Firefox 129 release

The Firefox 129 web browser was released and updates to previous branches with a long period of support were generated - 115.14.0 and 128.1.0. The Firefox 130 branch has been transferred to the beta testing stage, the release of which is scheduled for September 3.

Key innovations in Firefox 129:

• By default, the HTTPS-First mode is activated, in which when you try to open a page via HTTP without encryption, the browser will first try to access the site via HTTPS (“http://” is replaced by “https://”) and if the attempt fails, it will automatically contact site without encryption. To disable the mode in about:config, use the “dom.security.https_first” option. Unlike the optional “HTTPS Only” mode enabled in the settings, the HTTPS-First mode does not apply to downloading sub-resources such as images, scripts and style sheets, but only applies when you try to open a site after clicking on a link or typing a URL in the address bar.
• On platforms Linux, Windows 11 and Android 10+ предоставлена возможность использования системного резолвера для определения DNS-записей, через которые передаётся информация об открытом ключе для механизма ECH (Encrypted Client Hello), который продолжает развитие технологии ESNI (Encrypted Server Name Indication) и обеспечивает шифрование информации о параметрах TLS-сеансов, таких как запрошенное доменное имя. Ключевое отличие ECH от ESNI в том, что в ECH вместо шифрования на уровне отдельных полей целиком шифруется всё TLS-сообщение ClientHello, что позволяет блокировать утечки через поля, которые не охватывает ESNI, например, поле PSK (Pre-Shared Key). Изменение также позволяет использовать протокол HTTP/3 без использования заголовка Alt-Svc. Ранее для получения ключа к ECH требовалось включение «DNS over HTTPS». Скрытие domain In HTTPS traffic, among other things, in some cases it leads to a solution to the problem of speed drops when viewing YouTube, which has recently been observed among users of Russian providers.
• In Reader View, the menu options for customizing text display and page layout have been expanded - the ability to adjust the indents between characters and words, as well as select the text alignment method has been added.
• A new “Theme” menu has been added to reader mode for customizing background colors, text and links when viewing, as well as for selecting basic display modes (dark, grayscale, light, contrast, sepia).
• Enabled displaying thumbnails of tab contents when hovering over tab buttons. In addition to the sketch, a mention of the link shown in the tab has also been added to the information block about the tab. The change is expected to make it easier to identify the tab you're looking for, eliminating the need to switch between tabs. For those who are annoyed by unnecessary automatic pop-up windows, they can disable the new feature using the “browser.tabs.hoverPreview.enabled” setting in about:config.
• For users from France and Germany, automatic completion of address fields in web forms is enabled by default. Previously, this feature was enabled only for users from the USA and Canada. To enable the mode in other countries, you can use the "extensions.formautofill.addresses.supportedCountries" setting on the about:config page. To edit the address that will be added to forms, in the Autofill section of the “Privacy and Security” settings, you can use the button for editing saved addresses.
• An experimental implementation of the sidebar and the ability to place tabs vertically have been added, which allows you to allocate additional screen space for viewing site content on widescreen screens. To enable vertical tabs, you must enable the sidebar.revamp and sidebar.verticalTabs options on the about:config page. The sidebar can be displayed either expanded or collapsed. In expanded form, some of the page titles in the tabs and the names of operations placed in the sidebar are shown, while in collapsed form, only icons of sites and operations are visible.
• Added the @starting-style @rule to CSS to apply a style to an element when it is first rendered, which can be used to create a transition animation before the element opens on the page (in the "display: none" state) or when adding an element to DOM.
• Added CSS property "transition-behavior" to apply transition animation to discrete properties such as "display".
• The textInput event has been implemented, which is not defined in the standard, but is used instead of the “beforeinput” event in some web applications based on older frameworks.
• JavaScript has added support for Float16Array typed arrays, as well as DataView methods for reading and setting Float16 values, and the Math.f16round() method for rounding numbers to 16-bit precision. The Float16 type can be useful when working with GPUs to reduce memory consumption compared to the Float32 and Float64 types.
• The mediaCapabilities.decodingInfo() API provides the ability to decode the configuration of played encrypted content and obtain information about the key system used for encryption.
• The Web Crypto API has added support for digital signatures based on the Ed25519 algorithm, which can be used in the SubtleCrypto methods: sign(), verify(), generateKey(), importKey() and exportKey().
• Web Developer Tools has new warnings about CSS issues that appear when the resize and float properties are used incorrectly, when using the box-sizing property on elements that ignore height and width changes, and when using table-specific CSS properties on elements. not related to tables.

  In the Network Activity Analysis panel, the Network Blocking feature now applies not only to HTTP responses, but also to HTTP requests. In inspection mode, the Rules sidebar has added a display of “@starting-style” rules and implemented tooltips for the var() function, showing the values ​​of its own “@starting-style” CSS properties.
• In the platform version Android предоставлена возможность загрузки языковых пакетов для перевода текста в режиме offline.

In addition to innovations and bug fixes, Firefox 129 has fixed 14 vulnerabilities. 11 vulnerabilities are marked as dangerous, of which 6 are caused by memory problems, such as buffer overflows and access to already freed memory areas. Potentially, these problems can lead to the execution of an attacker's code when opening specially designed pages.

Source: opennet.ru