web browser release and Firefox 68.7 for the Android platform. In addition, an update has been long term support . Coming soon to the stage the branch of Firefox 76, which is scheduled for release on May 5 (project for 4-5 weeks ).
:
- Formation has begun for Linux in flatpack format.
- Updated address bar layout. When you click on the address bar, now without the need to start typing, a drop-down list of the most frequently used links is immediately displayed. The search results tooltip has been optimized for better performance on smaller screens. In the area of contextual recommendations, hints are provided for solving typical problems that arise when working with the browser.
Stopped displaying the https:// protocol and the "www." subdomain in the drop-down block of links displayed during typing in the address bar (for example, https://opennet.ru and https://www.opennet.ru that differ in content will become indistinguishable). The http:// protocol is shown in search results unchanged.
- For Linux, the behavior when clicking in the address bar has been changed (done as in Windows and macOS) - single click selects all content without placing it on the clipboard, double click selects one word, triple click selects all content and places it on the clipboard.
- Implemented do not load images that are outside the visible area until the user scrolls the page content to the location immediately preceding the image. To manage delayed loading of pages, the "img" attribute has been added to the "", which can take the value "lazy". It is expected that lazy loading will reduce memory consumption, reduce traffic and increase the speed of the initial opening of pages. Added parameter "dom.image-lazy-loading.enabled" to about:config to manage lazy loading.
- full support for WebGL in environments using the Wayland protocol. So far, WebGL performance on Linux builds of Firefox has left much to be desired due to lack of hardware acceleration support, X11 gfx driver issues, and different standards. When using Wayland, the situation has changed due to the emergence of a new using the mechanism . In addition to hardware acceleration WebGL backend also support for H.264 video decoding acceleration using VA-API (Video Acceleration API) and FFmpegDataDecoder (support for VP9 and other video encoding formats in Firefox 76). The about:config options "widget.wayland-dmabuf-webgl.enabled" and "widget.wayland-dmabuf-vaapi.enabled" are proposed to control whether acceleration is enabled.
- For users from the UK, the display of blocks paid by sponsors is enabled on the home page in the section recommended by the Pocket content service. Blocks are clearly marked as ads and can be disabled in the settings. Earlier advertising US users only.
- the mode of clearing old cookies and site data when accessing sites with a movement tracking code that the user has not interacted with interactively. The mode is aimed at combating tracking through redirects.
- implementation of modal dialogs that are tied to individual tabs and do not block the entire interface.
- the ability to install and open sites in the form of applications (Apps), allowing you to organize work with the site as with a regular desktop program. To enable about:config, you need to add the setting "browser.ssb.enabled=true", after which the "Install Website as App" item will appear in the context menu of actions with the page (ellipsis in the address bar), allowing you to place it on the desktop or in the menu applications shortcut for a stand-alone opening of the current site. Development development of the concept» (SSB), which implies opening the site in a separate window without a menu, address bar and other elements of the browser interface. In the current window, only links to the pages of the active site are opened, and following external links leads to the creation of a separate window with a regular browser.
- implementation of the mode "", activated via the "X-Content-Type-Options" HTTP header, which now also disables the automatic MIME type detection logic for HTML documents, not just JavaScript and CSS. The mode helps protect against MIME type manipulation attacks. The browser by default analyzes the type of content being processed and processes it depending on the specific type. For example, if you save HTML code to a file ".jpg", then when you open this file, this file will be processed as HTML, and not as an image. An attacker can use the image upload form for a jpg file that includes html with JavaScript code, and then publish a link to this file, upon direct opening of which the JavaScript code will be executed in the context of the site on which the upload was made (you can define cookies and other site data of the user who opened the link).
- All reputable CA PKI certificates known to Mozilla are cached locally, improving compatibility with misconfigured web servers.
- The use of the Web Crypto API is prohibited on pages opened via HTTP without encryption.
- For Windows, a Direct Composition mode has been implemented to improve performance and bring the implementation of the compositing system closer , written in the Rust language and taking out page content rendering operations on the GPU side.
- For macOS, the experimental ability to use client certificates from the operating system's general certificate store has been implemented (to enable the security.osclientcerts.autoload option in about:config). Since Firefox 72, this feature has only been available for Windows.
- Following Linux, builds for macOS use an isolation mechanism , aimed at blocking the exploitation of vulnerabilities in third-party function libraries. At this stage, isolation is enabled only for the library Responsible for rendering fonts. RLBox compiles the C/C++ code of the isolated library into low-level WebAssembly intermediate code, which is then packaged as a WebAssembly module, whose permissions are set in relation to this module only. The assembled module works in a separate memory area and does not have access to the rest of the address space. If the vulnerability is exploited in the library, the attacker will be limited and will not be able to access the memory areas of the main process or transfer control outside the isolated environment.
- The "type" attribute on an element теперь может принимать только значение «text/css».
- Functions implemented in CSS , и .
- For CSS property support for the "all" value is implemented, which prescribes a mandatory break of the underline and strikethrough line when crossing with text glyphs (the previously applied "auto" value adaptively formed breaks and did not exclude touches, with the value of all, touches with the glyph are completely prohibited).
- JavaScript enabled for instances of JavaScript classes that allow you to specify predefined properties that are initialized outside of the constructor.
class ClassWithStaticField {
static field = 'static field'
} - Added class support , which provides methods for parsing and processing locale-set language, region, and style settings, as well as reading and writing Unicode extension tags and saving user-defined locale settings in a serialized format;
- The implementation of the Function.caller property has been brought in line with the latest draft of the new ECMAScript specification (Null is now thrown instead of TypeError if the call is made from a function with a strict, async or generator attribute).
- Method added to HTMLFormElement , which initiates a programmatic submission of the form data, similar to clicking on the submit button. The function can be used when developing your own form submit buttons, for which calling form.submit() is not sufficient because it does not interactively validate the parameters, fire the 'submit' event, and pass the data associated with the submit button.
- The submit event is now implemented by an object of type SubmitEvent rather than an Event. SubmitEvent includes new properties that let you know the element whose call resulted in the form being submitted. For example, SubmitEvent allows you to use a single handler that is common to various buttons and links that result in a form submission.
- Implemented correct transmission of the click event when calling the click() method on detached elements (not part of the DOM tree).
- In the API added the ability to bind animation to the initial or final keyframe and the browser will calculate the final or initial state itself (it is enough to specify only the first or last keyframe). Animation.timeline getter, Document.timeline, DocumentTimeline, AnimationTimeline, Document.getAnimations() and Element.getAnimations() are enabled by default.
- Added the ability to activate the page profiling interface without installing a separate add-on, by clicking the “Enable Profiler Menu Button” button on the site . Added performance analysis mode for active tab only.
- The web console now has a mode for instantly calculating expressions, allowing developers to quickly identify and correct errors when entering complex expressions by displaying a preliminary result as they are typed.
- В for measuring page areas (Measuring Tool), the ability to change the size of a rectangular frame has been added (previously, if you release the mouse button, the frame could not be changed and in case of inaccurate aiming, you had to measure from scratch).
- The page inspection interface now supports searching for elements using XPath expressions, in addition to the previously available search using CSS selectors.
- Added the ability to filter WebSocket messages using regular expressions (previously only text masks were supported).
- Added support for binding breakpoints to WebSocket event handlers in the JavaScript debugger.
- The interface has been cleaned to analyze network activity. Optimized rendering of tables in conditions of simultaneous processing of a large number of connections. Made more contrasting column separators and buttons for applying filters. In the panel for blocking network requests, the ability to use the symbol "*" in URL masks has been implemented (it allows you to evaluate the behavior of the site in the event of a failure to load resources).
In addition to innovations and bug fixes in Firefox 75, the , of which several are marked as critical, i.e. can lead to malicious code being executed when specially designed pages are opened. Details of the security issues that have been fixed are not available at this time, and a list of vulnerabilities is expected to be published within a few hours.
Source: opennet.ru