Mozilla Firefox 61 is out! We just installed this version on our machines and it's ready for cross-browser testing and here is an overview of what this version is about.

Firefox 61 About Dialog

Try Firefox 61 in Browserling now!

New features in Firefox 61

  • Faster page rendering with Quantum CSS improvements and the new retained display list feature.
  • Faster switching between tabs on Windows and Linux.
  • WebExtensions now run in their own process on MacOS.
  • Convenient access to more search engines: You can now add search engines to the address bar “Search with” tool from the page action menu when on a webpage that provides an OpenSearch plugin.
  • Share links from Firefox for MacOS more easily: You can now share the URL of an active tab from the page actions menu in the address bar.
  • On-by-default support for the latest draft of the TLS 1.3 specification.
  • Access to FTP subresources inside http(s) pages has been blocked.
  • A more consistent user experience: Improvements for dark theme support across the entire Firefox user interface.
  • More customization for tab management: added support to allow WebExtensions to hide tabs.
  • Improved bookmark syncing.
  • The settings for customizing your homepage and new tab page in Firefox have been added to a new Preferences section that can be accessed from Firefox at about:preferences#home. The settings can also be accessed via the gear icon on the New Tab page.

For Android:

  • Quantum CSS improvements which improve page rendering times.
  • Faster scrolling due to treating touch event listeners as passive by default.
  • Improved security: On-by-default support for the latest draft of the TLS 1.3 specification.
  • Fixed a recurring crash on Samsung Galaxy S8 devices running Android Oreo (8.0).

Changes in Firefox 61

  • Faster page rendering with Quantum CSS improvements and the new retained display list feature.
  • Faster switching between tabs on Windows and Linux.
  • WebExtensions now run in their own process on MacOS.
  • Convenient access to more search engines: You can now add search engines to the address bar “Search with” tool from the page action menu when on a webpage that provides an OpenSearch plugin.
  • Share links from Firefox for MacOS more easily: You can now share the URL of an active tab from the page actions menu in the address bar.
  • On-by-default support for the latest draft of the TLS 1.3 specification.
  • Access to FTP subresources inside http(s) pages has been blocked.
  • A more consistent user experience: Improvements for dark theme support across the entire Firefox user interface.
  • More customization for tab management: added support to allow WebExtensions to hide tabs.
  • Improved bookmark syncing.
  • The settings for customizing your homepage and new tab page in Firefox have been added to a new Preferences section that can be accessed from Firefox at about:preferences#home. The settings can also be accessed via the gear icon on the New Tab page.

Unresolved issues in Firefox 61

  • Users with Avast or AVG security software using the HTTPS Scanning feature may get an error message (SSL_ERROR_RX_RECORD_TOO_LONG) when trying to access secure sites.

Changes for web developers in Firefox 61

Developer tools

  • The Accessibility Inspector has been implemented.
  • The new-look Console UI has been enabled by default for the Browser Console & Browser Toolbox. The old UI has been removed.
  • In the Network Monitor, clicking Open in New Tab in a POST request's context menu correctly resends the request with the expected POST parameters.
  • CSS variables now autocomplete with color swatches, allowing you to see exactly what color value is stored in each variable. In addition, hovering over a CSS variable name brings up a tooltip showing what color value is stored in that variable.
  • The main toolbox's toolbar has been redesigned. Highlights are better responsiveness for narrow and wide viewports with a new overflow dropdown, cleaned up meatball menu, and sortable tabs to let you move up your most used panels.
  • The Network Monitor's toolbar now includes a dropdown menu providing easier access to the 'Copy All As HAR' and 'Save All As HAR' commands, as well as an 'Import...' option.
  • The Network Monitor's details pane now includes a Cache tab, which displays information about previously cached resources.
  • The Network Monitor's main toolbar got redesigned to be more responsive on smaller viewports and visually aligned with the Console.
  • The Network Monitor's main toolbar now includes a Throttling dropdown which was only available in the Responsive Design Mode before. It allows you to throttle your network speed to emulate various different network speed conditions.
  • The Browser Console now hides CSS errors by default for readability and performance reasons. The Browser Console now includes a command to restart the browser. Use Ctrl + Alt + R (Windows, Linux) or Cmd + Alt + R (Mac) to restart the browser with the same tabs open as before the restart.
  • DevTools' web extension APIs devtools.network.onRequestFinished and devtools.network.getHAR got implemented (enabling extensions like har-export-trigger).
  • The Firebug theme got removed since the transition of Firebug users into DevTools is complete.
  • Cmd/Ctrl + Shift + O no longer shows/hides the DevTools options panel — use F1 instead.

CSS Changes

  • CSS parsing has been parallelized.
  • Support for font-variation-settings and font-optical-sizing has been enabled by default.
  • The grid-gap, grid-row-gap, and grid-column-gap properties have been renamed to gap, row-gap, and column-gap, as they are no longer grid-specific. See Box alignment; Gaps between boxes for additional details. The old names have been kept as aliases for web compatibility purposes.
  • The flex-basis content value is now supported.
  • Percentage values of column-gap are now supported in CSS multi-column layout.
  • The CSS :host pseudo-class is now supported; this selects a custom element from inside its shadow DOM.
  • overflow now accepts two-value syntax.
  • Flex items that are sized according to their content are now sized using max-content, not fit-content. See the width value definitions for more details of these values.
  • font-weight, font-stretch and font-style now support additional values as defined by CSS Fonts level 4:
  • font-weight now accepts a floating-point value between 1 and 1000 inclusive.
  • font-stretch now accepts percentage values.
  • font-style now accepts an angle after the oblique keyword.
  • The @font-face descriptor equivalents of the three properties mentioned in the above entry also support the new syntax listed above, and additionally now support a two-value syntax allowing us to specify a range of descriptor values supported by a font-face.
  • @-moz-document has been disabled in content pages.

SVG Changes

  • The ping, rel, referrerPolicy, relList, hreflang, type and text properties have been added to the <a> element (SVGAElement) to be consistent with the HTML <a> element.
  • The <textPath> element (SVGTextPathElement) now supports the SVG2 path and side attributes.
  • The SVGGeometryElement interface is now supported for more elements and not just for the <path> element.
  • The deprecated (and never properly implemented) SVGViewElement.viewTarget property has been removed.
  • The following deprecated properties have been removed from SVGSVGElement - pixelUnitToMillimeterX, pixelUnitToMillimeterY, screenPixelToMillimeterX, screenPixelToMillimeterY.
  • The non-standard SVGNumber() constructor has been removed.

JavaScript Changes

  • The String.prototype.trimStart() and String.prototype.trimEnd() methods have been implemented (see bug 1434007). trimLeft and trimRight remain as aliases for web compatibility reasons. APIsSection

APIs Changes

  • The PerformanceServerTiming API has been implemented. It surfaces server-side metrics sent via the Server-Timing header.
  • The File interface's property lastModifiedDate has been removed.
  • The Node.getUserData() and Node.setUserData() methods have been removed from the platform completely.
  • The Element.createShadowRoot() method has been removed. Use Element.attachShadow() instead.
  • The MediaStream overload of the URL.createObjectURL() method has been removed.

DOM Changes

  • The anchors, applets, embeds, forms, head, images, links, plugins, and scripts properties have been moved from the HTMLDocument interface onto Document.
  • DOMTokenList.replace() now returns a boolean value to indicate whether the replacement occurred successfully, rather than void.
  • The Fetch API's Request.credentials property now defaults to "same-origin" per the latest revision of the specification.
  • The Request.destination property has been implemented.
  • The MutationObserver option dictionary, MutationObserverInit, no longer has false as the default value of all of its Boolean properties. Now, only childList and subtree have default values (of false still). The other properties have no default values.
  • The Payment Request API method PaymentRequest.show() now supports using a Promise to let the client side code provide updated payment details prior to activating the payment interface.

Service Workers Changes

  • The "Forget" button, available in Firefox's customization options, now clears service workers and their caches.

Web Audio, Media and WebRTC

  • The AudioContext() constructor now accepts an optional options parameter of type AudioContextOptions. This lets you configure the preferred latency and/or sample rate for the new context.
  • Firefox now throws the correct exceptions when instantiation of an AudioBuffer fails.

WebVR Changes

  • The WebVR API has been enabled by default on macOS.

CSSOM Changes

  • The CSSStyleRule.selectorText property is now fully implemented and no longer read-only.
  • The MediaList interface implementation is now a little closer to the specification. It is not all the way there yet; for example, stringifier attributes haven't been implemented yet.

HTTP Changes

  • The cookie directive SameSite has been implemented. See Set-Cookie and HTTP cookies.

Networking Changes

  • Firefox 61 and later no longer support using the FTP protocol (that is, URLs with the "ftp://" scheme) to load subresources from within HTML content. FTP is still supported as a top-level URL entered directly into the URL bar or loaded as a standalone document.

Changes for WebExtensions Developers

  • Autocomplete popups are now themeable.
  • tabs.onUpdated now has a filter template.
  • The default document colors can now be overridden, using browserSettings.overrideDocumentColors.
  • tabs.query has been optimized with the implementation of some useful search/filter option parameters.
  • You can now use permissions.request from an about:addons preferences page.
  • You can now force web pages to use system fonts instead of the fonts they specify using the browserSettings.useDocumentFonts property.
  • You can now cause browser search autocomplete suggestions to automatically open in a new tab rather than the current tab using the browserSettings.openUrlbarResultsInNewTabs property.
  • The toolbar, toolbar_text, toolbar_field, toolbar_field_text, and toolbar_field_border theme manifest properties now also apply to the findbar.
  • In sidebarAction.getPanel(), sidebarAction.getTitle(), sidebarAction.setPanel(), sidebarAction.setTitle(), and sidebarAction.setIcon(), you can now specify a windowId so that the features will be set/got only for a specific window.
  • tabs.hide() and tabs.show() are now enabled by default.
  • The first time an extension hides a tab, the browser will tell the user that the tab is being hidden, show them how they can access the hidden tab, and give them the option of disabling the extension instead.

Security Fixes in Firefox 61

  • CVE-2018-12359: Buffer overflow using computed size of canvas element.
  • CVE-2018-12360: Use-after-free when using focus().
  • CVE-2018-12361: Integer overflow in SwizzleData.
  • CVE-2018-12358: Same-origin bypass using service worker and redirection.
  • CVE-2018-12362: Integer overflow in SSSE3 scaler.
  • CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture.
  • CVE-2018-12363: Use-after-free when appending DOM nodes.
  • CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins.
  • CVE-2018-12365: Compromised IPC child process can list local filenames.
  • CVE-2018-12371: Integer overflow in Skia library during edge builder allocation.
  • CVE-2018-12366: Invalid data handling during QCMS transformations.
  • CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming.
  • CVE-2018-12368: No warning when opening executable SettingContent-ms files.
  • CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments.
  • CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View.
  • CVE-2018-5186: Memory safety bugs fixed in Firefox 61.
  • CVE-2018-5187: Memory safety bugs fixed in Firefox 61 and Firefox ESR 60.1.
  • CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9.

Have fun cross-browser testing your apps in Firefox 61 and Browserling!