Posted by March 13, 2018on
Hooray! Firefox 59 just came out today and we just got it installed on our browser cloud so that you can test your webapps with it already.
You can try it even from here:
What's new in Firefox 59?
- Performance enhancements: Faster load times for content on the Firefox Home page, faster page load times by loading either from the networked cache or the cache on the userâ€™s hard drive (Race Cache With Network), improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows was released in Firefox 58).
- Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways.
- Added features for Firefox Screenshots: Basic annotation lets the user draw on and highlight saved screenshots, Recropping to change the viewable area of saved screenshots, Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts.
- Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control over calls.
- Implemented features to support large scale conferences.
- Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input.
- Added the Ecosia search engine as an option for German Firefox.
- Added the Qwant search engine as an option for French Firefox.
- Added settings in about:preferences to stop websites from asking to send notifications or access your deviceâ€™s camera, microphone, and location, while still allowing trusted websites to use these features.
- Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking.
Changes for web developers in Firefox 59
- The Network Monitor Response tab now shows a preview of the rendered HTML â€” if the response is HTML.
- Cookie information shown in the Storage Inspector now includes a sameSite column showing what the same-site status of each cookie is.
- The Rulers tool now includes a readout showing the current dimensions of the viewport.
- In Responsive Design Mode, you can now set the screen dimensions using the cursor keys.
- The Raw headers display in the Network Monitor Headers tab now includes the response's status code.
<textarea>element's autocomplete attribute has been implemented.
- Removed the non-standard
versionparameter of the
overscroll-behaviorproperty and its associated longhand properties â€”
overscroll-behavior-yâ€” have been implemented, and it has been enabled by default on all releases.
- The behavior of "unusual elements" when given a display value of contents has been updated as per spec.
stickyis now supported on appropriate HTML table parts.
calc()is now supported in
calc()in media query values is now supported.
@documentat-rule has been limited to use only in user and UA sheets.
- Implement the
- Removed the proprietary
- The proprietary
-moz-border-left-colorsproperties have been limited to usage in chrome code only.
- Non-standard conditional catch clauses have been remove.
PointerEventshave been enabled in Firefox Desktop.
- The non-standard method
Event.getPreventDefault()has been removed
- The propretary
DesktopNotificationinterface have been removed, in favor of the standard Notifications API.
- The proprietary
window.external.addSearchEngine()method has been removed.
- The non-standard Firefox-only
mozAutoplayEnabledhas been removed.
EventTarget()constructor has been implemented.
Response()constructor can now accept a null value for its body parameter, as per spec.
- Support for SMIL's
accessKeyfeature has been removed.
Event.composedPath()method has been implemented.
- The service worker Clients API can now find and communicate with windows in a separate browser process.
- Nested about:blank and about:srcdoc iframes will now inherit their parent's controlling service worker.
- When a service worker provides a
Response.urlvalue will not be propagated to the intercepted network request as the final resolved URL.
FetchEvent.respondWith()will now trigger a network error if the
"same-origin"and the provided Response.type is
Media and WebRTC
MediaStreamTrack.muted, along with the events
unmuteand the corresponding event handlers,
onunmute, have been implemented.
- Firefox 59 on Android now supports Apple's HTTPS Live Streaming (HLS) protocol for both audio and video.
getSynchronizationSources()have been implemented to provide information about the sources of each RTP stream.
RTCRtpTransceiverinterface has now been implemented, since the Firefox implementation of WebRTC now supports transceivers, with
RTCPeerConnectionand other interfaces updated to use them per the latest specification.
RTCPeerConnection.addTransceiver()method has been added. In addition, the behavior of
addTrack()has been updated to create a transceiver as required.
- Support for WebVTT regions was implemented in Firefox 58 but disabled by default.
- Firefox now supports WebVTT REGION definition blocks whose settings list has one setting per line instead of all of the settings being on the same line of the WebVTT file.
CSSNamespaceRuleinterface and its
prefixproperties have been implemented.
- Top-level navigation to
data: URIs has been blocked.
SAMEORIGINdirective of the
X-Frame-Optionsheader has been changed so that it checks not only the top-level IFrame is in the same origin, but all its ancestors as well.
- Image resources loaded from different origins to the current document are no longer able to trigger HTTP authentication dialogs.
- HTTP authentication now uses
utf-8encoding for usernames and passwords for parity with other browsers, and to avoid potential problems.
- Everyday the HSTS preload list is updated from Google. Normally this doesn't warrant a note, but in this release new TLDs were included, notably
Other changes for web developers
- Support for the non-standard
feed: protocols has been removed from Firefox.
Changes for add-on and Mozilla developers
- New properties:
- All color properties now support both Chrome-style arrays and CSS color values.
New browser settings
New tabs APIs
contextMenusAPI now supports a "bookmark" context.
contentScriptsAPI enables runtime registration of content scripts.
browserAction/pageAction/sidebarAction.set*functions now accept
nullto undo changes.
- New option in
page_actionto show page actions by default.
- New values for
protocol_handers: "ssb" for Secure Scuttlebutt communications, "dat" for DATproject and "ipfs", "ipns", "dweb" for IPFS
- Support in
cookiesAPI for first-party isolation.
- New option
Bug fixes in Firefox 59
- CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList.
- CVE-2018-5128: Use-after-free manipulating editor selection ranges.
- CVE-2018-5129: Out-of-bounds write with malformed IPC messages.
- CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption.
- CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources.
- CVE-2018-5132: WebExtension Find API can search privileged pages.
- CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized.
- CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions.
- CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts.
- CVE-2018-5136: Same-origin policy violation with data: URL shared workers.
- CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources.
- CVE-2018-5138: Android Custom Tab address spoofing through long domain names.
- CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol.
- CVE-2018-5141: DOS attack through notifications Push API.
- CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs.
- CVE-2018-5126: Memory safety bugs fixed in Firefox 59.
- CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7.
Unresolved issues in Firefox 59
- Windows 7 users using accessibility services (like the Windows On-Screen Keyboard) may observe browser crashes after the update to Firefox 59. As a workaround, affected users can prevent external apps from triggering accessibility services in Firefox.
- No sound in Firefox 58 and 59 on Linux in some configurations.
Have fun cross-browser testing your webapps in Firefox 59!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!