Posted by August 8, 2017on
August 8 is not only International Kitty Day and Happiness Happens Day but also Firefox release day. Mozilla has just released Firefox 55. We got to work and quickly installed it on our browser cloud. You can now test your websites in Firefox 55 at Browserling.
What's new in Firefox 55?
- Launched Windows support for WebVR, bringing immersive experiences to the web.
- Added options that let users optimize recent performance improvements.
- Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos.
- Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching.
- Simplified installation process with a streamlined Windows stub installer.
- Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM.
- Full installers with advanced installation options are still available.
- Improved address bar functionality.
- Search with any installed one-click search engine directly from the address bar.
- Search suggestions appear by default.
- When entering a hostname (like
pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (
https://www.pinterest.com) instead of the insecure version (
http://www.pinterest.com) when possible.
- Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left.
- Added support for stereo microphones with WebRTC.
- Pages can be simplified before printing from within Print Preview.
- Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences.
- Browsing sessions with a high number of tabs are now restored in an instant.
- Make screenshots of webpages, and save them locally or upload them to the cloud.
- Added Belarusian (be) locale.
- Modernized application update UI to be less intrusive and more aligned with the rest of the browser.
- Firefox does not support downgrades, even though this may have worked in past versions.
- Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes.
Changes for Web developers in Firefox 55
- Added filtering of network requests by column values and other properties and by using regular expressions.
- Made it possible to show and hide columns within the Network Monitor.
- Added remote IP, protocol, scheme, cookies and set cookies columns to Network Monitor.
- The SourceMap HTTP header is now supported (prior versions supported the deprecated X-SourceMap header.
- Elements on which
contenteditablehas been set to true now use
<div>elements to separate different lines of text, to give Firefox parity with other modern browsers.
Enable dom.forms.datetimeby default on Nightly.
xml:baseattribute can no longer be used to set the base URL for paths appearing in the
styleattribute, for example:
<div xml:base="https://example.com/" style="background:url(picture.jpg)"></div>.
scopedattribute has been hidden behind a pref (
layout.css.scoped-style.enabled) in content documents in Firefox 55+, as no other browsers support it.
- Support for the obscure
MSThemeCompatiblevalue of the
http-equivattribute has been removed from Gecko.
- Exposed the
transform-boxproperty by default.
- Implemented the
- Implemented the
fit-content()unexpectedly reserves space for full clamp size in
clearlogical values â€”
inline-endâ€” which were previously implemented but preffed off in release channels, are now available in all channels by default.
layout.css.variables.enabledpreference has been removed completely meaning that the CSS variables feature is enabled all the time and can no longer be disabled.
- Implemented the proprietary
- Zero (0) angle value without degree unit is not correctly interpreted in
::cuepseudo-element is now supported; it matches on text cues presented within a media element.
- The proprietary
:-moz-bound-elementpseudo-class has been removed.
- The proprietary
text-decoration-linehas been removed.
frattribute has been implemented.
SVGZoomEventsinterfaces have been removed from the SVG2 spec and Gecko, along with the
Atomicsobjects are now enabled by default.
- The rest operator (
...) is now supported in object destructuring and the spread operator (
...) now works in object literals.
- Async generator methods are now supported.
String.prototype.toLocaleUpperCase()methods now support an optional
localeparameter to specify a language tag for locale-specific case mappings.
Intl.Collatorobject now supports the
- The Intl API now uses the browser's default locale instead of the operating system's default locale when no locale setting is provided.
- Template call sites objects are now canonicalized per realm, based upon their list of raw strings.
Float32Array, etc.) have been updated to ES2017. They now use the ToIndex operation and allow constructors without arguments, which return zero-length typed arrays.
- The Collaborative Scheduling of Background Tasks API (also known simply as the Background Tasks API or the requestIdleCallback API) is now enabled by default after being available behind a preference since Firefox 53.
- The WebVR 1.1 API is now turned on by default on Windows (and is available on macOS in Nightly).
- The Intersection Observer API â€” which provides a way to asynchronously observe changes in the intersection of a target element with an ancestor element or with a top-level document's viewport â€” has been added.
UIEvent.isCharproperty has never been supported by any browser but Firefox, and it has never been fully-implemented except on macOS. For that reason, it was removed in Firefox 55 to align with other browsers.
- The proprietary Firefox OS Device Storage API has been removed from the platform.
aShowDialogparameter of the non-standard
Window.find()method (which could be specified to open up a "Find" dialog in the browser) has been removed.
HTMLFormElement.requestAutoComplete()method has been removed.
- The non-standard, Mozilla-specific, WebRTC offer options
mozBundleOnlyhave been removed from the
RTCOfferOptionsdictionary and are no longer supported by
- Support for the proprietary Firefox OS Audio Channels API has been removed from
scrollY(as well as their aliases pageXOffset and pageYOffset) have been updated to be subpixel precise.
MediaQueryList(and other related features) have been updated to match the latest spec.
- Methods of the
DOMTokenListthat modify the list value now automatically trim whitespace and remove duplicate tokens.
URL()constructor can no longer accept a
DOMStringas its base (2nd parameter) â€” it only accepts a
- The event types supported by the
Document.createEvent()method have been updated as per the latest DOM spec.
MessageEvent.originproperty value is now of type
DOMString, and the
MessageEvent.sourceproperty now takes a
- The pinch-to-zoom gesture has now been mapped to the wheel event plus the + Ctrl key.
- The Selection API has been updated so that it has parity with other browsers in terms of how editing hosts are given focus when the selection moves inside them.
extend()methods' offset parameter is now optional.
collapse()method's node parameter is now nullable.
partialContainmentparameter is now optional.
deleteFromDocument()method has been added.
- Also in the
Selection.setPosition()have been added as aliases of
Selection.collapse(), for web compat and WebKit/Blink parity reasons.
StorageManager.persisted()methods of the Storage API have been implemented and exposed to Window contexts.
- Workers and shared workers can now be created with an identifying name property.
setInterval()are now subject to minimum interval throttling for tracking scripts in background tabs â€” see Throttling of tracking timeout scripts.
- Messages sent to service worker contexts (e.g. as the event object of
onmessage) are now represented by
MessageEventobjects, for consistency with other web messaging features.
PushManager.subscribe()method now accepts
ArrayBuffersand Base64-encoded strings as
Web Audio API
- A non-standard constructor (which accepted a string enum value indicating the purpose for which the context would be used) for AudioContext interface was causing errors to be thrown when the options parameter was provided.
getUserMedia()now provides a stereo audio stream by default if the source device provides stereo sound.
getUserMedia()media capabilities, constraints, and settings
noiseSuppressionnow match the spec.
- When called with an empty constraints set,
getUserMedia()was incorrectly returning
- The following new WebRTC statistics are available:
RTCInboundRTPStreamStatsdictionary field formerly called
mozRtthas been renamed to
roundTripTimeto match the specification; in addition, its behavior has been adjusted to match the standard.
RTCRTPStreamStatsdictionary now includes the fields
nackCount. These return low-level information that can be used to determine how reliable the connection is.
RTCOutboundRTPStreamStatsdictionary now includes the field
framesEncoded, which reports the number of frames that have been successfully encoded for the stream; with this information, you can compute the frame rate.
- On Android, there's now a pref to turn on hardware video encoding to improve video call performance and save on battery.
Encrypted Media Extensions API
- Firefox currently allows Encrypted Media Extensions to be used in insecure contexts, despite this not being allowed in the specification.
- Firefox currently doesn't require that at least one
MediaKeySystemCapabilitiesobject be included in the
suggestedConfigurationsparameter passed into
Navigator.requestMediaKeySystemAccess(), which the specification does mandate. Starting in Firefox 55, a warning is output to the web console when any audio or video configuration is specified without specifying supported codecs.
WEBGL_compressed_texture_s3tc_srgbextension is now available to WebGL and WebGL2 contexts.
GeolocationAPI is now available only to secure contexts.
Storage APIis now available only to secure contexts.
- The loading of mixed content is now allowed on localhost.
- Loading of remote JAR files has been disabled again.
- Flash content is now "click-to-activate".
- Flash and other plugins can no longer be loaded from any URL scheme except for
- Firefox on Linux can now be made to run in headless mode using the
Changes for add-on and Mozilla developers
- contextMenus.create()'s command property enables you to open browser action popups, page action popups, and sidebars from the context menu.
- Added proxy API.
- chrome_settings_overrides key enables you to override the browser's homepage.
- browser_style property enables you to have browser-like styling for browser action popups, sidebars, and options pages.
- Added permissions API.
Bug fixes in Firefox 55
- CVE-2017-7798: XUL injection in the style editor in devtools.
- CVE-2017-7800: Use-after-free in WebSockets during disconnection.
- CVE-2017-7801: Use-after-free with marquee during window resizing.
- CVE-2017-7809: Use-after-free while deleting attached editor DOM node.
- CVE-2017-7784: Use-after-free with image observers.
- CVE-2017-7802: Use-after-free resizing image elements.
- CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM.
- CVE-2017-7786: Buffer overflow while painting non-displayable SVG.
- CVE-2017-7806: Use-after-free in layer manager with SVG.
- CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements.
- CVE-2017-7787: Same-origin policy bypass with iframes through page reloads.
- CVE-2017-7807: Domain hijacking through AppCache fallback.
- CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID.
- CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher.
- CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts.
- CVE-2017-7808: CSP information leak with frame-ancestors containing paths.
- CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections.
- CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates.
- CVE-2017-7794: Linux file truncation via sandbox broker.
- CVE-2017-7803: CSP containing 'sandbox' improperly applied.
- CVE-2017-7799: Self-XSS XUL injection in about:webrtc.
- CVE-2017-7783: DOS attack through long username in URL.
- CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives.
- CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection.
- CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values.
- CVE-2017-7796: Windows updater can delete any file named update.log.
- CVE-2017-7797: Response header name interning leaks across origins.
- CVE-2017-7780: Memory safety bugs fixed in Firefox 55.
- CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3.
Have fun cross-browser testing your webapps in Firefox 55 and Browserling!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!