Today, Firefox released a new version of the Firefox browser. It's Firefox 86 and we already deployed it on our cross-browser testing platform. You can already start testing your applications and websites in it. Here's what's new in Firefox 86.

Firefox 86 About Dialog

Try Browserling on Firefox 86 now!

New in Firefox 86

  • New Print Dialog - Firefox 86 adds a cleaner and improved Print dialog that integrates with your computer's printer settings.
  • Stricter Cookie Protection - Firefox 86 adds Total Cookie Protection (TCP) in Strict Mode. In TCP, every website gets its own "cookie jar" that prevents sites from using cookies to track you.
  • Multiple Picture-in-Picture Videos - Firefox 86 now supports simultaneously watching multiple videos in Picture-in-Picture mode.
  • Credit Card Auto-fill - Firefox 86 users in Canada can now save credit card information and auto-fill payment forms.

Here's how the new print dialog looks like:

Firefox 86 Print Dialog

Changes in Firefox 86

  • Notable performance and stability improvements are achieved by moving canvas drawing and WebGL drawing to the GPU process.
  • The protection to mitigate the stack clash attack has been activated (Linux).
  • Removal of DTLS 1.0 support for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.
  • Consolidated all video decoding in the new RDD process which results in a more secure Firefox.
  • CSS image-set() function in CSS is now enabled, allowing for responsive images in CSS.

Fixes in Firefox 86

  • Reader mode now works with local HTML pages.
  • Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids.
  • The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox.
  • Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns.
  • Links in the reader view now have more color contrast.

Developer's Corner

Firefox 86 has the following changes that are relevant to web developers:

Developer Tools

  • The cd() web console helper function, which was deprecated in Firefox 74, has now been removed.
  • Inactive CSS tool is now showing a warning when margin or padding is set on internal table elements.
  • Developer tools toolbox is now showing the number of errors on the current page. This is a quick way to surface information to a developer that something is wrong with their page. Clicking on the red exclamation icon navigates the user to the Console panel.

SVG Changes

  • SVG filters can now use the <feComposite> element with the lighter operator.

CSS Changes

  • The :autofill pseudo-class is now enabled, with -webkit-autofill as an alias.
  • The list-style-image property now accepts any valid <image>.

JavaScript Changes

  • The Intl.DisplayNames built-in object has been enabled by default.

DOM API Changes

  • The is now reset to an empty string if a tab loads a page from a different domain, and restored if the original page is reloaded.
  • The EventTarget.addEventListener() function now supports the signal option.

WebDriver Changes

  • Updated WebDriver:ElementClick to synthesize a mousemove event before the actual click event.

Changes for add-on developers

  • Host permissions now grant access to privileged parts of the tabs API.
  • The option focused: false is now ignored when set in a windows.create() call.

Changes in Firefox 86 for Android

  • Introduction of Total Cookie Protection in Strict Mode.
  • The protection to mitigate the stack clash attack has been activated.

Security Fixes in Firefox 86

  • CVE-2021-23968, 23969: Content Security Policy violation report could have contained the destination of a redirect.
  • CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains.
  • CVE-2021-23974: Noscript elements could have led to an HTML Sanitizer bypass.
  • CVE-2021-23971: A website's Referrer-Policy could have been been overridden, potentially resulting in the full URL being sent as a Referrer.
  • CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android.
  • CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories.
  • CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached.
  • CVE-2021-23975: About:memory Measure function caused an incorrect pointer operation.
  • CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources.
  • CVE-2021-23978, 23979: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

Have fun cross-browser testing in Firefox 86!