Firefox 86 release

The Firefox 86 web browser has been released. In addition, an update to the long-term support branch 78.8.0 has been formed. The Firefox 87 branch has been moved to the beta testing stage and is scheduled for release on March 23rd.

Main innovations:

• In the strict mode of blocking unwanted content (strict), the Total Cookie Protection mode is activated, in which a separate isolated cookie storage is used for each site. The proposed isolation method does not allow the use of cookies to track movement between sites, since all cookies set from third-party blocks loaded on the site are now tied to the main site and are not transmitted when accessing these blocks from other sites. As an exception, cross-site cookie transfer is reserved for services not related to user tracking, such as those used for single authentication. Information about blocked and allowed cross-site cookies is displayed in the menu shown when you click on the shield symbol in the address bar.
• For all users, a new interface for previewing a document before printing is activated and integration with the printer's system settings is provided. The new interface works similarly to reader mode and results in a preview opening in the current tab, replacing the existing content. The sidebar offers tools for selecting a printer, setting the page format, changing print settings, and controlling whether headers and backgrounds are printed.
• The rendering operations of Canvas and WebGL elements have been moved to a separate process responsible for offloading operations to the GPU. The change significantly improved the stability and performance of sites using WebGL and Canvas.
• All code related to video decoding has been moved to the new RDD process, which has improved security by isolating video handlers in a separate process.
• The Linux and Android builds include protection against stack/heap manipulation attacks. Protection is based on the use of the “-fstack-clash-protection” option, when specified, the compiler substitutes probe calls (probe) for each static or dynamic allocation of space for the stack, which allow you to detect stack overflows and block attack methods based on stack and heap intersection , related to the forwarding of the execution flow through the guard pages of the stack protection.
• In reader mode, it became possible to view HTML pages saved on the local system.
• By default, support for the AVIF (AV1 Image Format) image format is enabled, which uses intra-frame compression technologies from the AV1 video encoding format. The container for distributing compressed data in AVIF is completely similar to HEIF. AVIF supports both images in HDR (High Dynamic Range) and Wide-gamut color space, as well as in standard dynamic range (SDR). Previously, enabling AVIF required setting the "image.avif.enabled" option in about:config.
• Enabled support for opening multiple windows with video in Picture-in-Picture mode at the same time.
• Support for the experimental SSB (Site Specific Browser) mode has been discontinued, which allowed creating a separate shortcut for the site to launch without browser interface elements, with a separate taskbar icon, similar to full-fledged OS applications. As reasons for the termination of support, the presence of unresolved problems, dubious benefits for desktop users, limited resources and a desire to direct them to the development of core products are mentioned.
• For WebRTC connections (PeerConnections), support for the DTLS 1.0 (Datagram Transport Layer Security) protocol, based on TLS 1.1 and used in WebRTC to transmit audio and video, has been discontinued. Instead of DTLS 1.0, it is recommended to use DTLS 1.2 based on TLS 1.2 (DTLS 1.3 specification based on TLS 1.3 is not ready yet).
• CSS includes an image-set() function that allows you to select an image from a set of options with different resolutions that is most suitable for the current screen settings and network bandwidth. background-image: image-set( "cat.png" 1dppx, "cat-2x.png" 2dppx, "cat-print.png" 600dpi);
• The "list-style-image" CSS property, which is used to define an image for labels in a list, allows any form of image definition via CSS.
• The CSS includes the ":autofill" pseudo-class, which allows you to track the automatic filling of the fields in the input tag by the browser (the selector does not work with manual filling). input:autofill { border: 3px solid blue; }
• JavaScript includes the built-in Intl.DisplayNames object by default, through which you can get the localized names of languages, countries, currencies, date elements, etc. let currencyNames = new Intl.DisplayNames(['en'], {type: 'currency'}); currencyNames.of('USD'); // "US Dollar" currencyNames.of('EUR'); // Euro
• The DOM ensures that the value of the "Window.name" property is reset to an empty value when loading in a tab of a page with a different domain and the old value is restored when the "back" button is pressed and returning to the old page.
• A utility has been added to the web developer tools that displays a warning when setting margins (margin or padding) in CSS for internal table elements.
• The toolbar for web developers shows the number of errors on the current page. When you click on the red indicator with the number of errors, you can immediately go to the web console to view the list of errors.

In addition to innovations and bug fixes, Firefox 86 fixes 25 vulnerabilities, of which 18 are marked as dangerous. 15 vulnerabilities (collected under CVE-2021-23979 and CVE-2021-23978) are caused by memory problems such as buffer overflows and access to already freed memory areas. These issues can potentially lead to malicious code being executed when specially designed pages are opened.

The beta branch of Firefox 87 is notable for disabling the backspace key handler by default outside the context of input forms. The handler was removed because the Backspace key is heavily used when typing in forms, but when the input form is not focused, it is treated as a page jump, which can lead to loss of typed text due to inadvertently moving to another page. Added browser.backspace_action option to about:config to revert old behavior. In addition, when using the search function on the page, labels are now displayed next to the scroll bar to indicate the position of the found keys. Significantly simplified the Web Developer menu and removed rarely used items from the Library menu.

Source: opennet.ru