Web browser released and Firefox 68.8 for the Android platform. In addition, an update has been long term support . Coming soon to the stage Firefox 77 branch will be transferred, the release of which is scheduled for June 2th.
:
- the capabilities of the Lockwise system add-on included in the browser, which offers the “about: logins” interface for managing saved passwords. Provided a warning for saved accounts associated with sites that have previously been hacked with leaked credentials. A warning is displayed if the Firefox password entry has not been updated since the site was compromised.
Also added is a warning about the compromise of passwords used on several sites. If one of the saved accounts appears in a credential leak and the user reuses the same password on other sites, they will be advised to change the password. Verification is carried out through integration with the project database , which includes information about 9.5 billion accounts stolen as a result of hacks of 443 sites. Method is anonymous and is based on the transmission of the SHA-1 hash prefix from email (a few first characters), in response to which the server issues hash tails from its database corresponding to the request, and the browser on its side compares them with the available full hash and, if it matches, issues a warning (the full hash is not transmitted).
The number of sites for which the function is applied has been expanded strong passwords when filling out registration forms. Previously, a hint suggesting a strong password was displayed only if there were fields with the "autocomplete=new-password" attribute. Regardless of the site used, the password can be generated via the context menu.
On Windows and macOS, if Firefox doesn't have a master password set, support for displaying an OS authentication dialog and entering system credentials before viewing saved passwords. After entering the system password, access to the saved passwords is granted for 5 minutes, after which the password will need to be entered again. This measure will protect credentials from prying eyes if the computer is left unattended if the master password is not set in the browser.
- work "", which is disabled by default. When the mode is activated using the “dom.security.https_only_mode” parameter in about:config, all calls made without encryption will be automatically redirected to secure page options (“http://” to "https://"). Replacement is performed both at the level of resources loaded on the pages, and when entered in the address bar. If an attempt to access via https to the address entered in the address bar ends with a timeout, the user will be shown an error page with a button for making a request via http://. In case of failures when loading on "https://" subresources loaded during page processing, such failures will be ignored, but warnings will be displayed in the web console, which can be viewed through the web developer tools.
- Added the ability to quickly switch between viewing video in the "» (Picture-in-Picture) and full-screen playback. The user can minimize the video to a small window and do other work at the same time, including in other applications and on virtual desktops. If you want to switch all attention to the video, just double-click to switch to full screen viewing. Double-clicking the mouse again will return the view to picture-in-picture mode.
- Work has been done to improve the visibility and convenience of working with the address bar. When opening a new tab, the shadow around the field with the address bar has been reduced. The bookmarks bar has been slightly expanded to increase the area of the click area on touch screens.
- In Wayland-based environments with
possibility of hardware accelerated decoding of VP9 and other video formats supported by Firefox. Acceleration is provided using VA-API (Video Acceleration API) and FFmpegDataDecoder (only H.264 support was implemented in the last release). To control whether acceleration is enabled in about:config, set the parameters "widget.wayland-dmabuf-webgl.enabled" and "widget.wayland-dmabuf-vaapi.enabled". - On Windows, laptop users with Intel GPUs and screen resolutions less than 1920x1200 have the compositing system enabled by default , written in the Rust language and taking out page content rendering operations on the GPU side.
- Added object support Which
allows you to use interfaces и that run outside of the main thread of execution in Firefox. The new API allows you to process audio in real time, programmatically controlling audio parameters without introducing additional delays and without affecting the stability of the audio output. The advent of AudioWorklet made it possible to connect to Zoom calls in Firefox without installing separate add-ons, and also made it possible to implement complex sound processing scenarios in the browser, such as spatial sound for virtual reality systems or games. - In CSS , defining system color values (CSS Color Module Level 4).
- The Intl.NumberFormat, Intl.DateTimeFormat, and Intl.RelativeTimeFormat constructors have the "numberingSystem" and "calendar" options processed by default. For example: "Intl.NumberFormat('en-US', { numberingSystem: 'latn' })" or "Intl.DateTimeFormat('th', { calendar: 'gregory' })".
- Enabled blocking of unknown protocols in methods like "location.href" or .
- When testing the presentation of sites on mobile devices using the Responsive Design Mode in web developer tools, the simulation of the behavior of a mobile device when processing double-tap zoom is provided. Implemented correct rendering of meta-viewport tags, which made it possible to optimize your sites for Firefox for Android without a mobile device.
- In the network request inspection interface, when you double-click on the column separator in the header, the table column size is automatically adjusted to the displayed data.
- A new Control filter has been added to the WebSocket inspection interface to show control frames. Implemented the ability to preview messages in the format , which is added to the list of auto-formatted protocols similar to socket.io, SignalR and WAMP.
- Added the ability to ignore files that are not used in debugging in the JavaScript debugger. The "blackbox" context menu offers options to hide content in the sidebar located in or outside of the selected directory. When copying stack traces, the full path is placed on the clipboard, not just the filename.
- In the web console in multi-line mode, code fragments longer than five lines are hidden (to open, click anywhere in the area with the shown code).
In addition to new features and bug fixes, Firefox 76 fixes , of which 10 (CVE-2020-12387, CVE-2020-12388, and 8 under CVE-2020-12395) are marked as critical and could potentially lead to malicious code execution when opening specially crafted pages. Vulnerability CVE-2020-12388 allows you to get out of the isolation of the sandbox environment in Windows through the manipulation of access tokens. Vulnerability CVE-2020-12387 is associated with access to an already freed block of memory (Use-after-free) when the Web Worker exits. CVE-2020-12395 aggregates memory issues such as buffer overruns.
Source: opennet.ru