Hooray! Firefox 58 is here. We at Browserling saw the release being uploaded to Mozilla's ftp and grabbed it before it was even announced. We've installed it and it's ready for all your cross-browser testing needs. If you are a developer, this blog post will provide you with all the information needed about this particular release.
You can try here:
What's new in Firefox 58?
Performance improvements, including:
- Rendering graphics for Windows users by using Off-Main-Thread Painting (OMTP).
Improvements to Firefox Screenshots:
- Copy and paste screenshots directly to your clipboard.
- Firefox Screenshots now works in Private Browsing mode.
- User profiles created in Firefox 58 are not supported in previous versions of Firefox.
- Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority.
- Added Nepali (ne-NP) locale.
Changes for Web developers in Firefox 58
- The Shape Path Editor has been enabled by default for shapes generated via
- The Network Monitor now has a button to pause/play recording of network traffic.
- In the Network Monitor the "Flash" filter button is no longer available, and Flash requests are included in the "Others" filter.
- The code for the old Responsive Design Mode has now been removed from the Devtools.
- The option to view MDN docs from the CSS pane of the page inspector has been removed.
font-displaydescriptor is now available by default on all platforms.
- The proprietary Mozilla
:-moz-styleeditor-transitioningpseudo-class is no longer available to web content.
- The following proprietary Mozilla system metric pseudo-classes are no longer available to web content:
- The following proprietary Mozilla media features are no longer available to web content:
Promise.prototype.finally()method has been implemented.
Intl.PluralRulesobject has been implemented.
Intl.NumberFormat.prototype.formatToParts()method has been implemented.
Intl.DateTimeFormatobject now supports the hourCycle option and the hc language tag.
- The optional catch binding proposal has been implemented.
- The non-standard
Date.prototype.toLocaleFormat()method has been removed.
- The non-standard and deprecated
unwatch()methods have been removed and will no longer work.
- The legacy Iterator protocol, the
StopIterationobject, the legacy generator functions and the non-standard
Function.prototype.isGenerator()method have been removed.
- The non-standard Array comprehensions and Generator comprehensions have been removed.
PerformanceNavigationTimingAPI has been implemented.
- Gecko has also been given a pref that can be used to disable the interface if required —
dom.enable_performance_navigation_timing, defaulting to
- The proprietary
moz-chunked-textvalues of the
XMLHttpRequest.responseTypeproperty were removed completely in Firefox 58.
dom.abortController.fetch.enabledprefs that controlled exposure of the Abort API functionality have now been removed, since those features are now enabled by default.
- The proprietary
mozSrcObjectproperty was removed in Firefox 58.
- Errors reported via error objects in certain APIs.
PerformanceResourceTiming.workerStartproperty is now supported.
- Budget-based background timeout throttling has been implemented.
Media and WebRTC
- The prefixed version of
HTMLMediaElement.srcObjecthas been removed.
MediaStream.addTrack()to add tracks to a stream obtained using
getUserMedia(), then attempting to record the resulting stream now works as expected.
- The WebVTT
VTTRegioninterface has always been created when interpreting WebVTT files, but the resulting regions were not previously utilized.
Canvas and WebGL
- Support for prefixed WebGL extensions has been removed.
frame-ancestorsis no longer ignored in
- Firefox now implements a TLS handshake timeout with a default value of 30 seconds.
worker-srcCSP directive has been implemented.
- The 425: Too Early status code and related
Early-Datarequest header are now supported.
- "Add to home screen" is now supported in Firefox for Android, part of the Progressive Web Apps effort.
- WebAssembly now has a tiered compiler providing load time optimizations, and new streaming APIs —
- You can no longer nest an
<a>element inside a
<map>element to create a hotspot region — an
<area>element needs to be used instead.
Changes for add-on and Mozilla developers
- browserSettings.webNotificationsDisabled has been implemented.
- browsingData.localStorage now supports deleting localStorage by host.
- pkcs11 API to manage security devices.
- first party isolation can now be toggled though firstPartyIsolate.
- resist fingerprinting pref can now be toggle through resistFingerprinting.
- tabs.discard has been implemented.
- isArticle, isInReaderMode properties of Tab implemented.
- toggleReaderMode() method implemented.
- openInReaderMode option of tabs.created implemented.
- tabs.onUpdated now notifies when entering/exiting reader mode.
- getCurrent() method to obtain current theme properties.
- onUpdated method to receive WebExtension theme updates.
- colors.bookmark_text now supported as alias of colors.toolbar_text.
- colors.toolbar_top_separator, colors.toolbar_bottom_separator and colors.toolbar_vertical_separator implemented.
- webRequest.onBeforeRequest now includes a "frameAncestors" parameter.
Bug fixes in Mozilla Firefox 58
- CVE-2018-5091: Use-after-free with DTMF timers.
- CVE-2018-5092: Use-after-free in Web Workers.
- CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing.
- CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory.
- CVE-2018-5095: Integer overflow in Skia library during edge builder allocation.
- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT.
- CVE-2018-5098: Use-after-free while manipulating form input elements.
- CVE-2018-5099: Use-after-free with widget listener.
- CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory.
- CVE-2018-5101: Use-after-free with floating first-letter style elements.
- CVE-2018-5102: Use-after-free in HTML media elements.
- CVE-2018-5103: Use-after-free during mouse event handling.
- CVE-2018-5104: Use-after-free during font face manipulation.
- CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts.
- CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker.
- CVE-2018-5107: Printing process will follow symlinks for local file access.
- CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs.
- CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution.
- CVE-2018-5110: Cursor can be made invisible on OS X.
- CVE-2018-5111: URL spoofing in addressbar through drag and drop.
- CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel.
- CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow.
- CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts.
- CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs.
- CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access.
- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right.
- CVE-2018-5118: Activity Stream images can attempt to load local content through file:.
- CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers.
- CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar.
- CVE-2018-5122: Potential integer overflow in DoCrypt.
- CVE-2018-5090: Memory safety bugs fixed in Firefox 58.
- CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6.
Unresolved issues in Firefox 58
- Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions.
- Users running certain screen readers may experience performance issues and are advised to use Firefox ESR until performance issues are resolved in an upcoming future release.
- When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox may fail to load pages.
Have fun cross-browser testing your webapps in Firefox 58!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!