ProHoster > Blog > internet news > Firefox 109 release

Firefox 109 release

The Firefox 109 web browser has been released. In addition, an update to the long-term support branch, 102.7.0, has been formed. The Firefox 110 branch, which is scheduled for release on February 14, will soon be transferred to the beta testing stage.

Key innovations in Firefox 109:

  • By default, support for the third version of the Chrome manifest is enabled, which defines the capabilities and resources available to extensions written using the WebExtensions API. Support for the second version of the manifest will be maintained for the foreseeable future. Since the third version of the manifest has been criticized and will break some add-ons for blocking inappropriate content and security, Mozilla has moved away from ensuring full compatibility with the manifest in Firefox and implemented some features differently. For example, support for the old blocking mode of the webRequest API has not been discontinued, which has been replaced in Chrome by a new declarative content filtering API. Also, support for a granular permission request model is implemented a little differently, according to which the add-on cannot be activated immediately for all pages (the permission has been removed). "all_urls"). In Firefox, the final decision on granting access is left to the user, who can selectively decide which add-on to grant access to their data on a particular site. To manage permissions, the "Unified Extensions" button has been added to the interface, with which the user can grant and revoke access to the add-on to any site. Permissions control applies only to add-ons based on the third version of the manifest, for add-ons based on the second version of the manifest, granular access control to sites is not performed.

    Firefox 109 release
  • The Firefox View page has improved the appearance of empty sections with recently closed tabs and tabs open on other devices.
  • Buttons have been added to the list of recently closed tabs shown on the Firefox View page to remove individual links from the list.
    Firefox 109 release
  • Added the ability to display the entered search query in the address bar, instead of showing the URL of the search engine (i.e. the keys are shown in the address bar not only during the input process, but also after accessing the search engine and displaying the search results associated with the entered keys). The feature is currently disabled by default and requires setting "browser.urlbar.showSearchTerms.featureGate" in about:config to activate.
    Firefox 109 release
  • Field Date Picker Dialog with the "date" and "datetime" types is adapted for keyboard control, which made it possible to provide correct support for screen readers and use keyboard shortcuts to navigate the calendar.
  • An experiment was completed on using the built-in Colorways add-on to change the appearance of the browser (a collection of color themes for the content area, panels, and tab switching bar was offered to choose from). Previously saved color themes can be accessed from the Add-ons and themes page.
  • On systems with GTK, the ability to simultaneously move several files to the file manager is implemented. Moved images from one tab to another.
  • In the autoclick system for banners that request permissions to use Cookies on sites (cookiebanners.bannerClicking.enabled and cookiebanners.service.mode in about:config), the ability to add sites to the list of exceptions for which autoclick is not applied is implemented.
  • The network.ssl_tokens_cache_use_only_once setting is enabled by default to prevent reuse of session tickets in TLS.
  • The network.cache.shutdown_purge_in_background_task setting is enabled, which solves the problem with the correct completion of file I / O on shutdown.
  • An element ("Pin to toolbar") has been added to the context menu of add-ons to pin the add-on button to the toolbar.
  • Provided the ability to use Firefox as a document viewer, selected in the system through the "Open With" context menu.
  • Added information about screen refresh rate to the about:support page.
  • Added settings for ui.font.menu, ui.font.icon, ui.font.caption, ui.font.status-bar, ui.font.message-box, etc. to override system fonts.
  • Enabled by default is support for the scrollend event fired when the user finishes scrolling (when the position stops changing) on ​​Element and Document objects.
  • Partitioning of access through the Storage API is provided when processing third-party content, regardless of the Storage Access API.
  • Support for the list attribute has been added to the range element, in which the element identifier is passed with a list of predefined values ​​offered for input.
  • The 'auto' value has been added to the content-visibility CSS property, which is used to prevent unnecessary rendering of areas outside the visibility field, when set, visibility is determined by the browser based on the proximity of the element to the border of the visible area.
  • in css-type , which defines the default color values ​​for various page components, added support for Mark, MarkText, and ButtonBorder values.
  • Web Auth adds the ability to authenticate using the CTAP2 (Client to Authenticator Protocol) protocol using USB HID-based tokens. Support is not yet enabled by default and is enabled by setting security.webauthn.ctap2 in about:config.
  • A new breakpoint option has been added to the web developer tools in the JavaScript debugger that fires when the scrollend event handler is navigated to.
  • Support for "session.subscribe" and "session.unsubscribe" commands has been added to the WebDriver BiDi browser remote control protocol.
  • Builds for the Windows platform include the Arbitrary Code Guard (ACG) hardware protection mechanism to block the exploitation of vulnerabilities in processes that play multimedia content.
  • Changed Ctrl/Cmd + trackpad or Ctrl/Cmd + mouse wheel on macOS to scroll (as in other browsers) rather than zoom.
  • Improvements in Android version:
    • When viewing a full-screen video, the display of the address bar when scrolling is disabled.
    • Added a button to undo the change after deleting a pinned site.
    • Updated the list of search engines after changing the language.
    • Fixed a crash that occurred when placing a large portion of data in the clipboard or address bar.
    • Improved rendering performance of canvas elements.
    • Resolves an issue with video calls that can only use the H.264 codec.

In addition to new features and bug fixes, Firefox 109 fixes 21 vulnerabilities. 15 vulnerabilities are marked as dangerous, of which 13 vulnerabilities (collected under CVE-2023-23605 and CVE-2023-23606) are caused by memory problems, such as buffer overflows and access to already freed memory areas. These issues can potentially lead to malicious code being executed when specially designed pages are opened. Vulnerability CVE-2023-23597 is caused by a logical error in the code for creating new child processes and allows you to start a new process in the context of file:// to read the contents of arbitrary files. Vulnerability CVE-2023-23598 is caused by an error handling drag&drop actions in GTK binding and allows reading the contents of arbitrary files via the DataTransfer.setData call.

Source: opennet.ru

Add a comment