Web browser released and Firefox 68.4 for the Android platform. In addition, an update has been long term support . Coming soon to the stage the Firefox 73 branch will move over, the release of which is scheduled for February 11 (project for 4 weeks ).
:
- In the default standard blocking mode for inappropriate content protection against user tracking using hidden identification methods (“browser fingerprinting”), which is carried out by on the Disconnect.me list, which includes hosts found to be using scripts for hidden identification. Hidden identification refers to the storage of identifiers in areas not intended for permanent storage of information (“Supercookies”), as well as the generation of identifiers based on indirect data, such as , list of supported MIME types, header-specific options ( и ), analysis of established , availability of certain Web APIs specific to video cards rendering with WebGL and Canvas, with CSS, analysis of the features of working with и .
- methods with annoying requests to grant the site additional permissions (Notification.requestPermission(), PushManager.subscribe() and MediaDevices.getDisplayMedia()). Requests for authorization confirmation will no longer interrupt work with the browser, but will only lead to the display of an indicator in the address bar after user interaction with the page (mouse click or key press) has been recorded. Many sites abuse the browser's ability to request permissions, mainly by periodically asking for push notifications. Telemetry analysis showed that 97% of such requests are rejected, including in 19% of cases the user immediately closes the page without clicking the agree or reject button.
- experimental HTTP/3 protocol (to activate in about:config you need to set the option “network.http.http3.enabled”). HTTP/3 support in Firefox is based on , written in the Rust language, implementing the client and server of the QUIC protocol (HTTP/3 using the QUIC protocol as a transport for HTTP/2).
- In accordance with the requirements of the law that came into force (California Consumer Privacy Act) ability to delete telemetry data from Mozilla servers. Data is deleted if you refuse to collect telemetry in the “about:preferences#privacy” (“Firefox Data Collection and Use” section). When you clear the "Allow Firefox to send technical and interaction data to Mozilla" checkbox that controls sending telemetry, Mozilla within 30 days all data collected in the time before the failure of the telemetry transmission. The data collected on Mozilla's servers during telemetry collects information about performance, Firefox security, and general parameters such as the number of open tabs and session duration (information about the sites opened and search queries is not transmitted). Full details of the data collected can be viewed on the "about:telemetry" page.
- For Linux and macOS, the ability to view video in Picture-in-Picture mode has been added, allowing you to detach the video in the form of a floating window that remains visible while navigating in the browser. To view in this mode, you need to click on the tooltip or in the context menu displayed when you right-click on the video, select “Picture in picture” (in YouTube, which substitutes its own context menu handler, you should right-click twice or click with the Shift key pressed).
- When the scroll bar is displayed background color of the current page.
- public key bindings (PKP, Public Key Pinning), which allows, using the Public-Key-Pins HTTP header, to explicitly determine the certificates of which certification authorities can be used for a given site. The reason cited is the low demand for this function, the risk of compatibility problems (PKP support in Chrome) and the ability to block your own site due to binding the wrong keys or loss of keys (for example, accidental deletion or compromise as a result of hacking).
- The composition allowing in OpenBSD system calls и for additional file system and process isolation.
- Removed support for blocking images from individual domains. The reason for removal is the lack of demand for the function among users and the inconvenient interface for blocking.
- In builds for Windows, an experimental feature has been implemented to use client certificates from the general operating system certificate store (the security.osclientcerts.autoload option must be activated to enable it in about:config).
- Support for CSS Shadow Parts is enabled by default, including the "" and pseudo-element "", allowing you to selectively display specified elements from .
A paragraph
...in CSS to select elements bound to the part attribute:
custom-element::part(example) {
border: solid 1px black;
border-radius: 5px;
Padding: 5px;
} - Added specification support , which allows you to define the path of animation objects using CSS without using JavaScript code and without blocking the rendering and input process during the animation. CSS properties are provided to control animation
,
,
,
и
. - Selected CSS transformation properties are enabled by default , и , not bound to a property (i.e. in CSS you can now specify “scale: 2;” instead of “transform: scale(2);”).
- JavaScript implements the logical concatenation operator "", which returns the right operand if the left operand is NULL or undefined, and vice versa. For example, "const foo = bar ?? 'default string'" if bar is null will return the value of bar otherwise, including when bar is 0 and ' ', as opposed to the "||" operator.
- Added API and event , which make it possible to use JavaScript handlers to add data to the form when it is submitted, without having to store the data in hidden input elements.
- API updated to match the new specification, for example renamed Coordinates to GeolocationCoordinates, Position to GeolocationPosition and
PositionError in GeolocationPositionError. - To the JavaScript debugger support for conditional breakpoints (), triggered when certain properties of objects are changed or read.
- The startup of the JavaScript debugger has been accelerated when a very large number of tabs are open (first of all, priority is now given to visible tabs).
- Responsive Design Mode implements simulation of different meta viewport values. Added “prefers-color-scheme” value simulator to page inspection mode.
- В in multi-line JavaScript interpretation mode, added support for saving and opening files using the combinations Ctrl + O and Ctrl + S.
- setting up javascript.options.asyncstack to visually separate asynchronous messages in the web console. When you activate the settings for console.trace() and console.error(), the full call stack of asynchronous operations is displayed, allowing you to understand how to schedule the launch of timers, events, promises, generators, etc.
- In the WebSocket inspection mode, parsing and visual display of metadata in the SignalR format used in ASP.NET Core messages has been implemented. Counters have also been added that show the total size of sent and downloaded data.
- In the tool for monitoring network activity in the Timings tab separately information about when each resource was queued for download, when download started, and when download completed.
- Environment excluded from tools for web developers , designed for experimenting with JavaScript code (Scratchpad was replaced in the last release by a multi-line web console mode).
In addition to innovations and bug fixes in Firefox 72, , of which 11 (collected under и ) are flagged as potentially capable of leading to attacker code execution when opening specially designed pages. Let us remind you that memory problems, such as buffer overflows and access to already freed memory areas, have recently been marked as dangerous, but not critical. Also of particular note is the issue CVE-2019-17017 in the XPCVariant.cpp code, which can also potentially lead to code execution.
Source: opennet.ru