RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Mozilla Firefox

Product
Developers: Mozilla
Last Release Date: 2023/12/19
Branches: Internet services

Content

Main article: Web browser

Mozilla Firefox (English "fire fox") is one of the most popular web browsers in the world, created in 2002 in Britain. Initially, it had the name Phoenix, which later transformed into Firebird, and then adopted the current name.

Versions and news around the project

2023

Firefox 121

On December 19, 2023, it became known that the Firefox 121 web browser was released and an update to the branch with a long support period of 115.6.0 was formed. The Firefox 122 branch has been transferred to the beta testing stage, the release of which is scheduled for January 23, 2024.

Firefox 121

As reported, the main changes in Firefox 121 affected the following:

  • Linux by default includes the use of the Wayland composite server instead of XWayland, which allowed to solve problems with the operation of the touchpad, support for gestures on touch screens and setting DPI for each monitor in Wayland-based environments. The use of Wayland also demonstrates optimized graphics performance. At the same time, due to the limitations of the Wayland protocol, there are problems with bringing the picture-in-picture window to the foreground.
  • In the settings in the General/Browsing section, an option has been added to force the underscore of links, regardless of the CSS settings on the site (it can be useful for people with color perception problems).
  • The PDF viewer implements the display of a floating button with a basket to remove drawings, text and images added during PDF editing.
  • On the Windows platform, a request was made to install the AV1 Video Extension package, which implements the possibility of hardware acceleration of video decoding in AV1 format.
  • On the macOS platform, support for control using voice commands has been added.
  • Added support for delayed loading of iframe blocks, allowing you not to load content outside the visible area until the user scrolls the page to the location immediately preceding the item. To control delayed page loading, the "loading" attribute has been added to the "iframe" tag, which can take the value "lazy" ("iframe loading = lazy"). Delayed loading will reduce memory consumption, reduce traffic, and optimize the speed of initial page opening.
  • The CSS pseudo-class ": has ()" has been added to check for the presence of a child in the parent. For example, "p: has (span)" encompasses elements of "p" within which there is a "span" element.
  • The CSS property text-indent has been added with the parameters "hanging" and "each-line," which optimize the design of paragraph styles, for example, with bibliographies and verses. You can also combine multiple text-indent parameters in the same expression, such as text-indent: 3em hanging each-line.
  • The CSS property text-wrap has added parameters: "balance" (allows you to optimize the uniform design of multiline text blocks, such as long headers) and "stable" (prohibits reformatting of content while editing it).
  • The Date.parse () feature adds support for additional formats such as MMM-DD-YYYY, specifying milliseconds, setting the day of the week before the date ("Wed, 1970-01-01"), and ignoring errors in writing the day of the week ("foo 1970-01-01").
  • A static Promise.withResolvers () method has been added that allows you to use the resolve and reject callback functions to specify handlers that allow or reject Promise definitions after it is created.
  • WebAssembly adds support for return_call and return_call_indirect instructions to optimize tail-call to reduce stack memory consumption, improve performance, and optimize support for functional programming languages.
  • The WebTransport API, designed to send and receive data between the browser and the server, has added the sendOrder property, which allows you to set separate priorities for sending and receiving in bidirectional streams.
  • The tools for web developers have worked to improve the convenience of people with disabilities, for example, the focus indicator in different tools has been unified and increased. The "Pause on debugger statement" option has been added to the built-in JavaScript debugger to disable the debugger.
  • The Android version has eliminated the emergency terminations that appear when copying to the clipboard and displaying a full-screen notification. Problems with rendering on smartphones Google Pixel 8 and Samsung Galaxy S22 have been solved. The catalog of additions has been put into operation. In private viewing mode, third-party Cookies and access to local storage are blocked. In Enhanced Tracking Protection Manual Configuration Mode, you can block the tracking code used on social networks.

In addition to changes and bug fixes, Firefox 121 has fixed 27 vulnerabilities. 13 vulnerabilities (11 combined under CVE-2023-6864 and CVE-2023-6873), which are marked as dangerous, caused by memory problems such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages. Another dangerous vulnerability (CVE-2023-6135) is associated with the NSS library's exposure to the Minerva attack, which allows you to recreate the private key through third-party data analysis[1].

Firefox 115

On July 4, 2023, it became known that the Firefox 115 web browser was released. The release of Firefox 115 is classified as long-term support (ESR) branches, updates for which are released throughout the year. In addition, an update of the previous branch with a long support period of 102.13.0 has been formed (two more updates 102.14 and 102.15 are expected in the future). The Firefox 116 branch will be transferred to the beta testing stage in the near future, the release of which is scheduled for August 1, 2023.

Firefox 115

As reported, major changes to Firefox 115 include the following:

  • In assemblies for Linux on GPU systems Intel , hardware acceleration of video decoding is enabled.
  • On the Linux platform, pressing the middle button mice on the open tab button in another tab will now open content from the clipboard. If the clipboard contains - URL this link will be opened, and if the text will be queried for. search engine To disable this feature, the browser.tabs.searchclipboardfor.middleclick configuration is added to about: config.
  • The interface for importing data from other browsers has been redesigned.
  • The tool for migrating with Chrome implements the transfer of saved information about payment methods.
  • In the tab drop-down list displayed when you click the V button in the panel, added buttons to quickly close the tab.
  • For users of operating systems without built-in support for the H264 video codec, it is possible to rollback to use a plugin that downloads the OpenH264 open codec supported by Cisco.
  • Users who have banned automatic update of add-ons and use the color theme selected using the previously removed Colorways built-in add-on will automatically switch to a similar external theme from the site addons.mozilla.org.
  • The password fields have added support for rolling back changes (Undo and Redo).
  • In the add-on panel, some users may receive a warning that the add-on cannot work with the current site. The warning is related to the implementation of a protection mechanism that prohibits the use of add-ons not verified by Mozilla with some sites. To disable this protection, you can change the "extensions.quarantinedDomains.enabled" setting in about: config.
  • The automated machine translation system included in the beta release from one language to another in the release is inactive by default (you can enable it through the "browser.translations.enable" setting in about: config).
  • The animation-composition CSS property has been added, allowing you to use composite operations to simultaneously apply multiple animations that affect the same property.
  • CSS allows conditions to be defined in import rules "@ import supports (...)."
  • Array.prototype and TypedArray.prototype have added additional Array.toReversed (), Array.toSorted (), Array.toSorted (), Array.toSpliced (), Array.with (), TypedArrays.toReversed (), TypedArrays.toSorted (after making a copy of the array of array of Arrays.raised) and Copied
  • The URL.canParse () method has been added to optimize URL parsing and validation.
  • The URLSearchParams.has () and URLSearchParams.delete () methods have added support for the optional "value" argument, which allows you to search the URL simultaneously by key name and value, which is useful when multiple parameters with the same name but different values ​ ​ are specified in the address.
  • An Array.fromAsync () static method has been added that asynchronously returns another Array instance copied from array-like, iterable, or async iterable objects.
  • The Response API has added a static json () method that returns the response as JSON data in the response body and sets the Content-Type header to "application/json."
  • For browser add-ons, the storage.session API is proposed, which allows you to save temporary data in memory (the data will be cleared after the end of the session with the browser).
  • WebRTC provides the ability to specify millisecond target values ​ ​ for the jitter buffer (jitter), which allows the application to set its balance between playback delay and the danger of exhausting audio or video personnel present in the buffer due to intermittent delays when packets pass through the network.
  • In private viewing mode, the IndexedDB API is allowed without limiting the size of the memory occupied (this feature could be used as a sign to determine whether the site was opened in private viewing mode). The problem of possible leakage of confidential data from disk is solved by the fact that IndexedDB data is encrypted, and the decryption key is stored only in RAM. After the private viewing session is completed, all data is cleared.
  • The behavior of the built-in editor is similar to the editors of other browsers when separating a paragraph with the Enter key or combining paragraphs with the Backspace key in the contenteditable and designMode blocks. When dividing a DOM node, the editor now creates a node after the original (and not before the original, as it was before). When merging nodes, the editor now removes the last node and moves all children to the end of the previous node.
  • The tools for web developers provide the ability to ignore JavaScript libraries that are not of interest in the debugging process of a web application. Ignoring (skipping step debugging and breakpoints) is enabled through the selection of the "Hide ignore-listed sources" option in the context menu displayed when viewing the source tree.
  • The "about: config devtools.f12_enabled" setting has been added to prevent developers from calling tools by pressing the F12 key.

In Firefox for Android, a search button has been added to the address bar to optimize switching between search engines and also allow you to search for information in bookmarks and visit history.

Firefox 115 will be the latest release with support for Windows 7, 8 and 8.1, and macOS 10.12, 10.13 and 10.14 operating systems.

In addition to changes and bug fixes, Firefox 115 has fixed 24 vulnerabilities. 15 vulnerabilities are marked as dangerous, of which 13 vulnerabilities (collected for CVE-2023-37212 and CVE-2023-37211) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages. Two more dangerous vulnerabilities are caused by accessing memory after its release (use-after-free) in the certificate generation code for WebRTC and the SpiderMonkey engine[2].

Firefox 113

On May 9, 2023, it became known that the Firefox 113 web browser was released and an update was formed with a long support period - 102.11.0. The Firefox 114 branch has been transferred to the beta testing stage, the release of which is scheduled for June 6, 2023.

As reported, the main changes in Firefox 113 affected the following:

  • The display of the entered search query in the address bar is enabled, instead of showing the URLsearch engine (i.e. the keys are shown in the address bar not only during entry, but also after accessing the search engine and showing search results associated with the entered keys). The change is only valid when accessing search engines from the address bar. If the request is entered on the search engine website, then the URL is shown in the address bar. Leaving search keys in the address bar optimizes the sending of lookup queries, since during the viewing of results, you do not need to rewind the page up to the input area.

Firefox 113
  • To control the specified behavior, a special option is proposed in the about: preferences# search section, and in about: config the parameter "browser.urlbar.showSearchTerms.featureGate."
  • A context menu has been added to the drop-down list of search prompts, which is displayed when you click the... button. The menu provides the ability to remove a search query from the history of visits and disable the display of sponsorship links.
  • An optimized implementation of the Picture-in-Picture video viewing mode is proposed, which adds rewind buttons for 5 seconds forward and backward, a button for quickly opening the window to the full screen and a fast rewind slider with an indicator of the position and duration of the video.
  • When viewing pages in private view, third-party blocking Cookie and isolation browser storages used in visit tracking code have been strengthened.
  • When filling out passwords in registration forms, the reliability of automatically generated passwords is increased, during the formation of which special characters are now used.
  • In the implementation of the AVIF image format (AV1 Image Format), which uses intraframe compression technologies from the AV1 video encoding format, support for animated images (AVIS) has been added.
  • A redesigned engine that implements technology support for people with disabilities (accessibility engine). Increased performance, responsiveness and stability with screen readers, single sign-on interfaces and accessibility frameworks.
  • When importing bookmarks from Safari and browsers based on the Chromium engine, support for importing bookmark-related favicon pictures is implemented.
  • Windows The sandbox isolation of processes interacting with the GPU used on the platform has been tightened. For Windows systems, you can drag mouse content from. In assemblies Microsoft Outlook for Windows, by default, the visual effect is enabled with stretching when trying to scroll beyond the end of the page.
  • Assemblies for the macOS platform provide access to the Services submenu directly from the Firefox context menu.

Firefox 113
  • Scripts using the Worklet interface (a simplified version of Web Workers that provides access to low-level stages of rendering and sound processing) have added support for importing JavaScript modules using the "import" expression.
  • By default, support for color (), lab (), lch (), oklab (), and oklch () functions defined in the CSS Color Level 4 specification is enabled, used to determine color in sRGB, RGB, HSL, HWB, LHC, and LAB color spaces.
  • CSS has added a color-mix () function that allows you to mix colors in any color space based on a given percentage (for example, to add 10% blue to white, you can specify "color-mix (in srgb, blue 10%, white);").
  • Added a forced-color-adjust CSS property to disable forced color restriction for individual elements, leaving them with full CSS color control.
  • CSS has added support for the media request (@ media) "scripting," which allows you to check the availability of script execution (for example, you can determine whether JavaScript is enabled in CSS).
  • An updated syntax of the pseudo-classes ": nth-child (an + b)" and ": nth-last-child ()" has been added, allowing a selector to be obtained to pre-filter children before executing the basic selection logic "An + B."
  • The Compression Streams API has been added, which provides a software interface for compressing and unpacking data in gzip and deflate formats.
  • Added support for CanvasRenderingContext2D.reset () and OffscreenCanvasRenderingContext2D.reset () methods to return the rendering context to its original state.
  • Added support for additional WebRTC functions implemented in other browsers: RTCMediaSourceStats, RTCPeerConnectionState, RTCPeerConnectionStats ("peer-connection" RTCStatsType), RTCRtpSender.setStreams () and RTCSctpTransport.
  • Removed Firefox-specific features WebRTC mozRTCPeerConnection, mozRTCIceCandidate and mozRTCSessionDescription WebRTC, which have long been declared obsolete. Removed out-of-date CanvasRenderingContext2D.mozTextStyle attribute.
  • Web development tools extend the search functionality files available in the JavaScript debugger. The search bar has been moved to the standard sidebar, which allows you to see the results when editing scripts. The minified results and results from the node_modules catalog are displayed. By default, the search results in ignored files are hidden. Added support for mask searching and the ability to use modifiers when searching (for example, for searching without taking into account the case of characters or using regular expressions).
  • In the interface for viewing HTML files, the pretty print mode of the built-in JavaScript code is enabled.
  • JavaScript debugger allows script files to be overridden. The "Add script override" option has been added to the context menu displayed for files with code, with which you can download the script file to your computer and edit it, after which this edited script will be used when processing the page, even after restarting it.
  • In the Android version:
    • By default, hardware acceleration of video decoding in AV1 format is enabled, in the absence of support for which the software decoder is used.
    • GPU is enabled to optimize Canvas2D rasterization.
    • The interface of the built-in PDF viewer is optimized, as well as saving open PDF files.
    • Resolved problem with video playback in landscape screen mode.

In addition to changes and bug fixes, Firefox 113 has fixed 41 vulnerabilities. 33 vulnerabilities are marked as dangerous, of which 30 vulnerabilities (collected for CVE-2023-32215 and CVE-2023-32216) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages. The CVE-2023-32207 vulnerability allows you to bypass the authority request by forcing you to click on the confirmation button by superimposing deceptive content (clickjacking). The CVE-2023-32205 vulnerability allows you to hide browser warnings through pop-up overlays.

In the beta version of Firefox 114, a user interface is implemented to manage the exception list for "DNS over HTTPS." The DNS over HTTPS settings have been moved to the Privacy and Security section. You can search for bookmarks directly from the Bookmarks menu. The button to access the bookmark menu can now be placed on the toolbar. Added the ability to selectively search in the local history of visits when selecting "Search in History" in the menu History, Library or Application[3].

Firefox 112

On April 11, 2023, it became known that the Firefox 112 web browser was released. In addition, an update of the branch with a long support period - 102.10.0 has been formed. The Firefox 113 branch will be transferred to the beta testing stage in the near future, the release of which is scheduled for May 9, 2023.

Firefox 112

As reported, the main changes in Firefox 112 affected the following:

  • The "Reveal mice password" option has been added to the context menu displayed when you right-click on the password entry field to display the password in plain text instead of asterisks.
  • Ubuntu users have the ability to import bookmarks and browser data from Chromium installed in the form of a snap package (so far only works if Firefox is not installed from the snap package).
  • In the drop-down menu with a list of tabs (called through the "V" button on the right side of the tabbed panel), it became possible to close the tab by clicking on the list item with the middle mouse button.
  • An element (key character) has been added to the panel content configurator to quickly call the password manager.
  • The Ctrl-Shift-T keyboard combination used to restore a closed tab can now also be used to restore a previous session if there are no more closed tabs left from the same session to reopen.
  • The movement of items to a tab bar containing a large number of tabs is optimized.
  • Enhanced Tracking Protection (ETP) users have expanded the list of known site-to-site tracking options to be removed from URLs (such as utm_source).
  • Added information about enabling the WebGPU API to the about: support page.
  • Added support for DNS-over-Oblivious-HTTP, which retains user privacy when sending requests to the DNS resolver. To hide the user's IP address from the DNS server, an intermediate proxy is used that redirects client requests to the DNS server and translates responses through itself. It is enabled through network.trr.use_ohttp, network.trr.ohttp.relay_uri and network.trr.ohttp.config_uri in about: config.
  • On systems with Windows and Intel GPU, software video decoding optimizes the operation of zoom-out operations and reduces the load on the GPU.
  • By default JavaScript , the U2F API is disabled, designed to organize work two-factor authentications in various web services. This API is considered obsolete and the WebAuthn API should be used instead to use the U2F protocol. To return the U2F API to about: config, you can configure security.webauth.u2f.
  • Added a forced-color-adjust CSS property to disable forced color restriction for individual elements, leaving them with full CSS color control.
  • Added pow (), sqrt (), hypot (), log (), and exp () functions to CSS.
  • The CSS property "overflow" has added the ability to specify the value "overlay," which is similar to the value "auto."
  • The Clear button has been added to the date selection interface in the fields of web forms, which allows you to quickly clear the contents of fields with the date and datetime-local types.
  • Support for the JavaScript interfaces IDBMutableFile, IDBFileRequest, IDBFileHandle and IDBDatabase.createMutableFile (), which are not defined in the specifications and are no longer supported in other browsers, has been discontinued.
  • Added support for the navigator.getAutoplayPolicy () method, which allows you to configure the autoplay behavior in multimedia elements. The default setting is dom.media.autoplay-policy-detection.enabled.
  • Added CanvasRenderingContext2D.roundRect (), Path2D.roundRect (), and OffscreenCanvasRenderingContext2D.roundRect () to draw rounded rectangles.
  • Added additional connection details to web developer tools, such as Client Hello header encryption, DNS-over-HTTPS, Delegated Credentials, and OCSP.
  • The Android version provides the ability to customize the behavior when opening a link in another application (prompt once or every time). A pull-to-refresh gesture has been added to reload the page. Video playback with 10-bits of color per channel has been established. Fixed a problem playing full-screen videos from YouTube.

In addition to changes and bug fixes, Firefox 112 has fixed 46 vulnerabilities. 34 vulnerabilities are marked as dangerous, of which 26 vulnerabilities (collected for CVE-2023-29550 and CVE-2023-29551) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages[4].

Firefox 111

On March 14, 2023, it became known that the Firefox 111 web browser was released. In addition, an update of the branch with a long support period of 102.9.0 has been formed. The Firefox 112 branch will be transferred to the beta testing stage in the near future, the release of which is scheduled for April 11, 2023.

Firefox 111

As reported, the main changes in Firefox 111 affected the following:

  • The built-in account manager has added the ability to create mail address masks for the Firefox Relay service, which allows you to generate temporary mail addresses for registering on sites or signing up for subscriptions so as not to advertise your real address. The option is available only when the user is connected to an account in Firefox Account.
  • The tag<form> adds support for the "rel" attribute, which allows you to apply the "rel = noreferrer" parameter to navigation through web forms to disable the transfer of the Referer header or "rel = noopener" to disable the setting of the Window.opener property and prevent access to the context from which the transition was made.
  • The OPFS (Origin-Private FileSystem) API is included, which is an extension to the File System Access API to host files in the local file system associated with the repository associated with the current site. A kind of virtual file system tied to the site is created (other sites cannot access), which allows web applications to read, change and save files and directories on the user's device.
  • As part of CSS the Color Level 4 specification implementation, CSS added color (), lab (), lch (), oklab (), and oklch () functions to determine color in sRGB, RGB, HSL, HWB, LHC, and LAB color spaces. Functions are still disabled by default and require activation of the layout.css.more_color_4.enabled flag in about: config for use.
  • CSS implements the'page-orientation' property for the '@ page' rules used to define a page when printing ('upright', 'rotate-left', and 'rotate-right').
  • SVG <marker>allows the use of context-stroke and context-fill values within elements<marker>.
  • The add-on API has added the search.query function to send requests to the default search engine. The disposition property has been added to search.search to display the search result in a tab or window.
  • An API has been added to save PDFs opened in the embedded pdf.js viewer. Added GeckoView Print API associated with window.print and allows you to print PDF files or PDF InputStream.
  • Added support for authorization through SitePermissions for URI file ://.
  • The SpiderMonkey JavaScript engine has added initial support for the RISC-V 64 architecture.
  • Tools for web developers allow searching in arbitrary files.
  • Support for copying surfaces for the VA-API (Video Acceleration API) using dmabuf has been implemented, which has optimized the processing of VA-API surfaces and solved problems with the appearance of artifacts during rendering on some platforms.
  • About: config has added network.dns.max_any_priority_threads and network.dns.max_high_priority_threads settings to control the number of threads used to resolve host names in DNS.
  • On the Windows platform, the use of the notification display system provided by the platform is enabled.
  • The macOS platform provides support for session recovery.
  • Changes to the Android version:
    • Built-in ability to view PDF documents (without the need to pre-load and open in a separate viewer).
    • When you select Strict, the Total Cookie Cookie Protection mode is enabled by default, which uses a separate, isolated Cookie store for each site, preventing Cookies from being used to track movement between sites.
    • Pixel devices based on Android 12 and 13 platforms now have the ability to send links to recently viewed pages directly from the Recents screen.
    • The Open in app mechanism has been redesigned. Fixed a vulnerability (CVE-2023-25749) that allows you to run third-party Android applications without confirmation from the user.
    • CanvasRenderThread handler enabled to process WebGL-related tasks in a separate thread.

In addition to changes and bug fixes, Firefox 111 has fixed 20 vulnerabilities. 14 vulnerabilities are marked as dangerous, of which 9 vulnerabilities (collected for CVE-2023-28176 and CVE-2023-28177) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages[5].

Firefox 109

On January 17, 2023, it became known that the Firefox 109 web browser was released. In addition, an update of the branch with a long support period - 102.7.0 has been formed. The Firefox 110 branch will be transferred to the beta testing stage in the near future, the release of which is scheduled for February 14, 2023.

Firefox 109

As reported, the main changes in Firefox 109 affected the following:

  • By default, support for the third version of the Chrome manifest is enabled, which defines the features and resources available for add-ons written using the WebExtensions API. Support for a second version of the manifesto will be maintained for the foreseeable future. Since the third version of the manifesto has become a target of criticism and will disrupt some add-ons to block unwanted content and ensure security, Mozilla has moved away from ensuring full compatibility with the manifesto in Firefox and implemented some features differently. For example, support for the old blocking mode of the webRequest API has not been discontinued, which was replaced in Chrome by another declarative content filtering API.
  • Also, support for a granular authorization request model is implemented slightly differently, according to which the supplement cannot be activated immediately for all pages (permission removed "all_urls"). In Firefox, the final decision to grant access is provided to a user who can selectively decide which add-on to provide access to their data on a particular site. To manage permissions, a "Unified Extensions" button has been added to the interface, with which the user can grant and revoke access to the add-ons to any site. Authorization control applies only to additions based on the third version of the manifest; for additions on the second version of the manifest, granular access control to sites is not performed.
  • The Firefox View page optimizes the appearance of empty sections with recently closed tabs and tabs open on other devices.
  • In the list of recently closed tabs displayed on the Firefox View page, buttons have been added to remove individual links from the list.
  • Added the ability to display the entered search query in the address bar, instead of showing the URL of the search engine (i.e. keys are shown in the address bar not only during entry, but also after accessing the search engine and showing search results associated with the entered keys). The feature is still disabled by default and requires setting the "browser.urlbar.showSearchTerms.featureGate" setting to about: config for activation.
  • The date selection dialog for the field<input> with the types "date" and "datetime" is adapted for c management, keyboards which made it possible to ensure correct support for screen readers and use keyboard combinations to navigate the calendar.
  • An experiment was completed to use the built-in Colorways add-on to change the appearance of the browser (a collection of color themes for the content area, panels and tab switching bar was offered to choose from). You can access previously saved color themes on the Add-ons and themes page.
  • On GTK systems, it is possible to simultaneously move several files to the file manager. The movement of images from one tab to another has been established.
  • The auto-press system for banners that request permission to use Cookies on sites (cookiebanners.bannerClicking.enabled and cookiebanners.service.mode in about: config) implements the ability to add sites to the list of exceptions for which auto-press is not applied.
  • By default, network.ssl_tokens_cache_use_only_once configuration is enabled to prevent session tickets from being reused in TLS.
  • The network.cache.shutdown_purge_in_background_task configuration is enabled to resolve the problem with the correct shutdown of file I/O.
  • An item ("Pin to toolbar") has been added to the add-on context menu to pin the add-on button in the panel.
  • It is possible to use Firefox as a document viewer, selected in the system through the context menu "Open With."
  • Added information about the refresh rate to the about: support page.
  • Added settings ui.font.menu, ui.font.icon, ui.font.caption, ui.font.status-bar, ui.font.message-box, etc. to override system fonts.
  • By default, support for the scrollend event generated when the user finishes scrolling (when the position stops changing) in the Element and Document objects is enabled.
  • Sectionalization of access through the Storage API is provided when processing third-party content, regardless of the Storage Access API.
  • Support for the list attribute has been added to the range element, in which the element ID is passed<datalist> with a list of predefined values ​ ​ proposed for input.
  • The content-visibility CSS property, which is used to exclude unnecessary rendering of areas outside the visibility field, has been added a value of 'auto', which sets the visibility of the browser based on the proximity of the element to the border of the visible area.
  • <system-color>Added support for Mark, MarkText, and ButtonBorder values to the CSS type that <system-color>defines the default colors of various page components.
  • Web Auth has added the ability to authenticate using the CTAP2 protocol (Client to Authenticator Protocol) using USB HID tokens. Support is not yet enabled by default and is enabled by security.webauthn.ctap2 in about: config.
  • In the tools for web developers in the JavaScript debugger, an additional version of breakpoints has been added, which is triggered when you go to the scrollend event handler.
  • Support for the "session.subscribe" and "session.unsubscribe" commands has been added to the WebDriver BiDi browser remote control protocol.
  • Assemblies for the Windows platform include the use of the ACG (Arbitrary Code Guard) hardware protection mechanism to block the exploitation of vulnerabilities in processes that provide multimedia playback.
  • On the macOS platform, the action of Ctrl/Cmd + trackpad or Ctrl/Cmd + mouse wheel combinations has changed, which now scroll (as in other browsers), not scale.
  • When watching a full-screen video, the address bar is disabled when scrolling.
  • A button has been added to undo the change after deleting the docked site.
  • The list of search engines is updated after the language change.
  • Addressed an emergency that occurs when a large chunk of data is placed on the clipboard or address bar.
  • The output performance of canvas elements has been optimized.
  • Resolved a problem with video calls that can only use the H.264 codec.

In addition to changes and bug fixes, Firefox 109 has fixed 21 vulnerabilities. 15 vulnerabilities are marked as dangerous, of which 13 vulnerabilities (collected for CVE-2023-23605 and CVE-2023-23606) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages. The vulnerability CVE-2023-23597 caused by a logical error in the code for creating child processes and allows you to start a new process in the file ://context to read the contents of arbitrary files. The vulnerability CVE-2023-23598 caused by an error in processing drag & drop actions in the binding over GTK and allows you to read the contents of arbitrary files through[6] call.

2022

Fix three vulnerabilities that allow hackers to execute arbitrary code

Mozilla has released updates that fix several vulnerabilities in Thunderbird, Firefox ESR and Firefox. This became known on December 15, 2022. CISA urged users and administrators to pay attention to this patch, as attackers can take advantage of uncorrected security holes to execute arbitrary code. Read more here.

Firefox 106 и Firefox 106.0.1

On October 18, 2022, it became known that the Firefox 106 web browser was released. In addition, an update of the branch with a long support period - 102.4.0 has been formed. The Firefox 107 branch has been transferred to the beta testing stage, the release of which is scheduled for November 15, 2022.

Firefox 106

As reported, the main changes in Firefox 106 affected the following:

  • The design of the window for viewing sites in private mode has been redone so that it is more difficult to confuse it with the usual mode. The private mode window is now displayed with a dark background of the panels, and in addition to a special icon, an explicit text explanation is also displayed.
  • The Firefox View button has been added to the beginning of the tab bar to optimize access to previously viewed content. Clicking the button opens a service page with a list of recently closed tabs and an interface for viewing tabs on other devices. To optimize tab access on other user devices, there is also a separate button next to the address bar. The V button has been added to the right side of the tab list panel, clicking on which displays the titles of the pages opened in the tabs.
  • The Firefox View page also provides the ability to change the appearance of the browser using the Colorways built-in add-on, which offers an interface for selecting six color themes for which three shade options are offered, affecting the choice of tone for the content area, panels and tab switching bar. Color themes will be available until January 17, 2023.
  • In the built-in PDF viewer, the edit mode is enabled by default, which provides tools for drawing graphic labels (hand-drawn drawings) and attaching text comments. You can adjust the color, line thickness, and font size.
  • For Linux systems with user environments based on the Wayland protocol, support for a control gesture is implemented, which allows you to go to the past and next pages in the history of visits through sliding with two fingers on the touchpad to the left or right.
  • Added support recognitions for text on images, which allows you to extract text from images posted on the web page and put recognized text on the clipboard or voice for people with weakness sight using a speech synthesizer. Recognition is performed when you select "Copy Text from Image" from the context menu displayed when you right-click an mice image. The function is still available only on systems macOS from 10.15 + (the system API VNRecognizeTextRequestRevision2 is used).
  • Users of Windows 10 and Windows 11 are given the ability to pin to the window panel with private viewing mode.
  • On the Windows platform, you can use Firefox as the default program for viewing PDF documents.
  • Optimized support WebRTC (libwebrtc library updated from version 86 to 103), including optimized RTP performance, expanded provided statistics, reduced load on, CPU optimized compatibility with various services and changed the means for providing access to the screen in Wayland-based environments.
  • In the Android version, the home page provides the display of synchronized tabs, additional background images have been added to the Independent Voices collection, errors leading to emergency termination have been eliminated, for example, when choosing a time in a web form or opening about 30 tabs.

In addition to changes and bug fixes, Firefox 106 fixed 8 vulnerabilities, of which 2 were marked as dangerous: CVE-2022-42927 (bypassing the same-origin restrictions, allowing access to the redirect result) and CVE-2022-42928 (memory corruption in the JavaScript engine). Three CVE-2022-42932 vulnerabilities that are assigned a moderate level of danger are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages[7]

It also became known that from October 20, 2022, a corrective release of Firefox 106.0.1 is available, which hot-tracked the problem that led to an emergency shutdown on systems with AMD Zen 1 CPU due to an attempt to read from an inaccessible memory area.

Additionally, you can note the inclusion in Firefox night assemblies of a button to confirm the permissions of the add-on to work in the context of a specific site, as required by the third version of the manifest. Chrome In addition, in nightly assemblies, the profiling interface added the ability to analyze energy consumption on Linux and macOS systems with (processorsIntel previously, power consumption profiling was only available on systems with Windows 11 and on computers Apple M1[8] chip[9]

Test the ability to recognize text in images

On August 19, 2022, it became known that Firefox night builds began testing the optical text recognition function, which allows you to extract text from images posted on the web page and put recognized text on the clipboard or voice for people with impaired vision using a speech synthesizer. Recognition is performed when you select "Copy Text from Image" from the context menu displayed when you right-click an image.

The feature is currently only enabled on the macOS platform and will also soon be available in assemblies for Windows. The implementation is tied to the system OCR API: VNRecognizeTextRequestRevision2 for macOS and Windows.Media.OCR for Windows. There is no data on plans to implement the possibility for Linux yet [10]

Firefox 103

July 26, 2022 it became known that the Firefox 103 web browser was released. In addition, updates of branches with a long support period have been formed - 91.12.0 and 102.1.0.

Firefox 103

As reported, major changes to Firefox 103 include the following:

  • By default, the Total Cookie Protection mode is enabled, which was previously used only when opening sites in private view and when choosing the strict block mode for unwanted content (strict). In Total Cookie Protection for Cookies mode, each site uses a separate isolated storage, which does not allow the use of Cookies to track movement between sites, since all Cookies displayed from third-party blocks downloaded to the site (iframe, js, etc.) are associated with the site from which these blocks were downloaded, and are not transferred when accessing these blocks from other sites.
  • Optimized performance on 120Hz + monitors.
  • The built-in PDF viewer for documents with input forms provides highlighting of mandatory fields.
  • In the "picture in picture" mode, the ability to change the font size of subtitles has been added. Subtitles are provided when watching videos from Funimation, Dailymotion, Tubi, Hotstar and SonyLIV. Previously, subtitles were shown only for YouTube, Prime Video, Netflix, HBO Max, Funimation, Dailymotion, Disney + and sites using the WebVTT (Web Video Text Track) format.
  • You can now use the cursor, Tab, and Shift + Tab keys to navigate the buttons in the tab bar.
  • The "Make sight text bigger" function is extended to all interface elements and content (previously affected only the system font).
  • The ability to return support in digital signature certificates based on SHA-1 hashes, which have long been considered unsafe, has been removed from the settings.
  • When copying text from web forms, continuous spaces are preserved to prevent automatic line breaks.
  • The Linux platform addressed WebGL performance issues when using proprietary NVIDIA drivers in conjunction with DMA-Buf.
  • Addressed issue with very slow startup due to content handling in local storage.
  • Streams API has added support for portable streams that allow you to pass ReadableStream, WritableStream, and TransformStream objects as arguments when calling postMessage () in order to bring the operation to the web worker with cloning data in the background.
  • Pages opened without HTTPS and from iframe blocks are not allowed to access APIs caches, CacheStorage, and Cache.
  • Support for previously deprecated scriptminsize and scriptsizemultiplier attributes has been discontinued.
  • In Windows 10 and 11, the Firefox icon is secured in the panel during installation.
  • The macOS platform has switched to a more modern API for blocking management, which led to the optimization of interface responsiveness during high CPU load.
  • The Android version fixes the crash when switching to split screen mode or changing the size of the window. Resolved a problem that caused video to be played back. Fixed an error that, in a certain rare set of circumstances, led to an emergency termination when opening the on-screen keyboard in the environment of Android 12.

In addition to fixing bugs, Firefox 103 fixed 10 vulnerabilities, of which 4 were marked as dangerous (reduced to CVE-2022-2505 and CVE-2022-36320) due to memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages. Among the vulnerabilities with a moderate level of danger, one can note the ability to determine the cursor position through manipulations with the CSS properties overflow and transform, and the hang of the Android version when processing a very long URL[11].

Firefox 102.0.1

On July 6, 2022, it became known about the availability of the corrective release of Firefox 102.0.1, which eliminated several shortcomings:

  • Addressed issue that prevents spelling in content that combines non-Latin English and non-Latin words. For example, the problem did not allow detecting errors in text based on the Cyrillic alphabet while simultaneously including English and Russian dictionaries.
  • Fixed an issue that flashes a white background on the side of bookmarks when using a dark skin.
  • Fixed an issue where enabling Cookie cleanup and site data after shutdown was not saved and the setting was reset.
  • Resolved a problem with creating shortcuts to pages when you drag a site icon from the address bar to the Windows File Manager.
  • Web developer tools have fixed the problem that led to the constant scrolling of the content of the web console into the self-file if the last message contains the result of calculations (attempts to scroll up were not fixed and the content immediately shifted down)[12].

Firefox 102

On June 28, 2022, it became known that the Firefox 102 web browser was released. The release of Firefox 102 is classified as long-term support (ESR) branches, updates for which are released throughout the year. In addition, an update of the previous branch with a long support period of 91.11.0 has been formed (two more updates 91.12 and 91.13 are expected in the future). The Firefox 103 branch will be transferred to the beta testing stage in the coming hours, the release of which is scheduled for July 26, 2022.

Firefox 102

As reported, the main ones in Firefox 102 affected the following:

  • It is possible to disable the automatic opening of the panel with information about downloaded files at the beginning of each download.
  • Added protection against tracking navigation to other pages through setting parameters in the URL. Protection comes down to removing the parameters used for tracking from the URL by a separately supported blacklist (for example, deleting the parameters mc_eid and fbclid used when clicking on links from Facebook pages (recognized as an extremist organization and banned in the Russian Federation). Tracking parameters are cut both when clicking on a link on a page and when opening a link in the address bar. URL cleaning is activated when you enable Enhanced Tracking Protection - > Strict in the settings for blocking unwanted content or when you open a site in private view. Cleaning can also be selectively enabled via the privacy.query_stripping.enabled option in about: config.
  • The audio decoding functions are placed in a separate process with stricter sandbox isolation.
  • In picture-in-picture mode, subtitles are provided when watching videos from HBO Max, Funimation, Dailymotion, Tubi, Disney + Hotstar and SonyLIV. Previously, subtitles were shown only for YouTube, Prime Video, Netflix and sites using the WebVTT (Web Video Text Track) format.
  • On the Linux platform, it is possible to use the Geoclue DBus service to determine the location.
  • Optimized viewing of PDF documents in the correct contrast mode.
  • In the interface for web developers in the Style Editor tab, support for filtering style sheets by name has appeared.
  • The TransformStream class and the ReadableStream.pipeThrough method have been added to the Streams API, which can be used to create and transfer data in the form of a stream (pipe) between ReadableStream and WritableStream, with the ability to call the handler to convert the stream for each block.
  • The ReadableStreamBYOBReader, ReadableByteStreamController, and ReadableStreamBYOBRequest classes have been added to the Streams API for direct transmission of binary data bypassing internal queues.
  • Scheduled to delete a non-standard Window.sidebar property provided only in Firefox.
  • Integration of CSP (Content-Security-Policy) with WebAssembly is provided, which allows applying CSP restrictions for WebAssembly. Now a document that is not allowed to execute scripts through CSP will not be able to run the WebAssembly byte code unless the parameter'unsafe-eval' or 'wasm-unsafe-eval' is set.
  • In CSS, media requests implement the update property, which allows you to bind to the refresh rate of information supported by the output device (for example, the value "slow" is set for e-book screens, "fast" for regular screens, and "none" for printing).
  • Add-ons that support the second version of the manifest are given access to the Scripting API, which allows you to run scripts in the context of sites, substitute and delete CSS, and control the registration of content processing scripts.
  • In Firefox for Android, when filling out forms with credit card data, a separate request is made to save the entered information for the auto-fill form system. Addressed issue that causes the onscreen keyboard to crash if the clipboard contains a large amount of data. Fixed a problem with Firefox stopping when switching between applications.

In addition to changes and bug fixes, Firefox 102 has fixed 22 vulnerabilities, of which 5 are marked as dangerous. The CVE-2022-34479 vulnerability allows Linux to display a pop-up window that overlaps the address bar (it can be used to simulate a dummy browser interface that misleads the user, for example, for phishing). The CVE-2022-34468 vulnerability allows you to bypass CSP restrictions that prohibit the execution of JavaScript code in iframe by substituting "javascript:" URI references. 5 vulnerabilities (reduced to CVE-2022-34485, CVE-2022-34485 and CVE-2022-34484) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages[13].

Complete Cookie Isolation

Firefox has full isolation enabled by default. Cookie This became known on June 14, 2022.

Previously, this mode was turned on only when opening sites in private view and when choosing the strict mode of blocking unwanted content (strict).

The proposed protection method involves the use of a separate isolated repository for Cookies for each site, which does not allow the use of Cookies to track movement between sites, since all Cookies displayed from third-party blocks downloaded to the site (iframe, js, etc.) are associated with the site from which these blocks were downloaded, and are not transferred when accessing these blocks from other sites.

As an exception, the ability to cross-site Cookie transfer is left for services not related to user tracking, for example, used for unified authentication. Information about blocked and allowed cross-site Cookies is displayed in the menu displayed when you click on the shield symbol in the address bar[14].

Breaking into Mozilla Firefox in just 8 seconds

On May 23, 2022, it became known that security researcher Manfred Paul hacked Mozilla Firefox in just 8 seconds.

During the attack, Paul used exploits for two previously unknown vulnerabilities.

CVE-2022-1802 is a JavaScript prototype pollution vulnerability in the Top-Level Await implementation. Allows attackers who have compromised an Array in JavaScript to execute code in a privileged context.

CVE-2022-1529 - Uses untrusted incoming data in the indexing of JavaScript objects, resulting in prototype pollution. An attacker can send "a message to a parent process whose content is used for double indexing to a JavaScript object." As a result, this results in prototype pollution as described above.

Mozilla Foundation responded quickly enough to Paul's discovery and immediately issued emergency fixes. Since browser Firefox updates automatically in the background, patches have already been delivered to almost all users.

Revised versions:

  • Firefox v100.0.2 for desktop. computers
  • Firefox v100.3.0 for Android.
  • Firefox v91.9.1 for enterprise customers with advanced support.[15]

Firefox 100.0.1

On May 16, 2022, it became known about the availability of the corrective release of Firefox 100.0.1, notable for the strengthening of sandbox isolation on the Windows platform. By default, this version includes blocking access to the Win32k API (kernel-level Win32 GUIs) from isolated content processing processes.

Other changes include fixing the problem of showing subtitles in picture-in-picture mode when using Netflix and fixing the flaw with the inaccessibility of some commands in the picture-in-picture mode window.

Additionally, additional requirements are reported in the root certificate store rules. Mozilla TLSservers The changes, which aim to address some long-observed issues with certificate revocation - will take effect on June 1, 2022.

The first change concerns the accounting of codes with reasons for revocation of the certificate (RFC 5280), which certification centers will now in some cases be required to indicate in case of revocation of the certificate. Previously, some certification centers did not transfer such or data appointed them formally, which made it difficult to track the reasons for revoking certificates. servers Now the correct filling of reason codes in the lists of revoked certificates (CRL) will become mandatory and will allow you to separate situations related to key compromise and violation of the rules for working with certificates from non-security cases, such as a change about information the organization, sale or domain early replacement of the certificate.

The second change obliges certification centers to transfer base full URL revoked certificate lists (CRLs) to root and intermediate certificates (CCADB, Common CA Certificate Database). The change will allow you to fully take into account all revoked TLS certificates, as well as upload more complete data on revoked certificates to Firefox in advance, which can be used to check without sending a request to servers certification centers during the installation of a TLS connection[16]

Firefox 100

On May 3, 2022, it became known that the Firefox 100 web browser was released. In addition, an update of the branch with a long support period of 91.9.0 has been formed. The Firefox 101 branch has been transferred to the beta testing stage, the release of which is scheduled for May 31, 2022.

Image:Firefox blog ffx100 orange-1000x525.png
Firefox 100

As reported, major updates in Firefox 100 include the following:

  • It is possible to simultaneously use dictionaries for different languages ​ ​ when checking spelling. In the context menu, you can now activate several languages ​ ​ at once.
  • In Linux and Windows, floating scroll bars are enabled by default, in which a full scroll bar appears only when you move the mouse cursor, the rest of the time, any mouse movement shows a thin indicator line that allows you to understand the current offset on the page, but if the cursor does not move, then the indicator disappears after a while. To disable hidden scrollbars for Windows, you use the OS settings ("System Settings > Accessibility > Visual Effects > Always show scrollbars"), in Linux you can use the settings of the browser itself (General > Browsing > Always show scrollbars).
  • In picture-in-picture mode, subtitles are displayed when watching video from Prime Video and Netflix, as well as on sites using the WebVTT (Web Video Text Track) format.
  • When you first run after installation, you added a check that the Firefox build language matches the operating system settings. In case of discrepancies, the user is prompted to choose which language to use in Firefox.
  • On the macOS platform, support for video with extended dynamic range has been added on systems with screens that support HDR (High Dynamic Range).
  • On the Windows platform, hardware acceleration of video decoding in AV1 format is enabled by default on computers with Intel Gen 11 + GPUs, AMD RDNA 2 (except Navi 24) and GeForce 30 with AV1 Video Extension. Windows for Intel GPU also includes overlay output mode (Video overlay) by default, which can reduce power consumption when playing video.
  • For users from the UK, support is provided for the automatic filling and memorization of credit card numbers in web forms.
  • A more even distribution of resources is provided when drawing and processing events, which, for example, made it possible to solve problems with the latency of the volume slider response in Twitch.
  • Subresources and iframe downloaded from other sites are enabled to ignore submission via the HTTP header Referrer-Policy policies "no-referrer-when-downgrade," "origin-when-cross-origin" and "unsafe-url," which allow bypassing the default settings to return the transfer of the full URL to third-party sites in the "Referer" header. In Firefox 87, in order to block potential leaks of confidential data, the strict-origin-when-cross-origin policy was activated by default, which implies cutting paths and parameters from Referer when sending a request to other hosts when accessing HTTPS, transferring an empty Referer when switching from HTTPS to HTTP, and transferring the full Referer for internal transitions within one site.
  • A focus indicator for links is proposed (for example, shown when searching for links with the tab key) - instead of a dashed line, links are now framed with a solid blue line, by analogy with how active fields of web forms are marked. It is noted that the use of a solid line optimizes navigation for people with impaired vision.
  • You can choose Firefox as the default PDF viewer.
  • The WritableStreams API has been added, providing an additional layer of abstraction for organizing the writing of streaming data to a channel that has built-in flow restriction tools. Also added is the pipeTo () method to create unnamed pipes between ReadableStreams and WritableStreams. Added WritableStreamDefaultWriter and WritableStreamDefaultController interfaces.
  • WebAssembly provides support for exceptions (WASM Exceptions), which allow you to add exception handlers for C++ and apply unwind stack promotion semantics without binding to additional handlers on. JavaScript
  • Optimized performance of display: grid elements with proper nesting level.
  • added support CSS for media requests' dynamic-range'and' video-dynamic-range'to determine if there is a screen that supports HDR (High Dynamic Range).
  • Support for a non-standard HTTP Large-Allocation header has been discontinued.
  • In Firefox for Android:
    • The HTTPS-only mode is implemented, when turned on, all pages executed without enciphering access are automatically redirected to protected page variants ("http ://" is replaced by" https ://").
    • Added the ability to search in bookmarks and in the history of visits.
    • The page for viewing the history of visits provides grouping of similar pages.
    • On the home page, a section is offered with a selection from the history of visits.
    • Includes updated wallpaper for the home page background.

In addition to changes and bug fixes, Firefox 100 has fixed 24 vulnerabilities, of which 21 are marked as dangerous. 17 vulnerabilities (reduced to CVE-2022-29918 and CVE-2022-29917) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages[17].

Firefox 99

On April 5, 2022, it became known that the Firefox 99 web browser was released. In addition, an update of the branch with a long support period of 91.8.0 has been formed. The Firefox 100 branch has been transferred to the beta testing stage, the release of which is scheduled for May 3, 2022.

Firefox 99

As reported, major updates in Firefox 99 include the following:

  • Added support for native GTK context menus. The capability is enabled through the widget.gtk.native-context-menu parameter in about: config.
  • Added floating GTK scroll bars (a full scroll bar appears only when you move the mouse cursor, the rest of the time, any mouse movement shows a thin indicator line that allows you to understand the current offset on the page, but if the cursor does not move, then the indicator disappears after a while). The feature is still disabled by default, to be included in about: config, the widget.gtk.overlay-scrollbars.enabled.
  • Sandbox isolation is optimized on the Linux platform: processes that process web content are prohibited from accessing the X11 server.
  • Some problems that manifested themselves when using Wayland have been resolved. In particular, the problem with blocking threads has been fixed, pop-up windows have been scaled up and the context menu has worked when checking spelling.
  • The built-in PDF viewer provides support for search, taking into account or without diacritics.
  • A hotkey "n" has been added to ReaderMode to enable/disable Narrate.
  • The version for the Android platform provides the ability to clear Cookies and stored local data selectively only for a specific domain. Fixed the crash that occurred after switching to the browser from another application, applying an update or unlocking the device.
  • The navigator.pdfViewerEnabled property has been added, with which a web application can determine whether a browser has built-in PDF display capability.
  • Added support for the RTCPeerConnection.setConfiguration () method, which allows sites to adjust WebRTC settings depending on network connection parameters, change the ICE server used for the connection and the applicable data transfer policies.
  • The Network Information API is disabled by default, through which you could access information about the current connection (for example, type (cellular, bluetooth, ethernet, wifi) and speed). Previously, this API was only enabled for the Android platform .

In addition to updates and bug fixes, Firefox 99 has fixed 30 vulnerabilities, of which 9 are marked as dangerous. 24 vulnerabilities (21 reduced to CVE-2022-28288 and CVE-2022-28289) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages.

The beta release of Firefox 100 implements the ability to simultaneously use dictionaries for different languages ​ ​ when checking spelling. On Linux and Windows, floating scrollbars are enabled by default. In picture-in-picture mode, subtitles are shown when watching videos from YouTube, Prime Video and Netflix. The Web MIDI API is enabled, which allows you to interact from a web application with MIDI music devices connected to the user's computer (in Firefox 99 you can enable dom.webmidi.enabled in about: config[18].

Firefox 98.0.2

From March 24, 2022, a corrective release of Firefox 98.0.2 is available, which fixes several errors:

  • Solved problems that led to a violation of compatibility in Linux and macOS with some add-ons using the browser.pkcs11 API.
  • Fixed a regressive change in the session history handler, which caused a failure when trying to download some sites using iframe (iframe content was downloaded from the session history, even if another block was expected to load).
  • Addressed issue that causes macOS to fail to enter in the address bar after opening a new tab and pressing the Cmd + Enter keyboard shortcut.
  • Fixed an issue that caused Windows to crash due to the exhaustion of available memory[19]

Firefox 98

On March 8, 2022, it became known that the Firefox 98 web browser was released. In addition, an update of the branch with a long support period of 91.7.0 has been formed. The Firefox 99 branch has been transferred to the beta testing stage, the release of which is scheduled for April 5, 2022.

Firefox 98

As reported, major changes include the following:

  • Changed file loading behavior - instead of prompting before downloading, files now begin to load automatically, and the panel displays a notification about the start of downloading. Through the panel, the user can at any time get information about the download process, open the downloaded file during the download (the action will be taken after the download is completed) or delete the file. The settings provide the ability to enable query output at each download and define a default application for opening files of a certain type.
  • Additional actions have been added to the context menu displayed when you right-click mice files in the download list. For example, using the Always Open Similar Files option, you can allow Firefox to automatically open a file after the download is complete in an application associated with the same file type on the system. You can also open a directory with downloaded files, go to the page from which the download was initiated (not the download itself, but a link to the download), copy the link, remove the download mention from the visit history and clear the list in the downloads panel.
  • Some users have changed their default search engine. For example, in the tested English build, DuckDuckGo is now forcibly enabled instead of Google by default. At the same time, Google remained among the search engines as an option and can be activated by default in the settings. The reason for the forced change of the search engine by default is the impossibility of continuing to supply processors for some search engines due to the lack of official approval (formal permission). The search traffic deal with Google was valid until August 2023 and generated about $400 million a year, which accounts for most of Mozilla's revenue.
  • The default settings show a section with experimental capabilities that the user can test at his own peril and risk. For example, for testing, the ability to cache the start page is available, the SameSite = Lax and SameSite = None modes, CSS Masonry Layout, additional panels for web developers, listing Firefox 100 in the User-Agent header, global indicators for turning off the sound and microphone.
  • To optimize the browser launch process, the logic for launching add-ons that use the webRequest API has been changed. Only blocking calls to webRequest will now lead to the launch of add-ons during the launch of Firefox. Accessing webRequest in non-blocking mode will be postponed until Firefox is completed.
  • Support for the HTML tag <dialog>"" is enabled, <dialog>which allows you to generate dialog boxes and components for interactive user interaction, such as closed warnings and nested windows. Created windows can be controlled from JavaScript code.
  • In the implementation of the Custom Elements specification, which allows you to add your own HTML elements that extend the functionality of existing HTML tags, support has been added for adding your own elements related to processing input forms.
  • CSS has added the hyphenate-character property, which can be used to set the string used instead of the character to move the end of a word to another string ("-").
  • The navigator.registerProtocolHandler () method provides support for registering protocol handlers for ftp, sftp, and ftps URL schemes.
  • The HTMLElement.outerText property has been added, which returns content inside the DOM node, as does the HTMLElement.innerText property, but unlike the latter, when writing, it replaces not the content inside the node, but the entire node.
  • The WebVR API is disabled by default, which is declared obsolete (to return to about: config, set dom.vr.enabled = true).
  • A compatibility assessment panel has been added to the tools for web developers. The panel displays indicators warning of possible problems with the CSS properties of the selected HTML element or the entire page, allowing you to determine incompatibilities with different browsers without testing the page separately in each browser.
  • You can disable event listeners for a given DOM node. Disconnection is performed through a prompt displayed when the mouse hovers over an event in the page inspection interface.
  • In the context menu of the edit mode, the debugger has added the item "Ignore line" to ignore the line during execution. The item is displayed when devtools.debugger.features.blackbox-lines = true is set to about: config.
  • The mode of automatic opening of developer tools for tabs opened through the window.open call is implemented (in devtools.popups.debug mode, for pages for which developer tools are open, they will automatically open for all tabs opened from this page).
  • The Android platform version provides the ability to change the background image on the home page and adds support for clearing Cookies and site data for the same domain.

In addition to changes and bug fixes, Firefox 98 has fixed 16 vulnerabilities, of which 4 are marked as dangerous. 10 vulnerabilities (reduced to CVE-2022-0843) are caused by memory problems, such as buffer overflows and accessing already freed memory areas. Potentially, these problems can lead to the execution of the attacker's code when opening specially designed pages.

In the beta version of Firefox 99, support for native GTK context menus was added, floating GTK scroll bars were included, the PDF viewer provided support for search, taking into account or without diacritics, the ReaderMode added a hotkey "n" to enable/disable the Read Aloud mode (Narrate)[20].

Firefox 97.0.2 and 91.6.1 with elimination of critical 0-day vulnerabilities

On March 5, 2022, it became known about the availability of the corrective release of Firefox 97.0.2 and 91.6.1 with the elimination of two vulnerabilities that were assigned the status of critical problems. Vulnerabilities allow you to bypass sandbox isolation and achieve execution of your code with browser privileges when processing specially designed content. It is alleged that both problems revealed the presence of working exploits that are already used to carry out attacks.

Details have not yet been disclosed, it is only known that the first vulnerability (CVE-2022-26485) is associated with accessing the already freed memory area (Use-after-free) in the code for processing the XSLT parameter, and the second (CVE-2022-26486) accessing the already freed memory in the IPC WebGPU framework.

All browser users on Firefox are advised to install updates. Users of Tor Browser, based on the Firefox 91 ESR branch, should be especially attentive to installing updates, since vulnerabilities can lead not only to compromise the system, but also to de-anonymization of the user. An update with the elimination of the vulnerabilities under consideration for Tor Browser has not yet been formed.[21]

2021

Firefox 92 features Firefox Suggest

Firefox 92 introduces Firefox Suggest, which personalizes output in the address bar. This became known on October 7, 2021.

Firefox's contextual search prompts in the address bar browser now offer users not only their past queries and tabs, but also advertizing content from Mozilla partners.

In September 2021, an updated version of the browser, Firefox 92, was released, in which the Firefox Suggest function appeared, personalizing the output in the address bar. However, it seems that the search prompts are not one hundred percent unbiased and offer content from Mozilla partners.

The first to notice the change was a Twitter user under the pseudonym spooky distance fields.

File:Aquote1.png
It seems that Firefox quietly added advertising to the address bar, - said the girl.
File:Aquote2.png

In turn, Mozilla does not hide the fact that it entered into a partnership with an advertising agency. As a partner, she chose adMarketplace, an advertising company that Mozilla says meets its user privacy requirements.

File:Aquote1.png
We also offer results from Wikipedia. The results from Wikipedia are not sponsored, the company said.
File:Aquote2.png

When contextual tooltips are enabled, all user searches are sent by Mozilla. When a user sees or clicks on the result proposed by the browser, Mozilla sends search queries and results that the user has clicked on to its partners through its own proxy service.

File:Aquote1.png
The data that we transmit to our partners does not contain personally identifiable information, and is transmitted only when you see or click on the prompts, the company said.
File:Aquote2.png

For October 2021, Firefox Suggest is only available to Firefox 92 users in the US[22].

Image:Bfd277ee7b6adadfd8d310c4fbf31a22.png

Firefox 86 with full cookie protection

Mozilla has implemented Total Cookie Protection in the latest version of its Firefox 86 browser. This became known on February 24, 2021. This protection feature is built into the Enhanced Tracking Protection mode, added to the browser in 2019.

Total Cookie Protection restricts cookies to the site on which they were created, so tracking companies cannot use them to track users' transitions from one resource to another. The function is a kind of "cookie jar," where cookies are added for each site visited. Each time a site or embedded third-party content places a cookie in a user's browser, that file is isolated into a site-specific "cookie can" so that it cannot be shared with other resources.

Total Cookie Protection makes a limited exception for cross-site cookies used for non-tracking purposes, such as authorization. Only if the function detects that the user intends to use the service for authorization, it provides this service with permission to use intersite cookies specifically for the site where Ошибка цитирования Отсутствует закрывающий тег </ref>.

2020

Announcement of Firefox 85 with Network Partitioning

Firefox 85 will be released in January with a feature called Network Partitioning to protect against tracking user movements between sites. This became known on December 21, 2020.

The option is based on Client-Side Storage Partitioning. The standard is being developed by a group from the World Wide Web Consortium. Members of the Consortium, led by Tim Berners-Lee, create and implement technological standards for the Internet.

When navigating the Internet on the client side, you can save such data as user settings for sites, user-created documents and copies suitable for working offline, and much more.

The use of local repositories created using API-interfaces JavaScript allows you to personalize site settings, speed up their download to, browser as well as remember data authorizations visitors and their previous activity - for example, the contents of a shopping cart in a store or a package of music files for online play.

Network separation technology will allow sharing only within the site, which will complicate tracking the movement of site visitors[23].

Firefox 83 with https only mode

Mozilla has started improving the security level in the Firefox Internet browser, which will be updated to version 83 very soon. This became known on November 19, 2020.

Browser Firefox 83 began to consume 8% less RAM and load pages 15% faster than Firefox 82 did. Mozilla achieved this by optimizing support, JavaScript simultaneously adding a lot of other changes to its browser.

This version of Mozilla Firefox 83 will also receive a security feature called HTTPS-Only Mode. Unsafe sites will not open in this mode.

You can activate the option on the Firefox Options page in the Privacy & Security section. The browser in HTTPS-Only Mode will try to find the HTTPS version of any site, even if the user clicks on the HTTP link. If this fails, the program will warn of danger. However, he will still be able to open the site at his own peril and risk [24]].

Developing Protection Against Automatic Download of Malicious Files

Mozilla engineers are working on a security feature for the Firefox browser that will make it harder for malicious web pages to initiate automatic downloads and inject malicious files into users' computers. This became known on September 4, 2020.

Firefox

We are talking about well-known attacks types of drive-by (hidden downloads) carried out when a user visits a site with malicious code that installs malware ON on a user's device.

Although browsers such as Chrome, Firefox or Internet Explorer have already implemented various protection measures against drive-by attacks, it is not possible to completely prevent them, since manufacturers cannot completely block legitimate functions in browsers that are exploited in such attacks.

As one of these protective measures, blocking downloads initiated by pop-up frames (iframe) with the sandbox attribute (the attribute allows you to set a number of restrictions on the content downloaded in the frame, for example, block forms and scripts), which are often used to load ads and built-in widgets on third-party sites. The idea is explained by the fact that sites rarely initiate downloads through such frames, since most widgets are usually used to embed content.

For the first time, the function of blocking downloads initiated through frames with the sandbox attribute appeared in the version of Google Chrome 73, released in March 2019, the option was completely removed in the release of Chrome 83 in May 2020.

Now the Firefox developers have announced similar plans. Starting with Firefox 82, scheduled for release in October 2020, the browser will begin to block all downloads of files, the source of which is a frame with the sandbox attribute. An exception will be cases when the site owner or web widget provider allows loading[25].

Detection of a vulnerability in which the smartphone camera continues to work even after the screen is turned off

browser Mozilla Firefox for Android has discovered an issue that keeps the camera smartphone running even after the user switches the browser to the background or locks the phone screen. The fix is scheduled for release in late 2020 in October, a Mozilla spokesman said. This became known on July 16, 2020.

The problem was discovered by an employee of the digital platform Appeal TV and reported it to Mozilla in July 2019.

The error appears when users stream videos from a website uploaded to Firefox, not from an official application. Users often prefer to stream from a mobile browser for privacy reasons, for example, because of their unwillingness to install the application and give it unhindered access to their smartphone data. Developer Appeal TV noticed that streaming in Firefox continues even in situations where it should have been discontinued.

File:Aquote1.png
As with special conferencing applications, we provide users with a system notification when a Firefox website accesses a camera or microphone. The fix is aimed at making the device go into "audio only" mode after turning off the screen, - explained a Mozilla representative[26].
File:Aquote2.png

Mozilla Firefox Market Share for March 7.19%

On April 2, 2020, it became known that the Edge browser, released by Microsoft simultaneously with OCWindows 10, took second place in the global ranking of desktop browsers by the number of users. According to NetMarketShare statistics for March 2020, Edge's total share of the browser market was 7.59% (second place) versus 7.37% in February 2020 (third place) and 5.2% in March 2019 (fourth place).

Once in second place, Edge he shifted browser Mozilla Firefox to third, which in February 2020 held the second line with a 7.57 percent share. In March 2020, it decreased to 7.19%, and in March 2019 it was equal to 9.27%. More. here

Fix 12 vulnerabilities in Firefox 72

On January 9, 2020, it became known that Mozilla has released a version of Firefox 72, which by default includes protection against tracking the browser's digital fingerprint.

One of the main innovations of Firefox 69 in 2019 was the default inclusion of the Enhanced Tracking Protection (ETP) function, which automatically blocks third-party tracking files cookie and cryptominers. Blocking technologies that create "digital fingerprints," users could then turn off at will.

Scripts designed to track the digital fingerprint of a browser collect unique characteristics of the browser and device in order to further use this information to identify the user. The collected data includes screen size, browser and operating system type, installed fonts, and other device characteristics.

Firefox 72

The information collected allows companies to track users for long periods of time, even after clearing browser data.

By improving user privacy in Firefox 72, companies will no longer be able to collect device information using JavaScript and will not receive information discovered through network requests (for example, the user's IP address).

Protection is provided in partnership with the Disconnect project, a list of companies caught tracking users' digital browser fingerprints and cross-site tracking. Firefox now blocks all requests related to these technologies.

Among other things, Firefox 72 also fixed 11 vulnerabilities, including memory corruption, bugs in the Windows keyboard, problems with CSP (Content Security Policy) policies, etc.[27]

Fix a zero-day vulnerability

In addition, on January 8, 2019, Mozilla released a fix for the zero-day vulnerability in its Firefox browser. It is known that the vulnerability is actively exploited in real attacks, but Mozilla does not disclose details about them.

The issue affects the JavaScript JIT compiler IonMonkey for SpiderMonkey, the main component of the Firefox kernel that performs JavaScript operations (in other words, for the JavaScript browser engine), and has been fixed in Firefox 72.0.1 and Firefox ESR 68.4.1. The problem is a type confusion mismatch vulnerability, when data written in memory is initially distributed as one data type, but then switched to another type during manipulation, which leads to unexpected consequences after data processing, including code execution on a vulnerable system.

The vulnerability (CVE-2019-17026) was discovered by specialists from the Chinese company Qihoo 360. According to them, a zero-day vulnerability actively exploited in attacks was also discovered in Internet Explorer. Researchers reported it on Twitter, but the tweet was then deleted. Qihoo 360 does not comment on the situation in any way, and Microsoft does not release any unscheduled patches.[28]

2019

Information security regulator recommends Firefox as the safest browser

In mid-October 2019, the German Federal Office for Information Security (Bundesamt für Sicherheit in  der Informationstechnik, BSI) published the results of a study of the work of browsers. According to the results of testing, only Firefox scored the highest score, so the department began to recommend the product as the most protected program for browsing the Internet.

Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11 and Microsoft Edge 44 applications have been tested. Other browsers, including Safari, Brave, Opera and Vivaldi, were not included in the report.

Mozilla Firefox named security champion

According to ZDNet, BSI conducted an audit using the rules set out in the manual for "modern secure browsers," which the regulator released in September 2019.

The agency uses this document to advise government agencies and non-governmental companies in choosing secure browsers.

The first edition of this manual was released in 2017, and in the summer of 2019 a new version was published that took into account modern security measures and technologies such as HSTS, SRI, CSP 2.0, telemetry processing and improved certificate processing mechanisms.

Firefox is named the only browser that meets the minimum security requirements in the BSI definition.

Rival web browsers lost the Mozilla solution because they lacked the following:

  • support for the master password mechanism (Chrome, IE, Edge),
  • integrated update mechanism (IE),
  • the ability to block telemetry collection (Chrome, IE, Edge), 
  • Domain Restriction Rule (IE) support, 
  • Content Protection Policy (IE) support, 
  • support for the integrity of sub-resources (IE), 
  • support for browser profiles and various configurations (IE, Edge), 
  • organizational transparency (Chrome, IE, Edge).[29]

Enabling DNS-over-HTTPS in Firefox

On September 11, 2019, it became known that developers from Mozilla Corporation reported a successful trial of the experimental. protocol enciphering DNS over HTTPS (DoH) It provides information about () domain DNS via. cryptographically secure protocol HTTPS

Mozilla also decided to include the DoH protocol in Firefox by default in one of the next versions of the browser, the developers said in their blog. As of September 2019, the function will be available only to browser users in the United States, there is no information about its launch in other countries yet.

According to the developer, the use of the DoH protocol in practice means the ability to bypass any blocking of prohibited sites by DNS using the Firefox browser, since all DNS requests will be transmitted in encrypted form, and blocking by IP address will be overcome by changing the IP of the blocked address.

DNS-over-HTTPS encryption in the future may also leave out of work the Deep Packet Inspection (DPI) method of deep verification and control of network traffic, adopted by Roskomnadzor, since filtering packets of encrypted https traffic from many IP addresses will lose its meaning, according to CNews.

Mozilla's immediate plans are to launch DoH in Firefox by default "for a small percentage of users" in the United States starting in September 2019. In the next stage, the developers plan to track possible problems, and only after they are fixed will they connect a wider audience.

To block sites, providers or regulators need to know the domain name (URL) received through the DNS request and the IP address of the blocked resource. If the DNS request is hidden by encryption - for example, using the DNS-over-HTTPS protocol, the provider will not be able to block a specific resource due to the URL hidden from it.

Another type of blocking - by IP address - is regularly practiced by providers and regulators. In particular, Roskomnadzor blocked and then was forced to unblock millions of IP addresses cloudy of the site Amazon Web Services as part of the fight against, messenger Telegram CNews noted.

If the blocked resource provides one IP address for an open DNS request and another for a DNS request with DNS-over-HTTPS encryption, the locks will also become powerless. Technical partners in this can be modern CDN providers (Content Delivery Network), such as, for example, Cloudflare.

An unencrypted URL can also be intercepted through the SNI (Server Name Indication) request field, a special extension of the TLS protocol, in which it is possible to report the hostname during the "handshake" process to open a cryptographically secure SSL session. For this purpose, Firefox has implemented the Encrypted Host Name Transfer (ESNI) standard, where the client system receives the public server key from DNS and encrypts all data even before the start of a TLS session.

Mozilla began working on the DNS-over-HTTPS protocol in 2017. Since June 2018, the company has been experimenting in Firefox to provide fairly high browser performance with DoH enabled.

Despite plans to include DNS-over-HTTPS in Firefox by default, the browser developers intend to promote the function carefully, taking into account all the existing nuances. In particular, the DoH protocol will be automatically disabled if the user has selected parental control in the browser settings.

Mozilla explained that they are working with providers of parental control functions, including Internet providers, to add a parental control system built into Firefox, the so-called canary domain, to their lists. If Firefox determines that the canary domain is blocked, that is, parental control is enabled, the browser will automatically disable DoH.

At the initial stage, it is planned to deploy DoH in standby mode: if the search by domain name using DoH fails, Firefox will roll back and return to the operating system settings to determine the default DNS. Similarly, Firefox will disable the DoH protocol if it detects enterprise policy settings that prohibit such settings.[30]

Fix master password bypass vulnerability

On August 16, 2019, it became known that the company Mozilla released an update for browser Firefox that fixes a vulnerability in the manager. passwords Exploitation of the vulnerability (CVE-2019-11733) allows an attacker to copy passwords to "saved credentials" data without entering a master password.

After setting the master password, you must enter it before you can access the passwords in the Saved Credentials dialog box. According to the researchers, an attacker is able to copy local data to the clipboard using the context menu item "copy password" without first entering a master password.

The developers recommend that Firefox users update their browser to version 68.0.2 for security reasons[31].

Firefox

Firefox will fake browser history to trick targeted ads

Firefox will enable users to trick ad targeting mechanisms by falsifying browser history. To do this, the Track THIS service, developed with the participation of Mozilla and the mschf project, will be used. The feature was implemented as part of promoting a version of Firefox Quantum[32].

As a rule, advertising targeting mechanisms analyze what materials the user viewed on the Internet in order to show him ads for those goods and services that could be of interest to him. Track THIS allows you to open up to a hundred new tabs at the same time and create with their help another "identity" of the user in the browser history. Advertising mechanisms will be convinced that the user loves shopping, or is simply indecently rich, or is actively preparing for the end of the world, or is an influencer - the corresponding profile can be selected in the service settings.

Mschf Strategy and Distribution Director Daniel Greenberg explained what inspired the authors of the project to create such a service. 'All these trackers and sites are actually commodifying you, making it impossible for you to feel like a person. So we wanted to do something fundamental that will make the user feel again that he is in control of the situation, "he said.

If a user uses any ad blockers, they will not notice the effect of Track THIS.

2018

Blocking tracking scripts, miners and scripts to get digital prints

On August 31, 2018, it became known that browser the company Mozilla will block scripts for cross-site and other tracking, harmful miners and scripts for digital fingerprints by default for subsequent versions of Firefox. The presented functions will be implemented in the coming months of 2018 as part of three initiatives, the main goal of which is to protect user privacy, block malicious scripts and increase the speed of downloading web pages.

Cross-site tracking scripts will be blocked by default, starting with Firefox 65. This will be possible by deleting cookies and blocking access to the storage for third-party scripts.

In addition to cross-site tracking, the next versions of the browser will block malicious scripts by default, including miners like Coinhive and scripts for digital fingerprinting (identifying users based on the characteristics of their devices and other data). The function of blocking cryptocurrency miners by default is already implemented in other browsers, in particular in Opera.


For August 2018, you can test the proposed functions in the "night" build of Firefox 63. To do this, go to the "Control Center," select the "Content Blocking" section and check the boxes next to the corresponding Firefox options[33]

Mining protection in Firefox 63

At the end of May 2018, it became known about the addition of a browser mining protection mechanism to Firefox. The innovation will be useful given the desire of some site owners to make money on the growing cryptocurrency exchange rate.

A feature that automatically detects and disables mining scripts embedded in web page codes will be included in Firefox 63, which is in beta testing by May 2018.

Firefox has protection against cryptocurrency miners

Against the background of rising prices for bitcoin and other digital currencies, it is increasingly possible to see how visitors to some sites provide the power of their computers in exchange for access to content, and often both sides are happy with everything.

For an ordinary user, the process of mining cryptocurrency when visiting the site often remains virtually invisible. Of course, with a heavy load on the processor, the cooling system starts working accordingly, but the uninitiated user simply will not understand what is the matter.

According to the developers of the Opera browser, which earlier in 2018 also acquired a mining blocker, hidden mining of cryptocurrencies was organized on about 3 million sites.

In addition to protection against unauthorized mining, Firefox 63 will have several more features for increased security. Thus, the tracking protection system (data collection on Internet resources) will be active by default. In the corresponding settings, it will be possible to selectively enable blocking of counters, various widgets and trackers of advertising networks.

In addition, Mozilla will add blocking of external JavaScript scripts, images and iframe pages from sites blacklisted by disconnect.me, and will also implement protection against scripts used to identify the user.

Mozilla is set to release the final version of Firefox 63 in October 2018.[34]

2017

Version 57: interface, engine replacement, artificial intelligence

On August 8, 2017, the company Mozilla announced the release of Firefox browser 57 with the Quantum engine and an upgraded design.

In pursuit of popularity, the developers added several features to Firefox 57 in the hope that Firefox 57 will be the version that will encourage former browser users to return.[35]

Former Mozilla CTO Andreas Gal sees the unenviable fate of Firefox: about three years ago, together with the change of CEO, a strategic decision was made to concentrate efforts on the desktop market, but instead it was worth focusing on mobile devices.

In previous versions of the software, multiprocessing is implemented, it improves performance. Other components of the project:

  • Stylo (acceleration of formatting operations),
  • Quantum Flow (fixing bugs that slow down the browser),
  • Quantum Composer
  • WebRender (hardware rendering acceleration).

In Firefox 57, the developers promise a Photon interface, smooth animations and clear interface elements at any resolution. It is planned to introduce artificial intelligence functions.

Browser version 57 will receive the Quantum engine, it will replace Gecko. Firefox 57 is scheduled for release on November 14, 2017.

Firefox 54.0

Mozilla released Firefox 54 in June 2017 - the first fully multiprocess, which means a faster version of its browser. Before that, all web content was processed into one thread, now processed into four threads. Each thread is allocated its own RAM and its own processor resources. Thanks to this, Firefox will work faster, and freezing one of the tabs will no longer cause everyone else to freeze.

The innovation is a logical step in the development of the Electrolysis, or e10s project, in which Mozilla is gradually turning Firefox into a multiprocess browser. In August 2016, the company released Firefox 48, in which it singled out user interface processing as a separate process, so that it continued to work as the tabs hang. However, the content was still being processed into a single stream.

Comparison with Chrome

Since the increase in the number of processes leads to more RAM consumption, Firefox will not handle each tab as a separate thread. The number of content streams is limited to four, unlike, for example, Chrome, which opens a new process for each tab, taking up more and more memory. In Firefox 54, according to the developers, an optimal balance was found between speed and memory.

According to Mozilla tests, the Chrome version for Windows requires 1.77 times more RAM than the 64-bit version of Firefox, and 2 times more than the 32-bit version. macOS Chrome uses 1.36 times more memory than 64-bit Firefox, and 1.42 times more than 32-bit[36]

Plans for the future

In Firefox 55, the default number of threads will be four, but the user will be able to increase their number to seven at will using the dom.ipc.processCount line in about: config.

2016

Firefox 50.0

On November 15, 2016, Mozilla announced the release of the Firefox 50.0 web browser.

Screenshot of the browser window, (2016)

Among the most significant changes:

  • updates in keyboard combinations: an option for switching tabs by Ctrl + Tab in the order of their recent use and viewing the page in Reader Mode via Ctrl +[37];
  • A page search option that matches only an entire word.
  • protection against downloading a large number of executable files on Windows, Mac and Linux;
  • Improved performance of SDK extensions and extensions using the SDK loader
  • improved WebGL availability in Windows (more than 98% of Windows 7 and higher users received support);
  • a built-in collection of Emoji icons for operating systems without native Emoji fonts (Linux and Windows version 8 and below);
  • the Android version adds support for video in HLS (via player overlay), simplifies the user interface by combining Recent Tabs and History panels;
  • numerous changes for web developers (including support for X-Content-Type-Options, implementation of the Referrer-Policy header, and a number of new features in HTMLJavaScript CSS//and. API

Firefox 49

On September 20, 2016, the release of the Firefox 49 web browser and the mobile version of Firefox 49 for the Android platform was released.

In accordance with the six-week development cycle, Firefox 50 is scheduled for release on November 8, 2016, and Firefox 51 for January 24, 2017[38].


Major changes

  • The platform assemblies Linux have added the ability to download Widevine's proprietary CDM (Content Decryption Module), which can be used to decode copyrighted media content without installing NPAPI plugins. Previously, this module was available out of the box only for platform users Windows and. macOS Widevine support makes it possible to work with services such as Netflix Amazon Prime Video without the need for installation, and Microsoft Silverlight Adobe Flash other plugins. You can disable the Widevine CDM module in the "about: addons" settings;
  • The Hello communication client has been removed from the base composition. The Hello component, based on WebRTC technology, allowed you to exchange messages, make audio and video calls and share the screen. As a replacement, it is proposed to use alternative add-ons such as Talky, Cisco Spark, Appear.in or Jitsi Meet.
  • The ability to use a speech synthesizer for voice reading of page content has been added to reader mode. It is possible to adjust the pace of speech and select a voice set (male or female voice). Reading can be carried out in the background and continues when switching to another tab. When you stop reading, Firefox remembers the position and then resumes reading from the saved moment. For speech synthesis, the tools provided by the operating system are used;
  • The reader mode has added the ability to adjust the width of text and line spacing, as well as select the background color;

Screenshot of the software window, (2016)
  • By default, multiprocess mode is extended to users with a limited list of add-ons checked for compatibility with multiprocess mode (in the previous version, the mode only extended to users without installed add-ons). According to Mozilla tests, when using multiprocess mode, there is an increase in browser responsiveness by 400%;
  • The login options saved for the HTTP page are now offered when you try to enter these pages via HTTPS without the need to save individual login options;
  • Extended elements for HTML5 video and audio: Playback can now be looped through the built-in button in the context menu. A button for fast playback (1.25 of the base speed) has also been added to the context menu;
  • By default, the system for generating fonts based on the Graphite2 library is enabled;
  • A report has been added to the about: memory interface to track memory consumption associated with font processing;
  • The main bookmark menu has a selection of 5 fresh bookmarks that were added last. If desired, the user will be able to hide the new block. Previously, such bookmarks were reflected in a separate section, but will now be made prominent.
  • The Web Speech API is presented, which provides speech synthesis and recognition tools for web applications. The API consists of two parts: SpeechSynthesis (speech synthesis) and SpeechRecognition (speech recognition);
  • Increased video playback performance on systems without hardware acceleration mechanisms, but with a processor that supports SSSE3 instructions;
  • Continued to improve API WebExtensions to develop Chrome-compatible add-ons. From the new program interfaces, history is marked API to work with the history of visits (selection and removal of elements is supported). API WebNavigation has added support for additional transitionType (manual_subframe) modes. The downloads API has added the ability to download binary data generated by scripts. The version for Android has added support for some platform-specific APIs, currently only pageAction is supported, but in the API future there will be support for tabs, windows and browserAction; API
  • Work has been carried out to ensure compatibility with mobile applications tied to WebKit. The new version adds support for a number of WebKit-specific features supplied with the prefix "-webkit-," such as the WebKitCSSMatrix () interface, -webkit-gradient () and CSS properties -webkit-text-fill-color, -webkit-text-stroke-color, -webkit-text-stroke-widow, -webkit-stroke-text. In addition, mapping of CSS property names with the prefix "-webkit-" to properties without a prefix and with the prefix "-moz-" is provided;
  • The mask-image property adds support for using multiple SVG element masks instead of an image;
  • An option has been added to the developer tools to remove IndexedDB elements;
  • Added support for details and summary tags that define the contents of widgets with additional and summary information;
  • The sandbox attribute has support for the'allow-popups-to-escape-sandbox' and 'allow-modals' properties;
  • The attr-referrerpolicy attribute has support for the'no-referrer-when-downgrade' and 'origin-when-cross-origin' properties;
  • Added CSS properties background-position-x and background-position-y to set offsets relative to the background layer;
  • The CSS supports the definition of 4- and 8-character color identifiers including transparency information (# RRGGBBAA and# RGBA);
  • Pseudo-class: dir () and the CSS property text-align-last are rid of the prefix "-moz-";
  • Added overflow-wrap as an alternative to word-wrap;
  • Network Monitor has added a new "Cause" column that displays the reason type for each network request. When you hover over the mouse, a pop-up hint is displayed with the call code or JavaScript stack trace, which allows you to find out which part of the page or script is the source of the request;
  • Tools have been added to the inspection mode to learn detailed information about the performance of CSS and DOM animations. For example, you can quickly define animated properties that cannot be executed using hardware acceleration tools;
  • The context menu displayed for layout elements in inspection mode has been redesigned. The long list of possible actions has been reorganized into a series of submenus;
  • The CSS rule editor has expanded the list of replacement elements offered by the AutoComplete Input system;
  • The errors displayed in the web console now contain links to the documentation corresponding to the problem;
  • A new color scheme for syntax highlighting is presented, which is more contrasting and better readable. The new scheme is available for both light and dark themes of tools for web developers;
  • For Windows 7 systems without Platform Update, the WARP D3D11 layer is used;
  • For Firefox to work on the Windows platform, it is now necessary to have a processor with support for SSE2 instructions;
  • Increased performance on OS X systems that are not equipped with hardware acceleration. Improved font anti-aliasing settings in OS X;

In the release for the Android platform

  • Added a mode for viewing pages offline, allowing the user to view previously opened pages in the absence of a network connection;
  • The scrolling position and scaling level are stored for open tabs;
  • Updated the screen shown at the first start with an overview of the main possibilities;
  • Added protection against playback of multimedia content simultaneously in several tabs;
  • It is ensured that outdated tabs are hidden when restoring a session;
  • Support for the delivery of asynchronous notifications through the Push API has been added;

In addition to innovations and bug fixes, Firefox 49 has fixed 19 vulnerabilities, of which four are marked as critical, i.e. they can lead to the execution of the attacker's code when opening specially designed pages.

2015

Firefox 43 - 64-bit for Windows

On December 16, 2015, it became known that the 64-bit version of Firefox for download[39].

The 64-bit version is included in version 43, released for all platforms and supports versions from Windows 7 and later, which covers the majority of users.

For Linux and Mac OS X operating systems, 64-bit versions of Firefox became available much earlier. For Windows, they have so far limited themselves to Nightly builds - unstable for release. The developers planned to abandon the project, stopping work on it in November 2012.

In 2014, Mozilla promised to release a browser, and in 2015 it appeared in the developer channel. Windows 10 technologies allow the browser to increase speed and security of data use, but the lack of support for some extensions does not add positive. Mozilla suggests in subsequent releases plans to eliminate this flaw.

Firefox 43 supports private browsing with Tracking Protection technology, receiving a second lock list. The Android version received a tabbed audio playback indicator that appeared in Firefox 42 on desktop PCs. In the reading list, content can be marked read or unread, the History section on tablets in landscape mode is displayed according to a new one. The taskbar has received changes for the Android Marshmallow interface.

All versions have improved the MP4 video playback API. Touch screens display a new on-screen keyboard when you select input fields.

Firefox 41 release released

On September 22, 2015, the release of Firefox version 41 and the mobile version of Firefox 41 for the Android platform was released. It is expected to update the branch with a long support period for Firefox 38.3.0, the Thunderbird 38.0.3 mail client and the SeaMonkey 2.38[40].

Screenshot of the program window, 2015

It is expected that the Firefox 42 branch will go to the beta testing stage and the Firefox Developer Edition 43 will be separated. In accordance with the six-week development cycle, Firefox 42 is scheduled for release on November 3, 2015, and Firefox 43 on December 15, 2015.

Among the changes:

  • appearance of the session recovery interface and the welcome screen;
  • the ability to install an avatar for a profile in Firefox Account;
  • Enable instant messaging in the Hello Communication Client
  • removed the browser.newtab.url option, which allowed displaying an arbitrary page instead of the interface for opening a new tab. Numerous complaints of abuse are cited as reasons for the removal. For example, some software providers, through this option, organize the display of their sites on the page of a new tab, and malware developers use this opportunity to redirect the user to advertising sites. For users who need to open a separate page for new tabs, it is proposed to install a special add-on.
  • Support for using SVG images for favicons thumbnails
  • WebRTC now uses PFS (Perfect Forward Secrecy)
  • high efficiency of decoding images. When scrolling on some devices, the display speed of images doubled;
  • extensions have discontinued support for binary XPCOM components. XPCOM is a CORBA-like system that provides a layer for incorporating libraries developed in various programming languages. XPCOM is outdated and has stability problems, since integrations into additions to binary libraries loaded into a single address space of the main process can be used to manipulate Firefox internal structures. Instead of XPCOM, to access binary libraries from add-ons, it is proposed to use SDK API the system/child_process provided in, based on starting a separate child process for external code.
  • Increased shadow rendering performance (box-shadow)
  • the ability to copy and cut web content from JavaScript blocks using the document.execCommand ("cut "/" copy") construct;
  • Enabling the MessageChannel and MessagePort APIs by default
  • Enabling the Font Loading CSS API by default
  • SVG elements implement the transform-origin property to change the point of transformation application for the element.
  • Navigator.onLine object, which reflects the state of the network connection (works in Windows and OS X);
  • Cache API is implemented, which allows you to request data from the cache by window ID, Worker and ServiceWorker;
  • Network requests can now be exported in HAR format to Network Activity Analysis interfaces.
  • The New Rule button has been added to the inspection interface, which allows you to quickly add new CSS properties for the current page.
  • in the page inspection interface, a new panel has been added for manipulating pseudo-classes ": hover," ": active" and ": focus";
  • added the ability to create a screenshot of an element from the markup viewing interface;
  • in the inspection interface, it is possible to copy an element with the definition of CSS rules through the Copy Rule Declaration context menu;
  • The planned default disabling of unsigned add-ons has been postponed and will be implemented in Firefox 43. * Firefox 41 continues to show a warning about the use of an unsigned add-on;
  • The optimization for AdBlock present in the beta release and the implementation of viewing the page code inside the tab are excluded from the release and will appear in the next release;

In the version for the Android platform:

  • it is possible to send requests to different search engines through the search panel;
  • the tab closing mode is implemented through the on-screen gesture;
  • added the ability to open external URLs from Android applications in the background;
  • added support for selecting saved login parameters for the site through a special pop-up dialog;
  • Improved bookmark management, including adding a definition of duplicate bookmarks.

In addition to innovations and bug fixes, Firefox 41 has fixed twenty vulnerabilities, of which five are marked as critical, i.e. they can lead to the execution of the attacker's code when opening specially designed pages.

64-bit version of Firefox for Windows postponed

On August 31, 2015, it became known about Mozilla's decision to postpone the release of the 64-bit version of Firefox for the Windows platform. The reason is an unresolved problem with the sandbox.

In 2010, a 64-bit version appeared on Nightly. This channel publishes the results of the first stage of development of each unstable version of the Firefox browser. After its improvement, it is sent to the Beta channel and, after testing, analyzing this version, the final version of the browser is released.

Firefox, 2015

In 2012, 64-bit Firefox was removed from the Nightly channel, but then returned again. In 2014, the developers announced their intention to release browser options for all channels, but things did not move beyond the Beta channel. The final version of Firefox 41 is scheduled for September 22, 2015. On September 1, 2015, a 32-bit version is available or you can use 64-bit beta, the operation of which is unstable.

Firefox v. 40 release released

On August 12, 2015, the Mozilla Foundation introduced the 40th version of the Firefox web browser, for both desktop PCs and Android devices[41].

Firefox v.40 browser window, 2015

The version includes an upgrade of the user interface focused on the Windows 10 operating system, advanced anti-virus protection and error correction.

Since Windows 10 is also designed to work with touch screens, the developers have increased some interface elements for ease of use with their fingers. The button for closing tabs and the font in the address bar have grown.

When using search in the Windows 10 taskbar, Firefox will display query results from the search engine that the user chose instead of Bing (probably when Firefox is installed by the browser "by default"). Using Google's Safe Browsing feature, Firefox 40 will issue a warning when it tries to navigate to an unsafe website containing malware.

Addressed critical vulnerability 0-day in PDF.js

On August 7, 2015, the developers of the Mozilla project announced the identification of a critical vulnerability (CVE-2015-4495) in the PDF.js PDF viewer built into the Firefox browser[42].

The company released Firefox 39.0.3 and 38.1.1 ESR updates, but even before the release of the fix, it became known that this vulnerability was exploited by placing malicious advertising blocks on one of the Russian general news sites.

The vulnerability allows an attacker to bypass the restrictions of the JavaScript isolation mode (same origin) and go beyond the browser environment, which makes it possible to read the contents of local files in the user's environment and execute JavaScript code in the context of local files. For example, the malicious code used for the attack was injected into PDF.js and searched for files containing the user's personal information, and then downloaded them to the attacker's server. Not only computers with Windows were amazed, but also Linux systems.

After launching in, Windows the configuration files were searched for, which may contain passwords, including the settings of subversion, s3browser, Filezilla,.purple, Psi +, popular FTP clients. Linux The content of/etc/passwd,.bash_history,.mysql_history,.pgsql_history, files from the.ssh directory, Remmina, Filezilla and Psi + settings, text files with pass and access words in their names, and any shell scripts were sent to. The use of add-ons to block ads could protect against the execution of an exploit, depending on the type of filters and blockers used.

Not supporting Adobe Flash

On July 14, 2015, it became known that Mozilla it introduced forced blocking of all versions Adobe Flash Player browser in Firefox[43]

The blocking was announced on Twitter by Mark Schmidt, head of Firefox support at Mozilla. He stated that Flash Player will be unlocked when Adobe fixes vulnerabilities exploited by hackers in it. The company has acted similarly before. Flash Player lock is enabled by default in the latest browser update.

Mozilla blocked Flash Player in Firefox the day after Facebook's head of information security, Alex Stamos, called on Adobe to shut down Flash once and for all.

"It's
time for Adobe to announce the Flash lifecycle completion date and ask browser developers to set locks from this day," Alex Stamos said on Twitter.

Stamos' publication and blocking of Flash in Firefox came after hacking the Hacking Team, which searches for vulnerabilities and releases tools to exploit them, which it sells to governments and commercial organizations around the world. After the hackers hacked the Hacking Team, they published the company's internal documentation in the public domain (a 400 GB archive).

The documentation contains a lot of information about vulnerabilities in well-known products that their manufacturers do not know about. Among them are three vulnerabilities in Adobe Flash Player. One of them was described by the Hacking Team as "the most beautiful vulnerability in four years," which means that the Hacking Team exploited this vulnerability for a long time without reporting it to Adobe.

All three vulnerabilities allow malicious code to be injected into computers under control, and Microsoft Windows Apple OS X. Linux The company fixed the "most beautiful vulnerability" (CVE-2015-5119) Adobe , the other two promised to fix "this week."

The Register asked Adobe if the company is doing something on its own to find vulnerabilities. Adobe replied that a certain amount of internal resources were allocated to this process. In addition, Adobe analysts regularly engage with the community and other market participants who help look for gaps.

In 2010, former Apple CEO Steve Jobs was the first to fight Adobe and its Flash player. Neither the iPhone nor iPad support the technology, he explained, because it consumes a lot of power and is not secure enough. After that, Adobe curtailed the development of the mobile version of Flash Player for the Android platform.

Firefox Release 39.0 Released

On June 30, 2015, the Firefox web browser was updated to version 39.0.

The release of Firefox 39 followed the general trend in security - the abandonment of support for the SSLv3 protocol.

In Firefox, changes:

  • the ability to share a link on social networks using a special button in Firefox Hello;
  • improved animation and scrolling for Mac OS X as part of Project Silk;
  • Definition of malicious software (SafeBrowsing malware) for files downloaded to Mac OS X and Linux
  • skin color support for emojis (emoji - emoji) in Unicode 8.0;
  • various improvements in HTML5 support (for example, CSS Scroll Snap Points appeared);
  • Webconsole entry history is now maintained even after the toolbar is closed;
  • fixed the display of interrupted downloads previously marked as successful for HTTP 1.1;
  • Eliminated regression that may have caused Flash display to fail.

Firefox 37 release released

On March 31, 2015, the Mozilla project introduced the Firefox 37 web browser release and the mobile version of Firefox 37 for the Android platform [44].

The Seamonkey 2.34 package is expected to be released. The developers announced the entry into beta testing of the Firefox 38 project. Firefox Developer Edition 39 will separate from it, replacing the Aurora project. In accordance with the six-week development cycle, the release of Firefox 38 is scheduled for May 12, 2015, and Firefox 39 for June 30, 2015.


Innovations

  • The Heartbeat rating system has been added, aimed at collecting information about browser satisfaction through a survey offering to evaluate the quality of the current release on a five-point scale.

  • A subset of the Media Source Extensions (MSE) API is implemented, which allows you to generate multimedia streams from JavaScript applications. This includes support for playback from YouTube using an HTML5 player. MSE support is enabled by default only for WebM format when working with the YouTube service. To be fully included in about: config, you must activate the media.mediasource.enabled and media.mediasource.mp4.enabled variables;

  • For HTTP/2, support is implemented for an additional encryption scheme without authentication, activated with the support of the AltSvc specification server. With this scheme, only encryption of the data stream is provided without performing operations to confirm the validity of the server;

  • Rollback to insecure TLS versions disabled;

  • The Bing search engine is now accessed using HTTPS;

  • For assemblies with a Turkish locale, the Yandex search engine is used by default;

  • Improved WebGL rendering performance on the Windows platform by using the Direct3D 11 API instead of Direct3D 9;

  • WebRTC The new implementation of the SDP (Session Description Protocol) and JSEP (Javascript Session Establishment Protocol) protocols is involved;

  • Supports the OneCRL mechanism for centralized revocation of certificates. The technology is similar in essence to the CRLset mechanism used in Google Chrome and is based on the distribution of a centralized database that monitors the revocation of certificates of intermediate certification centers;

  • Terminated DSA support in certificates and TLS;

  • Certificates support fields with email restrictions;

  • Extended information messages about SSL errors that are not related to certificates;

  • The False Start extension in TLS now requires a set of ciphers based on AEAD block encryption;

  • Support for the value of "contents" in the CSS property display (display: contents), when specifying which, instead of generating a certain type of element, a pseudo-element formed of several child elements will be used;

IndexedDB and WebSocket are now available in multithreaded Web Workers handlers;

  • It is possible to call the debug panel for the URL chrome ://and about ://;

  • The web console has added the output of information about insufficiently reliable ciphers;

  • The network activity monitoring panel presents a new implementation of the interface for displaying information related to security, including information about certificates, TLS/SSL version and connection protection methods;

File:Screen-Shot-2015-01-13-at-3.44.05-PM-500x286.png

Screenshot of the browser interface, 2015

  • Included is the Valence tool, which allows you to use Firefox Developer Tools to debug third-party browsers such as Chrome, Chrome for Android and Safari for iOS;

  • In the font inspection system, it became possible to view all fonts used on the page, including those mentioned in the iframe blocks;

  • A panel for managing animation elements has been added to the page inspection interface. The developers were able to control the use of the Web Animations API on a timeline, pause and continue playing animations.

New Animation Control Panel in Firefox 37, 2015

  • The new configuration interface available in beta is not enabled by default in the release and is expected in Firefox 38.

Firefox 37 users can evaluate the work of the new configurator through the URL "about: preferences";

  • Improvements in the version for the Android platform:

  • A new backend for the download manager for better performance.
  • The address bar implements URL display instead of the page header.
  • It is possible to broadcast output to Matchstick devices.

In addition to innovations and bug fixes, Firefox 37 has fixed a series of vulnerabilities, of which several are marked as critical, i.e. they can lead to the execution of the attacker's code when opening specially designed pages.

2014: New release and addition of "Forget" button

On November 10, 2014 Mozilla [45] celebrated[45] a 10th anniversary browserFirefox release and a series of innovations related to protecting user privacy. They include a new "Forget" button, the ability to use the DuckDuckGo search engine, experimental tracking protection and the Polaris privacy initiative. The idea behind Polaris, which is an initiative of the Center for Democracy & Technology (CDT) and the Tor project, is to "bring together the ideas of leaders to protect privacy," says Gavin Sharp, senior technology executive. Mozilla

Mozilla introduced the Firefox edition for web developers, as well as a preview for Firefox OS 2.0 developers for the Flame datum.

Firefox has one significant advantage: it is the only major browser that is designed to serve users rather than the needs of a giant corporation like Apple, Google or Microsoft. This is the only browser guaranteed not to spy on you for any reason. It is also the only major browser with truly open source (although Chromium is also an open source version of Chrome).

Privacy may be a key asset in a post-Snowden world where people are increasingly aware of the size of espionage carried out not only by the US NSA but also by companies such as Google. Even with Firefox's dwindling market share, while competing with rivals with tens of billions of dollars, Mozilla can certainly make a unique offer (USP).

Gavin Sharp and Chad Weiner say Mozilla plans to make the browser more user-friendly to protect their privacy, and Weiner cited the "forget" button as an example. It will erase the history of watching the previous five minutes, two hours or 24 hours. The current version of Firefox already allows you to clear the history of the hour, two or four, but Weiner notes that "the button allows you to do this very quickly and conveniently."

The button, which can be placed on the toolbar, makes the functionality available to ordinary users.

Weiner said "we are adding the DuckDuckGo search option because it has a very strong and very clear privacy policy." Of course, Google will still be enabled by default, and payments for this are Mozilla's main source of revenue. Sharpe said other changes would appear in "experimental" versions of Firefox. They include tracking protection that "will block tracking on any site that does not comply with the Do Not Track policy."

Perhaps the most significant experimental development is the "multiprocessor architecture," which will bring "the benefits of performance and stability." This, the so-called Electrolysis or e10s, and developers are asked to confirm that their add-ons are compatible with e10s, or report errors on arewee10syet.com/. All of this is expected to hit Firefox 36 early next year.

Firefox has a long and honorable history, both on the early Internet and as the first big open source success. Today it is accused of a lack of performance, but it is at least the same as the respected Google Chrome, and often better.

It won't be easy for the company. Firefox does not have a huge base of linked users like Apple, Google and Microsoft. The browser doesn't come with Windows or Mac OS X, it can't use Google's search page for ads, and it won't use Apple's obsessive style to poke Safari at Windows users.

However, the organization, which turned ten years old, brought freedom of choice to a market dominated by Microsoft Internet Explorer 6. She undoubtedly deserved a chance to compete. And she's doing it pretty well.

2013: Firefox browser blamed for disrupting economy

The American Association of Advertisers Interactive Advertising Bureau, consisting of more than 500 media and technology companies responsible for 86% of the online advertising market in the United States, strongly opposed Mozilla's intention to block third-party cookies in new versions of the Firefox browser.[46]

In his open letter to Mozilla, President and CEO of Interactive Advertising Bureau - IAB - Randall Rothenberg called on Mozilla to abandon this decision, as it will be made "not in favor of Internet users."

"If Mozilla decides to block cookies, each user will be left without the right to access the personal Internet. Blocking cookies is not the transparency and by no means the innovative development of the Internet that Mozilla is talking about, "Rotenberg said
.

Cookies are text files that the browser writes to the disk of a personal computer. With their help, passwords are memorized, various functions work and targeted ads are displayed - cookies allow you to find out what the user was looking for on the Internet and show relevant ads.

Advertisers will face the problem described by IAB after the release of version 22 of Firefox, which will block cookies from sites that the user has not visited. In this case, blocking cookies will not affect the advertising activities of large platforms such as Google or Facebook, but it will hit small advertising networks whose sites users do not look at.

Recall that automatic blocking of cookies was introduced into the so-called night Firefox builds starting in late February. Mozilla CEO Alex Fowler explained that this step was carried out with the desire to make web surfing safer for users amid an increase in the number of companies that use cookies to monitor their actions on the Internet. Fowler added that an example for them was Apple's Safari web browser, which blocks cookies from advertisers by default.

2012

Firefox for Windows 8 with Metro interface

Mozilla announced on February 13, 2012, the release of the current version of Firefox for Windows 8 with the Metro touch interface in the next quarter. There will be no other new features in this version: they will appear only at the end of 2012.

Mozilla Firefox is a major competitor to Microsoft's Internet Explorer (IE). However, this did not prevent her from making public commitments in the development of the Metro interface through her own products. Microsoft said earlier that Internet Explorer 10 will be included with Windows 8 for desktop PCs, Metro and Windows on ARM (WOA), an operating system focused on tablets and other low-power devices.

In addition to the 2012 roadmap published on February 12, Mozilla announced that it would create a "technology concept" for Firefox for Metro as a first step. "This will not be an alpha or beta version, but a product that demonstrates the capabilities of Firefox in Windows 8 Metro," said  Asa Dotzler, director of Firefox product at Mozilla.

The product concept will be presented in the second quarter of 2012. Alpha and beta versions of the browser, respectively, will follow from July to December 2012. "The alpha version will present the installation capabilities and basic viewing functionality, and the beta will be functionally fully ready to present the capabilities of the version 1.0 product," added Dozler.

Mozilla described some Firefox tasks in relation to Metro, ​​zayavlyaya that it would rely on existing Gecko libraries in 32-bit Windows to avoid the need to port a huge part of the browser code to the WinRT API. Gecko is the engine of the Firefox browser, while WinRT refers to "Windows Runtime" - a new programming model that Microsoft is promoting to develop Metro applications in Windows 8.

The document says that Firefox in Metro will be a full-screen application with a line of tasks that contains standard navigation controls (back, refresh the page, etc.), another panel and some kind of tab format.

If Mozilla's statements are true that Firefox will run on Windows 8 through Gecko libraries, this new browser will not run on WOA, but only on Windows 8, writes Computerworld. Mozilla has already made significant efforts in Firefox for Android and announced the creation of its own web-based operating system for tablets and smartphones, called "Boot to Gecko."

Mozilla said it will be able to more fully present the amount of work required to create Firefox for Metro after Microsoft unveils the new operating system on February 29, 2012. As Microsoft previously reported, applications for Metro will be distributed only through the company's own resource (Windows Store).

Metro is Microsoft's trade designation for the touch interface of Windows 8 and WOA operating systems. Windows 8 will be able to run Metro applications and traditional 32-bit and 64-bit Windows applications, and WOA will only work with third-party software created specifically for Metro.

Not supporting XP and Windows 2000

Mozilla Corporation announced at the end of March 2012 that the expected new version of Firefox 12 will be the latest to support outdated versions of Microsoft's operating system - Windows XP and Windows 2000. In addition, starting in April 2012, the release of security updates for Firefox 3.6 from 2010 will be discontinued.

Thus, starting with Firefox 13, the minimum requirements for browser operation will be the presence of XP Service Pack 2 (SP2). Firefox 13 will not run on Windows 2000, Windows XP RTM, or XP SP1. Firefox 12 is due out on April 24, 2012, and the next version is June 4, 2012.

Mozilla's decision came as no surprise. The rejection of support for XP and earlier versions of this operating system has been discussed by the company for 3 years. Firefox Product Director Asa' Dotzler explained the company's position two months ago: "Our developers could not take full advantage of the new compiler features [in Visual Studio 2010] and were forced to fight to save new significant changes from hacking, which ultimately had to postpone the launch of several key browser updates."

In particular, Mozilla failed to start supporting the protocol from Google under the name SPDY as quickly as we would like. This protocol provides faster and safer Internet browsing. However, starting with Firefox 11, which was released on March 13, 2012, this protocol is already supported.

Mozilla encourages Firefox users who are still using Windows XP RTM or XP SP1, as well as Windows 2000, to migrate to Windows XP SP3, this update is free for them. Opera runs on Windows 2000, but the developer recommends using a browser based on XP or later. Unlike Opera, Google Chrome has a minimum limit - Windows XP SP2.

Firefox 11

Firefox 11 was released on March 14, 2012. The new version brought quite a few new features and performance improvements. For example, it supports the SPDY protocol, which will ensure faster and safer loading of data using the SSL protocol. Other changes include new tools to make it easier for the user to switch from, browserGoogle Chrome move their bookmarks and settings. The new Firefox Sync synchronization tool will allow you to more conveniently manage add-ons installed on browsers on different computers. Support for Adobe Flash technology is enabled in the mobile version of the browser on devices running operating system Android 2.3 and earlier. Later versions of Firefox will support Flash in Android 3.0 and higher. Web developers are also not forgotten. The Tilt page view in Page Inspector will allow you to view the HTML code of the page in pseudo-3D mode, helping to visually distinguish between different levels of the site. This mode requires hardware support for WebGL. CSS Style Inspector is designed to work with styles.

Firefox 10

Mozilla said that the Firefox browser update to version 10 was prepared by January 31, 2012, six weeks after the previous release of last year.

As part of the new version of Firefox, there is a mechanism for "invisible" update of the program: the browser automatically blocks incompatible add-ons (add-ons) and marks others as compatible. Mozilla noted that add-ons working with Firefox 4 or later will be marked as compatible in Firefox 10.

Complaints about incompatible add-ons have been received regularly since Mozilla switched to an accelerated release schedule for new versions of the browser, and add-ons developers were in no hurry to update their program code or at least mark them as suitable for new versions.

Mozilla began automatically labeling add-ons as compatible back in March 2011, when it launched Firefox 4, limiting itself to those distributed through the company's website. The new feature in Firefox 10 does the same for all add-ons, including those not available on the Mozilla website. According to the company, the number of extensions offered in addition to the developer's own storage is 75% of the total.

Justin Scott, head of Mozilla's add-on team, noted in a blog post that extension compatibility has always been a major obstacle to more frequent software releases, since the company considered it very important to have a plan according to which users or new add-ons will not be left without participation. "To work with the new [quick release] system, we needed compatibility processing that would not force developers to give up while their add-ons are among the incompatible ones," he stressed.

He also hinted that automatic compatibility check of add-ons is one of several features that Mozilla continues to work on, so the company offers an "invisible update," and the rest of the functionality of this service is expected in future versions of the browser.

According to current Mozilla plans, a version of Firefox 13 with an invisible update mechanism is being prepared for release on June 5, 2012.

Today (31.01.2012) Mozilla will release Firefox 3.6.26 - a browser security update that has been preparing for two years. Two more updates will be released this week before Firefox 3.6 support is discontinued by the end of April 2012.

Firefox 10 will be the first release in the Extended Support Release (ESR) line. Mozilla has created it for businesses that cannot or will not update their browser every six weeks. Firefox ESR will be updated every 42 weeks or seven times slower than versions of the "standard" browser.

2011

Screenshot of the browser window, 2011

Mozilla decided to release new versions of the Firefox browser more often, adding fewer new features to them. In 2011, the company plans to release four versions of it at once - from 4 to 7. This brings it closer to the model by which Google Chrome is developing. According to the first item of the plan, during the 2011 calendar year, Mozilla released Firefox versions from 4.0 to 7.0. Thus, the company intends to radically revise its release cycles for new versions of Firefox, bringing them closer to the model used by Google Chrome developers. Since the launch of Firefox 4.0, the pace of new releases has increased significantly.

Whose money is the browser being developed

On December 22, 2011, the American online publication All Things Digital revealed the true reason why negotiations to extend the mutually beneficial agreement between Mozilla and Google took longer than usual.

The new agreement was concluded a few weeks after the completion of the previous one. Although last time the announcement came a few months before the date of expiration of the contract. According to the resource, this is due not to the fact that Google, which has its own browser, did not agree to give in for a long time (as some thought), but to the fact that Mozilla made too many profitable offers.

The publication writes that in addition to Google, Microsoft and Yahoo participated in the negotiations. All of them fought for the same thing: to make their own search engines as the default search engine and the default home page. As a result, Google had to raise the proposed amount it promised to pay Mozilla for these privileges to $300 million a year. This is three times more than before. As part of a previous agreement in 2010, the search giant paid Mozilla about $100 million[47].

In total, within the framework of a 3-year agreement, the Internet giant will pay Mozilla more than $1 billion - this is the minimum guaranteed amount that the developer of a popular browser will receive in any case, adds All Things Digital.

It is known that Microsoft has its own browser - Internet Explorer - which so far ranks first in the world in popularity. But its share is gradually declining, mainly due to the growing popularity of Google Chrome. Using the default search engine Microsoft Bing in another popular browser would help increase its global share, and, therefore, the revenues that the software corporation receives from online advertising. Journalists believe that it was Microsoft that took the most active part in the tender, since it does not spare money on the development of its search engine.

For Yahoo, the benefit is less obvious, as the company uses the Microsoft search engine. However, in terms of holding market positions, privileges in Firefox could help the company. In any case, the ability to select a Yahoo server to display search results in Firefox is preserved, as is Microsoft Bing.

Google Chrome overtakes Firefox in popularity for the first time

According to StatCounter, in November 2011 for the Google Chrome first time overtook Firefox in popularity, taking 25.70% of the world market (second place) against 25.23% from a competitor. So far, this is a minor gap, but analysts are convinced that it will gradually grow. Internet Explorer Microsoft , meanwhile, retained a confident lead with a 40.63% market share.

As of March 2011, Firefox of various versions ranked second in the global browser market with a share of 29.83% (according to Statcounter). It lost first place to Internet Explorer (45.73%).

According to Liveinternet statistics, and in Runet Firefox ranks second in popularity (24.2%) against 26.7% for Internet Explorer.

Firefox 9

Mozilla immediately after the premiere of the new version of its Firefox 9 browser was forced to release Firefox 9.0.1 update on Wednesday December 21, 2011, and thereby surprised users who had just downloaded 9.0, which caused heated discussions on support forums.

Although Mozilla did not indicate in the release notes 9.0.1 why a re-release of the browser was needed, the developers indicated that the need to release the update was caused by reports of malfunctions caused by the ninth version, primarily from Mac users, although Linux and Windows were also affected. "We created Firefox 9.0.1 with 708572 correction for all platforms. Although we believe that Windows is mostly unaffected, we decided to move forward with Windows by 9.0.1, "said Alex Keybl, technical project manager for the release.

To solve the problem that caused a failure when the user launched certain add-ons on the toolbar, including those distributed by the Dallas Cowboys NFL team, Mozilla developers removed the patch used earlier. This update was the second released by Mozilla within the last 30 days. On November 21, the company released Firefox 8.0.1 to resolve a large number of crashes on Mac OS X.

Firefox 6.0

Firefox 6.0 plans to optimize the performance of the JavaScript engine again and add support for OS X 10.7.

Firefox 5.0

Firefox 5.0, in turn, should receive support for Account Manager (a new account management interface) and a 64-bit version of Windows, the ability to quickly exchange links to interesting content with friends.

Firefox 5, a new version of Mozilla's browser, is due out on June 29, 2011. In it, users expect significant changes in the interface and a number of new functions that will make the browser more focused on social services.

In accordance with the new developer strategy, which involves reducing the time spent working on browser updates, the Firefox 5 creation cycle is divided into five stages. Now development is at the first stage, the second should begin on April 13, and at the end of June the final release will appear. The developers talked about several new features that are planned to be implemented in Firefox 5. However, analysts note that some of them may well be ported to later versions of the browser.

In particular, in the new browser it will be possible to select several tabs at once, managing them at the same time. Similar functionality recently appeared in test versions of Google Chrome. Browser add-ons should receive standardized support in the toolbar.

It is planned to remove the "Home" button, instead of which a special tab with similar functionality will appear. In Firefox 5, by analogy with Chrome, where there is already such a possibility, a built-in viewing of PDF files should appear. In addition, this function should be expanded to a number of other formats, including MP3.

Another significant innovation should be the appearance of its own context menu for each of the tabs opened in the browser, by clicking on the options of which it will be possible to go directly to the corresponding sections. The content of these context menus for each resource can be configured by the site owners themselves. So, for the social network Facebook, such a menu includes the options "News," "Messages," "Events" and "Friends."


In addition, Firefox 5 should have an integrated account manager that supports several accounts at once. According to the developers, this function will allow users to visit sites simultaneously under different accounts without the need to leave their account each time or launch another browser. In this case, the account used on the site will be displayed directly in a special window next to the browser address bar, where it can be changed to another.

Firefox 5 also plans to expand integration with social services, including not only Facebook and Twitter, but also Reddit, Digg, StumbleUpon and several others. Through their accounts, you can exchange links to the websites you like directly from the browser with your friends.

Firefox 4.0

On March 22, 2011, the Mozilla Foundation announced the release of the official version of Firefox 4. Firefox 4 is available in versions on operating systems, and Windows Mac OS X in Linux more than 80 languages. Firefox 4 versions are expected soon for devices on and platforms. Android Maemo There are no IOS plans to release Firefox 4 for.

The default search in Firefox 4 was Google - in all countries except Russia, where Yandex will be the default search engine. The Russian search engine has been playing this role in Firefox since 2009. Simultaneously with the official version of Firefox 4, a customized Yandex assembly will be published, containing the Yandex.Bar panel with automatic translation and spelling.

According to Mozilla's own statement, Firefox 4 is the fastest version of Firefox: it runs two to six times faster than the previous version. Among other interesting updates, the developers highlight a new interface that "does not distract attention from the content of web pages," the ability to pin tabs of frequently visited sites and the Panorama function (organizing tabs by combining them into groups).

In total, the Mozilla message includes more than 20 significant browser updates regarding the Firefox 4 interface, security, performance and support for modern web technologies, including HTML5 and CSS3.

Firefox 4.0 includes a large number of new features, including an updated interface and support for devices with multi-touch screens. A separate process is responsible for the operation of each tab in the new version of the browser, which, according to the developers, will significantly improve the stability of the program. Now this technology is already used in IE8 and Google Chrome browsers.

Firefox 4 has a new add-on manager, improved privacy tools, and support for the open video codec WebM, which allows you to view optimized video directly in the browser and on all platforms. In addition, the JavaScript engine and HTML5 support have been improved. The interface has undergone significant changes: for example, the tab bar is located at the top of the window, and access to menu items is opened by a special button in the upper left corner.

The fourth beta version of the browser implements the new Panorama system, designed to organize tabs. Users will be able to merge open tabs into groups by simply dragging and dropping. Groups can be modified, supplemented, deleted, etc. Panorama will be especially useful in cases where you constantly have to deal with a large number of open pages.

Another important innovation is the Sync function. With its help, you can synchronize bookmarks, website history, passwords, form autocomplete data and other settings between different computers. The developers also added an experimental system for accelerating the rendering of web pages using video adapters. However, this toolkit is disabled by default.

Firefox 4 has an automatic update system.

User Data Protection

In January 2011, it became known that the Mozilla Foundation intends to equip Firefox with a protective tool that prevents tracking user activity on the network. In this case, Firefox will be the first browser to comply with the recommendation of the American Federal Commission (FTC to trade) to protect users from outside interference.

True, this protection will work only if the companies that track the online activity of users agree not to record the actions of those who enable this function. So far, no company has given such consent, despite Mozilla's call to join the initiative.

"We understand that we are dealing with the problem of chicken and eggs," writes Alexander Fowler, head of global personal data protection at Mozilla, in a blog post. "But we ask site owners and advertising companies <... > to show respect for the desire of people to maintain confidentiality." By default, the security feature will be disabled. If the user turns it on, then when visiting each site, the browser will ask the owners of the site and the advertising components placed on it to disable the collection of user data. It is not yet known whether the new feature will appear in the next version of Firefox 4.

Recently, the problem of tracking user activity has become increasingly public concern. In December, the FTC called on IT companies to create anti-tracking protections, and the US presidential administration announced the need to introduce a "privacy bill." Businessmen also promised to deal with the problem of privacy this year.

Browser developers have the greatest capabilities to prevent surveillance of users. But the largest of them - Microsoft (releases Internet Explorer) and Google (Chrome) themselves sell online advertising and therefore are interested in allowing users to "peep." Mozilla does not sell ads, although one of its main sources of revenue is an advertising agreement with Google.

This is not to say that Mozilla's competitors do not care at all about users' desire for closure. In December 2010, Microsoft announced its intention to return a security tool to Internet Explorer to help the user avoid monitoring by individual sites and companies. At one time, such a feature was excluded from Internet Explorer 8. Google plans to integrate the Keep My Opt-Outs function into the Chrome browser, which allows you to disable ads that are thematically similar to the user's web interests. But using all these features is not easy. browser In Microsoft, you need to manually compile a list of companies from which you need to protect yourself. Chrome owners will have to additionally download a special software module for protection.

2010

Firefox is one of the most flexible browsers with wide customization options: the user himself can install additional themes that change the appearance of the program, and extensions that add new functionality.

2009: Firefox 3.5

Firefox 3.5, which contains a large number of new functions and about 5 thousand changes, was released in early July 2009. Among the innovations in the emerging version of the browser are the new JavaScript TraceMonkey program. Its addition made it possible to significantly increase the speed of downloading the content of those websites that used this script language when creating. The browser also supports the geolocation function: after receiving the appropriate permission from the user, the program can calculate its location by IP address and find the nearest wireless connection points to. to the Internet

Firefox Mobile

The mobile version of Firefox was developed primarily for smartphones and PDAs based on Windows Mobile, Android and Maemo (Linux).

  • In April 2008, an early test build of a browser for mobile devices, codenamed "Fennec," created by Mozilla developers based on the Gecko 1.9/Firefox 3 codebase, was unofficially presented. First of all, it was planned to make available the build for IT OS 2008 (Nokia N800 and N810), then - to support two platforms: Linux/Qt 4.4 and Windows Mobile 6.
  • In June, Aza Raskin presented a demo video of sketches of the Firefox Mobile interface. It demonstrated the capabilities of a mobile browser, in particular, the ability to work in multi-touch mode, and use Zooming User Interfac
  • In October 2008, the first alpha version of the browser was officially introduced. The test build is available for Nokia N810 PDAs, as well as Windows, Linux and Mac OS.
  • On January 28, 2009, Firefox Mobile 1.0 was released for Maemo-based devices.
  • In October 2010, a beta version of Firefox 4 was released for devices based on Android and Maemo mobile operating systems. The web browser is built on the same platform as Firefox for computers and has similar functionality: using the Firefox Sync function, you can synchronize the history of visited pages, bookmarks, passwords, etc. with a desktop computer or laptop. The Awesome Bar is also implemented, multitouch support is announced and work with various web technologies is improved (HTML5, CSS, etc.). This beta version of the browser is compiled for the architecture of the ARMv7 processor. ARMv6 processor architecture - not supported, making it impossible to run the browser on devices running Android OS using this architecture.
  • There are other projects based on the Gecko engine. Owners of the Nokia N800 PDA with the latest version of the Internet Tablet OS 2007 platform can use the MicroB browser created by the Maemo team as part of the Mozilla project. MicroB uses Gecko 1.9 (the one in Fx 3). Installation of extensions in the form of packages in the.deb format is supported.

Notes

  1. Firefox 121 release
  2. Firefox 115 release
  3. Release Firefox 113
  4. Release Firefox 112
  5. Release Firefox 111
  6. the DataTransfer.setData Release Firefox 109
  7. Firefox 106 release.
  8. [https://www.opennet.ru/opennews/art.shtml?num=57952 systems with the Firefox 106.0.1 Update
  9. ).]
  10. Firefox is testing the ability to recognize text in images.
  11. Firefox 103 release
  12. Firefox update 102.0.1
  13. Release Firefox 102
  14. Firefox has full Cookie isolation enabled by default
  15. Researcher hacked Mozilla Firefox in just 8 seconds
  16. Firefox Update 100.0.1. Strengthening Mozilla's requirements for certification centers.
  17. Firefox 100 release
  18. ) Firefox 99 release
  19. Firefox update 98.0.2.
  20. Firefox 98 release
  21. Firefox Update 97.0.2 and 91.6.1 Addressing Critical 0-day Vulnerabilities
  22. ]Mozilla has added ads to the Firefox address bar
  23. The new version of Firefox will be protected from tracking
  24. [More: https://www.securitylab.ru/news/514166.php Only https mode has appeared in the Mozilla Firefox browser
  25. Firefox will have a new function to protect against automatic loading of malicious files
  26. Due to a bug in Firefox, the smartphone camera continues to work even after turning off the screen
  27. Firefox 72 blocks browser digital fingerprint tracking by default
  28. Firefox fixes zero-day vulnerability
  29. Germany's cyber-security agency recommends Firefox as most secure browser
  30. Firefox learned to bypass any Roskomnadzor locks
  31. Firefox has fixed a master password bypass vulnerability
  32. Firefox will fake browser history to trick targeted ads
  33. will block all trackers by default.
  34. Firefox 63 to Get Improved Tracking Protection That Blocks In-Browser Miners
  35. Firefox 57 will acquire a new engine and artificial intelligence functions
  36. New Firefox has become multithreaded and fast.
  37. Alt + R Firefox 50.0 - a new version of a free web browser
  38. Firefox 49
  39. 64-row Firefox for Windows is available for download
  40. Firefox 41 release
  41. Firefox 40 is released
  42. Firefox has fixed a critical 0-day vulnerability in PDF.js
  43. The popular browser introduced a total blocking of Adobe Flash.
  44. Firefox 37 release
  45. 45,0 45,1 [http://www.npsod.ru/blog/market_news/7529.html , Mozilla
  46. CNews: Firefox browser accused of destroying economy
  47. Google bought Firefox from Microsoft and Yahoo for $1 billion