Changelog:
New
Firefox can now be set as the default system PDF viewer.
The name reported by accessibility tools for items in multi-tiered
tree controls no longer incorrectly includes information from
items at deeper levels, providing users with the correct level
of content when using a screen reader.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed including
a frequently encountered crash when using the JAWS screen
reader.
Firefox Developer Tools received significant fixes allowing
screen reader users to benefit from some of the tools that were
previously inaccessible.
SVG title and desc elements (labels and descriptions) are now
correctly exposed to assistive technology products such as
screen readers.
Changed
For users with reduced motion settings, we've reduced a number
of animations such as tab loading to reduce motion for users
with migraines and epilepsy.
The new add-ons blocklist has been enabled to improve performance
and scalability.
Enterprise
A number of bug fixes and new policies have been implemented
in the latest version of Firefox. You can see more details in
the Firefox for Enterprise 80 Release Notes.
Today's release is the final scheduled for Firefox 68 ESR
(68.12) unless there is a critical security issue found prior
to the release of Firefox ESR 78.3 on September 22, 2020. Users
of Firefox 68 ESR will be automatically upgraded to the Firefox
78 ESR series with the release of 78.3.
Developer
We've shipped an experimental sidebar panel in the inspector
to Firefox Developer Edition that helps developers more quickly
identify potential browser compatibility problems based on MDN
data.
In the Network Monitor request list, a turtle icon is shown
for "slow" requests that exceed a threshold for the waiting
time.
Firefox now supports RTX and Transport-cc for improved call
quality in poor network conditions and better bandwidth
estimation. These features also provide better compatibility
with many websites using WebRTC.
Security fixes:
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
#CVE-2020-15664: Attacker-induced prompt for extension installation
#CVE-2020-12401: Timing-attack on ECDSA signature generation
#CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
#CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
#CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
#CVE-2020-15666: MediaError message property leaks cross-origin response status
#CVE-2020-15667: Heap overflow when processing an update file
#CVE-2020-15668: Data Race when reading certificate information
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
New
We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.
Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.
Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.
Enterprise
A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.
Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.
Developer
Developer Information
Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators.
Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.
JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.
Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.
Inspecting accessibility properties from the browser context menu is now available to all users by default.
* Fix build under NetBSD/i386 with PR pkg/55456.
Changelog:
Fixed
Security fix
Fixed an accessibility regression in reader mode (bug 1650922)
Made the address bar more resilient to data corruption in the user profile (bug 1649981)
Fixed a regression opening certain external applications (bug 1650162)
Security fix:
#MFSA-2020-0003: X-Frame-Options bypass using object or embed tags
* Some dependency changes.
* Wayland and webcam may not work.
Changelog: New
The Protections Dashboard includes consolidated reports about
tracking protection, data breaches, and password management.
New features let you:
Track how many breaches you’ve resolved right from the
dashboard
See if any of your saved passwords may have been exposed
in a data breach
To view your dashboard, type about:protections into the address
bar, or select “Protections Dashboard” from the main menu.
Because we know people try to fix problems by reinstalling
Firefox when a simple refresh is more likely to solve the issue,
we’ve added a Refresh button to the Uninstaller.
With this release, your screen saver will no longer interrupt
WebRTC calls on Firefox, making conference and video calling
in Firefox better.
We’ve rolled out WebRender to Windows users with Intel GPUs,
bringing improved graphics performance to an even larger
audience.
Firefox 78 is also our Extended Support Release (ESR), where
the changes made over the course of the previous 10 releases
will now roll out to our ESR users. Some of the highlights are:
Kiosk mode
Client certificates
Service Worker and Push APIs are now enabled
The Block Autoplay feature is enabled
Picture-in-picture support
View and manage web certificates in about:certificate
Pocket recommendations, featuring some of the best stories on
the web, will now appear on the Firefox new tab for 100% of
our users in the UK. If you don’t see them, you can turn on
Pocket articles in your new tab, follow these steps.
Fixed
Various security fixes.
We fixed bugs in the search results quality composition and
improved search result texts based on recommendations by our
partners.
Changed
The minimal system requirements on Linux have been updated.
Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14
or newer versions.
As part of our ongoing effort to deprecate obsolete cryptography,
we have disabled all remaining DHE-based TLS ciphersuites by
default.
To mitigate web compatibility issues from disabling DHE-based
TLS ciphersuites, Firefox 78 enables two more AES-GCM
SHA2-based ciphersuites.
We have disabled TLS 1.0 and TLS 1.1 to improve your website
connections. Sites that don't support TLS version 1.2 will now
show an error page.
The context menu (accessed by right clicking on a tab) lets
you undo multiple tab closings with a single click and places
Close Tabs to the Right and Close Other Tabs in a submenu.
A number of accessibility improvements have been made with this
release.
When using the JAWS screen reader, pressing the down arrow
in an HTML input control with a datalist no longer incorrectly
moves the cursor to the next element after the input control.
Screen readers no longer severely lag or freeze when focusing
the microphone/camera/screen sharing indicator.
Large tables with thousands of rows now load much faster
for screen reader users.
Text input controls with custom styling now correctly show
the focus outline when appropriate.
Screen readers no longer sometimes incorrectly switch to
document browsing mode unexpectedly when the user enters
the main Developer Tools window.
We reduced a number of animations such as tab hover, search
bar expansion, and others to reduce motion for users with
migraines and epilepsy.
Enterprise
Enable support for client certificates stored on macOS and
Windows by setting the experimental preference
security.osclientcerts.autoload to true.
New policies allow you to configure application handlers,
disable picture in picture, and require a master password,
which will be renamed to ‘primary password’ in future releases.
More details in the Firefox for Enterprise 78 release notes
Security fixes:
Not available yet.
This allows rust-bin and rust to coexist in bulk builds (for testing, etc),
but the packages still may not be installed at the same time.
rust.mk as a solution for picking the correct rust variant was suggested
by gdt@. It is intended to be included directly by packages that do not
use cargo.mk, and indirectly by packages that do use cargo.mk.
rust.mk provides one user-settable variable:
RUST_TYPE
as before, whether to bootstrap rust from source or use
official binaries. may be "src" or "bin"
And two package-settable variables:
RUST_REQ
the minimum version of Rust required by the package.
defaults to "1.20.0"
RUST_RUNTIME
whether Rust is a runtime dependency, may be "yes" or "no"
Build with clang, but with pkgsrc libstdc++ instead of from base.
This is needed because base doesn't have the necessary C++17 STL headers.
We don't really have any infrastructure to manage this properly so
kludge it manually into the package.
Otherwise configure gets confused if SHELL happens to be unset in
the environment, e.g. if you always do builds with `env -i
PATH=/bin:/usr/bin:$PREFIX/bin bmake ...'.
Explain why this package declares "c++" when it really needs gnu++14
and gnu++17.
Explain that this package uses clang, outside the normal compiler
selection framework.
(This is a comment-only change to demystify things for those trying to
understand, based on answers to my on-list queries)
Changelog:
New
With today's release, a number of improvements will help you
search smarter, faster. Type less and find more with Firefox's
revamped address bar:
Focused, clean search experience that's optimized for
smaller laptop screens
Top sites now appear when you select the address
Improved readability of search suggestions with a focus on
new search terms
Suggestions include solutions to common Firefox issues
On Linux, the behavior when clicking on the Address Bar
and the Search Bar now matches other desktop platforms: a
single click selects all without primary selection, a double
click selects a word, and a triple click selects all with
primary selection
Firefox will locally cache all trusted Web PKI Certificate
Authority certificates known to Mozilla. This will improve
HTTPS compatibility with misconfigured web servers and improve
security.
Firefox is now available in Flatpak, an easier way to install
and use Firefox on Linux.
Direct Composition is being integrated for our users on Windows
to help improve performance and enable our ongoing work to ship
WebRender on Windows 10 laptops with Intel graphics cards.
Fixed
Various security fixes
Enterprise
Experimental support for using client certificates from the OS
certificate store can be enabled on macOS by setting the
preference security.osclientcerts.autoload to true.
Enterprise policies may be used to exclude domains from being
resolved via TRR (Trusted Recursive Resolver) using DNS over
HTTPS.
Developer
Developer Information
Save bandwidth and reduce browser memory by using the loading
attribute on the <img> element. The default "eager" value loads
images immediately, and the "lazy" value delays loading until
the image is within range of the viewport.
Instant evaluation for Console expressions lets developers
identify and fix errors more rapidly than before. As long as
expressions typed into the Web Console are side-effect free,
their results will be previewed while you type.
Security fixes:
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6823: Malicious Extension could obtain auth codes from OAuth login flows
#CVE-2020-6824: Generated passwords may be identical on the same site between separate private browsing sessions
#CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
#CVE-2020-6826: Memory safety bugs fixed in Firefox 75
Changelog:
Security fixes:
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
#CVE-2020-6820: Use-after-free when handling a ReadableStream
* Do not define USE_LANGUAGES+=gnu++17. Passing -std=gnu++17 to all clang
invocations causes build failure.
Changelog:
Fixed
Fixed crashes on Windows systems running third-party security software such as 0patch or G DATA (bug 1610790)
Fixed loss of browser functionality in certain circumstances such as running in Windows compatibility mode or having custom anti-exploit settings (bug 1614885)
Resolved problems connecting to the RBC Royal Bank website (bug 1613943)
Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bug 1611133)
Fixed crashes when playing encrypted content on some Linux systems (bug 1614535)
Changelog:
New
Today's Firefox release includes two features that help users
view and read website content more easily, quickly. Like all
accessibility improvements, these features improve browsing
for everyone.
Firefox has offered a page zoom feature for more than a
decade that allows users to set the zoom level on a per-site
basis. For users who need to zoom most websites, having to
adjust zoom for each new site can be an annoyance. To
address this, we have implemented a new global default zoom
level setting. This option is available in about:preferences
under "Language and Appearance" and can be scaled up or
down from 100% as needed and sets the default zoom level
for all sites. Per-site zoom is still available to make
adjustments to individual sites as needed.
Many users with low vision rely on Windows' High Contrast
Mode to make websites more readable. Traditionally, to
increase the readability of text, Firefox has disabled
background images when High Contrast Mode is enabled. With
today's release of Firefox 73, we introduce a "readability
backplate" solution which places a block of background
color between the text and background image. Now, websites
in High Contrast Mode are more readable without disabling
background images.
Fixed
Various security fixes.
Improved audio quality when playing back audio at a faster or
slower speed.
Firefox will now only prompt you to save logins if a field in
a login form was modified.
Changed
WebRender will roll out to laptops with Nvidia graphics cards
with drivers newer than 432.00, and screen sizes smaller than
1920x1200
Security fixes:
#CVE-2020-6796: Missing bounds check on shared memory read in the parent process
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
#CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
#CVE-2020-6801: Memory safety bugs fixed in Firefox 73
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
* Try to use pkgsrc clang/clang++ explicitly
Changelog:
Fixed
Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)
Update OpenH264 video plugin for macOS 10.15 users (Bug 1587543)
Title bar no longer shows in full screen view (Bug 1588747)
Changed
OpenH264 video codec version bump for macOS 10.15 users (Bug 1587543)
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, you’ll see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Remove lingering references to Python 3.5 in mozilla-common.mk. (This
code could perhaps be condensed, but, though Python 3.7 is now the
default, soon enough there'll be a Python 3.8, and so on.)
