Isiphequluli sewebhu sikhululiwe Futhi IFirefox 68.6 yesikhulumi se-Android. Ngaphezu kwalokho, isibuyekezo senziwe ukwesekwa kwesikhathi eside . Uyeza maduze esiteji igatsha leFirefox 75 lizohamba, ukukhululwa kwalo kuhlelelwe u-Ephreli 7 (iphrojekthi amaviki angu-4-5 ). Okwegatsha le-beta yeFirefox 75 ekwakheni ye-Linux ngefomethi ye-Flatpak.
:
- I-Linux yakha isebenzisa indlela yokuhlukanisa , okuhloswe ngayo ukuvimba ukuxhashazwa kobungozi kumalabhulali omsebenzi wezinkampani zangaphandle. Kulesi sigaba, ukuhlukaniswa kuvunyelwe kuphela kulabhulali , unomthwalo wemfanelo wokunikeza amafonti. I-RLBox ihlanganisa ikhodi ye-C/C++ yelabhulali engayodwa ibe ikhodi emaphakathi yezinga eliphansi ye-WebAssembly, ebese iklanywa njengemojula ye-WebAssembly, izimvume zayo ezisethwe ngokuphathelene nale mojula kuphela. Imojuli ehlanganisiwe isebenza endaweni ehlukile yememori futhi ayinakho ukufinyelela kuso sonke isikhala sekheli. Uma ubungozi kulabhulali kusetshenziswa, umhlaseli uzokhawulelwa futhi ngeke akwazi ukufinyelela izindawo zememori zenqubo eyinhloko noma ukulawula ukudlulisa ngaphandle kwendawo eqhelile.
- I-DNS phezu kwemodi ye-HTTPS (DoH, DNS phezu kwe-HTTPS) kubasebenzisi base-US. Umhlinzeki we-DNS ozenzakalelayo yi-CloudFlare (mozilla.cloudflare-dns.com Π² Roskomnadzor), kanye ne-NextDNS iyatholakala njengenketho. Shintsha umhlinzeki noma uvule i-DoH kwamanye amazwe ngaphandle kwase-US, kumasethingi okuxhumana kwenethiwekhi. Ungafunda kabanzi nge-DoH kuFirefox ku .
- ukwesekwa kwephrothokholi ye-TLS 1.0 ne-TLS 1.1. Ukuze ufinyelele amasayithi ngeshaneli yokuxhumana evikelekile, iseva kufanele inikeze ukwesekwa okungenani kwe-TLS 1.2. Ngokusho kwe-Google, okwamanje cishe u-0.5% wokulandwa kwamakhasi ewebhu kusaqhubeka ukwenziwa kusetshenziswa izinguqulo eziphelelwe yisikhathi ze-TLS. Ukuvala shaqa kwenziwe ngokuvumelana I-IETF (I-Internet Engineering Task Force). Isizathu sokwenqaba ukusekela i-TLS 1.0/1.1 ukuntula ukusekelwa kwama-ciphers wesimanje (isibonelo, i-ECDHE ne-AEAD) kanye nemfuneko yokusekela ama-ciphers amadala, ukwethembeka okubuzwayo kulesi sigaba samanje sokuthuthukiswa kobuchwepheshe bekhompyutha ( isibonelo, usekelo lwe-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA luyadingeka, i-MD5 isetshenziselwa ukuhlola ubuqotho nokuqinisekisa kanye ne-SHA-1). Uma uzama ukusebenzisa i-TLS 1.0 ne-TLS 1.1 kuqala ngeFirefox 74, iphutha lizovela. Ungakwazi ukubuyisela amandla okusebenza nezinguqulo ze-TLS eziphelelwe yisikhathi ngokusetha security.tls.version.enable-deprecated = true noma ngokusebenzisa inkinobho ekhasini lephutha eliboniswa lapho uvakashela isayithi elinephrothokholi endala.
- Inothi lokukhishwa lincoma isengezo , evimba ngokuzenzakalelayo amawijethi e-Facebook enkampani yangaphandle asetshenziselwa ukufakazela ubuqiniso, ukubeka amazwana, nokuthanda. Imingcele yokuhlonza ye-Facebook ibekwe yodwa esitsheni esihlukile, okwenza kube nzima ukuhlonza umsebenzisi namasayithi abawavakashelayo. Ikhono lokusebenza nesizinda esikhulu se-Facebook lihlala, kodwa lihlukanisiwe kwamanye amasayithi.
Ukuze uthole ukuhlukaniswa okuguquguqukayo okwengeziwe kwamasayithi angenangqondo, kuphakanyiswa isengezo ngokuqaliswa komqondo weziqukathi zokuqukethwe. Iziqukathi zinikeza ikhono lokuhlukanisa izinhlobo ezahlukene zokuqukethwe ngaphandle kokudala amaphrofayili ahlukene, okukuvumela ukuthi uhlukanise ulwazi lweqembu ngalinye lamakhasi. Isibonelo, ungakha izindawo ezihlukene, ezizimele zokuxhumana komuntu siqu, umsebenzi, ukuthenga nokubhanga, noma uhlele ukusetshenziswa ngesikhathi esisodwa kwama-akhawunti abasebenzisi ahlukene kusayithi elilodwa. Isiqukathi ngasinye sisebenzisa izitolo ezihlukene zamakhukhi, i-API Yesitoreji Sendawo, i-indexedDB, inqolobane, nokuqukethwe kwe-OriginAttributes.
- Kwengezwe isilungiselelo esithi βbrowser.tabs.allowTabDetachβ kokuthi mayelana:config ukuvimbela amathebhu ukuthi angahlukaniseki kumawindi amasha. Ukuhlukaniswa kwethebhu ngengozi kungenye yeziphazamisi zeFirefox ezicasula kakhulu ezidinga ukulungiswa. Iminyaka engu-9. Isiphequluli sivumela igundane ukuthi lihudulele ithebhu efasiteleni elisha, kodwa ngaphansi kwezimo ezithile ithebhu ikhishwa efasiteleni elihlukile ngesikhathi sokusebenza lapho igundane lihamba ngokunganaki ngenkathi lichofoza ithebhu.
- ukwesekwa kwezengezo ezifakwe ngendlela ezungezayo futhi ezingaboshelwe kumaphrofayela omsebenzisi. Ushintsho luthinta kuphela ukufakwa kwezengezo kunkhombandlela okwabelwana ngayo (/usr/lib/mozilla/extensions/, /usr/share/mozilla/extensions/ noma ~/.mozilla/extensions/) ezicutshungulwe yizo zonke izimo zeFirefox ohlelweni ( ayihlobene nomsebenzisi) . Le ndlela ivamise ukusetshenziselwa ukufaka izengezo ngaphambilini ekusabalaliseni, ukufaka esikhundleni okungacelwanga nezinhlelo zokusebenza zezinkampani zangaphandle, ukuhlanganisa izengezo ezinonya, noma ukuletha isengezo ngokuhlukana nesifaki saso. KuFirefox 73, izengezo ebezifakwe ngenkani ngaphambilini zihanjiswe ngokuzenzakalelayo zisuka kuhla lwemibhalo okwabelwana ngazo zayiswa kumaphrofayili womsebenzisi ngamunye futhi manje sezingakwazi ukufakwa. ngokusebenzisa umphathi wesengezo ojwayelekile.
- Kusengezo sesistimu ye-Lockwise esifakwe esipheqululini, esinikeza isixhumi esibonakalayo "sokumayelana: nokungena" sokuphatha amaphasiwedi agciniwe, hlela ngokulandelana (Z ukuya ku-A).
- I-WebRTC ikhulise ukuvikeleka ekuvuzeni kolwazi mayelana nekheli le-IP langaphakathi phakathi nezwi nezingcingo zevidiyo kusetshenziswa "", ukufihla ikheli lendawo ngemuva kwesihlonzi esingahleliwe esitholwe nge-Multicast DNS.
- Kushintshwe indawo yeswishi yokubuka isithombe esesithombeni edlula inkinobho yesithombe esilandelayo kusixhumi esibonakalayo sokulayisha isithombe senqwaba ku-Instagram.
- Ku-JavaScript u-opharetha "?.", eklanyelwe ukuhlola ngesikhathi esisodwa lonke uchungechunge lwezakhiwo noma izingcingo. Isibonelo, ngokucacisa okuthi "db?.user?.name?.length" ungakwazi manje ukufinyelela inani elithi "db.user.name.length" ngaphandle kokuhlolwa kokuqala. Uma noma iyiphi i-elementi icutshungulwa njengelilize noma ingachazwanga, okukhiphayo ngeke "kuchazwe".
- ukusekela kumawebhusayithi kanye nezengezo zendlela ye-Object.toSource() kanye nomsebenzi womhlaba jikelele uneval().
- Kwengezwe umcimbi omusha kanye nempahla ehlobene , okukuvumela ukuthi ushayele isibambi lapho umsebenzisi eshintsha ulimi lwesixhumi esibonakalayo.
- Ukucubungula unhlokweni we-HTTP kunikwe amandla (), okuvumela amasayithi ukuthi avimbele ukufakwa kwezisetshenziswa (isibonelo, izithombe nezikripthi) ezilayishwa zisuka kwezinye izizinda (imvelaphi ehlukene kanye nesizinda esiphambene). Unhlokweni ungathatha amanani amabili: "imvelaphi efanayo" (ivumela kuphela izicelo zezinsiza ezinohlelo olufanayo, igama lomsingathi kanye nenombolo yembobo) kanye "nesayithi elifanayo" (ivumela kuphela izicelo ezisuka kusayithi elifanayo).
I-Cross-Origin-Resource-Policy: isayithi elifanayo
- Unhlokweni we-HTTP unikwe amandla ngokuzenzakalela , okukuvumela ukuthi ulawule ukuziphatha kwe-API futhi unike amandla izici ezithile (isibonelo, ungakhubaza ukufinyelela ku-Geolocation API, ikhamera, imakrofoni, isikrini esigcwele, ukudlala ngokuzenzakalela, imidiya ebethelwe, i-animation, i-Payment API, imodi ye-XMLHttpRequest evumelanayo, njll.). Kumabhulokhi we-iframe, isibaluli esithi β", engasetshenziswa kukhodi yekhasi ukunikeza amalungelo kumabhulokhi athile e-iframe.
Inqubomgomo Yesici: imakrofoni 'akekho'; i-geolocation 'akekho'
Uma isayithi livumela, ngesibaluli βsokuvumelaβ, ukusebenza ngesisetshenziswa se-iframe ethile, futhi isicelo sitholwa ku-iframe ukuze sithole izimvume zokusebenza nale nsiza, isiphequluli manje sibonisa ingxoxo yokunikeza izimvume umongo wekhasi eliyinhloko futhi idlulisa amalungelo aqinisekiswe umsebenzisi ku-iframe (esikhundleni sokuqinisekisa okuhlukile kwe-iframe nekhasi eliyinhloko). Kodwa, uma ikhasi eliyinhloko lingenayo imvume yesisetshenziswa esicelwe ngesibaluli esivumelekile, i-iframe ifinyelela insiza ngokushesha. , ngaphandle kokubonisa ibhokisi kumsebenzisi.
- Ukusekelwa kwezakhiwo ze-CSS 'kunikwe amandla ngokuzenzakalela'β, okunquma indawo yokudwetshelwa kombhalo (isibonelo, lapho ubonisa umbhalo uqonde mpo, ungahlela ukudwebela kwesokunxele noma kwesokudla, futhi lapho ubonisa ngokuvundlile, hhayi kuphela kusuka ngezansi, kodwa futhi kusuka phezulu). Ukwengeza ezicini ze-CSS ezilawula isitayela sokudwebela ΠΈ Kwengezwe usekelo lokusebenzisa amanani amaphesenti.
- Endaweni ye-CSS , echaza isitayela somugqa ozungeze izici, ishintsha ngokuzenzakalelayo kokuthi "okuzenzakalelayo" (ngaphambilini ngenxa yezinkinga ku-GNOME).
- Ku-JavaScript debugger ikhono lokususa amaphutha Abasebenzi Bewebhu abafakwe esidlekeni, ukwenziwa kwakho okungamiswa futhi kulungiswe isinyathelo ngesinyathelo kusetshenziswa ama-breakpoint.
- Isixhumi esibonakalayo sokuhlola ikhasi lewebhu manje sinikeza izexwayiso zezakhiwo ze-CSS ezincike ku-z-inkomba, phezulu, kwesokunxele, ngezansi, kanye nezinto ezibekwe kwesokudla.
- Ku-Windows ne-macOS, ikhono lokungenisa amaphrofayili esipheqululini se-Microsoft Edge ngokusekelwe enjini yeChromium selisetshenzisiwe.
Ngaphezu kwezinto ezintsha nokulungiswa kweziphazamisi kuFirefox 74, , okuyi-10 (eqoqwe ngaphansi ΠΈ ) amakwe njenganamandla okuholela ekwenzeni ikhodi yomhlaseli lapho evula amakhasi aklanywe ngokukhethekile. Ake sikukhumbuze ukuthi izinkinga zememori, njengokuchichima kwe-buffer kanye nokufinyelela ezindaweni zememori esezivele zikhululiwe, kamuva nje zimakwa njengeziyingozi, kodwa ezingabalulekile.
Source: opennet.ru