web browser release and Firefox 68.1 for the Android platform. In addition, updates long term support ΠΈ (ESR branch 60.x will no longer be updated, switching to branch 68.x is recommended). Coming soon to the stage Firefox 70 branch will be transferred, the release of which is scheduled for October 22.
:
- Added features to the default default inappropriate content blocking behavior to ignore cookies from all third-party tracking systems and block JavaScript inserts that mine cryptocurrencies. Mining code leads to a significant increase in the load on the processor in the user's system and, as a rule, is introduced into sites as a result of hacks or is used on dubious sites as a method of monetization.
Previously, locking data was enabled only when choosing strict locking mode, which now makes sense to enable only if you want to block methods. ("browser fingerprinting"). Blocking is carried out according to the list .
When blocked, a shield symbol is shown in the address bar, and in the context menu, you can see from which sites the cookies used to track movements were blocked. In the same menu, you can selectively disable blocking for individual sites.
- Expanded options for blocking automatic playback of multimedia content. In addition to the previously added muting feature in auto-playing video the ability to completely stop video playback, not limited to turning off the sound. For example, if earlier advertising videos were shown on sites, but without sound, then in the new mode, they will not even start playing without an explicit click. To enable the mode in the autoplay settings (Options > Privacy and Security > Permissions > Autoplay), a new item "Block audio and video" has been added, which supplemented the default "Block audio" mode.
The mode can be selected in relation to specific sites through the context menu displayed by clicking on the "(i)" button in the address bar.
- For US users and "en-US" builds, the layout of the start page blocks displayed when opening a new tab has been changed, as well as the display of additional content recommended by the Pocket service has been added. The size of blocks and the number of recommendations have been changed, new thematic sections have been proposed (Health, Science, Technology and Entertainment);
- Disabled by default is the ability to play Flash content through the Adobe Flash plugin. From the settings of the Adobe Flash Player plug-in, the option for permanent activation of Flash has been removed and only the ability to disable Flash and enable it individually for specific sites (activation by explicit click) without remembering the selected mode has been left. Firefox's ESR branches will continue to support Flash until the end of 2020;
- default file handling ΠΈ , allowing the user to override the appearance of sites or the Firefox interface. The reason for the default shutdown is cited as work to reduce browser startup time. Changing behavior through userContent.css and userChrome.css is extremely rare for users, and loading CSS data consumes additional resources (optimization removes unnecessary disk access). Added "toolkit.legacyUserProfileCustomizations.stylesheets" setting to about:config to return processing of userChrome.css and userContent.css, which will be enabled automatically for users who already use userChrome.css or userContent.css;
- For WebRTC, the ability to process channels using different video codecs is implemented, which simplifies the creation of video conferencing services, the participants of which can use different client software;
- For the ARM64 architecture, the JavaScript engine supports JIT compilation;
- Browser identifiers (navigator.userAgent, navigator.platform, and navigator.oscpu) removed information about using 32-bit version of Firefox in a 64-bit OS environment (previously required for Flash, but leaving an additional vector for hidden user identification);
- Added a Picture-in-Picture video viewing feature that allows you to detach the video in the form of a floating window that remains visible while navigating the browser. To view in this mode, you must click on the tooltip or in the context menu displayed when you right-click on the video, select "Picture in picture" (in YouTube, which substitutes its own context menu handler, you should double-click the right mouse button or click with the Shift key pressed). Mode support can be enabled in about:config with the "media.videocontrols.picture-in-picture.enabled" option;
- implementation of a password generator ("signon.generation.available" in about:config), which allows you to display a hint with an automatically generated strong password when filling out registration forms;
- To the password manager the ability to process accounts in the context of a first-level domain, which allows you to offer one password stored for all subdomains. For example, the password saved for login.example.com will now be suggested for autofill in www.example.com site forms;
- handler processes, which transfer information about the highest priority processes to the operating system. For example, a content process processing the active tab will be given a higher priority (more CPU resources allocated) than a process associated with background tabs (if they do not play video and sound). The change is currently enabled by default only for the Windows platform, for other systems, the activation of the dom.ipc.processPriorityManager.enabled option in about-config is required;
- Activated API , which allows you to create Greasemonkey-style add-ons based on WebExtensions technology for executing custom scripts in the context of web pages. For example, by connecting scripts, you can change the design and behavior of the pages you view. This API is already included with Firefox, but until now, enabling it required setting "extensions.webextensions.userScripts.enabled" in about:config. Unlike existing add-ons with similar functionality that use the tabs.executeScript call, the new API allows you to isolate scripts in separate sandbox environments, solves performance problems and makes it possible to handle various stages of page loading.
- The navigator.mediaDevices property is now only available when the page is opened in a Secure Context, i.e. when opened via HTTPS, via localhost or from a local file;
- Added CSS properties ΠΈ , which allow you to control the display of content that goes beyond blocks and inline elements (trim the tail or display a scrollbar). The properties are implemented through automatic conversion to overflow-x and overflow-y depending on the content output mode (top to bottom or line by line).
- For CSS property implemented support for break-spaces value;
- Implemented CSS property An indicating that the element and its contents are separate from the rest of the DOM tree;
- Added CSS property , which allows you to determine whether the text can be selected by the user;
- Added ability to set @supports rules for selectors (
the format "@supports selector(selector-to-test){...}"), which can be used to selectively apply CSS only if the browser has or does not support a particular selector; - Added support for instances of JavaScript classes that allow you to specify predefined properties that are initialized outside of the constructor. Support for private fields that are not visible outside the class is also expected soon;
class Product {
name;
tax = 0.2; /*public field*/
#basePrice = 0; /*private field*/
price;constructor(name, basePrice) {
this.name = name;
this.basePrice = basePrice;
this.price = (basePrice * (1 + this.tax)).toFixed(2);
}
} - Added API , which allows you to connect a handler that will be notified about changes in the size of the specified elements on the page. The key difference between the new API and window.onresize and CSS Media Queries is that it is possible to determine if a specific element on the page has changed, rather than the entire visible area, which allows you to respond by changing only that element without changing all visible content;
- Added Microtasks API represented by one method , which allows you to schedule a callback function call at a low level by adding it to the microtask queue;
- Added new methods , , , DOMMatrix.fromMatrix(), ;
- The ability to specify the "*" mask for requests without credentials has been added to the Access-Control-Expose-Headers, Access-Control-Allow-Methods and Access-Control-Allow-Headers HTTP headers;
- The web console provides a grouping of alerts about activity related to tracking user movements;
- Added detailed information about the reasons for blocking resources (CSP, mixed content, etc.) to the network activity inspection panel, and also added an optional column with the full URL;
- Faster startup of the JavaScript debugger. Moved remote debugging functionality to the about:debugging interface. Implemented support for step-by-step debugging of asynchronous functions (Async). a new class of breakpoints that can be tied to the onset of events related to the mouse, touch screen, animation, DOM, media queries,
workers, etc. - Added an interface to developer tools to audit the view of a page that uses content (for example, showing text from the "alt
instead of images); - On macOS systems with multiple graphics cards installed, a more aggressive switch to a power-efficient GPU is provided after WebGL content has finished processing. Also added protection against switching from a power efficient to a powerful GPU for one-time WebGL calls. In builds for macOS, the progress of downloading files is also displayed through the standard Finder interface. The formation of installation assemblies of Firefox in PKG format has begun;
- For Windows 10 latest updates (1903+), we added support for the Web Authentication HmacSecret extension via Windows Hello to authenticate to sites without entering a password using a fingerprint, face recognition, or USB token;
- the formation of new releases of Firefox for Android, instead of which, under the code name Fenix, is now a new browser for mobile devices using the GeckoView engine and the Mozilla Android Components library set. Corrective fixes for Firefox for Android will be released throughout the year as part of the Firefox 68 ESR branch, for example, the release is now formed . To download a new browser, use test builds
.
In addition to innovations and bug fixes in Firefox 69, , of which only one (CVE-2019-11751) as critical. This problem is specific to the Windows platform and allows an arbitrary file to be written to the system when the browser is launched from another application (for example, when opening a link from a messaging program, you can format the link in such a way that starting the browser will result in the creation of an autorun file in the 'Startup' directory) . The reduction in the number of critical vulnerabilities is due to the fact that memory problems, such as buffer overflows and reversal of already freed memory areas, are now marked as dangerous, but not critical. The new release fixes 13 such issues that could potentially lead to malicious code execution when opening specially designed pages.
Source: opennet.ru