Today, as scheduled, Mozilla has released Firefox 54, and we, also as scheduled, have immediately installed it on our Browserling's browser cloud. This about dialog is taken straight from Browserling:

Firefox 54 About Dialog

And you can test it yourself straight from here:

What's new in Firefox 54?

  • Added Burmese (my) locale.
  • Added support for multiple content processes (e10s-multi).
  • Simplified the download button and download status panel.
  • Moved the mobile bookmarks folder to the main bookmarks menu for easier access.
  • Security fixes listed below.

Changes for web developers in Firefox 54

Developer Tools

  • The network request summary now includes the amount of data actually transferred ("transferred size"), as does the the performance analysis view.
  • The network request headers view now links to the related documentation on MDN.


  • clip-path now supports basic shapes.
  • Firefox's implementations of CSS Flexbox and CSS alignment now implement updated spec language for interactions between the properties align-items and align-self as well as between justify-items and justify-self.
  • <input> elements of types checkbox and radio with -moz-appearance: none; set on them are now non-replaced elements, for compatibility with other browsers.
  • Fixed: Previously, an element styled with display: inline-block with a child element of type HTMLInputElement styled with display:block had a wrong baseline.
  • When Mozilla introduced dedicated content threads to Firefox (through the Electrolysis or e10s project), support for styling <option> elements was removed temporarily. Starting in Firefox 54, you can apply foreground and background colors to <option> elements again, using the color and background-color attributes.
  • CSS Animations now send the animationcancel event as expected when an animation aborts prematurely.
  • Fixed: Transparent colors were being serialized to the transparent color keyword in certain situations.
  • The proprietary :-moz-table-border-nonzero pseudo-class is no longer available to web content; it is now restricted to Firefox's internal UA sylesheet.
  • [css-grid] Intristic content with overflow:auto overlaps in grid.
  • [css-grid] Transferred min-size contribution of percentage size grid item with an intrinsic ratio.
  • Removed the -moz prefixed versions of isolate, isolate-override, and plaintext values for the unicode-bidi property.


  • \b and \B in RegExp with the "u" (Unicode) and "i" (case insensitive) flags now treat U+017F (LATIN SMALL LETTER LONG S) and U+212A (KELVIN SIGN) as word characters.
  • The DataView constructor now throws a RangeError if the byteOffset parameter is out of Number.MAX_SAFE_INTEGER (>= 2 ** 53).
  • The Date.UTC() method has been updated to conform to ECMAScript 2017 when fewer than two arguments are provided.
  • The Function.prototype.toString() method has been updated to match the latest proposed specification.


  • The URL.toJSON() method has been implemented.
  • The URLSearchParams() constructor now accepts a record containing USVStrings as an init object.
  • Values returned in KeyboardEvent.key for printable keys when the control key is also pressed have been corrected on macOS (except when the Command key is pressed).
  • The dom.workers.latestJSVersion preference, which was mainly implemented to work around problems using let in workers has been removed.
  • The event.timeStamp property now returns a high-resolution monotonic time instead of an epoch time.

Web Workers and Service Workers

  • WorkerGlobalScope.close is now available on DedicatedWorkerGlobalScope and SharedWorkerGlobalScope instead.
  • The WindowOrWorkerGlobalScope.origin property has been implemented.
  • The Client.type property has been implemented.
  • Clients.matchAll() now returns Client objects in most recently focused order.
  • Some changes have been made to the observed behaviour when the Request() constructor is passed an existing Request object instance to make a new instance. The following new behaviors are designed to retain security while making the constructor less likely to throw exceptions:
    • If this object exists on another origin to the constructor call, the Request.referrer is stripped out.
    • If this object has a Request.mode of navigate, the mode value is converted to same-origin.


  • HTTP/1 Pipelining support has been removed in Firefox 54.

General Audio/Video

  • 5.1 surround sound playback is now enabled by default on Windows, macOS, and Linux.

Media Capture and Streams API

  • Usage of a MediaStream object as the input parameter to URL.createObjectURL() has been deprecated.

Web Audio API

  • The method AnalyserNode.getFloatFrequencyData() now correctly represents silent samples in the returned buffer with the value -Infinity.
  • AudioParam.setValueCurveAtTime() now throws a TypeError exception if any of the specified values aren't finite.

Encrypted MediaExtensions API

  • The MediaKeySession.keySystem string has been removed from the specification, and as such we've taken it out of Firefox 54.
  • Support has been added for the VP9 codec in encrypted streams using Clear Key and Widevine.
  • Previously, MSE was only allowed to use WebM/VP8 video if the system was considered "fast enough." Now playback of VP8-encoded webm/video media is always supported, regardless of system performance.


  • TCP ICE candidate support, originally added in Firefox 41, is now enabled by default.

Bug fixes in Firefox 54

  • CVE-2017-5472: Use-after-free using destroyed node when regenerating trees.
  • CVE-2017-7749: Use-after-free during docshell reloading.
  • CVE-2017-7750: Use-after-free with track elements.
  • CVE-2017-7751: Use-after-free with content viewer listeners.
  • CVE-2017-7752: Use-after-free with IME input.
  • CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object.
  • CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files.
  • CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors.
  • CVE-2017-7757: Use-after-free in IndexedDB.
  • CVE-2017-7778: Vulnerabilities in the Graphite 2 library.
  • CVE-2017-7758: Out-of-bounds read in Opus encoder.
  • CVE-2017-7759: Android intent URLs can cause navigation to local file system.
  • CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service.
  • CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application.
  • CVE-2017-7762: Addressbar spoofing in Reader mode.
  • CVE-2017-7763: Mac fonts render some unicode characters as spaces.
  • CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks.
  • CVE-2017-7765: Mark of the Web bypass when saving executable files.
  • CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service.
  • CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service.
  • CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service.
  • CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode.
  • CVE-2017-5471: Memory safety bugs fixed in Firefox 54.
  • CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2.

Have a great time cross-browser testing with Browserling!