Posted by February 23, 2021on
Today, Firefox released a new version of the Firefox browser. It's Firefox 86 and we already deployed it on our cross-browser testing platform. You can already start testing your applications and websites in it. Here's what's new in Firefox 86.
Try Browserling on Firefox 86 now!
New in Firefox 86
- New Print Dialog - Firefox 86 adds a cleaner and improved Print dialog that integrates with your computer's printer settings.
- Stricter Cookie Protection - Firefox 86 adds Total Cookie Protection (TCP) in Strict Mode. In TCP, every website gets its own "cookie jar" that prevents sites from using cookies to track you.
- Multiple Picture-in-Picture Videos - Firefox 86 now supports simultaneously watching multiple videos in Picture-in-Picture mode.
- Credit Card Auto-fill - Firefox 86 users in Canada can now save credit card information and auto-fill payment forms.
Here's how the new print dialog looks like:
Changes in Firefox 86
- Notable performance and stability improvements are achieved by moving canvas drawing and WebGL drawing to the GPU process.
- The protection to mitigate the stack clash attack has been activated (Linux).
- Removal of DTLS 1.0 support for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.
- Consolidated all video decoding in the new RDD process which results in a more secure Firefox.
image-set()function in CSS is now enabled, allowing for responsive images in CSS.
Fixes in Firefox 86
- Reader mode now works with local HTML pages.
- Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids.
- The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox.
- Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns.
- Links in the reader view now have more color contrast.
Firefox 86 has the following changes that are relevant to web developers:
cd()web console helper function, which was deprecated in Firefox 74, has now been removed.
- Inactive CSS tool is now showing a warning when margin or padding is set on internal table elements.
- Developer tools toolbox is now showing the number of errors on the current page. This is a quick way to surface information to a developer that something is wrong with their page. Clicking on the red exclamation icon navigates the user to the Console panel.
- SVG filters can now use the <feComposite> element with the
:autofillpseudo-class is now enabled, with
-webkit-autofillas an alias.
list-style-imageproperty now accepts any valid <image>.
Intl.DisplayNamesbuilt-in object has been enabled by default.
DOM API Changes
window.nameis now reset to an empty string if a tab loads a page from a different domain, and restored if the original page is reloaded.
EventTarget.addEventListener()function now supports the signal option.
WebDriver:ElementClickto synthesize a
mousemoveevent before the actual click event.
Changes for add-on developers
- Host permissions now grant access to privileged parts of the tabs API.
- The option
focused: falseis now ignored when set in a
Changes in Firefox 86 for Android
- Introduction of Total Cookie Protection in Strict Mode.
- The protection to mitigate the stack clash attack has been activated.
Security Fixes in Firefox 86
- CVE-2021-23968, 23969: Content Security Policy violation report could have contained the destination of a redirect.
- CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains.
- CVE-2021-23974: Noscript elements could have led to an HTML Sanitizer bypass.
- CVE-2021-23971: A website's Referrer-Policy could have been been overridden, potentially resulting in the full URL being sent as a Referrer.
- CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android.
- CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories.
- CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached.
- CVE-2021-23975: About:memory Measure function caused an incorrect pointer operation.
- CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources.
- CVE-2021-23978, 23979: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Have fun cross-browser testing in Firefox 86!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!