Changelog:
New
* Firefox now supports the new AVIF image format, which is based on the
modern and royalty free AV1 video codec. It offers significant bandwidth
savings for sites compared to existing image formats. It also supports
transparency and other advanced features.
* Firefox PDF viewer now supports filling more forms (XFA-based forms, used
by multiple governments and banks). Learn more.
* When available system memory is critically low, Firefox on Windows will
automatically unload tabs based on their last access time, memory usage,
and other attributes. This should help reduce Firefox out-of-memory
crashes. Switching to an unloaded tab automatically reloads it.
* To prevent session loss for macOS users who are running Firefox from a
mounted .dmg file, they??ll now be prompted to finish installation. This
permission prompt only appears the first time these users run Firefox on
their computer.
* Firefox now blocks downloads that rely on insecure connections, protecting
against potentially malicious or unsafe downloads. Learn more and see where
to find downloads in Firefox.
* Improved web compatibility for privacy protections with SmartBlock 3.0.
Learn more
* Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing. Learn more
* Introducing Firefox Suggest, a faster way to navigate the web. Learn more
about the experience and locale-specific features.
Fixed
* The VoiceOver screen reader now correctly reports checkable items in
accessible tree controls as checked or unchecked.
* The Orca screen reader now works correctly with Firefox, no longer
requiring users to switch to another application after starting Firefox.
* Various security fixes
Changed
* TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can
only be enabled when deprecated versions of TLS are also enabled. Learn
more.
* The download panel now follows the Firefox visual styles.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 93
Release Notes.
Developer
* Developer Information
Web Platform
* The UI for <input type="datetime-local"> has been implemented.
Security fixes:
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2
#CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
#CVE-2021-38499: Memory safety bugs fixed in Firefox 93
Changelog:
92.0.1
Fixed
* Fixes an issue where audio playback was not working on some Linux systems (
bug 1730499)
* Fixes issues with the findbar close button on different operating systems (
bug 1728368)
92.0
New
* More secure connections: Firefox can now automatically upgrade to HTTPS
using HTTPS RR as Alt-Svc headers.
* Full-range color levels are now supported for video playback on many
systems.
* Mac users can now access the macOS share options from the Firefox File
menu.
* Support for images containing ICC v4 profiles is enabled on macOS.
Fixed
* Firefox performance with screen readers and other accessibility tools is no
longer severely degraded if Mozilla Thunderbird is installed or updated
after Firefox.
* macOS VoiceOver now correctly reports buttons and links marked as ??
expanded?? using the aria-expanded attribute.
* An open alert in a tab no longer causes performance issues in other tabs
using the same process.
* Various security fixes
Changed
* Canonical is now building the official Firefox snap. It's also now
available on two additional architectures, ARMhf and ARM64.
* The bookmark toolbar menus on macOS now follow Firefox visual styles.
* Certificate error pages have been redesigned for a better user experience.
* Continuing work to restructure Firefox??s JavaScript memory management to
be more performant and use less memory.
Firefox's build system defaults to "nightly" for builds without official
branding, and in practice there seems to be very little difference between
"nightly" and "unofficial", but this at least makes our choice explicit.
Bump PKGREVISION
Changelog:
Fixed
* High Contrast Mode is no longer enabled by default when "Increase Contrast"
is checked in macOS settings (bug 1726606)
* Firefox no longer clears authentication data when purging trackers, to
avoid repeatedly prompting for a password (bug 1721084)
Changelog:
Fixed
* Fixed an issue causing buttons on the tab bar to be resized when loading
certain websites (bug 1704404)
* Fixed an issue which caused tabs from private windows to be visible in
non-private windows when viewing switch-to-tab results in the address bar
panel (bug 1720369)
* Various stability fixes
* Security fix
Security fixes:
#CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
* Convert to --enable-chrome-format=omni.
It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.
Changelog:
New
* Building on Total Cookie Protection, we've added a more comprehensive logic
for clearing cookies that prevents hidden data leaks and makes it easy for
users to understand which websites are storing local information. Learn
more
* Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
* The simplify page when printing feature is back! When printing, under More
settings > Format select the Simplified option when available to get a
clutter-free page. Learn more
* HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
all connections to websites secure, and fall back to insecure connections
only when websites do not support it. Learn more
* We've added a new locale: Scots (sco)
* The address bar now provides Switch to Tab results also in Private Browsing
windows.
* Firefox now automatically enables High Contrast Mode when "Increase
Contrast" is checked on MacOS
* Firefox now does catch-up paints for almost all user interactions, enabling
a 10-20% improvement in response time to most user interactions.
Fixed
* Various security fixes
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 91
Release Notes.
Developer
* Developer Information
Web Platform
* The Visual Viewport API is now supported on desktop platforms
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
Changelog:
90.0.2:
Fixed
* Fixed truncated output when printing (bug 1720621)
* Fixed menu styling on some Gtk themes (bug 1720441, bug 1720874)
#
Changed
* Updates to support DoH Canada rollout
90.0.1:
Fixed
* Fixed a crash when using some accessibility clients on Windows (bug 1720696
)
* Fixed busy looping processing some HTTP3 responses (bug 1720079)
* Fixed transient errors authenticating with some smart cards (bug 1715325)
* Fixed a rare crash on shutdown (bug 1707057)
* Fixed a race on startup that caused about:support to end up empty after
upgrade (bug 1717894)
* Reference link to 90.0 release notes
unresolved
* Printing a page with scaling may result in truncated output (bug 1720621)
Changelog:
New
* On Windows, updates can now be applied in the background while Firefox is
not running.
* Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
* Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
* Print to PDF now produces working hyperlinks
* Version 2 of Firefox??s SmartBlock feature further improves private
browsing. Third-party Facebook scripts are blocked to prevent you from
being tracked, but are now automatically loaded ??just in time?? if you
decide to ??Log in with Facebook?? on any website.
Fixed
* Various security fixes
Changed
* The "Open Image in New Tab" context menu item now opens images and media in
a background tab by default. Learn more
* Most users without hardware accelerated WebRender will now be using
software WebRender.
* Improved software WebRender performance
* FTP support has been removed
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 90
Release Notes.
Developer
* Developer Information
* Support for Private Fields (TC39 proposal, stage 3) is available in
DevTools. The support includes: object inspection, autocompletion,
expression evaluation, variable tooltips, and pretty printing (bug)
* The Network panel shows a preview of HTTP requests for fonts in the
Response tab (bug)
Network panel font preview screenshot
Web Platform
* Support for Fetch Metadata Request Headers, which allows web applications
to better protect themselves and their users against various cross-origin
threats.
* Added the ability to use client authentication certificates stored in
hardware tokens or in Operating System storage.
Security fixes:
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
#CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
#CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
#CVE-2021-29975: Text message could be overlaid on top of another website
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
#CVE-2021-29977: Memory safety bugs fixed in Firefox 90
Changelog:
89.0.2
Fixed
* Fix occasional hangs with Software WebRender on Linux (bug 1708224)
89.0.1
Fixed
* Windows: Resolved an issue causing some screen readers to not interact
correctly with Firefox anymore (bug 1714212)
* Updated translations, including full Spanish (Mexico) localization and
other improvements (bug 1714946)
* Fix various font related regressions (bug 1694174)
* Linux: Fix performance and stability regressions with WebRender (bug
1715895, bug 1715902)
* macOS: Fix screen flickering when scrolling a page on an external monitor (
bug 1715452)
* Enterprise: Fix for the DisableDeveloperTools policy not having effect
anymore (bug 1715777)
* Linux: Fix broken scrollbars on some GTK themes (bug 1714103)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas
89.0
New
* Say hello to a fresh new Firefox, designed to get you where you want to go
even faster. We??ve redesigned and modernized the core experience to be
cleaner, more inviting, and easier to use.
Beginning in 89, you??ll notice a number of changes, including:
Simplified browser chrome and toolbar: Less frequently used items removed
to focus on the most important navigation items.
Simplified browser chrome and toolbar screenshot
Clear, streamlined menus: Re-organized and prioritized menu content
according to usage. Updated labels and removed iconography.
Clear, streamlined menus screenshot
Updated prompts: Infobars, panels, and modals have a cleaner design and
clearer language.
Updated prompts screenshot
Inspired tab design: Floating tabs neatly contain information and surface
cues when you need them, like visual indicators for audio controls. The
rounded design of the active tab supports focus and signals the ability to
easily move the tab as needed.
Inspired tab design screenshot
Fewer interruptions: Reduced number of alerts and messages, so you can
browse with fewer distractions.
Cohesive, calmer visuals: Lighter iconography, a refined color palette, and
more consistent styling throughout.
This release also includes enhancements to our privacy offerings:
+ We??ve enhanced the privacy of the Firefox Browser??s Private Browsing
mode with Total Cookie Protection, which confines cookies to the site
where they were created, preventing companies from using cookies to
track your browsing across sites. This feature was originally launched
in Firefox??s ETP Strict mode.
* For macOS users, we're introducing the elastic overscroll effect known from
many other applications. A gentle bouncing animation will indicate that you
reached the end of the page.
In addition, we added support for smart zoom. Double-tap with two fingers
on your trackpad, or with a single finger on your Magic Mouse, to zoom the
content below your cursor into focus.
* Native context menus: Context menus on macOS are now native and support
Dark Mode.
macOS native context menus screenshot
* WebRender is now enabled on Linux with the NVIDIA binary driver and on all
desktop environments
#
Fixed
* Colors in Firefox on macOS will no longer be saturated on wide gamut
displays, untagged images are properly treated as sRGB, and colors in
images tagged as sRGB will now match CSS colors.
* In full screen mode on macOS, moving your mouse to the top of the screen
will no longer hide your tabs behind the system menu bar.
* Also in full screen mode on macOS, it is now possible to hide the browser
toolbars for a fully immersive full screen experience. This brings macOS in
line with Windows and Linux.
* Various stability and security fixes.
#
Changed
* Introducing a non-native implementation of web form controls, which
delivers a new modern design and some improvements to page load
performance. Watch for layout bugs in web pages that make assumptions about
the dimensions or styling of form controls.
* The screenshots feature is available in the right-click context menu. You
can also add a screenshots shortcut to your toolbar. Learn more.
Security fixes:
#CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain
spoofing
#CVE-2021-29960: Filenames printed from private browsing mode incorrectly
retained in preferences
#CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling
#CVE-2021-29963: Shared cookies for search suggestions in private browsing mode
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29959: Devices could be re-enabled without additional permission
prompt
#CVE-2021-29962: No rate-limiting for popups on Firefox for Android
#CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
#CVE-2021-29966: Memory safety bugs fixed in Firefox 89
Changelog:
Version 88.0.1, first offered to Release channel users on May 5, 2021
-------------------------------------------------------------------------------
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Fixed corruption of videos playing on Twitter or WebRTC calls on some Gen6
Intel graphics chipsets (bug 1708937)
* Fixed menulists in Preferences being unreadable for users with High
Contrast Mode enabled (bug 1706496)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29953: Universal Cross-Site Scripting
#CVE-2021-29952: Race condition in Web Render Components
It's not safe to assume a dependency's BUILDLINK_ABI_DEPENDS value can
double for the API minimum, as the former can be disabled by users.
Noted by wiz@, thanks!
Changelog:
New
* PDF forms now support JavaScript embedded in PDF files. Some PDF forms use
JavaScript for validation and other interactive features.
* Print updates: Margin units are now localized.
* Smooth pinch-zooming using a touchpad is now supported on Linux
* To protect against cross-site privacy leaks, Firefox now isolates
window.name data to the website that created it. Learn more
Fixed
* Screen readers no longer incorrectly read content that websites have
visually hidden, as in the case of articles in the Google Help panel.
* Various security fixes.
Changed
* Firefox will not prompt for access to your microphone or camera if you've
already granted access to the same device on the same site in the same tab
within the past 50 seconds. This new grace period reduces the number of
times you're prompted to grant device access.
* The "Take a Screenshot" feature was removed from the Page Actions menu in
the url bar. To take a screenshot, right-click to open the context menu.
You can also add a screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize...
* FTP support has been disabled, and its full removal is planned for an
upcoming release. Addressing this security risk reduces the likelihood of
an attack while also removing support for a non-encrypted protocol.
Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23996: Content rendered outside of webpage viewport
#CVE-2021-23997: Use-after-free when freeing fonts from cache
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24000: requestPointerLock() could be applied to a tab different from
the visible tab
#CVE-2021-24001: Testing code could have enabled session history manipulations
by a compromised content process
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
null-reads
#CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader
View
#CVE-2021-29946: Port blocking could be bypassed
#CVE-2021-29947: Memory safety bugs fixed in Firefox 88
Changelog:
New
* You'll encounter less website breakage in Private Browsing and Strict
Enhanced Tracking Protection with SmartBlock, which provides stand-in
scripts so that websites load properly.
* To further protect your privacy, our new default HTTP Referrer policy will
trim path and query string information from referrer headers to prevent
sites from accidentally leaking sensitive user data.
* The "Highlight All" feature on Find in Page now displays tick marks
alongside your scrollbar that correspond to the location of matches found
on that page.
* We're proud to announce full support for macOS built-in screen reader,
VoiceOver.
* We've added a new locale: Silesian (szl)
Fixed
* We've fixed several significant accessibility issues:
+ Video controls now have visible focus styling and video and audio
controls are now keyboard navigable. (Bug 1681007)
+ HTML <meter> is now spoken by screen readers. (Bug 1460378)
+ Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537
)
+ Firefox will now fire a name/description change event when
aria-labelledby/describedby content changes. (Bug 493683)
* Various security fixes.
Changed
* To prevent user data loss when filling out forms, we've disabled the
Backspace key as a navigation shortcut for the back navigation button. To
re-enable the Backspace keyboard shortcut, you can change the about:config
preference browser.backspace_action to 0. You can also use the recommended
Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
Firefox keyboard shortcuts
* We've removed items from the Library menu that weren't used often or have
other access points in the browser: Synced tabs, Recent highlights, and
Pocket list.
* We've simplified the Help menu by reducing redundant items, such as those
that point to Firefox support pages that can also be accessed via the Get
Help item.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
87 Release Notes.
Developer
* Developer Information
* We've greatly simplified the Web Developer menu. Go to Application Menu >
Web Developer > Web Developer Tools to access Inspector, Web Console,
Debugger, Network Style Error, Performance, Storage Inspector,
Accessibility, and Application
* Developers can now use the Page Inspector to simulate prefers-color-scheme
media queries, without having to change the operating system to light or
dark mode.
* Developers can now use the Page Inspector to toggle the :target
pseudo-class for the currently selected element in addition to the
pseudo-classes that were previously supported: :hover, :active and :focus,
:focus-within, :focus-visible, and :visited.
* There is a number of Page Inspector improvements and bug fixes related to
inactive CSS rules:
+ The table-layout property is now marked as inactive for non-table
elements.
+ The scroll-padding properties (shorthand and longhand) are now marked
as inactive for non-scrollable elements.
+ The text-overflow property was previously incorrectly marked as
inactive for some overflow values.
Securiy fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory
corruption
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23985: Devtools remote debugging feature could have been enabled
without indication to the user
#CVE-2021-23986: A malicious extension could have performed credential-less
same origin policy violations
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
Changelog:
86.0.1
Firefox Release
March 11, 2021
Version 86.0.1, first offered to Release channel users on March 11, 2021
-------------------------------------------------------------------------------
#
Fixed
* Fixed an issue on Apple Silicon machines that caused Firefox to be
unresponsive after system sleep (bug 1682713)
* Fixed an issue causing windows to gain or lose focus unexpectedly (bug
1694927)
* Fixed truncation of date and time widgets due to incorrect width
calculation (bug 1695578)
* Fixed an issue causing unexpected behavior with extensions managing tab
groups (bug 1694699)
* Fixed a frequent Linux crash on browser launch (bug 1694670)
Changelog:
New
* Firefox now supports simultaneously watching multiple videos in
Picture-in-Picture.
* Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total
Cookie Protection, every website gets its own "cookie jar," preventing
cookies from being used to track you from site to site.
* We've improved our Print functionality with a cleaner design and better
integration with your computer's printer settings.
* For Firefox users in Canada, credit card management and auto-fill are now
enabled.
* Notable performance and stability improvements are achieved by moving
canvas drawing and WebGL drawing to the GPU process.
Fixed
* Reader mode now works with local HTML pages.
* Using screen reader quick navigation to move to editable text controls no
longer incorrectly reaches non-editable cells in some grids such as on
messenger.com.
* The Orca screen reader's mouse review feature now works correctly after
switching tabs in Firefox.
* Screen readers no longer report column headers incorrectly in tables
containing cells spanning multiple columns.
* Links in Reader View now have more color contrast.
* Various security fixes.
Changed
* On Linux and Android, the protection to mitigate the stack clash attack has
been activated.
* From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing
WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from
now on as the minimum version.
* Consolidated all video decoding in the new RDD process which results in a
more secure Firefox.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
86 Release Notes.
Developer
* Developer Information
* CSS image-set() function in CSS is now enabled, allowing for responsive
images in CSS.
* Inactive CSS tool is now showing a warning when margin or padding is set on
internal table elements.
Inactive CSS screenshot
* Developer Tools Toolbox is now showing a number of errors on the current
page. This is a quick way to surface information to a developer that
something is wrong with their page. Clicking on the red exclamation icon
navigates the user to the Console panel.
Develeoper tools: screenshot of number of errors
Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23970: Multithreaded WASM triggered assertions validating separation
of script domains
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
#CVE-2021-23971: A website's Referrer-Policy could have been be overridden,
potentially resulting in the full URL being sent as a Referrer
#CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox
for Android
#CVE-2021-23977: Malicious application could read sensitive data from Firefox
for Android's application directories
#CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is
cached
#CVE-2021-23975: about:memory Measure function caused an incorrect pointer
operation
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
#CVE-2021-23979: Memory safety bugs fixed in Firefox 86
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
Avoid printing an extra blank page at the end of some documents (bug 1689789).
Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
