Web browser released and Firefox 68.9 for the Android platform. In addition, an update has been long term support . Coming soon to the stage Firefox 78 branch will be transferred, the release of which is scheduled for June 30th.
:
- new "about:certificate" service page for accessing the built-in interface for viewing certificates. In the interface, you can display a list of root and saved certificates, view details for each certificate, and export certificates (import support is not yet available).
- Added experimental support for the AVIF (AV1 Image Format) image format, which uses intra-frame compression technologies from the AV1 video encoding format (supported since Firefox 55). There is an option image.avif.enabled in about:config to enable AVIF. The container for distributing compressed data in AVIF is completely similar to HEIF. AVIF supports both images in HDR (High Dynamic Range) and Wide-gamut color space, as well as in standard dynamic range (SDR).
- for which the compositing system is enabled , written in the Rust language and allowing to achieve a significant increase in rendering speed and reduce the load on the CPU. WebRender outsources page content rendering operations to the GPU side, which are implemented through GPU-executed shaders. WebRender Now on equipment with , AMD Raven Ridge APUs, AMD Evergreen, and on laptops with NVIDIA graphics cards running Windows 10. To force enable in about:config, enable the "gfx.webrender.all" and "gfx.webrender.enabled" settings, or launch Firefox from with the MOZ_WEBRENDER=1 environment variable set.
- In the address bar analysis of search phrases. Dotted words are now evaluated for association with (for example, before entering keys like βtest.logβ did not lead to a search, but to an attempt to open the site, and entering βdata: urlβ with spaces and a question mark led to a search, not a download).
- support , whose request in add-ons does not result in a notification about confirmation of new permissions when installing or updating the add-on, but is displayed when the add-on directly accesses an operation that requires elevated rights. Permissions that can be declared as optional include management, devtools, browsingData, pkcs11
proxy and session. The motivation for adding optional permissions is to reduce the burden on users when updating add-ons and to provide the ability to update the add-on without requiring confirmation of the permissions (previously, if the user did not agree with the permissions, the add-on was not updated). - For UK users on a new tab page display content recommended by Pocket. Previously similar pages US, Canada, and Germany users only. Personalization related to the selection of content is performed on the client side and without transferring user information to third parties (the entire list of recommended links for the current day is loaded into the browser, which is ranked on the user side, based on browsing history data). It should be noted that blocks paid by sponsors are shown only in the USA and are clearly marked as advertisements; in other countries, promotional articles are not yet used. To disable recommended Pocket content, you can in the configurator (Firefox Home Content/Recommended by Pocket) and the "browser.newtabpage.activity-stream.feeds.topsites" option in about:config.
- In the configurator, in the drop-down block of Cookie blocking methods in the section for setting blocking movement tracking a new clause for dynamically isolating Cookies by the domain displayed in the address bar (β"when own and third-party inserts are determined based on the site's base domain). In about:config, the interface is enabled via the setting "browser.contentblocking.reject-and-isolate-cookies.preferences.ui.enabled" or directly "network.cookie.cookieBehavior = 5".
- For easier navigation on touch screen devices padding on the bookmarks bar (when opening a new tab, the new Megabar address bar partially overlaps the bookmarks bar and leaves little room for clicking).
- new modal dialogs tied to individual tabs and not blocking the entire interface. To control whether dialog bindings are enabled, the options "prompts.defaultModalType", "prompts.modalType.confirmAuth", and "prompts.modalType.insecureFormSubmit" have been added to about:config (1 - binding to content, 2 - binding to tab, 3 - binding to window ).
- In about:config new setting middlemouse.openNewWindow, which can be used to disable the use of the middle mouse button to open a link in a new tab.
- setting browser.urlbar.update1.view.stripHttps (support for setting browser.urlbar.trimURLs retained).
- From the Gecko engine completely support
XUL Grids. - By default, automatic rotation of JPEG images based on data from Exif is enabled.
- Removed "browser.urlbar.oneOffSearches" setting. To hide the buttons for alternative search engines that appear when you start typing in the address or search bar, you can select the desired search engines on the about:preferences#search page.
- Text that doesn't fit within the "maxlength" constraint is no longer cut off when pasted into fields And .
- Added method (String#replaceAll), which returns a new string (the original string does not change), in which, based on the given pattern, all matches are replaced. Patterns can be either simple masks or regular expressions.
- Provided display of the value of the label specified using the "label" attribute in the element if the element's content is empty.
- Property implemented in IndexedDB .
- experimental layout support in grid containers.
- To developer tools to evaluate potential cross-browser compatibility issues (shows which browsers support a particular CSS property bound to the selected element). Enabled via the devtools.inspector.compatibility.enabled setting in about:config.
- Big portion added to the JavaScript debugger. Faster loading and step-by-step debugging, reduced memory consumption. Improved source map comparison, allowing you to view variables from original sources when debugging final modules. When changing the selected line by clicking in the Call Stack window and starting step-by-step execution (Step over, F10), the debugger will execute the code until it reaches the line following the selected one. A menu (gear icon) has been added to the panel, in which so far there is only one item for disabling JavaScript. Added the ability to set conditional breakpoints (watchpoint) that pause execution when changing or reading certain values ββ(previously it was possible to pause execution when reading and changing separately).
- A menu has been added to the interface panel for inspecting network activity, which contains logging management functions (saving a log between site loads, importing a HAR file, writing a HAR file). A context menu has been added to the Request Blocking panel to enable, disable, and remove blocked items.
- FTP support has been delayed until the release of Firefox 79, but an option has already been added to control FTP activity (network.ftp.enabled in about:config).
In addition to innovations and bug fixes in Firefox 77 9 vulnerabilities, of which 7 are marked as dangerous:
- Four vulnerabilities (collected under ΠΈ
) are caused by memory problems such as buffer overflows and accessing already freed memory areas. These issues can potentially lead to malicious code being executed when specially designed pages are opened. - Vulnerability
CVE-2020-12406 is caused by a lack of type checking when deleting NativeTypes objects and could potentially be used to orchestrate execution of attacker code. - Vulnerability CVE-2020-12405 is caused by access to the released block of memory (Use-after-free) in the SharedWorkerService and is most likely limited to causing a crash.
- Vulnerability CVE-2020-12399 is related to the vulnerability of the NSS library to attack through third-party channels, Based on the analysis of differences in computation time, recover the private key for the DSA digital signature.
Source: opennet.ru