Firefox 48 Stable will be released on August 2, 2016 according to the Firefox release schedule. Firefox 48 is a major release that makes add-on signing mandatory on Stable and Beta versions of the browser, and introduces multi-process functionality to the first batch of users (who don't run any add-ons).

Firefox 47.0.1 and earlier versions can be updated to Firefox 48. Additionally, updates for Firefox Beta, Developer, Nightly and Firefox ESR are released on August 2, 2016 as well.

Firefox Beta is updated to 49.0, Firefox Developer to 50.0, Firefox Nightly to 51.0, and Firefox ESR to 45.3.

Executive Summary

Firefox extension signing is enforced on Stable and Beta versions of Firefox. Users can no longer disable the requirement. Developer, Nightly, ESR and unbranded builds are provided that still ship with the functionality. About 1% of Firefox 48 users who don't run add-ons will have the new multi-process architecture enabled for them. Support for Mac OSX 10.6, 10.7 and 10.8 ends. Firefox will continue to function on those platforms, but won't receive new features or security updates anymore.

Firefox 48 download and update

The majority of Firefox users will receive 48 via the browser's update mechanics. Firefox supports automatic updates but may also be configured for manual checks or no checks at all.

Please note that the new version is released on August 2, 2016, and that it may not be available at the time of publication of this review.

You may check for updates by tapping on the Alt-key on the keyboard, and selecting Help > About Firefox from the menu. This runs a manual check for updates, and displays the current version and channel.

If Firefox is configured to download and install updates automatically, that is what is going to happen if the update is picked up. If not, you get options to download and install it manually instead.

You may download all editions of Firefox using the links below instead.

Firefox 48 Changes

Add-on signing enforcement

Firefox Stable and Beta users may no longer disable add-on signing in their versions of the browser. This blocks them from installing unsigned add-ons in Firefox. Unsigned add-ons are all add-ons that have not been submitted to Mozilla for signing.

Firefox displays "This add-on could not be installed because it has not been verified" when you try to install an unsigned add-on in Stable or Beta versions of the browser.

This means that it is no longer possible to install add-ons from third-party sources in Firefox, or old add-ons, if they have not been signed.

There is no way around this other than switching to another Firefox channel that still offers a switch to turn the functionality off.

Firefox Developer, Nightly, ESR and unbranded builds fall in that category.

Multi-process Firefox roll out

The second major change is the roll out of multi-process Firefox. The feature separates content which, according to Mozilla, improves the browser's stability, performance and security.

About 1% of users who have not installed a single add-on in Firefox will get it in the beginning. Mozilla plans to increase the figure over time.

Load about:support and check the "multiprocess windows" value to find out whether it is enabled in the browser.

Check out our Firefox multi-process overview for additional details.

Firefox Download Protection improvements

Firefox 48 ships with several changes designed to protect users better against unwanted or outright malicious downloads.

First of all, Firefox 48's Safe Browsing implementation supports the two new categories potentially unwanted software and uncommon downloads.

The first warns Firefox users when they download executable files that may contain adware, the second when a file is not very popular.

The change goes hand in hand with user interface changes. The download icon, displayed by default in the main Firefox toolbar, displays malicious downloads with a red exclamation mark, and potentially unwanted programs or uncommon applications with a yellow exclamation mark.

That's not all though. When you click on the download icon to display the last downloads, the default action for each download may either be open or remove.

For potentially unwanted downloads and uncommon downloads, open is the default action indicated by a folder icon. For file downloads identified as malicious it is remove and indicated by an x-icon.

Downloaded files are not opened or removed right away though. Firefox displays prompts that explain the risks of opening the file or allowing the download.

The following three screenshots show the prompts for potentially unwanted, uncommon and malicious downloads in that order.

Experienced users may override any of the prompts or warnings by right-clicking on files and selecting the "allow download" option. This is useful if a download is marked as problematic erroneously.

Firefox users find more control over the download protection functionality under Security in the preferences.

The new "block dangerous and deceptive content" preference is listed on about:preferences#security. You may turn the feature off completely there, or turn if off for dangerous downloads, or unwanted or uncommon downloads separately.

Note: You may notice that the options to "block reported attack sites" and "block reported web forgeries" are no longer provided. While I have no confirmation yet, it appears that "block dangerous and deceptive content" fills that role now.

Experienced users may control safe browsing on about:config or in a user.js file just like before:

browser.safebrowsing.malware.enabled - Set this to false to block malware protection and unwanted downloads protection.

Up to Firefox 49: browser.safebrowsing.enabled - This preference turns off phishing protection.

From Firefox 50 on: browser.safebrowsing.phishing.enabled - Set this to false to turn off phishing protection.

All Safe Browsing preferences are listed on the Mozilla Wiki.

Other changes

Developer Changes

Temporary Add-on Reloading

Add-on developers and users may load temporary add-ons in Firefox using the about:debugging page. This can be useful for add-on testing during development, or testing an add-on without installing it permanently in the browser.

Any change made to a temporary loaded add-on required the browser to be restarted. This changes with Firefox 48, as it is now possible to reload extension that are temporarily loaded. (Bug 1246030)

Firebug theme

Firefox 48 ships with a new Developer theme. Besides dark and light variants, it is now also possible to load the Firebug theme which resembles the popular Firefox developer add-on.

Firebug functionality is or will be integrated in Firefox natively, and the add-on itself won't receive any more updates because of it.

Other Developer changes

DOM Inspector (Bug 1201475)

Font Inspector enabled by default (Bug 128121)

HTTP Log Inspection in Web Console (Bug 1211525)

Improved CSS properties suggestions (Bug 1168246)

Position of elements can be changed in content now (Bug 1139187)

Check the resources section at the bottom of the article for links to full Developer change logs.

Firefox for Android

Making Firefox the default browser is easier on Android 6 and up

To make Firefox the default on Android 6 Marshmallow and higher, do the following:

Tap on Settings. Select Apps. Tap on the gear icon. Tap on Default Apps. Tap Browser app. Tap Firefox on the list.

The previous process which is still valid for older Android versions required a lengthy process detailed here.

Other Firefox 48 for Android changes

Add frequently visited sites to the home screen for faster access. Amazon product search suggestions now supported. Firefox 48 for Android users get control over web notifications. Firefox restores tabs by default. You may change that under Advanced Settings. Mobile history is prioritized over desktop history. New action bar for Android 6 and higher that floats near selected text. New Firefox for Android users get clearer options to sync from the history panel. Qwant is a search option for French, United Kingdom English and German locales. Reading List moved to the Bookmarks panel. Support for Android 2.3 has ended. Sync Tabs is now in the History panel. Video controls got a new look.

Firefox 48.0.1

Firefox 48.0.1 was released on August 18, 2016. It is a bug fix release that resolves the following issues:

Audio regression impacting major sites like Facebook.

Top crash in JavaScript engine, startup crash caused by Websense, another top crash caused by plugin issues, and a WebRTC crash.

Unsigned add-on issue on Windows.

A shutdown issue.

Different behavior between e10s and non-e10s in regards to select and mouse events.

Firefox 48.0.2

Mozilla released Firefox 48.0.2 on August 24, 2016. It fixes a startup crash issue caused by Wensense on Windows only.

Security updates / fixes

Security updates and fixes are announced after the release of Firefox 48. This guide will be updated when that happens.

2016-84 Information disclosure through Resource Timing API during page navigation

2016-83 Spoofing attack through text injection into internal error pages

2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android

2016-81 Information disclosure and local file manipulation through drag and drop

2016-80 Same-origin policy violation using local HTML file and saved shortcut file

2016-79 Use-after-free when applying SVG effects

2016-78 Type confusion in display transformation

2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback

2016-76 Scripts on marquee tag can execute in sandboxed iframes

2016-75 Integer overflow in WebSockets during data buffering

2016-74 Form input type change from password to text can store plain text password in session restore file

2016-73 Use-after-free in service workers with nested sync events

2016-72 Use-after-free in DTLS during WebRTC session shutdown

2016-71 Crash in incremental garbage collection in JavaScript

2016-70 Use-after-free when using alt key and toplevel menus

2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter

2016-68 Out-of-bounds read during XML parsing in Expat library

2016-67 Stack underflow during 2D graphics rendering

2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes

2016-65 Cairo rendering crash due to memory allocation issue with FFMpeg 0.10

2016-64 Buffer overflow rendering SVG with bidirectional content

2016-63 Favicon network connection can persist when page is closed

2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

Additional information / sources

Now You: Which feature or change are you the most excited about? Did we miss a new feature or change? Let us know in the comments.

Summary Article Name Firefox 48 Release: Find out what is new Description Find out what is new or changed in the latest stable version of the Firefox desktop browser and Firefox for Android, Firefox 48 out August 3, 2016. Author Martin Brinkmann Publisher Ghacks Technology News Logo

Advertisement