August 8 is not only International Kitty Day and Happiness Happens Day but also Firefox release day. Mozilla has just released Firefox 55. We got to work and quickly installed it on our browser cloud. You can now test your websites in Firefox 55 at Browserling.

Firefox 55 About Dialog

What's new in Firefox 55?

  • Launched Windows support for WebVR, bringing immersive experiences to the web.
  • Added options that let users optimize recent performance improvements.
  • Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos.
  • Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching.
  • Simplified installation process with a streamlined Windows stub installer.
  • Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM.
  • Full installers with advanced installation options are still available.
  • Improved address bar functionality.
  • Search with any installed one-click search engine directly from the address bar.
  • Search suggestions appear by default.
  • When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible.
  • Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left.
  • Added support for stereo microphones with WebRTC.
  • Pages can be simplified before printing from within Print Preview.
  • Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences.
  • Browsing sessions with a high number of tabs are now restored in an instant.
  • Make screenshots of webpages, and save them locally or upload them to the cloud.
  • Added Belarusian (be) locale.
  • Modernized application update UI to be less intrusive and more aligned with the rest of the browser.
  • Firefox does not support downgrades, even though this may have worked in past versions.
  • Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes.

Changes for Web developers in Firefox 55

Developer Tools

  • Added filtering of network requests by column values and other properties and by using regular expressions.
  • Made it possible to show and hide columns within the Network Monitor.
  • Added remote IP, protocol, scheme, cookies and set cookies columns to Network Monitor.
  • The SourceMap HTTP header is now supported (prior versions supported the deprecated X-SourceMap header.

HTML

  • Elements on which contenteditable has been set to true now use <div> elements to separate different lines of text, to give Firefox parity with other modern browsers.
  • Enable dom.forms.datetime by default on Nightly.
  • The xml:base attribute can no longer be used to set the base URL for paths appearing in the style attribute, for example: <div xml:base="https://example.com/" style="background:url(picture.jpg)"></div>.
  • The <style> element's scoped attribute has been hidden behind a pref (layout.css.scoped-style.enabled) in content documents in Firefox 55+, as no other browsers support it.
  • Support for the obscure MSThemeCompatible value of the <meta> element's http-equiv attribute has been removed from Gecko.

CSS

  • Exposed the transform-box property by default.
  • Implemented the frames() timing function.
  • Implemented the text-justify property.
  • [css-grid] fit-content() unexpectedly reserves space for full clamp size in repeat().
  • The float / clear logical values — inline-start and inline-end — which were previously implemented but preffed off in release channels, are now available in all channels by default.
  • The layout.css.variables.enabled preference has been removed completely meaning that the CSS variables feature is enabled all the time and can no longer be disabled.
  • Implemented the proprietary -moz-context-properties property.
  • Zero (0) angle value without degree unit is not correctly interpreted in linear-gradient().
  • The ::cue pseudo-element is now supported; it matches on text cues presented within a media element.
  • The proprietary :-moz-bound-element pseudo-class has been removed.
  • The proprietary -moz-anchor-decoration value of text-decoration-line has been removed.

SVG

  • The <radialGradient> fr attribute has been implemented.
  • The SVGZoomEvent and SVGZoomEvents interfaces have been removed from the SVG2 spec and Gecko, along with the onzoom <svg> attribute.

JavaScript

  • The SharedArrayBuffer and Atomics objects are now enabled by default.
  • The rest operator (...) is now supported in object destructuring and the spread operator (...) now works in object literals.
  • Async generator methods are now supported.
  • The String.prototype.toLocaleLowerCase() and String.prototype.toLocaleUpperCase() methods now support an optional locale parameter to specify a language tag for locale-specific case mappings.
  • The Intl.Collator object now supports the caseFirst option.
  • The Intl API now uses the browser's default locale instead of the operating system's default locale when no locale setting is provided.
  • Template call sites objects are now canonicalized per realm, based upon their list of raw strings.
  • TypedArray constructors (like Int8Array, Float32Array, etc.) have been updated to ES2017. They now use the ToIndex operation and allow constructors without arguments, which return zero-length typed arrays.

APIs

  • The Collaborative Scheduling of Background Tasks API (also known simply as the Background Tasks API or the requestIdleCallback API) is now enabled by default after being available behind a preference since Firefox 53.
  • The WebVR 1.1 API is now turned on by default on Windows (and is available on macOS in Nightly).
  • The Intersection Observer API — which provides a way to asynchronously observe changes in the intersection of a target element with an ancestor element or with a top-level document's viewport — has been added.
  • The UIEvent.isChar property has never been supported by any browser but Firefox, and it has never been fully-implemented except on macOS. For that reason, it was removed in Firefox 55 to align with other browsers.
  • The proprietary Firefox OS Device Storage API has been removed from the platform.
  • The aShowDialog parameter of the non-standard Window.find() method (which could be specified to open up a "Find" dialog in the browser) has been removed.
  • The HTMLFormElement.requestAutoComplete() method has been removed.
  • The non-standard, Mozilla-specific, WebRTC offer options mozDontOfferDataChannel and mozBundleOnly have been removed from the RTCOfferOptions dictionary and are no longer supported by RTCPeerConnection.createOffer().
  • Support for the proprietary Firefox OS Audio Channels API has been removed from HTMLMediaElement and AudioContext.

DOM

  • The Window properties scrollX and scrollY (as well as their aliases pageXOffset and pageYOffset) have been updated to be subpixel precise.
  • MediaQueryList (and other related features) have been updated to match the latest spec.
  • Methods of the DOMTokenList that modify the list value now automatically trim whitespace and remove duplicate tokens.
  • The HTMLInputElement's maxLength property can now be dynamically altered with JavaScript after the equivalent HTML has been created.
  • The URL() constructor can no longer accept a DOMString as its base (2nd parameter) — it only accepts a USVString.

DOM events

  • The event types supported by the Document.createEvent() method have been updated as per the latest DOM spec.
  • The MessageEvent.origin property value is now of type USVString, not DOMString, and the MessageEvent.source property now takes a MessageEventSource value.
  • The pinch-to-zoom gesture has now been mapped to the wheel event plus the + Ctrl key.

Selection API

  • The Selection API has been updated so that it has parity with other browsers in terms of how editing hosts are given focus when the selection moves inside them.
  • The collapse() and extend() methods' offset parameter is now optional.
  • The collapse() method's node parameter is now nullable.
  • The containsNode() method's partialContainment parameter is now optional.
  • The deleteFromDocument() method has been added.
  • Also in the Selection API, Selection.empty() and Selection.setPosition() have been added as aliases of Selection.removeAllRanges() and Selection.collapse(), for web compat and WebKit/Blink parity reasons.
  • The StorageManager.persist() and StorageManager.persisted() methods of the Storage API have been implemented and exposed to Window contexts.

Workers

  • Workers and shared workers can now be created with an identifying name property.
  • setTimeout() and setInterval() are now subject to minimum interval throttling for tracking scripts in background tabs — see Throttling of tracking timeout scripts.

Service Workers/Push

  • Messages sent to service worker contexts (e.g. as the event object of onmessage) are now represented by MessageEvent objects, for consistency with other web messaging features.
  • The PushManager.subscribe() method now accepts ArrayBuffers and Base64-encoded strings as applicationServerKey values.

Web Audio API

  • A non-standard constructor (which accepted a string enum value indicating the purpose for which the context would be used) for AudioContext interface was causing errors to be thrown when the options parameter was provided.

WebRTC

  • getUserMedia() now provides a stereo audio stream by default if the source device provides stereo sound.
  • The getUserMedia() media capabilities, constraints, and settings autoGainControl and noiseSuppression now match the spec.
  • When called with an empty constraints set, getUserMedia() was incorrectly returning NotSupportedError instead of TypeError.
  • The following new WebRTC statistics are available: framesEncoded, pliCount, nackCount, and firCount.
  • The RTCInboundRTPStreamStats dictionary field formerly called mozRtt has been renamed to roundTripTime to match the specification; in addition, its behavior has been adjusted to match the standard.
  • The RTCRTPStreamStats dictionary now includes the fields firCount, pliCount, and nackCount. These return low-level information that can be used to determine how reliable the connection is.
  • The RTCOutboundRTPStreamStats dictionary now includes the field framesEncoded, which reports the number of frames that have been successfully encoded for the stream; with this information, you can compute the frame rate.
  • On Android, there's now a pref to turn on hardware video encoding to improve video call performance and save on battery.

Encrypted Media Extensions API

  • Firefox currently allows Encrypted Media Extensions to be used in insecure contexts, despite this not being allowed in the specification.
  • Firefox currently doesn't require that at least one MediaKeySystemCapabilities object be included in the suggestedConfigurations parameter passed into Navigator.requestMediaKeySystemAccess(), which the specification does mandate. Starting in Firefox 55, a warning is output to the web console when any audio or video configuration is specified without specifying supported codecs.

WebGL

  • The WEBGL_compressed_texture_s3tc_srgb extension is now available to WebGL and WebGL2 contexts.

Security

  • The Geolocation API is now available only to secure contexts.
  • The Storage API is now available only to secure contexts.
  • The loading of mixed content is now allowed on localhost.
  • Loading of remote JAR files has been disabled again.

Plugins

  • Flash content is now "click-to-activate".
  • Flash and other plugins can no longer be loaded from any URL scheme except for http:// and https://.

Other

  • Firefox on Linux can now be made to run in headless mode using the -headless flag.

Changes for add-on and Mozilla developers

WebExtensions

  • contextMenus.create()'s command property enables you to open browser action popups, page action popups, and sidebars from the context menu.
  • Added proxy API.
  • chrome_settings_overrides key enables you to override the browser's homepage.
  • browser_style property enables you to have browser-like styling for browser action popups, sidebars, and options pages.
  • Added permissions API.

Bug fixes in Firefox 55

  • CVE-2017-7798: XUL injection in the style editor in devtools.
  • CVE-2017-7800: Use-after-free in WebSockets during disconnection.
  • CVE-2017-7801: Use-after-free with marquee during window resizing.
  • CVE-2017-7809: Use-after-free while deleting attached editor DOM node.
  • CVE-2017-7784: Use-after-free with image observers.
  • CVE-2017-7802: Use-after-free resizing image elements.
  • CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM.
  • CVE-2017-7786: Buffer overflow while painting non-displayable SVG.
  • CVE-2017-7806: Use-after-free in layer manager with SVG.
  • CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements.
  • CVE-2017-7787: Same-origin policy bypass with iframes through page reloads.
  • CVE-2017-7807: Domain hijacking through AppCache fallback.
  • CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID.
  • CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher.
  • CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts.
  • CVE-2017-7808: CSP information leak with frame-ancestors containing paths.
  • CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections.
  • CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates.
  • CVE-2017-7794: Linux file truncation via sandbox broker.
  • CVE-2017-7803: CSP containing 'sandbox' improperly applied.
  • CVE-2017-7799: Self-XSS XUL injection in about:webrtc.
  • CVE-2017-7783: DOS attack through long username in URL.
  • CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives.
  • CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection.
  • CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values.
  • CVE-2017-7796: Windows updater can delete any file named update.log.
  • CVE-2017-7797: Response header name interning leaks across origins.
  • CVE-2017-7780: Memory safety bugs fixed in Firefox 55.
  • CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3.

Source.

Have fun cross-browser testing your webapps in Firefox 55 and Browserling!