ProHoster > Blog > internet news > Firefox 93 release

Firefox 93 release

The release of the Firefox 93 web browser took place. In addition, an update was formed for the branches with a long support period - 78.15.0 and 91.2.0. The Firefox 94 branch has been moved to the beta testing stage and is scheduled for release on November 2nd.

Main innovations:

  • By default, support for the AVIF (AV1 Image Format) image format is enabled, which uses intra-frame compression technologies from the AV1 video encoding format. Color spaces with a full and limited range of colors are supported, as well as transformation operations (rotation and mirroring). Animation is not yet supported. The 'image.avif.compliance_strictness' parameter is provided in about:config to configure compliance with the specification. The value of the ACCEPT HTTP header has been changed from default to "image/avif,image/webp,*/*".
  • The WebRender engine, which is written in the Rust language, has been upgraded to the category of mandatory. For systems with older graphics cards or problematic graphics drivers, WebRender uses software rasterization mode (gfx.webrender.software=true). The option to disable WebRender (gfx.webrender.force-legacy-layers and MOZ_WEBRENDER=0) has been deprecated.
  • Improved Wayland protocol support. A layer has been added that solves clipboard problems in environments based on the Wayland protocol. Also included are changes to get rid of flicker when using Wayland when moving a window to the edge of the screen in multi-monitor configurations.
  • The built-in PDF viewer has the ability to open documents with interactive XFA forms, commonly used in electronic forms of various banks and government agencies.
    Firefox 93 release
  • Enabled protection against downloading files served via HTTP without encryption, but initiated from pages opened via HTTPS. Such downloads are not protected from spoofing as a result of control over transit traffic, but since they are made by moving from pages opened via HTTPS, the user may get a false impression that they are secure. When attempting to download such data, the user will be shown a warning that allows them to cancel the block if desired. Additionally, downloading files from sandboxed iframes that do not explicitly include the allow-downloads attribute is now prohibited and will be silently blocked.
    Firefox 93 release
  • Implementation of the SmartBlock mechanism has been improved, which is designed to solve problems on sites that arise due to blocking external scripts in private browsing mode or when strict blocking of unwanted content (strict) is activated. SmartBlock automatically replaces the scripts used for tracking with stubs that ensure the correct loading of the site. Stubs have been prepared for some popular Disconnect-listed user tracking scripts. The new version includes adaptive blocking of Google Analytics scripts, Google ad networks scripts and widgets of Optimizely, Criteo and Amazon TAM services.
  • In private browsing and strict inappropriate content blocking modes, additional protection of the "Referer" HTTP header is enabled. In these modes, sites are now prohibited from enabling the "no-referrer-when-downgrade", "origin-when-cross-origin" and "unsafe-url" policies via the Referrer-Policy HTTP header, which allow, bypassing the default settings, to return the transmission of the full URL to third-party sites in the "Referer" header. Recall that in Firefox 87, in order to block potential leaks of confidential data, the β€œstrict-origin-when-cross-origin” policy was activated by default, which implies cutting paths and parameters from the β€œReferer” when sending a request to other hosts when accessing HTTPS, passing an empty β€œReferer” when switching from HTTPS to HTTP and passing a full β€œReferer” for internal transitions within the same site. But the effectiveness of the change was questionable, since sites could return the old behavior through manipulations with the Referrer-Policy.
  • On the Windows platform, support for automatically unloading tabs from memory is implemented if the level of free memory in the system reaches critically low values. First of all, the tabs that consume the most memory and that the user has not accessed for a long time are unloaded. When you switch to an unloaded tab, its contents are automatically reloaded. In Linux, the specified functionality is promised to be added in one of the next releases.
  • The design of the panel with the list of downloads is brought to the general visual style of Firefox.
    Firefox 93 release
  • In the compact mode, the indents between the elements of the main menu, overflow menu, bookmarks and browsing history have been reduced.
    Firefox 93 release
  • SHA-256 has been added to the number of algorithms that can be used to organize authentication (HTTP Authentication) (previously only MD5 was supported).
  • TLS ciphers that use the 3DES algorithm are disabled by default. For example, the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is susceptible to the Sweet32 attack. The return of 3DES support is possible with explicit permission in the settings of old versions of TLS.
  • On macOS, we've fixed an issue where sessions were lost when starting Firefox from a mounted ".dmg" file.
  • Implemented user interface for visual input of date and time for web form element .
    Firefox 93 release
  • For elements with the aria-label or aria-labelledby attribute, the meter role (role="meter") is implemented, which allows you to implement indicators of numerical values ​​that change in a certain range (for example, battery charge indicators).
    Firefox 93 release
  • Added support for the "small-caps" keyword to the font-synthesis CSS property.
  • The Intl.supportedValuesOf() method has been implemented, returning an array of supported calendars, currencies, calculus systems, and units of measurement.
  • Classes are provided with the ability to use static initialization blocks to group code that is executed once when the class is processed: class C { // The block will be run when the class itself is processed static { console.log("C's static block"); } }
  • Added support for calling HTMLElement.attachInternals to access additional form control methods.
  • The shadowRoot attribute has been added to the ElementInternals method, allowing native elements to access their own separate root in the Shadow DOM, regardless of state.
  • Support for the imageOrientation and premultiplyAlpha properties has been added to the createImageBitmap() method.
  • A global reportError() function has been added to allow scripts to print errors to the console, emulating the occurrence of an uncaught exception.
  • Improvements in the version for the Android platform:
    • When launched on tablets, buttons "forward", "back" and "page reload" were added to the panel.
    • Automatic filling of logins and passwords in web forms is enabled by default.
    • Added the ability to use Firefox as a password manager to fill in logins and passwords in other apps (enabled via "Settings" > "Logins and passwords" > "Autofill in other apps").
    • Added "Settings" > "Logins and passwords" > "Saved Logins" > "Add Login" page for manually adding credentials to the password manager.
    • Added "Settings" > "Data collection" > "Studies and switch off" page, which allows you to opt out of testing experimental features.

In addition to innovations and bug fixes, Firefox 93 fixes 13 vulnerabilities, of which 10 are marked as dangerous. 9 vulnerabilities (collected under CVE-2021-38500, CVE-2021-38501 and CVE-2021-38499) are caused by memory problems, such as buffer overflows and access to already freed memory areas. These issues can potentially lead to malicious code being executed when specially designed pages are opened.

The beta release of Firefox 94 notes the implementation of a new "about:unloads" service page where the user can force certain tabs to be unloaded without closing them to reduce memory consumption (the content will be reloaded when switching to a tab).

Source: opennet.ru

Add a comment