Firefox Changelog GO

What's new in Firefox 81.0 September 22, 2020 New:

You can pause and play audio or video in Firefox right from your keyboard or headset, giving you easy access to control your media when in another Firefox tab, another program, or even when your computer is locked.

In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences.

For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. To ensure the smoothest experience, this will be rolling out to users gradually.

Firefox supports AcroForm, which will soon allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.

Our users in Austria, Belgium and Switzerland using the German version of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. In addition to Firefox’s new tab, Pocket is also available as an app on iOS and Android.

Fixed:

Various security fixes.

We’ve fixed a bug for users of language packs where the default language was reset to English after Firefox updates.

Browser native HTML5 audio/video controls received several important accessibility fixes:

Audio/video controls remain accessible to screen readers even when they are temporarily hidden visually.

Audio/video elapsed and total time are now accessible to screen readers where they weren't previously.

Various unlabelled controls are now labelled making them identifiable to screen readers.

Screen readers no longer intrusively report progress information unless the user requests it.

Changed:

You will soon find Picture-in-Picture more easily on all the videos you watch with new iconography.

The bookmarks toolbar is now automatically revealed once bookmarks are imported into Firefox, making it easier to find your most important websites.

We have expanded our supported file types - .xml, .svg, and .webp - so files you’ve downloaded can be opened right in Firefox.

Enterprise:

Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 81 Release Notes.

Developer:

TypeScript files are now properly identified in the Debugger panel and labeled with corresponding icons making it easier for you to find these files in the list.

HTTP JSON responses using XSSI prevention characters are properly parsed and JSON data presented in a form of an expandable tree. This allows easy inspection of such HTTP responses through traditional (expandable) tree UI.

It’s possible to pause on script first statement, which is useful e.g. in cases where developers want to debug side effects caused by script execution or timers.

The color vision deficiency simulation in the accessibility panel of Developer Tools is now more accurate. We removed protanomaly, deuteranomaly and tritanomaly and aded achromatopsia.

New in Firefox 80.0.1 (September 1, 2020) Fixed:

Fixed a performance regression when encountering new intermediate CA certificates (bug 1661543)

Fixed crashes possibly related to GPU resets (bug 1627616)

Fixed rendering on some sites using WebGL (bug 1659225)

Fixed the zoom-in keyboard shortcut on Japanese language builds (bug 1661895)

Fixed download issues related to extensions and cookies (bug 1655190)

Changes for web developers:

Developer Tools:

You can now block and unblock network requests using the :block and :unblock helper commands in the Web Console. (Refer to bug 1546394)

When adding a class to an element in the Page Inspector's Rules pane, existing classes are suggested with autocomplete. (Refer to bug 1492797)

When the Debugger breaks on an exception, the tooltip in the source pane now shows disclosure triangle that reveals a stack trace. (Refer to bug 1643633)

In the Network Monitor request list, a turtle icon is shown for "slow" requests that exceed a configurable threshhold for the waiting time. (Refer to bug 1648373)

CSS:

The standard, unprefixed appearance property is now supported; existing -moz-appearance and -webkit-appearance will be the aliases of the unprefixed property (bug 1620467).

JavaScript:

The ECMAScript 2021 export * as namespace syntax for the export statement is now supported (bug 1496852).

HTTP

Previously, when the fullscreen directive was applied to an <iframe> (i.e. via the allow attribute), it didn't work unless the allowfullscreen attribute was also present This has now been fixed (bug 1608358).

APIs:

DOM:

Web Animations API compositing operations are now enabled — see KeyframeEffect.composite and KeyframeEffect.iterationComposite (bug 1652676).

Media, WebRTC, and Web Audio:

The Media Session API now supports the seekto action, allowing media controls to request that your code seek to a specific time offset within the media you're playing (bug 1621403).

The Media Session API also now supports the skipad action, which skips past the current advertising or promotional content to continue playing the main media content, if the capability exists and if the user's subscription or permissions level allows ad skipping (bug 1582569).

WebGL:

The KHR_parallel_shader_compile WebGL extension is now supported (bug 1536674).

Removals:

The outerHeight and outerWidth features of Window.open() are no longer exposed to web content (bug 1623826).

WebAssembly:

Atomic operations are now allowed on non-shared memories (bug 1619196).

WebDriver conformance (Marionette):

Using WebDriver:NewWindow to open a new tab returned too early when running tests in headless mode (bug 1653281).

Removed name argument for WebDriver:SwitchToWindow, which is not supported for W3C-compatible mode, and shouldn't be used anymore (bug 1588424).

Started to add Fission support for the following commands: WebDriver:FindElement, WebDriver:FindElements, WebDriver:GetElementAttribute, WebDriver:GetElementProperty.

Known issue: Opening a new tab by using WebDriver:NewWindow, or by an arbitrary script that calls window.open(), will automatically switch to that new window (bug 1661495).

New in Firefox 80.0 (August 30, 2020) New:

Firefox can now be set as the default system PDF viewer.

The name reported by accessibility tools for items in multi-tiered tree controls no longer incorrectly includes information from items at deeper levels, providing users with the correct level of content when using a screen reader.

Fixed:

Various security fixes.

Several crashes while using a screen reader were fixed including a frequently encountered crash when using the JAWS screen reader.

Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.

SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

Changed:

For users with reduced motion settings, we’ve reduced a number of animations such as tab loading to reduce motion for users with migraines and epilepsy.

The new add-ons blocklist has been enabled to improve performance and scalability.

Enterprise:

A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 80 Release Notes.

Today’s release is the final scheduled for Firefox 68 ESR (68.12) unless there is a critical security issue found prior to the release of Firefox ESR 78.3 on September 22, 2020. Users of Firefox 68 ESR will be automatically upgraded to the Firefox 78 ESR series with the release of 78.3.

Developer:

We’ve shipped an experimental sidebar panel in the inspector to Firefox Developer Edition that helps developers more quickly identify potential browser compatibility problems based on MDN data.

In the Network Monitor request list, a turtle icon is shown for "slow" requests that exceed a threshold for the waiting time.

Firefox now supports RTX and Transport-cc for improved call quality in poor network conditions and better bandwidth estimation. These features also provide better compatibility with many websites using WebRTC.

New in Firefox 79.0 (July 28, 2020) New:

We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.

Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.

Fixed:

Various security fixes.

Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.

Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.

SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

Enterprise:

A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.

Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.

Developer:

Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators.

Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.

JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.

Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.

Inspecting accessibility properties from the browser context menu is now available to all users by default.

New in Firefox 79.0 Beta (July 16, 2020) Changed:

macOS versions 10.9, 10.10 and 10.11 are no longer supported by Firefox. Users of these macOS versions are recommended to switch to Firefox ESR 78.x in order to continue receiving security updates.

New in Firefox 78.0.2 (July 16, 2020) Fixed:

Security fix

Fixed an accessibility regression in reader mode (bug 1650922)

Made the address bar more resilient to data corruption in the user profile (bug 1649981)

Fixed a regression opening certain external applications (bug 1650162)

New in Firefox 78.0.1 (July 2, 2020) Fixed:

Fixed an issue which could cause installed search engines to not be visible when upgrading from a previous release.

New in Firefox 78.0 (June 30, 2020) New:

The Protections Dashboard includes consolidated reports about tracking protection, data breaches, and password management. New features let you:

Track how many breaches you’ve resolved right from the dashboard

See if any of your saved passwords may have been exposed in a data breach

To view your dashboard, type about:protections into the address bar, or select “Protections Dashboard” from the main menu.

Because we know people try to fix problems by reinstalling Firefox when a simple refresh is more likely to solve the issue, we’ve added a Refresh button to the Uninstaller.

With this release, your screen saver will no longer interrupt WebRTC calls on Firefox, making conference and video calling in Firefox better.

We’ve rolled out WebRender to Windows users with Intel GPUs, bringing improved graphics performance to an even larger audience.

Firefox 78 is also our Extended Support Release (ESR), where the changes made over the course of the previous 10 releases will now roll out to our ESR users. Some of the highlights are:

Kiosk mode

Client certificates

Service Worker and Push APIs are now enabled

The Block Autoplay feature is enabled

Picture-in-picture support

View and manage web certificates in about:certificate

Pocket recommendations, featuring some of the best stories on the web, will now appear on the Firefox new tab for 100% of our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps.

Fixed:

Various security fixes.

We fixed bugs in the search results quality composition and improved search result texts based on recommendations by our partners.

Changed:

The minimal system requirements on Linux have been updated. Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14 or newer versions.

As part of our ongoing effort to deprecate obsolete cryptography, we have disabled all remaining DHE-based TLS ciphersuites by default.

To mitigate web compatibility issues from disabling DHE-based TLS ciphersuites, Firefox 78 enables two more AES-GCM SHA2-based ciphersuites.

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

The context menu (accessed by right clicking on a tab) lets you undo multiple tab closings with a single click and places Close Tabs to the Right and Close Other Tabs in a submenu.

A number of accessibility improvements have been made with this release:

When using the JAWS screen reader, pressing the down arrow in an HTML input control with a datalist no longer incorrectly moves the cursor to the next element after the input control.

Screen readers no longer severely lag or freeze when focusing the microphone/camera/screen sharing indicator.

Large tables with thousands of rows now load much faster for screen reader users.

Text input controls with custom styling now correctly show the focus outline when appropriate.

Screen readers no longer sometimes incorrectly switch to document browsing mode unexpectedly when the user enters the main Developer Tools window.

We reduced a number of animations such as tab hover, search bar expansion, and others to reduce motion for users with migraines and epilepsy.

Enterprise:

Enable support for client certificates stored on macOS and Windows by setting the experimental preference security.osclientcerts.autoload to true.

New policies allow you to configure application handlers, disable picture in picture, and require a master password, which will be renamed to ‘primary password’ in future releases.

Developer:

DevTools Console now logs uncaught promise errors with much more detailed names, stacks, and properties, particularly improving JavaScript framework debugging.

Debugger’s automatic mapping for minified variable names now also works for Logpoints, which makes debugger of source-mapped projects feel more seamless.

The Firefox DevTools’ Network panel now highlights which extension or CORS restriction blocked a request, so developers can make their sites more resilient and secure.

New RegExp engine in SpiderMonkey, adding support for the dotAll flag, Unicode escape sequences, lookbehind references, and named captures.

New in Firefox 77.0.1 (June 3, 2020) Fixed:

Disabled automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way (bug 1642723)

New in Firefox 77.0 (June 3, 2020) New:

Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps.

WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440).

You can view and manage web certificates more easily on the new about:certificate page.

Fixed: Various security fixes.

A number of features have been fixed to improve Firefox accessibility.

The applications list in Firefox Options is now accessible to screen reader users.

Some live regions previously didn't report updated text with the JAWS screen reader. This issue has been fixed.

Date/time inputs are now no longer missing labels for users of accessibility tools.

Changed:

The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page

New in Firefox 76.0.1 (May 10, 2020) Fixed:

Fixed a bug causing some add-ons such as Amazon Assistant to see multiple onConnect events, impairing functionality (bug 1635637)

Fixed a crash on 32-bit Windows systems with some nVidia drivers installed (bug 1635823)

New in Firefox 76.0 (May 5, 2020) New:

With today’s release, Firefox strengthens protections for your online account logins and passwords, with innovative approaches to managing your accounts during this critical time

Firefox displays critical alerts in the Lockwise password manager when a website is breached;

If one of your accounts is involved in a website breach and you've used the same password on other websites, you will now be prompted to update your password. A key icon identifies which accounts use that vulnerable password.

Automatically generate secure, complex passwords for new accounts across more of the web that are easily saved right in the browser;

You have been able to access and see your saved passwords under Logins and Passwords easily under the main menu. If your device happens to be shared among your family or roommates, the latest update helps to prevent casual snooping over your shoulder. If you don’t have a master password set up for Firefox, Windows and macOS now requires a login to your operating system account before showing your saved passwords.

Picture-in-Picture allows you to multitask, the small video window following along no matter what you are doing on your computer, across different applications and even workspaces. Now, when you are ready to focus on the video, a double click can take the small window into full screen. Double click again to reduce the size again.

Firefox now supports Audio Worklets that will allow more complex audio processing like VR and gaming on the web; and is being adopted by some of your favorite software programs.

With this change, you can now join Zoom calls on Firefox without the need for any additional downloads.

WebRender continues its roll out to more Firefox for Windows users, now available by default on modern Intel laptops with a small screen (<= 1920x1200) for improved graphics rendering.

Fixed:

Various security fixes

Changed:

Two updates to the address bar improve its usability and visibility:

The shadow around the address bar field is reduced in width when a new tab is opened;

The bookmarks toolbar has expanded slightly in size to improve its surface area for touchscreens.

Developer:

Testing mobile interactions using DevTools’ Responsive Design Mode now mimics the device behavior for handling double-tap to zoom. This builds on previous improvements to correctly rendering meta-viewport tags, allowing developers to optimize their sites for Firefox for Android without a device.

Double-clicking table headers in DevTools’ network request table now resizes the column width to fit the content, making it easier to expand the important data.

WebSocket inspection now supports ActionCable message preview, adding to the list of automatically formatted protocols like socket.io, SignalR, WAMP, etc.

New in Firefox 75.0 (April 7, 2020) With today's release, a number of improvements will help you search smarter, faster. Type less and find more with Firefox's revamped address bar:

Focused, clean search experience that's optimized for smaller laptop screens

Top sites now appear when you select the address

Improved readability of search suggestions with a focus on new search terms

Suggestions include solutions to common Firefox issues

On Linux, the behavior when clicking on the Address Bar and the Search Bar now matches other desktop platforms: a single click selects all without primary selection, a double click selects a word, and a triple click selects all with primary selection

Firefox will locally cache all trusted Web PKI Certificate Authority certificates known to Mozilla. This will improve HTTPS compatibility with misconfigured web servers and improve security.

Firefox is now available in Flatpak, an easier way to install and use Firefox on Linux.

Direct Composition is being integrated for our users on Windows to help improve performance and enable our ongoing work to ship WebRender on Windows 10 laptops with Intel graphics cards.

Fixed:

Various security fixes

Enterprise:

Experimental support for using client certificates from the OS certificate store can be enabled on macOS by setting the preference security.osclientcerts.autoload to true.

Enterprise policies may be used to exclude domains from being resolved via TRR (Trusted Recursive Resolver) using DNS over HTTPS.

New in Firefox 75.0 Beta (April 6, 2020) New:

Firefox 75 will, in the background, locally cache all trusted Web PKI Certificate Authority certificates known to Mozilla. This will improve HTTPS compatibility with misconfigured web servers.

Type less, find more with Firefox’s revamped address bar. Now, just select the address bar, and a box will expand with links to your top sites. A redesigned interface provides a focused, clean search experience that’s optimized for smaller screens. Solutions to common browser issues now provided right in the search suggestions box.

Enterprise:

Experimental support for using client certificates from the OS certificate store can be enabled on macOS by setting the preference security.osclientcerts.autoload to true (this feature has been available on Windows since Firefox 72).

New in Firefox 74.0 (March 11, 2020) New:

Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.

Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.

Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.

Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.

Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.

Security fixes:

CVE-2020-6805: Use-after-free when removing data about origins

CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion

CVE-2020-6807: Use-after-free in cubeb during stream destruction

CVE-2020-6808: URL Spoofing via javascript: URL

CVE-2020-6809: Web Extensions with the all-urls permission could access local files

CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification

CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init

CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission

CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature

CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6

CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74

We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.

Changed:

When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved allowing you to flip through to the next image of the batch.

On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar making keyboard shortcuts more useful for our users.

We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.

Developer:

Firefox’s Debugger added support for debugging Nested Web Workers, so their execution can be paused and stepped through with breakpoints

Web Platform:

Firefox has added support for the new JavaScript optional chaining operator (?.) and CSS text-underline-position.

New in Firefox 73.0.1 (February 19, 2020) Fixed:

Fixed crashes on Windows systems running third-party security software such as 0patch or G DATA (bug 1610790)

Fixed loss of browser functionality in certain circumstances such as running in Windows compatibility mode or having custom anti-exploit settings (bug 1614885)

Resolved problems connecting to the RBC Royal Bank website (bug 1613943)

Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bug 1611133)

New in Firefox 73.0 (February 18, 2020) New:

Today’s Firefox release includes two features that help users view and read website content more easily, quickly. Like all accessibility improvements, these features improve browsing for everyone.

Firefox has offered a page zoom feature for more than a decade that allows users to set the zoom level on a per-site basis. For users who need to zoom most websites, having to adjust zoom for each new site can be an annoyance. To address this, we have implemented a new global default zoom level setting. This option is available in about:preferences under "Language and Appearance" and can be scaled up or down from 100% as needed and sets the default zoom level for all sites. Per-site zoom is still available to make adjustments to individual sites as needed.

Many users with low vision rely on Windows' High Contrast Mode to make websites more readable. Traditionally, to increase the readability of text, Firefox has disabled background images when High Contrast Mode is enabled. With today’s release of Firefox 73, we introduce a “readability backplate” solution which places a block of background color between the text and background image. Now, websites in High Contrast Mode are more readable without disabling background images.

Fixed:

Various security fixes.

Improved audio quality when playing back audio at a faster or slower speed.

Firefox will now only prompt you to save logins if a field in a login form was modified.

Changed:

WebRender rollout has been expanded to include Windows 10 laptops running NVIDIA graphics cards with drivers newer than 432.00 and screen sizes smaller than 1920x1200.

Developer:

WAMP-formatted WebSocket messages (JSON, MsgPack and CBOR) are now nicely decoded for inspection in the Network panel.

Web Platform:

Improved auto-detection of legacy text encodings on old web pages which don’t explicitly declare the text encoding.

Unresolved:

Users with 0patch security software may encounter crashes at startup after updating to Firefox 73. This will be fixed in a future Firefox release. As a workaround, an exclusion for firefox.exe can be added within the 0patch settings.

New in Firefox 72.0.1 (January 9, 2020) Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1:

Announced January 8, 2020

Impact, critical

Products

Firefox, Firefox ESR

CVE-2019-17026, IonMonkey type confusion with StoreElementHole and FallibleStoreElement:

Impact, critical

Description - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.

New in Firefox 72.0 (January 8, 2020) New:

Firefox’s Enhanced Tracking Protection marks a major new milestone in our battle against cross-site tracking: we now block fingerprinting scripts by default for all users, taking a new bold step in the fight for our users’ privacy.

Firefox replaces annoying notification request pop-ups with a more delightful experience, by default for all users. The pop-ups no longer interrupt your browsing, in its place, a speech bubble will appear in the address bar when you interact with the site.

Picture-in-picture video is now also available in Firefox for Mac and Linux: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs or apps. Learn how the feature works.

Fixed:

Various security fixes

Changed:

Support for blocking images from individual domains has been removed from Firefox, because of low usage and poor user experience.

Enterprise:

Experimental support for using client certificates from the OS certificate store can be enabled by setting the preference security.osclientcerts.autoload to true (Windows only).

Developer:

Debugger Watchpoints let developers observe object property access and writes for easier to track data flow through an application.

Firefox now supports simulation of meta viewport in Responsive Design Mode.

New in Firefox 71.0 (December 4, 2019) New:

Improvements to Lockwise, our integrated password manager:

Firefox now recognizes subdomains and will autofill domain logins from Lockwise

Integrated breach alerts from Firefox Monitor are now available to users with screen readers

More information about Enhanced Tracking Protection in action:

Notifications when Firefox blocks cryptominers

A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield

Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.

Native MP3 decoding on Windows, Linux, and macOS

Fixed:

Various security fixes.

Changed:

Configuration page (about:config) reimplemented in HTML

Firefox will now ship with Catalan (Valencian) (ca-valencia), Tagalog (tl), and Triqui (trs)

Enterprise:

New kiosk mode functionality, which allows maximum screen space for customer-facing displays

Developer:

New videos every week on the Mozilla Developer YouTube channel

Improvements to the website certificate viewer, with more features and more detailed information

Improvements to the extensions downloads API for handling download failures

Extension popup windows now include the extension name instead of its moz-extension:// url when using the windows.create API

Extension-registered devtools panels now interact better with screen readers

Added support for developers, including:

DevTools’ Network panel can now inspect WebSocket messages and automatically formats a variety of framework formats

Console’s new multi-line editor mode provides an IDE-like experience that makes it convenient to iterate on longer code snippets

The Network panel’s new resource blocking can simulate the impact of tracking protection, security, service outages, and bad connectivity for more robust testing

More features and improvements can be found every release in DevTools’ “What’s New” panel in en-US

New in Firefox 70.0.1 (December 3, 2019) Fixed:

Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)

Update OpenH264 video plugin for macOS 10.15 users (Bug 1587543)

Title bar no longer shows in full screen view (Bug 1588747)

Changed:

OpenH264 video codec version bump for macOS 10.15 users (Bug 1587543)

New in Firefox 70.0 (October 24, 2019) NEW:

More privacy protections from Enhanced Tracking Protection:

Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.

The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.

More security protections from Firefox Lockwise, our digital identity and password management tool:

Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers .

Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.

Complex password generation, to help you create and save strong passwords for new online accounts.

Improvements to core engine components, for better browsing on more sites:

A faster Javascript Baseline Interpreter to handle the modern web’s

large codebases and improve page load performance by as much as 8

percent.

WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.

Compositor improvements in Firefox for macOS that reduce power

consumption, speed up page load by as much as 22 percent, and reduce resource use for video by up to 37 percent.

More browser features to help you get the most out of Firefox products and services:

A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.

A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.

When a website uses your geolocation, an indicator is shown in the

address bar.

CHANGED:

Built-in Firefox pages now follow the system dark mode preference

Aliased theme properties have been removed, which may affect some themes

Passwords can now be imported from Chrome on macOS in addition to existing support for Windows

Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.

Improved privacy and security indicators:

A new crossed-out lock icon will indicate sites delivered via

insecure HTTP

The formerly green lock icon is now grey

The Extended Validation (EV) indicator has been moved to the identity

popup that appears when clicking the lock icon

DEVELOPER:

The Developer Tools Accessibility panel now includes an audit for keyboard accessibility and a color deficiency simulator for systems with WebRender enabled

Inactive CSS: The Inspector now grays out CSS declarations that don’t affect the selected element and shows a tooltip explaining why -- and even how to fix it.

The new DOM Mutation Breakpoints in Developer Tools allows developers to diagnose when scripts add, remove or update page content. This makes debugging of complex script interactions and dependencies a lot easier.

WebExtensions developers can now inspect browser.storage.local data using the "Addon Debugging" Firefox Developer Tools.

With new network resource search in Developer Tools, you can quickly find resources based on their request and response data, including headers, cookies and content.

VARIOUS SECURITY FIXES:

CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC

CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber

CVE-2019-11757: Use-after-free when creating index updates in IndexedDB

CVE-2019-11759: Stack buffer overflow in HKDF output

CVE-2019-11760: Stack buffer overflow in WebRTC networking

CVE-2019-11761: Unintended access to a privileged JSONView object

CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation

CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique

CVE-2019-11765: Incorrect permissions could be granted to a website

CVE-2019-17000: CSP bypass using object tag with data: URI

CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified

CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped

CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

New in Firefox 69.0.3 (October 11, 2019) Fixed:

Fixed download errors for Windows 10 users with Parental Controls enabled (bug 1586228)

Fixed Yahoo mail users being prompted to download files when clicking on emails (bug 1582848)

New in Firefox 69.0.2 (October 4, 2019) Fixed:

Fixed a crash when editing files on Office 365 websites (bug 1579858)

Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)

New in Firefox 69.0 (September 18, 2019) New:

Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:

The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.

The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.

The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.

For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.

Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.

Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.

For our users on Windows 10, you’ll see performance and UI improvements:

Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).

For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.

For our users on macOS, battery life and download UI are both improved:

macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.

Finder on macOS now displays download progress for files being downloaded.

JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.

Fixed:

Various security fixes

Changed:

As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.

With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.

Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.

Enterprise:

For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.

Developer:

For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.

The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.

The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.

Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.

New in Firefox 68.0.2 (August 16, 2019) Fixed:

Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)

Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)

Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)

Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)

Fixed an error when starting external applications configured as URI handlers (bug 1567614)

Security fixes

New in Firefox 68.0.1 (July 19, 2019) Fixed:

Fixed missing Full Screen button when watching videos in full screen mode on HBO GO (bug 1562837)

Fixed a bug causing incorrect messages to appear for some locales when sites try to request the use of the Storage Access API (bug 1558503)

Users in Russian regions may have their default search engine changed (bug 1565315)

Built-in search engines in some locales do not function correctly (bug 1565779)

New in Firefox 68.0 (July 12, 2019) New:

Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.

Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.

WebRender will roll out to Windows 10 users with AMD graphics cards.

Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.

Improved extension security and discovery:

New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.

Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.

Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.

Fixed:

Various security fixes

Local files can no longer access other files in the same directory.

Changed:

Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization.

The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version.

When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it

Camera and microphone access now require an HTTPS connection.

The way non-default preferences are synced has changed. Please see this support article for more details

Enterprise:

For all operating systems, we have a number of additional policies including:

New tab page configuration and disabling

Local file links

Download behavior

Search suggestions

Managed storage for using policies in Webextensions

Extension whitelisting and blacklisting by ID and website

A subset of commonly used Firefox preferences

Developer:

Firefox Developer Tools now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks.

Added about:compat, where website-specific workarounds are listed and may be toggled. These workarounds are meant as temporary fixes for various forms of website breakage for Firefox, while the website fixes them in due time. With about:compat, it is now easy to see all of the workarounds that are active in Firefox, and easy for website developers to disable a given workaround for testing purposes.

Introduces CSS Scroll Snap module that enforces scroll snap positions.

New in Firefox 67.0.3 (June 19, 2019) Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1

New in Firefox 68.0 Beta 11 (June 18, 2019) Added about:compat, where website-specific workarounds are listed and may be toggled. These workarounds are meant as temporary fixes for various forms of website breakage for Firefox, while the website fixes them in due time. With about:compat, it is now easy to see all of the workarounds that are active in Firefox, and easy for website developers to disable a given workaround for testing purposes.

When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it

New reporting feature in about:addons allows you to easily report security and performance issues with extensions and themes

Find high quality, secure extensions via the Recommended Extensions program. Look for these vetted extensions in about:addons

WebRender is being enabled on Windows 10 desktops with AMD graphics

Access your Firefox Account settings from the hamburger menu

Added a Firefox shortcut in the Windows 10 taskbar for new installations

Preloading of intermediate TLS certificates is enabled in early beta builds, which avoids error pages in cases of server misconfiguration

Properly support BT601, BT709 and BT2020/2100 colorspaces on all platforms

In addition to providing color contrast information for individual elements of a page, Firefox now offers a full page color contrast audit that identifies all element on a page that fail color contrast checks.

Changed:

Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization.

Removed unmaintained languages: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users are migrated to the British English (en-GB) version of Firefox.

The AwesomeBar has been rewritten using Web Technologies only (HTML, JS and CSS). Differences include that results that overflow now have a nice fading effect instead of an ellipsis, and removing history items from the results now requires a different key combination on both Windows and Linux: Shift+DEL or Shift+Backspace

New in Firefox 67.0 (May 31, 2019) New:

Users can block known cryptominers and fingerprinters in the Custom settings of their Content Blocking preferences.

Keyboard accessibility has improved in the latest version of Firefox. Toolbar and toolbar overflow menu are both fully keyboard accessible: keyboard users can now access add-ons, the downloads panel, the overflow, Page actions and Firefox menus, and much more.

Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues

Firefox is upgrading to the newer, higher performance, AV1 decoder known as ‘dav1d’

WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards

Mozilla’s highest performing JavaScript compiler now supports ARM64 Windows devices.

Enable FIDO U2F API, and permit registrations for Google Accounts

Some users will see experiments with an improved Pocket experience in Firefox Home with different layouts and more topical content.

Firefox 67 demonstrates improved performance thanks to a number of changes such as:

Lowering priority of setTimeout during page load

Delayed component initialization until after start up

Painting sooner during page load but less often

Suspending unused tabs

Private Browsing sees both usability and security improvements:

Save passwords in private browsing mode

Choose which extensions to exclude from private tabs

A myriad of new features help make Firefox easier to use:

We’ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar

Tabs can now be pinned from the Page Actions menu in the address bar

Firefox will highlight useful features (like Pin Tabs) when users are most likely to benefit from them.

Easier access to your list of saved logins from the main menu and login autocomplete. Learn about all the ways you can manage your passwords in Firefox.

The Import Data from Another Browser feature is now also available from the File menu

Users will be able to run different Firefox installs side by side by default so that you can run the beta and release versions simultaneously

Fixed:

Various security fixes

Changed:

Firefox no longer supports handling webcal: links with 30boxes.com

Change to extensions in Private Windows: Any new extensions you add to the browser won’t work in Private Windows unless you allow this in the settings.

Users will no longer be able to upload and share screenshots through the Firefox Screenshots server. Users who want to keep existing screenshots need to export them before the server shuts down in the coming months.

Included Twemoji Mozilla font updated to support Emoji 11.0

Font and date adjustments to accommodate the new Reiwa era in Japan

New in Firefox 66.0.5 (May 8, 2019) Fixed:

Further improvements to re-enable web extensions which had been disabled for users with a master password set (Bug 1549249).

New in Firefox 66.0.4 (May 6, 2019) Fixed:

Repaired certificate chain to re-enable web extensions that had been disabled

New in Firefox 66.0.3 (May 6, 2019) Fixed:

Address bar on tablets running Windows 10 now behaves correctly (Bug 1498973)

Performance issues with some HTML5 games (Bug 1537609)

Fixed a bug with keypress events in IBM cloud applications (Bug 1538970)

Fix for keypress events in some Microsoft cloud applications (Bug 1539618)

Changed:

Updated Baidu search plugin

New in Firefox 66.0.2 (May 6, 2019) Fixed:

Web compatibility issues with Office 365, iCloud and IBM WebMail caused by recent changes to the handling of keyboard events (Bug 1538966)

Crash fixes (bug 1521370, bug 1539118)

New in Firefox 67.0b12 Beta (April 19, 2019) Enable FIDO U2F API, and permit registrations for Google Accounts

New in Firefox 67.0b9 Beta (April 8, 2019) Intent to ship: WebRender was enabled by default in Betas since Firefox 64 for Desktop NVIDIA GPUs on Windows 10 and should be released with Firefox 67 in May

Firefox 67 willl be able to run different Firefox installs side by side by default.

Tabs can now be pinned from the Page Actions menu in the address bar

Users can block known cryptominers and fingerprinters in the Custom settings or their Content Blocking preferences

The Import Data from Another Browser feature is now also available from the File menu

Firefox will now protect you against running older versions of Firefox which can lead to data corruption and stability issues.

Easier access to your list of saved logins from the main menu and login autocomplete.

We’ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar.

Fixed:

Various security fixes

Changed:

Firefox no longer supports handling webcal: links with 30boxes.com

Change to extensions in Private Windows: Any new extensions you add to the browser won’t work in Private Windows unless you allow this in the settings.

Developer:

The DevTools Changes panel now supports copying modified CSS. You can either copy the full changes or individual changed rules.

New in Firefox 66.0.1 (March 22, 2019) Various security fixes:

CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information

CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations

New in Firefox 66.0 (March 22, 2019) New:

Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.

Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page

Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software

Added basic support for macOS Touch Bar

Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content

Improved performance and reduced crash rates by doubling web content loading processes from 4 to 8

Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication

Enabled AV1 support on 32-bit Windows and MacOS. Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.

Improved search experience:

Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu

Easier search via a redesigned new tab in Private Windows

Improved performance and better user experience for extensions:

Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster

A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts

Fixed:

The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10

Linux users: Resolved an issue that caused Firefox to freeze when downloading files

Various security fixes

Changed:

System title bar is hidden by default to match Gnome guideline for Linux users

Developer:

DevTools Inspector is now fully usable when the Debugger is paused

Lowered priority of setTimeout and setInterval during page load to improve overall page load performance

Fixed: <button> element is no longer special cased in event dispatch, per latest specifications

New in Firefox 65.0.1 (February 12, 2019) Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)

Improved playback of interactive Netflix videos (bug 1524500)

Fixed color management not working on macOS (bug 1506495)

Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)

Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)

Fixed video sizing problems during some WebRTC calls (bug 1520200)

Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)

Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)

Various stability and security fixes.

Developer:

Made support for <meta> viewport tags in Responsive Design Mode, initially enabled in Firefox 64, pref-controlled and off by default (bug 1521814). To restore the previous behavior, change the devtools.responsive.metaViewport.enabled pref to true

New in Firefox 64.0.2 (January 10, 2019) Fixed:

Fixed a browser crash on MacOS (bug 1510058)

Updated the Japanese translation for missing strings (bug 1513259)

Properly restore column sizes in developer tools inspector (bug 1503175)

Fixed video stuttering on Youtube (bug 1513511)

Fix updates for some lightweight themes (bug 1508777)

New in Firefox 64.0 (December 13, 2018) New:

Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)

Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily

Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power

Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)

More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu

Added option to remove add-ons using the context menu on their toolbar buttons

New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments

Changed:

RSS feed preview and live bookmarks are available only via add-ons

TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.

about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com

The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of ⌘[cmd]-enter

Security fixes:

CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Use-after-free with select element

CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18495: WebExtension content scripts can be loaded in about: pages

CVE-2018-18496: Embedded feed preview page can be abused for clickjacking

CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators

CVE-2018-18498: Integer overflow when calculating buffer sizes for images

CVE-2018-12406: Memory safety bugs fixed in Firefox 64

CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

Developer:

You may now overlay multiple CSS grids at the same time (up to 3) in the CSS Grid Inspector

The Web Console's command line now highlights JavaScript syntax

When hovering over elements in the Accessibility panel, the contrast ratio of text against background is now indicated

Added support for the new CSS scrollbar specification

WebVR is now available on macOS

New in Firefox 63.0.1 (November 1, 2018) Fixed:

Snippets are not loaded due to missing element (bug 1503047)

Print preview always shows 30% scale when it is actually Shrink To Fit (bug 1501952)

Dialog displayed when closing multiple windows shows unreplaced %1$S placeholder in Japanese and potentially other locales (bug 1500823)

New in Firefox 64.0 Beta 3 (October 23, 2018) New:

You can now use the context menu on toolbar buttons added by add-ons to remove the add-on

WebRender enabled by default for Desktop NVIDIA GPUs on Windows 10

Enterprise policy support for MacOS

You can now select multiple tabs from the tab bar, and mute, move, bookmark, or pin them quickly and easily

Changed:

Changes to URL bar autocomplete shortcuts: use ctrl-enter to canonicalize a word to a .com URL. On MacOS, cmd-enter now opens in a tab.

about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com

Support for RSS preview and live bookmarks is being removed

Error pages for common TLS certificate issues have been updated to be clearer

New in Firefox 63.0 (October 23, 2018) New:

Performance and visual improvements for Windows users

Moved the build infrastructure of Firefox on Windows to the Clang toolchain, bringing important performance gains

Firefox theme now matches the Windows 10 OS Dark and Light modes

Performance improvements for macOS users

Improved reactivity

Faster tab switching

WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems

Added content blocking, a collection of Firefox settings that offer users greater control over technology that can track them around the web. In 63, users can opt to block third-party tracking cookies or block all trackers and create exceptions for trusted sites that don’t work correctly with content blocking enabled.

WebExtensions now run in their own process on Linux

Firefox now warns about having multiple windows and tabs open when quitting from the main menu

Firefox now recognizes the operating system accessibility setting for reducing animation

Added search shortcuts for Top Sites: Amazon and Google appear as Top Sites tiles on the Firefox Home (New Tab) page. When selected these tiles will change focus to the address bar to initiate a search. Currently in US only.

Fixed:

Resolved an issue that prevented the address bar from autofilling bookmarked URLs in certain cases

Changed:

In the Library, the Open in Sidebar feature for individual bookmarks was removed

The option to Never check for updates was removed from about:preferences. You can use the DisableAppUpdate enterprise policy as a substitute.

The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order. This new default behavior is activated only in new profiles and can be changed in preferences.

Developer:

Refreshed visual style of Developer Tools menus to improve navigation and consistency

The Dev Tools accessibility inspector is now enabled by default. This tool surfaces information exposed to assistive technologies on the current page, allowing you to check what’s missing or otherwise needs attention.

Added support for Web Components custom elements and shadow DOM

The inspector now ships with a Font Editor that allows you to control non-variable as well as variable fonts

New in Firefox 62.0.3 (October 23, 2018) Fixed:

Fixed hangs on macOS Mojave (10.14) when various dialog windows (upload, download, print, etc) are activated (bug 1489785)

Fixed playback of some encrypted video streams on macOS (bug 1491940)

Various security fixes

New in Firefox 62.0.2 (October 23, 2018) Fixed:

Unvisited bookmarks can once again be autofilled in the address bar (bug 1488879)

WebGL rendering issues (bug 1489099)

Updates from unpacked language packs no longer break the browser (bug 1488934)

Fix fallback on startup when a language pack is missing (bug 1492459)

Profile refresh from the Windows stub installer restarts the browser (bug 1491999)

Properly restore window size and position when restarting on Windows (bugs 1489214 and 1489852)

Avoid crash when sharing a profile with newer (as yet unreleased) versions of Firefox (bug 1490585)

Do not undo removal of search engines when using a language pack (bug 1489820)

Fixed rendering of some web sites (bug 1421885)

Restored compatibility with some sites using deprecated TLS settings (bug 1487517)

Fix screen share on MacOS when using multiple monitors (bug 1487419)

Various security fixes

New in Firefox 63.0 Beta (September 11, 2018) New:

On macOS, WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems

Improved Windows 10 integration: your Firefox theme now matches your OS Dark / Light mode

WebExtensions now run in their own process on Linux

Faster tab switching in the majority of cases for our macOS users

Improved the reactivity of Firefox on macOS

Changed:

In the Library, the Open in Sidebar feature for individual bookmarks was removed

Never check for updates option removed from about:preferences. If a substitute is needed, we recommend using the DisableAppUpdate enterprise policy

Firefox now warns about having multiple windows/tabs open when quitting from the main menu.

The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order. This new default behavior is activated only in new profiles and can be changed in your preferences

The build infrastructure of Firefox on Windows moved to the Clang tool chain, bringing important performance gains

Changes for web developers:

Developer tools:

The Fonts tab in the Page Inspector now includes an editor that makes it easy to view and edit the settings of the fonts on your page.

Removals. HTML:

Support for the <img> element's decoding attribute has been added (bug 1416328)

Removals. CSS:

Support for the :defined pseudo-class has been added.

Support for row-gap, column-gap and gap has been added in Flexbox layout (bug 1398483).

Re-enabled support for webkit-prefixed pixel-density @media queries.

Firefox now supports the CSS Flexible Box Layout (Flexbox) properties align-self, align-content, and align-items as well as the justify-content property (bug 1472843).

Implemented path() function for offset-path (bug 1429298).

Implemented syntax improvements from the Media Queries Level 4 specification (bug 1472843).

Swapped values of 2-value overflow syntax so block is first and inline is second (bug 1481866).

Renamed offset-* properties to inset-block-start, inset-block-end, inset-inline-start, and inset-inline-end (bug 1464782).

Added support for the prefers-reduced-motion media feature (bug 1365045).

Added flow relative values (block, inline) for the resize property (bug 1464786).

Implemented flexbox layout for safe & unsafe values in align-self, align-content, and justify-content (bug 1297774).

The logical properties (where appropriate) are now animatable (bug 1309752).

Removals:

Removed offset-block-start, offset-block-end, offset-inline-start and offset-inline-end; these have been renamed as described above (bug 1464782).

SVG:

No changes

Removals. JavaScript:

The Symbol.prototype.description property has been implemented (bug 1472170).

The Object.fromEntries method has been added (bug 1469019).

Removals:

Experimental WebAssembly Module IndexedDB serialization support has been removed (bug 1469395).

APIs. New APIs:

The Shadow DOM (bug 1471947) and Custom Elements (bug 1471948) APIs have been enabled by default; See Web components for more details.

The Media Capabilities API been implemented.

The Async Clipboard API has been implemented and enabled by default for all channels. As is the case with Chrome, Firefox currently implements only the writeText() and readText() methods; however, unlike Chrome, readText() is only available in browser extensions.

The SecurityPolicyViolationEvent interface is now supported. It allows sending events when the Content-Security-Policy is violated (bug 1472661).

APIs. DOM:

The following portions of the Web Animations API have been enabled by default:

The Animation properties ready and finished, specifying the Animation object's ready and finished Promises.

The Animation object's effect property.

The interfaces KeyframeEffect and AnimationEffect.

The Element.toggleAttribute() method has been implemented (bug 1469592).

The Payment Request API paymentmethodchange event has been implemented, along with its implementing PaymentMethodChangeEvent interface. This event is sent to PaymentRequest objects when changes are made to the payment method selected within the current payment handler, such as when the user selects a different credit card to use when paying by Apple Pay (bug 1468356).

The obsolete and non-standard Firefox-only methods Window.back() and Window.forward() have been removed. Please use the window.history.back() and window.history.forward() methods instead (bug 1479486).

Firefox now supports the asynchronous clipboard methods Clipboard.readText() and Clipboard.writeText(). The read() and write() methods have also been implemented but currently work exactly the same as their text-only counterparts (bug 14614645).

The historical, previously non-standard, Event.returnValue property is now supported by Firefox for compatibility purposes (bug 1452569).

Implemented the Window.event property to improve web compatibility, now that it's become standard (bug 218415).

To bring Firefox into alignment with Edge and Chrome, the navigator.platform property now returns "Win32" even when running on 64-bit Windows (bug 1472618).

Prior to Firefox 63, links that open new windows that had rel="noopener", as well as calls to Window.open() with the noopener window feature enabled would default to having all window features disabled, so that you had to explicitly re-enable any standard features you wanted. Now these windows have the same set of features enabled as any other window, and you need to explicitly turn off any you don't want (bug 1419960).

DOM events:

Handling of the Alt key on the right side of the keyboard has been improved on Windows. If the user's current keyboard layout maps the Alt key to the AltGr modifier key, the value of KeyboardEvent.key is now reported as "AltGraph". This behavior matches that recently introduced into Chrome (bug 900760).

Service workers:

The createObjectURL() and revokeObjectURL() methods are no longer available on ServiceWorker instances due to the potential they introduced for memory leaks to occur (bug 1264182).

Media, Web Audio, and WebRTC:

Microphone access now works simultaneously in multiple tabs, even within the same content process. This improvement applies to the regular version of Firefox as well, though web developers were probably most likely to run into this (bug 1404977).

RTCDataChannel has been updated to support the sctp-sdp-21 data format for the data, in addition to the older sctp-sdp-05 format previously supported.

Since it was deprecated in the specification anyway, the limited support for Doppler effects on PannerNode has been removed from the Web Audio API. The AudioListener properties dopplerFactor and speedOfSound have been removed, along with the PannerNode method setVelocity() (bug 1148354).

The ConstantSourceNode node type for Web Audio API now has a default channel count of 2 rather than 1, in order to match the specification (bug 1413283).

The Web Audio API interface AudioScheduledSourceNode (and by extension, all the other node types based on it) now throw the correct exception when a negative value is specified for the node start time. That error is RangeError (bug 1413284).

The minimum and maximum permitted values for an AudioParam object's value have been changed to the minimum negative single-precision floating-point value (-340,282,346,638,528,859,811,704,183,484,516,925,440) and the maximum positive single-precision floating-point value (+340,282,346,638,528,859,811,704,183,484,516,925,440), respectively (bug 1476695).

The {domxref("SourceBuffer.changeType")}} method, which allows changing codecs during an active stream, has been enabled by default. This is part of the Media Source Extensions API (bug 1481166).

The AudioParam.setValueCurveAtTime() method has been updated to correctly accept an array of floating-point values to indicate the parameter's values to change to over time. Previously, it was requiring a Float32Array (bug 1421091).

AudioParam.setValueCurveAtTime() has also been updated to correctly return a proper TypeError when a non-finite value is found in the values array (bug 1472095).

In addition, setValueCurveAtTime() has been updated to ensure that when the parameter finishes following the specified value curve after the duration elapses, the value of the parameter is set to the last value in the list of values to curve through (bug 1308436).

The RTCRTPStreamStats dictionary has been renamed to RTCRtpStreamStats for consistency with the other dictionaries and the specification (bug 1480498).

The RTCRtpStreamStats dictionary's isRemote property is deprecated and will be removed in Firefox 65. A warning is now output to console when this property is accessed. See this blog post on the Advancing WebRTC blog for details (bug 1393306).

Canvas and WebGL:

A new powerPreference context attribute has been added to HTMLCanvasElement.getContext(). On macOS this allows WebGL non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems (bug 1349799).

Removals. CSSOM:

No changes

Removals. HTTP:

The Clear-Site-Data header is implemented and no longer behind a preference (bug 1470111).

Removals. Security:

Site favicons are now subject to Content Security Policy, if one is configured for the site (bug 1297156).

Firefox now recognizes the CSP script-src directive's 'report-sample' expression when generating violation reports. This directive indicates that a short sample of where the violation occurred should be included in the report. Previously, Firefox always included this sample (bug 1473218).

Removals. Plugins:

No changes

Removals. Other:

Corrected the behavior of PerformanceObserver.observe() to simply do nothing if no valid entry types are found in the specified array of entry types to observe, or if the array is empty or missing. Previously, Firefox was incorrectly throwing a TypeError (bug 1403027).

Changes for add-on developers:

API changes:

A "search" API was added to retrieve the installed search engines.

Added menus.getTargetElement() to the menus API. The method returns the element referenced by the targetElementId parameter (bug 1325814).

New in Firefox 62.0 (September 7, 2018) Firefox Home (the default New Tab) now allows users to display up to 4 rows of top sites, Pocket stories, and highlights

“Reopen in Container” tab menu option appears for users with Containers that lets them choose to reopen a tab in a different container

In advance of removing all trust for Symantec-issued certificates in Firefox 63, a preference was added that allows users to distrust certificates issued by Symantec. To use this preference, go to about:config in the address bar and set the preference "security.pki.distrust_ca_policy" to 2.

Added FreeBSD support for WebAuthn

Improved graphics rendering for Windows users without accelerated hardware using Parallel-Off-Main-Thread Painting

Support for CSS Shapes, allowing for richer web page layouts. This goes hand in hand with a brand new Shape Path Editor in the CSS inspector.

CSS Variable Fonts (OpenType Font Variations) support, which makes it possible to create beautiful typography with a single font file

Updates for enterprise environments:

AutoConfig is sandboxed to the documented API by default. You

can disable the sandbox by setting the preference

general.config.sandbox_enabled to false. Our long term plan is to

remove the ability to turn off the sandboxing. If you need to

continue to use more complex AutoConfig scripts, you will need to use

Firefox Extended Support Release (ESR).

Added Canadian English (en-CA) locale

Security vulnerability fixes:

CVE-2018-12377: Use-after-free in refresh driver timers. A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.

CVE-2018-12378: Use-after-free in IndexedDB. A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash.

CVE-2018-12379: Out-of-bounds write with malicious MAR file. When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur.

CVE-2017-16541: Proxy bypass using automount and autofs. Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a file: URI, bypassing configured proxy settings. Note: this issue only affects OS X in default configurations. On Linux systems, autofs must be installed for the vulnerability to occur and Windows is not affected.

CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation. Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.

CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android. The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. Note: this vulnerability only affects Firefox for Android.

CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords. If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.

CVE-2018-12375: Memory safety bugs fixed in Firefox 62. Mozilla developers and community members Christian Holler, Looben Yang, Jesse Ruderman, Sebastian Hengst, Nicolas Grunbaum, and Gary Kwong reported memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2. Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei Cristian Petcu reported memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

Changed:

Removed the description field for bookmarks. Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.

Dark theme is automatically enabled in macOS 10.14 dark mode

Changed the default setting to Enforce (3) for the security.pki.name_matching_mode preference

Adobe Flash applets now run in a more secure mode using process sandboxing on macOS. Learn how this may affect features here.

Users disconnecting from Sync are now offered the option to wipe their Firefox profile data (including bookmarks, passwords, history, cookies, and site data) from their desktop computer

Changed how WebRTC handles screen sharing: When screen-sharing a window, the window will be brought to front

Developer:

Three-pane Inspector in Developer Tools separates the rules into its own panel

The Shape Path Editor is now available by default — see Edit Shape Paths in CSS for more information.

You can now split the Rules view out into its own pane, separate from the other tabs on the CSS pane. See Page inspector 3-pane mode for more details.

The Grid inspector has updated features, and all new documentation — see CSS Grid Inspector: Examine grid layouts.

You now have four options for the location of the Developer Tools. In addition to the default location on the bottom of the window, you can choose to locate the tools on either the left or right sides of the main window or in a separate window (bug 1192642).

The Accessibility inspector has had a couple of minor updates:

It no longer exposes the help property, which isn't properly implemented in Gecko (bug 1467643).

The keyboardShortcut property now correctly exposes any keyboard shortcut available to activate the currently inspected node (bug 1467381).

A close button has been added to the split console toolbar.

If the option to "Select an iframe as the currently targeted document" is checked, the icon will appear in the toolbar while the Settings tab is displayed, even if the current page doesn't include any iframes (bug 1456069).

The Network Monitor's Cookies tab now shows the cookie samesite attribute (bug 1452715).

Responsive design mode now works inside container tabs (bug 1306975).

When CORS errors occur and are reported on the console, Firefox now provides a link to the corresponding page in our CORS error documentation (bug 1475391).

Create a screenshot of the current page (with an optional filename) from the Console tab (bug 1464461) using the following command:

:screenshot <filename.png> --fullpage

where <filename.png> is the desired filename. The file will be saved to your downloads folder. The --fullpage parameter is optional, but if included, it will save the full web page. This option also adds -fullpage to the name of the file. For a list of all options available for this command, enter: :screenshot --help

Removals:

The Developer Toolbar/GCLI (accessed with Shift + F2), has been removed from Firefox (bug 1461970). Both the Developer Toolbar UI and the GCLI upstream library have become unmaintained, some of its features are broken (some ever since e10s), it is blocking the unsafeSetInnerHTML work, usage numbers are very low, alternatives exist for the most used commands.

HTML:

No changes

CSS:

:-moz-selection has been unprefixed to ::selection (bug 509958).

x is now supported as a unit for the <resolution> type (bug 1460655).

shape-margin, shape-outside, and shape-image-threshold are now enabled by default (bug 1457297).

Removals:

All XUL display values with the exception of -moz-box and -moz-inline-box have been removed from non-XUL documents in bug 1288572.

SVG:

No changes

JavaScript:

The WebAssembly.Global() constructor is now supported, along with global variables in WebAssembly (bug 1464656).

The Array.prototype.flat() and Array.prototype.flatMap() methods are now enabled by default (bug 1435813).

The import.meta property has been implemented to expose context-specific metadata to a JavaScript module (bug 1427610).

JavaScript string literals may now directly contain the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR characters. As a consequence, JSON syntax is now a subset of JavaScript literal syntax (see bug 1435828 and the TC39 proposal json-superset).

For out-of-bounds typed array indexes, Reflect.defineProperty() and Reflect.set() will now return false instead of true (bug 1308735).

Removals:

The DOMPoint and DOMPointReadOnly constructors no longer support an input parameter of type DOMPointInit; the values of the properties must be specified using the x, y, z, and w parameters (bug 1186265).

The URL.createObjectURL() method no longer supports creating object URLs to represent a MediaStream. This capability has been obsolete for some time now, since you can now simply set HTMLMediaElement.srcObject to the MediaStream directly (bug 1454889).

APIs:

New APIs:

The Speech Synthesis API (Text-to-Speech) is now enabled by default on Firefox for Android (bug 1463496).

DOM:

The DOMPointReadOnly interface now supports the static function DOMPointReadOnly.fromPoint(), which creates a new point object from a dictionary that's compatible with DOMPointInit, which includes any DOMPoint object. This function is also available on DOMPoint (bug 1186265).

For compatibility purposes, the Event.srcElement property is now supported. It is an alias for Event.target (bug 453968).

Navigator.registerProtocolHandler() now must only be called from a secure context (bug 1460506).

The Navigator.registerContentHandler() method has been disabled by default in preparation for being removed entirely, as it's been obsolete for some time (bug 1460481).

The DataTransfer() constructor has been implemented (bug 1351193).

Document.domain can no longer return null (bug 819475). If the domain cannot be identified, then domain returns an empty string instead of null.

Added the Console.timeLog() method to display the current value of a console timer while continuing to track the time (bug 1458466).

Added Console.countReset() to reset a console counter value (bug 1459279).

DOM events:

No changes

Service workers:

No changes

Media, Web Audio, and WebRTC:

The "media.autoplay.enabled" preference now controls automatic playback of both audio and video media, instead of just video media (bug 1413098).

The ChannelSplitterNode has been fixed to correctly default to having 6 channels with the channelInterpretation set to "discrete" and the channelCountMode set to "explicit", as per the specification (bug 1456265).

Removals:

The userproximity and deviceproximity events (see also UserProximityEvent and DeviceProximityEvent) have been disabled by default behind the device.sensors.proximity.enabled preference (bug 1462308).

The devicelight event (see also DeviceLightEvent) has been disabled by default behind the device.sensors.ambientLight.enabled preference (bug 1462308).

The DOMSubtreeModified and DOMAttrModified mutation events are no longer thrown when the style attribute is changed via the CSSOM (bug 1460295, see also this site compatibility post).

Support for CSSStyleDeclaration.getPropertyCSSValue() has been removed (bug 1408301).

Support for CSSValue, CSSPrimitiveValue, and CSSValueList has been removed (bug 1459871).

window.getComputedStyle() no longer returns null when called on a Window which has no presentation (bug 1467722).

HTTP:

Removals:

The deprecated CSP referrer directive has been removed. Please use the Referrer-Policy header instead (bug 1302449).

Security:

No changes

Plugins:

No changes

Other:

No changes

New in Firefox 62.0b Beta (July 17, 2018) New:

Display preview image and favicon in the New Bookmark dialog

Added a Clear Site Data and Cookies button to the identity popup located next to the address bar so as to provide a quick and easy process to delete local data for the visited website

Three-pane Inspector in Developer Tools separates the rules into its own panel

New tab page sections such as top sites, highlights, and Pocket can be adjusted to include 1 to 4 rows in the Preferences

Added Canadian English (en-CA) locale

Users who disconnect Firefox for desktop from Sync are now offered the option to wipe their personal data from that device (such as bookmarks, passwords, history, cookies, and site data)

Added a button to the hamburger menu to toggle Tracking Protection on and off

Changed:

The description field for bookmarks has been removed. Users who manually changed the field can export old descriptions via html or json. Stored descriptions will be removed in a future release.

The release version of Firefox 62 will be sandboxing AutoConfig to the documented API. You can test this in Firefox Beta by setting the preference general.config.sandbox_enabled to true. If you need to continue use more complex AutoConfig scripts, you will need to use Firefox Extended Support Release (ESR).

New in Firefox 61.0.1 (July 6, 2018) Fixed broken website loading for Chinese users with accessibility enabled

Fix missing content on the New Tab Page and the Home section of the Preferences page

Fixed loss of bookmarks under rare circumstances when upgrading from Firefox 60

Improved playback of Twitch 1080p video streams

Web pages no longer lose focus when a browser popup window is opened

Fixed launching of downloads without a file extension on Windows

Re-allowed downloading files from FTP sites via the "Save Link As" option when linked from HTTP pages

Fixed extensions being unable to override the default homepage in certain situations

New in Firefox 61.0 (June 28, 2018) NEW:

Enhanced performance:

Faster page rendering with Quantum CSS improvements and the new retained display list feature

Faster switching between tabs on Windows and Linux

Convenient access to more search engines: You can now add search engines to the address bar “Search with” tool from the page action menu when on a webpage that provides an OpenSearch plugin

Share links from Firefox for MacOS more easily: You can now share the URL of an active tab from the page actions menu in the address bar

Improved security:

On-by-default support for the latest draft of the TLS 1.3 specification

Access to FTP subresources inside http(s) pages has been blocked

A more consistent user experience: Improvements for dark theme support across the entire Firefox user interface

More customization for tab management: added support to allow WebExtensions to hide tabs

Improved bookmark syncing

CHANGED:

The settings for customizing your homepage and new tab page in Firefox have been added to a new Preferences section that can be accessed from Firefox at about:preferences#home. The settings can also be accessed via the gear icon on the New Tab page.

SECURITY FIXES:

CVE-2018-12359: Buffer overflow using computed size of canvas element

CVE-2018-12360: Use-after-free when using focus()

CVE-2018-12361: Integer overflow in SwizzleData

CVE-2018-12358: Same-origin bypass using service worker and redirection

CVE-2018-12362: Integer overflow in SSSE3 scaler

CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

CVE-2018-12363: Use-after-free when appending DOM nodes

CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

CVE-2018-12365: Compromised IPC child process can list local filenames

CVE-2018-12371: Integer overflow in Skia library during edge builder allocation

CVE-2018-12366: Invalid data handling during QCMS transformations

CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming

CVE-2018-12368: No warning when opening executable SettingContent-ms files

CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments

CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View

CVE-2018-5186: Memory safety bugs fixed in Firefox 61

CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1

CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

New in Firefox 60.0.2 (June 7, 2018) Fixed:

Fix missing nodes in the developer tools Inspector panel (bug 1460223)

Fix font rendering when using third-party font managers on OS X 10.11 and earlier (bug 1460917)

Changed:

Updated to NSS 3.36.4 from 3.36.1:

Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error (bug 1462303)

Fix crash on macOS related to authentication tokens, e.g. PK11 or WebAuthn (bug 1461731)

New in Firefox 60.0.1 (May 17, 2018) Fixed:

Avoid overly long cycle collector pauses with some add-ons installed (Bug 1449033)

After unckecking the "Sponsored Stories" option, the New Tab page now immediately stops displaying "Sponsored content" cards (Bug 1458906)

On touchscreen devices, fixed momentum scrolling on non-zoomable pages (Bug 1457743)

Fixed black map on Google Maps with updated Nvidia Web Drivers on macOS (Bug 1458553)

Use the right default background when opening tabs or windows in high contrast mode (Bug 1458956)

The Firefox uninstaller on Windows is now translated again (Bug 1436662)

Restored translations of the Preferences panels when using a language pack (Bug 1461590)

New in Firefox 61.0 Beta (May 15, 2018) New:

Performance Enhancements:

Quantum CSS improvements which improve page rendering times

Improved page rendering speed with the new retained display list feature

Faster switching between tabs on Windows and Linux

WebExtensions now run in their own process on MacOS

On-by-default support for the latest draft of the TLS 1.3 specification

Various improvements for dark theme support will provide a more consistent experience across the entire Firefox UI

Added the ability to share current the URL with MacOS sharing providers from the Page Actions menu

OpenSearch plugins offered by web pages can now be added from the page action menu for easier installation

Improved support for allowing WebExtensions to manage and hide tabs

Changed:

The settings for customizing your homepage and new tab page in Firefox have been moved to a new Preferences section, Home. It can be accessed from the sidebar in Preferences or by visiting about:preferences#home

In order to improve user security, access to FTP subresources inside http(s) pages has been blocked

Developer:

he settings for customizing your homepage and new tab page in Firefox have been moved to a new Preferences section, Home. It can be accessed from the sidebar in Preferences or by visiting about:preferences#home

In order to improve user security, access to FTP subresources inside http(s) pages has been blocked

New in Firefox 60.0 (May 9, 2018) NEW;

Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file

Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies

Applied Quantum CSS to render browser UI

Added support for Web Authentication API, which allows USB tokens for website authentication

Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording

Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You’ll find the Title Bar option in the Customize panel available from the main browser menu.

Improved WebRTC audio performance and playback for Linux users

Locale added: Occitan (oc)

Enhancements to New Tab / Firefox Home:

Responsive layout that shows more content for users with wide-screen displays

Highlights section includes web sites saved to Pocket

More options to reorder sections and content on the page

Pocket Sponsored Stories will appear for a percentage of users in the US.

FIXED:

Various security fixes

CHANGED:

Changed the Windows shortcut for entering Reader View to F9, for better compatibility with keyboard layouts that use AltGr

Bookmarks no longer support multiple keywords for the same URL unless the request has different POST data

TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted by Firefox

Updated the Skia graphics library to milestone 66

DEVELOPER:

Changes affecting developers

UNRESOLVED:

After disabling Sponsored Stories from the New Tab page settings, the next opened tab may still show a sponsored tile (bug 1458906)

WebVR does not work on macOS with Vive headsets (bug 1454204)

New in Firefox 59.0.2 (March 27, 2018) Fixed:

Invalid page rendering with hardware acceleration enabled (Bug 1435472)

Windows 7 users with touch screens or certain 3rd party desktop applications which interact with Firefox through accessibility services may experience random browser crashes. Known 3rd party applicatioins with issues: StickyPassword, Windows 7 touch screen. (Bug 1424505)

Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled (Bug 1433592)

High CPU / memory churn caused by third-party software on some computers (Bug 1446280)

Users who have configured an "automatic proxy configuration URL" and want to reload their proxy settings from the URL will find the Reload button disabled in the Connection Settings dialog when they select Preferences/Options > Network Proxy > Settings... (Bug 1445991)

URL Fragment Identifiers Break Service Worker Responses (Bug 1443850)

User's trying to cancel a print around the time it completes will continue to get intermittent crashes (Bug 1441598)

Broken getUserMedia (audio) on DragonFly, FreeBSD, NetBSD, OpenBSD. Video chat apps either wouldn't work or be always muted (Bug 1444074)

New in Firefox 59.0.1 (March 26, 2018) Security fixes:

Out of bounds memory write while processing Vorbis audio data

New in Firefox 60.0 Beta (March 20, 2018) New:

The policy engine is now available to customize Firefox deployments in Enterprise environments (more details on https://wiki.mozilla.org/enterprise)

Added support for Web Authentication, allowing the use of USB tokens for authentication to web sites

Locale added: Occitan (oc)

The new CSS engine introduced in Firefox Quantum (57.0) is now used for the browser's user interface, in addition to web content.

Changed:

On Windows, the shortcut for entering Reader View has changed to F9, for better compatibility with keyboard layouts which use AltGr.

It is no longer possible to have multiple bookmark keywords for the same url, unless the request has different POST data.

Enhanced camera privacy indicators: Firefox now turns off your camera when you face-mute on web-sites that use your camera, turning off your camera light so you don't have to wonder if the site is still recording you. The light will come back on whenever recording resumes.

Developer:

Responsive Design Mode now offers explicit control over whether the page should reload.

Developers can now use promises within IndexedDB transactions

Fixes:

Various security fixes

New in Firefox 59.0 (March 14, 2018) NEW:

Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input

Added the Ecosia search engine as an option for German Firefox

Added the Qwant search engine as an option for French Firefox

Added settings in about:preferences to stop websites from asking to send notifications or access your device’s camera, microphone, and location, while still allowing trusted websites to use these features

Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts

Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways

Performance enhancements:

Faster load times for content on the Firefox Home page

Faster page load times by loading either from the networked cache or the cache on the user’s hard drive (Race Cache With Network)

Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58)

Added features for Firefox Screenshots:

Basic annotation lets the user draw on and highlight saved screenshots

Recropping to change the viewable area of saved screenshots

Improved Real-Time Communications (RTC) capabilities:

Implemented RTP Transceiver to give pages more fine grained control over calls

Implemented features to support large scale conferences

FIXED:

Various security fixes

CHANGED:

Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking

UNRESOLVED:

Windows 7 users using accessibility services (like the Windows On-Screen Keyboard