Today, as scheduled, Mozilla has released Firefox 54, and we, also as scheduled, have immediately installed it on our Browserling's browser cloud. This about dialog is taken straight from Browserling:
And you can test it yourself straight from here:
What's new in Firefox 54?
- Added Burmese (my) locale.
- Added support for multiple content processes (e10s-multi).
- Simplified the download button and download status panel.
- Moved the mobile bookmarks folder to the main bookmarks menu for easier access.
- Security fixes listed below.
Changes for web developers in Firefox 54
- The network request summary now includes the amount of data actually transferred ("transferred size"), as does the the performance analysis view.
- The network request headers view now links to the related documentation on MDN.
clip-pathnow supports basic shapes.
- Firefox's implementations of CSS Flexbox and CSS alignment now implement updated spec language for interactions between the properties
align-selfas well as between
<input>elements of types
-moz-appearance: none; set on them are now non-replaced elements, for compatibility with other browsers.
- Fixed: Previously, an element styled with
inline-blockwith a child element of type
display:blockhad a wrong baseline.
- When Mozilla introduced dedicated content threads to Firefox (through the Electrolysis or e10s project), support for styling
<option>elements was removed temporarily. Starting in Firefox 54, you can apply foreground and background colors to
<option>elements again, using the
- CSS Animations now send the
animationcancelevent as expected when an animation aborts prematurely.
- Fixed: Transparent colors were being serialized to the transparent color keyword in certain situations.
- The proprietary
:-moz-table-border-nonzeropseudo-class is no longer available to web content; it is now restricted to Firefox's internal UA sylesheet.
- [css-grid] Intristic content with overflow:auto overlaps in grid.
- [css-grid] Transferred min-size contribution of percentage size grid item with an intrinsic ratio.
- Removed the
-mozprefixed versions of
plaintextvalues for the
"i"(case insensitive) flags now treat U+017F (LATIN SMALL LETTER LONG S) and U+212A (KELVIN SIGN) as word characters.
DataViewconstructor now throws a
byteOffsetparameter is out
of Number.MAX_SAFE_INTEGER(>= 2 ** 53).
Date.UTC()method has been updated to conform to ECMAScript 2017 when fewer than two arguments are provided.
Function.prototype.toString() method has been updated to match the latest proposed specification.
DOM & HTML DOM
URL.toJSON()method has been implemented.
URLSearchParams()constructor now accepts a record containing
USVStringsas an init object.
- Values returned in
KeyboardEvent.keyfor printable keys when the control key is also pressed have been corrected on macOS (except when the Command key is pressed).
dom.workers.latestJSVersionpreference, which was mainly implemented to work around problems using
letin workers has been removed.
event.timeStampproperty now returns a high-resolution monotonic time instead of an epoch time.
Web Workers and Service Workers
WorkerGlobalScope.closeis now available on
WindowOrWorkerGlobalScope.originproperty has been implemented.
Client.typeproperty has been implemented.
Clients.matchAll()now returns Client objects in most recently focused order.
- Some changes have been made to the observed behaviour when the
Request()constructor is passed an existing
Requestobject instance to make a new instance. The following new behaviors are designed to retain security while making the constructor less likely to throw exceptions:
- If this object exists on another origin to the constructor call, the Request.referrer is stripped out.
- If this object has a Request.mode of navigate, the mode value is converted to same-origin.
- HTTP/1 Pipelining support has been removed in Firefox 54.
- 5.1 surround sound playback is now enabled by default on Windows, macOS, and Linux.
Media Capture and Streams API
- Usage of a
MediaStreamobject as the input parameter to
URL.createObjectURL()has been deprecated.
Web Audio API
- The method
AnalyserNode.getFloatFrequencyData()now correctly represents silent samples in the returned buffer with the value
AudioParam.setValueCurveAtTime()now throws a
TypeErrorexception if any of the specified values aren't finite.
Encrypted MediaExtensions API
MediaKeySession.keySystemstring has been removed from the specification, and as such we've taken it out of Firefox 54.
- Support has been added for the VP9 codec in encrypted streams using Clear Key and Widevine.
- Previously, MSE was only allowed to use WebM/VP8 video if the system was considered "fast enough." Now playback of VP8-encoded
webm/videomedia is always supported, regardless of system performance.
- TCP ICE candidate support, originally added in Firefox 41, is now enabled by default.
Bug fixes in Firefox 54
- CVE-2017-5472: Use-after-free using destroyed node when regenerating trees.
- CVE-2017-7749: Use-after-free during docshell reloading.
- CVE-2017-7750: Use-after-free with track elements.
- CVE-2017-7751: Use-after-free with content viewer listeners.
- CVE-2017-7752: Use-after-free with IME input.
- CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object.
- CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files.
- CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors.
- CVE-2017-7757: Use-after-free in IndexedDB.
- CVE-2017-7778: Vulnerabilities in the Graphite 2 library.
- CVE-2017-7758: Out-of-bounds read in Opus encoder.
- CVE-2017-7759: Android intent URLs can cause navigation to local file system.
- CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service.
- CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application.
- CVE-2017-7762: Addressbar spoofing in Reader mode.
- CVE-2017-7763: Mac fonts render some unicode characters as spaces.
- CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks.
- CVE-2017-7765: Mark of the Web bypass when saving executable files.
- CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service.
- CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service.
- CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service.
- CVE-2017-5471: Memory safety bugs fixed in Firefox 54.
- CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2.
Have a great time cross-browser testing with Browserling!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!