Web browser released , as well as mobile version for Android platform. The release of Firefox 78 is categorized as an extended support period (ESR) branch, with updates released throughout the year. In addition, an update of the previous long term support (two more updates are expected in the future 68.11 and 68.12). Coming soon to the stage Firefox 79 branch will be transferred, the release of which is scheduled for July 28th.
:
- Expanded summary page (Protections Dashboard) with reports on the effectiveness of the mechanisms of protection against movement tracking, verification of compromised credentials and password management. The new release has the ability to view statistics on the use of compromised credentials, as well as track possible intersections of saved passwords with known user database leaks. Verification is carried out through integration with the database of the haveibeenpwned.com project, which includes information about 9.7 billion accounts stolen as a result of hacks of 456 sites. The summary is provided on the "about:protections" page or via the menu accessed by clicking on the shield icon in the address bar (Protections Dashboard is now shown instead of Show Report).
- Added a button to Uninstaller", which allows you to reset the settings to their original state and remove all add-ons without losing the accumulated data. In case of problems, users often try to solve them by reinstalling the browser. The Refresh button will allow you to achieve a similar effect without losing bookmarks, browsing history, saved passwords, Cookies, connected dictionaries and data for autofilling forms (when you click the button, a new profile is created and the specified databases are transferred to it). After clicking Refresh, add-ons, skins, access rights, connected search engines, local DOM stores, certificates, changed settings, user styles (userChrome, userContent) will be lost.
- Elements have been added to the context menu shown for tabs to cancel closing multiple tabs, as well as to close tabs to the right of the current one and close all tabs except the current one.
- Disabling the screen saver during video calls and conferences based on WebRTC.
- On Windows platform for Intel GPUs at all screen resolutions compositing system , written in the Rust language and allowing to achieve a significant increase in rendering speed and reduce the load on the CPU. WebRender outsources page content rendering operations to the GPU side, which are implemented through GPU-executed shaders. WebRender was previously enabled on the Windows 10 platform for Intel GPUs at low screen resolutions, and on systems with AMD Raven Ridge, AMD Evergreen APUs, and laptops with NVIDIA graphics cards. On Linux, WebRender is currently enabled for Intel and AMD cards only in nightly builds, and is not supported for NVIDIA cards. To force enable in about:config, activate the "gfx.webrender.all" and "gfx.webrender.enabled" settings, or start Firefox with the MOZ_WEBRENDER=1 environment variable set.
- The share of users from the UK has been increased to 100%, for which the display of content recommended by the Pocket service is enabled on the new tab page. Previously, these pages were shown only to users from the US, Canada and Germany. Sponsored blocks are shown only in the US and are clearly marked as ads. Personalization related to the selection of content is performed on the client side and without transferring user information to third parties (the entire list of recommended links for the current day is loaded into the browser, which is ranked on the user side, based on browsing history data). To disable recommended Pocket content, there is a setting in the configurator (Firefox Home Content/Recommended by Pocket) and the option "browser.newtabpage.activity-stream.feeds.topsites" in about:config.
- patches that affect the performance and stability of hardware accelerated video decoding using VA-API (only supported in Wayland-based environments).
- Increased requirements for Linux system components. Running Firefox on Linux now requires at least Glibc 2.17, libstdc++ 4.8.1 and GTK+ 3.14.
- Following the deprecation plan for deprecated cryptographic algorithms, all DHE-based TLS cipher suites (TLS_DHE_*, Diffie-Hellman Key Exchange Protocol) are disabled by default. Two new SHA2-based AES-GCM cipher suites have been added to mitigate the possible negative impact of disabling DHE.
- support for TLS 1.0 and TLS 1.1 protocols. To access sites over a secure communication channel, the server must provide support for at least TLS 1.2. According to Google, currently about 0.5% of web page downloads continue to be carried out using outdated versions of TLS. Shutdown made in accordance with IETF (Internet Engineering Task Force). The reason for not supporting TLS 1.0/1.1 is the lack of support for modern ciphers (for example, ECDHE and AEAD) and the requirement to support old ciphers, the reliability of which is questionable at the present stage of development of computer technology (for example, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA support is required, MD5 is used to check integrity and authentication and SHA-1). You can return the ability to work with obsolete versions of TLS through the setting security.tls.version.enable-deprecated = true or using the button on the page with an error displayed when entering a site with the old protocol.
- The quality of work with screen readers for visually impaired people has been significantly improved (problems with cursor positioning have been resolved, freezes have been eliminated, processing of very large tables has been accelerated, etc.). For users with migraine and epilepsy, animation effects such as highlighting tabs and expanding the search bar have been reduced.
- For enterprises, new rules have been added to group policies for configuring external application handlers, disabling picture-in-picture mode, and requiring a master password to be set.
- In the SpiderMonkey JavaScript engine a regular expression processing subsystem that is synchronized with the implementation from the V8 JavaScript engine used in browsers based on the Chromium project. The change made it possible to implement support for the following features related to regular expressions:
- allow you to associate parts of a string matched by a regular expression with specific names instead of serial numbers of matches (for example, instead of "/(\d{4})-(\d{2})-(\d{2})/" you can specify "/( ? \d{4})-(? \d{2})-(? \d{2})/" and access the year not through result[1], but through result.groups.year).
- Unicode characters adds the \p{β¦} and \P{β¦} constructs, for example, \p{Number} defines all possible characters with the image of numbers (including characters like β ), \p{Alphabetic} - letters (including hieroglyphs ), \p{Math} β mathematical symbols, etc.
- Flag causes the mask "." including newline characters.
- Mode allows you to determine in a regular expression that one pattern precedes another (for example, match a dollar amount without capturing the dollar sign).
- CSS pseudo-classes implemented ΠΈ to bind CSS rules to a set of selectors. For example, instead of
header p:hover, main p:hover, footer p:hover {β¦}
you can specify
:is(header, main, footer) p:hover {β¦}
- CSS Pseudo-Classes Included ΠΈ to bind to form elements (input or textarea) that are not allowed or allowed to be edited.
- Method support added to create localized lists (for example, replacing "or" with "or", "and" with "and").
const lf = new Intl.ListFormat('en');
lf.format(['Frank', 'Christine', 'Flora']);
// β 'Frank, Christine, and Flora'
// locale "ru" will be 'Frank, Christine and Flora' - The method added support for formatting units of measurement, currencies, scientific and compact notation (for example, "Intl.NumberFormat('en', {style: 'unit', unit: 'meter-per-second'}");
- Added method A that allows you to replace or clear an existing child node.
- Support for Service worker and Push API is enabled in the ESR branch (they were disabled in the previous ESR release).
- WebAssembly adds support for importing and exporting 64-bit integer function parameters using the BigInt JavaScript type. An extension is also implemented for WebAssembly , functions return more than one value.
- In the web developer console Detailed Promise-related error logging, including details about names, stacks, and properties, making it much easier to debug errors when using frameworks like Angular.
- DOM navigation performance has been significantly improved in web developer tools when inspecting sites that use a lot of CSS properties.
- The JavaScript debugger implements the ability to expand shortened variable names based on source-map when using (Log points), which allow, at the moment the label is triggered, to dump information about the line number in the code and the values ββof variables into the web console.
- In the Network Inspection interface, added information about add-ons, tracking protection mechanisms, and CORS (Cross-Origin Resource Sharing) restrictions that caused the request to be blocked.
In addition to innovations and bug fixes in Firefox 78
eliminated , of which several are marked as critical, i.e. can lead to malicious code being executed when specially designed pages are opened. Details of the security issues that have been fixed are not available at this time, and a list of vulnerabilities is expected to be published within a few hours.
Source: opennet.ru