix, and sites using the WebVTT (Web Video Text Track) format.
- On the Linux platform, it is possible to use the Geoclue DBus service for location determination.
- Improved viewing of PDF documents in high contrast mode.
- In the interface for web developers in the Style Editor tab, there is support for filtering style sheets by name.
- The Streams API has added the TransformStream class and the ReadableStream.pipeThrough method, which can be used to create and pass data in the form of a stream (pipe) between a ReadableStream and a WritableStream, with the ability to call a handler to transform the stream for each block.
- Added ReadableStreamBYOBReader, ReadableByteStreamController, and ReadableStreamBYOBRequest classes to the Streams API for efficient direct transfer of binary data, bypassing internal queues.
- The non-standard Window.sidebar property, provided only in Firefox, is scheduled for deletion.
- CSP (Content-Security-Policy) integration with WebAssembly is provided, which allows applying CSP restrictions to WebAssembly as well. Now a document for which scripting is disabled via CSP will not be able to run WebAssembly bytecode if the 'unsafe-eval' or 'wasm-unsafe-eval' parameter is not set.
- In CSS, media queries implement the update property, which allows you to bind to the update rate of information supported by the output device (for example, the value "slow" is set for e-book screens, "fast" for normal screens, and "none" for printing).
- For add-ons that support the second version of the manifest, access to the Scripting API is provided, which allows you to run scripts in the context of sites, substitute and remove CSS, and control the registration of content processing scripts.
- In Firefox for Android, when filling out forms with credit card information, a separate request is made to save the entered information for the form autocomplete system. We fixed an issue that caused a crash when opening the on-screen keyboard if the clipboard contained a large amount of data. Fixed issue with Firefox stopping when switching between apps.
In addition to innovations and bug fixes, Firefox 102 fixes 22 vulnerabilities, of which 5 are marked as dangerous. Vulnerability CVE-2022-34479 allows to display a pop-up window on the Linux platform that overlaps the address bar (can be used to simulate a fictitious browser interface that misleads the user, for example, for phishing). Vulnerability CVE-2022-34468 allows you to bypass CSP restrictions that prevent JavaScript code from executing in an iframe through "javascript:" URI link substitution. 5 vulnerabilities (summarized under CVE-2022-34485, CVE-2022-34485 and CVE-2022-34484) are caused by memory problems, such as buffer overflows and access to already freed memory areas. These issues can potentially lead to malicious code being executed when specially designed pages are opened.
Source: opennet.ru