Mozilla Firefox

[Grogan]

Firefox 126.0.1 is out today, WITH release notes even

https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Fixed an issue with reading tagged PDF documents in a screen reader. (Bug 1894849)

Fixed not displaying localized text for non-en-US locales in the Crash Reporter dialog box on macOS. (Bug 1896097)

Fixed issues with drag-and-drop functionality on Linux. (Bug 1897115)

Fixed an issue causing high GPU memory usage on certain versions of AMD cards. (Bug 1897006)

[Grogan]

Ahh, we've got Firefox 127.0 today, but no release notes.

https://ftp.mozilla.org/pub/firefox/releases/127.0/

I guess I'll find out if this has the changes needed for Rust 1.78, the hard way.

P.S. Yes, Firefox 127.0 builds with Rust 1.78 without any patchset.

[Grogan]

Release notes for 127.0
https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Version 127.0, first offered to Release channel users on June 11, 2024
New

You can now set Firefox to automatically launch whenever you start or restart your Windows computer. Setting Firefox to auto-launch optimizes efficiency in our browser-centric digital routines, eliminating manual startup delays and facilitating immediate web access. (Learn more)

That one is top of the list. boyoboy... I shouldn't have to tell anybody what I think of that.

We completed work to optimize and enable DNS prefetching for HTTPS documents via the rel="dns-prefetch" link hint. This standard allows web developers to specify domain names for important assets that should be resolved preemptively.

It is now possible to close all duplicate tabs in a window with the Close duplicate tabs command available from the List all tabs widget in the tab bar or a tab context menu.

Firefox will now automatically try to upgrade <img>, <audio>, and <video> elements from HTTP to HTTPS if they are embedded within an HTTPS page. If these so-called mixed content elements do not support HTTPS, they will no longer load.

Jawohl! Now that last one I don't like. Forcing https on people where it's neither needed (and don't tell me I need it when I don't) nor wanted, doesn't help anybody's security. The idea of "https everywhere" is to make the protocol mandatory and ubiquitous, so evil governments can't ban it and can't single people out who are using it etc. I resent forcing it on everyone, for that purpose. It's not so much for MY security (except when it's necessary). I resent it because it's a fucking pain in the ass (on the server end) and it's additional overhead. Again, the clients may have 16 core 5 GHz processors for one user running a browser, so people in peanut galleries admonish such arguments, but the server has to serve many requests. Nice of them to donate our resources to the world, isn't it?

I won't force https on my servers. I'll maintain some crappy certs so if someone wants to use it their browser should accept the certificates, but if someone uses http I'm not going to redirect them. I use plain http here. (logins are encrypted/obfuscated by the board... it won't be great, but it's not plain text and we're not exactly taking credit cards here anyway)

For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page.

Fixed

Various security fixes

Changed

To reduce user fingerprinting information and the risk of some website compatibility issues, the CPU architecture for 32-bit x86 Linux will now be reported as x86_64 in Firefox's User-Agent string and navigator.platform and navigator.oscpu Web APIs.

I don't like lies, but that's just a little white lie. At least it's not lying about the OS (unless you enable the fingerprinting protection like librewolf does) but this change is for both methods.

Links and other focusable elements are now tab-navigable by default on macOS, instead of following macOS' "Keyboard navigation" setting. This is a more accessible default and matches the default in all other platforms. A checkbox in the settings page still allows users to restore the old behavior.

The Screenshots feature in Firefox has gotten a big update! It now supports taking screenshots of file types like SVG, XML, and more as well as various about: pages within Firefox. We've also made the screenshot tool more accessible to everyone by implementing new keyboard shortcuts and adding theme compatibility and High Contrast Mode (HCM) support. And finally, performance for capturing large screenshots has been improved.

[Grogan]

I was just doing my daily point release check, and it dawned on me. The next release of Firefox is going to be "Firefox loopback Edition 127.0.1"

(I haven't seen them do a .x.x.y bugfix release in a very long time so it won't be .0.0.1)

[Zema Bus]

lol!

[Grogan]

Oh! Here it is already, Firefox 127.0.1 to make your lo shine
https://ftp.mozilla.org/pub/firefox/releases/127.0.1/

No release notes yet, so I have no idea why I want this, but I'm on it.

P.S.I'm a week late and a grand short (forgot), but Firefox 127.0.1 release notes:

https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Fixed an issue where users with a primary password set on their profile could lose their previous session of tabs upon upgrading if they dismissed the primary password prompt (bug 1901899).

Fixed an issue where Linux users with accessibility.monoaudio.enable set to true were experiencing slow audio speeds (bug 1900972).

Fixed an issue where, in some circumstances, the Firefox installer on Windows failed to complete the installation (bug 1896868).

Fixed an issue causing Firefox to incorrectly reject cookies for certain websites (bug 1901325).

[Grogan]

Firefox 127.0.2 today, WITH release notes, even

https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Fixed an issue where YouTube playback may experience stalling under certain conditions (bug 1900191, bug 1878510).

Fixed an issue where the Private Window icon was displayed in the taskbar on Windows when browser.privateWindowSeparation.enabled was set to false (bug 1901840).

I do believe I may have hit that youtube playback stall a few times in recent builds.

P.S. This one, bug 1878510 is what I was experiencing:
https://bugzilla.mozilla.org/show_bug.cgi?id=1878510

Actual results:

Clicking on a timestamp in the video and waiting till the video reaches the end of the "gray buffer area" results in: infinite buffering, meaning the video shows the loading sign and won't load, regardless of how long you wait.

The video is fucked, I'd have to reload the page to get it to play again. Also this condition would occur if the video naturally exceeded the buffered area sometimes (i.e. if the playback exceeds the downloading)

[Zema Bus]

I've run into that quite often. It's really annoying when YT doesn't remember where I left off in a video when I come back to it later and I have to search for where I was.

Another issue that's been happening lately is in some live streams the video will freeze after a few mins but the sound will continue. At first I thought it was just a problem on one machine, but then I ran into it on another machine as well. I had to open the stream in Chromium to watch it.

[Grogan]

That fits bug 1900191 (different manifestation of same problem)

[Grogan]

Well, I haven't had a youtube video stall or fuck up in any way since Firefox 127.0.2. That's going on 5 days now.

[Grogan]

No release notes, but it looks like Firefox 128.0 is released. One can pick their poison from here:

https://ftp.mozilla.org/pub/firefox/releases/128.0/

I'll get on that today, going to upgrade Rust first (been ignoring Arch's... waiting for the next firefox cycle)

[Grogan]

Firefox 128.0 release notes
https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Quite a bit in the changelog (with images) but:

New

Firefox can now translate selections of text and hyperlinked text to other languages from the context menu.

For users in the US and Canada, Firefox will now show your recent searches or currently trending searches when you open the Address Bar to get you back to your previous search session or inspire your next one.

Firefox now has a simpler and more unified dialog for clearing user data. In addition to streamlining data categories, the new dialog also provides insights into the site data size corresponding to the selected time range.

Firefox now supports playback of protected content from streaming sites like Netflix while in Private Browsing mode.

Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.

On macOS, microphone capture through getUserMedia will now use system-provided voice processing when applicable, improving audio quality.

Firefox is now available in the Saraiki (skr) language.

Fixed

Firefox now proxies DNS by default when using SOCKS v5, avoiding leaking DNS queries to the network when using SOCKS v5 proxies.

Various security fixes.

Firefox now supports rendering more text/* file types inline, rather than requiring them to be downloaded to be viewed.

The root certificate used to verify add-ons and signed content has been renewed to avoid upcoming expiration.

Developer

Developer Information

CSS rules specificity is now displayed in a tooltip when hovering a CSS rule selector in the Inspector Rules view. This can help web developers understand why a given rule is applied before another.

screenshot of the specificity tooltip when hovering a CSS Rule selector in the Inspector Rules view

The Inspector panel now flags a custom property declaration as invalid when the value does not match the registered custom property definition. As shown in the screenshot below, the declaration of a custom property, --b, expecting a <length> value syntax (e.g., 10px), is instead used with a color specified. An exclamation icon appears next to it with a tooltip explaining the error.

screenshot of an example of the exclamation icon beside an invalid custom property declaration and a tooltip explaining the error

Improvements have been made to Inactive CSS. A warning is now displayed when column-span is used on elements outside of multi-column containers and when properties only applying to replaced elements are used on non-replaced elements.

Web Platform

Resizeable ArrayBuffers and Growable SharedArrayBuffers are now supported in SpiderMonkey. This allows the size of an ArrayBuffer to be changed without having to allocate a new buffer and copy data into it.

The setCodecPreferences method allows applications to disable the negotiation of specific codecs (including RTX/RED/FEC). It also allows an application to cause a remote peer to prefer the codec that appears first in the list for sending.

The Accept header for images and documents was changed to better align with the Fetch standard and other browsers.

Support was added for @property and the CSS properties-and-values API.

A new bytes() method is provided on many objects like Request/Response and Blob that provides a convenient way of getting an Uint8Array typed array.

[Grogan]

I just noticed that new setting in "Privacy & Security" was actually enabled, despite what the relnotes say.

Website Advertising Preferences
Allow websites to perform privacy-preserving ad measurement
This helps sites understand how their ads perform without collecting data about you. Learn more

Enabled by default... not anymore. Of course that wouldn't really matter because that shit will be stripped out of the data stream before it gets to my browser anyway

[Grogan]

I was just looking for a 128.0.1 yesterday, thinking it would be par for the course soon, but today there's a Firefox 128.0.2, they didn't publish a 128.0.1. I'm glad to see they are adhering to versioning bumping conventions... you change one thing, even a typo in a readme, there has to be a version bump.

There are release notes, even.
https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Fixed an audio echo in video calls on macOS under certain conditions. (Bug 1908539)

Fixed an issue where the Adguard extension popup was not displaying. (Bug 1906132)

Fixed an issue causing some screen readers to fail to read when navigating by character in rich text editors. (Bug 1905021)

Fixed visual glitches when dark mode is enabled in Windows ARM devices. (Bug 1897444)

Fixed an issue causing NTLM authentication failure. (Bug 1908115)

Fixed an issue where content displayed on mouseover was not captured in a screenshot. (Bug 1905468)

Various stability fixes.

I was actually wanting a firefox build to shake down new toolchains (I upgraded all the LLVM related stuff yesterday too)

[Grogan]

Firefox 128.0.3 today, with release notes even

https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Fixed an issue causing some sites to not load when connecting via HTTP/2. (Bug 1908161, Bug 1909666)

Fixed collapsed table rows not appearing when expected in some situations. (Bug 1907789)

Fixed the Windows on-screen keyboard potentially concealing the webpage when displayed. (Bug 1907766)

[Grogan]

Firefox 129.0 is in the directory today, but no release notes yet. One can pick their poison from here:
https://ftp.mozilla.org/pub/firefox/releases/129.0/

I have to go work on Arch now, so I'll build this too (I install it to a common directory for both OSes)

P.S. I just heard that one thing they changed is that it's now going to default to https:// (even if you don't have the https-only setting enabled) when you type a URL without a protocol handler. Most sites do redirect to https these days, but now, as a server operator, I don't get to decide how clients are going to access my resources. I do maintain LetsEncrypt certs that most browsers should accept so people can use it (and we really ought to for the forum to make it more difficult for session hijacking and the like), I just don't like it being forced. I have to renew those things every 3 months. (I'd let them do it automatically, but it usually fails or doesn't get done on time to avoid the browsers complaining... I usually do it when I think about it, before the 3 months is up)

I don't like that, and I don't want it for now. I hit ctrl-c to cancel the build for now, this is no longer of any benefit to me. Every Firefox version introduces something new that I hate (or at best don't care about) and rarely makes the browser better. I'd rather see them spending time improving performance and footprint than adding new features and authoritarian security theater. I don't know what I'm going to do about this, maybe hack it (find the change and change it back... shouldn't be too hard) but for now I don't have to upgrade.

[Zema Bus]

Hopefully that new browser that's in development turns into a viable alternative.

[Grogan]

That certainly does pique interest, but it would be years (maybe never, without the right contributors) before that's fully usable. They said the first "alpha" quality release isn't expected until 2026. I hope it gets the momentum for contributors.

Making a browser from scratch is huge, moreover, it's really not been done with a completely viable end result. They all build on the ashes of others, and available technologies. Sure, there are little browsers like Dillo, Netsurf and even Konqueror for that matter at inception (I think it was mostly original), but they weren't capable of full web usage. Fine for reading docs and wikis etc.

Unless, you're going back to Mosaic and maybe the early Mozilla (pre-Netscape) code base, it's not been done. I say maybe, because there could have been some of Mosaic in that code base too, at least methods. Internet Explorer was originally based on Mosaic. The first one at least had licensed code from it, I remember seeing it on the about/splash. "Mozilla" was a contraction of "Mosaic Killer" not anything to do with Godzilla.

The Mozilla browser (Seamonkey now) and Firefox are the remnants of the Netscape browser. It was not made from scratch, though it has changed a lot. There are STILL some directories and shit in the build tree that have kept their names. Also, "nss" (though they changed that one to "network security services" lol) and "nspr" (Netscape Portable Runtime) still have their Netscape origins. Firefox has some Google code in it too.

Apple Webkit (Safari) was originally based on khtml (Konqueror) but that needed a lot of work.

Chrome was originally based on Webkit (which also needed some work) which they eventually forked to their "Blink" engine.

Now Microsoft Edge is based on Chrome etc.

The point being, nobody makes a browser from scratch and succeeds. Let's hope Ladybird is the first.

[Grogan]

I could actually turn the default behaviour of this off at compile time with a one-liner in a .yaml file at this time, but it's actually an about:config setting. I was going through their Mercurial (they still use that) changelog looking for the code I needed to revert, but found this mozilla-central commit on July4... it looks like if I revert that pref at compile time, it would only get forcibly changed to true on profile update in early beta builds. So that setting has been there, it was just toggled to false until now.

Code: Select all

modules/libpref/init/StaticPrefList.yaml 

--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -3817,17 +3817,17 @@
   value: true
   mirror: always
 
 # If true, top-level requests that are initiated from the address
 # bar and with an empty scheme get upgraded to HTTPS
 # with a fallback
 - name: dom.security.https_first_schemeless
   type: RelaxedAtomicBool
-  value: @IS_EARLY_BETA_OR_EARLIER@
+  value: true
   mirror: always
 
 # If true, will add a special temporary HTTPS-First exception for a site when a
 # HTTPS-First upgrade fails.
 - name: dom.security.https_first_add_exception_on_failiure
   type: RelaxedAtomicBool
   value: true
   mirror: always

Moreover, this setting is actually present and set to false in Firefox 128. So no need for patching at this time... I can go ahead and build Firefox 129 and then set that back to false. (Unless they've actually removed that toggle now, but I don't think so or I'd have found that commit first. I was systematically searching for https related changes)

dom.security.https_first_schemeless = false



P.S. Yep, that's exactly how it went. On first run of 129.0, it changed the setting to true and I toggled it back to false.

[Grogan]

Oh yeah, I forgot... release notes for Firefox 129.0
https://www.mozilla.org/en-US/firefox/1 ... easenotes/

I'll paste in summary, but a lot of those descriptive points have images to demonstrate.

Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment. These changes offer a more accessible reading experience.

Reader View now has a Theme menu with additional Contrast and Gray options. You can also select custom colors for text, background, and links from the Custom tab.

A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs.

Note that they don't tell you anything else about this. I'd have appreciated a note for that about:config tunable, it would have saved me being pissed off. I only found out about it because I found the .yaml template commit in their master tree that enabled it for release tags too. (and that wouldn't percolate into the release tarballs until 129 or something)

HTTPS is replacing HTTP as the default protocol in the address bar on non-local sites. If a site is not available via HTTPS, Firefox will fall back to HTTP.

I don't think this affects me, with DNS over https disabled. It's for http3 and shit.

HTTPS DNS records can now be resolved with the operating system's DNS resolver on specific platforms (Windows 11, Linux, Android 10+). Previously this required DNS over HTTPS to be enabled. This capability allows the use of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to HTTPS when the DNS record is present, and enables wider use of ECH.

Added support for multiple languages in the same document spoken in macOS VoiceOver.

Address Autofill is now enabled for users in France and Germany.

Various security fixes

[Grogan]

Well... heh. Ask and thou shalt receive, whether thou really wants it or not. I did some work on Arch yesterday (including Rust toolchain) and was thinking I needed to test a Firefox build. Nah, let's wait until 129.0.1.

That's today... but no release notes posted yet
https://ftp.mozilla.org/pub/firefox/releases/129.0.1/

I didn't really want there to be one today

[Grogan]

Release notes for Firefox 129.0.1

Fixed playback issues on some websites with copyrighted video served via digital rights management. (Bug 1911283)

Fixed a crash when dragging a video file onto some websites. (Bug 1910990)

It wasn't anything affecting me

(I keep DRM disabled on purpose, I don't WANT to see a video on the Internet that has DRM to control playback. I mean seriously... news sites that do that to video clips. I want to see the DRM error notification up top, and then I'll close the browser tab and they can get some practice fucking off. As for streaming sites like Nutlix, I don't do things that way. I'll watch video clips on youtube, but a show or movie I'm going to have locally, in its entirety. I don't throw bits away like that)

(Drag and drop a video? Who, me? I HATE drag and drop in anything)

[Grogan]

Firefox 129.0.2 today, with relnotes:

https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Fixed an issue with screen readers prompting "Alert" when hovering over tabs. (Bug 1908873)

Fixed an issue where drag-and-drop operations would not work as expected with extensions that rely on this functionality. (Bug 1911486)

It probably sounds like a fucking Dalek too... "Alert.. Alert... Exterminate..." lol

[Grogan]

Well... the first thing to (un)impress me is that it set the Bookmark toolbar to Always Show after updating the profile. Now I have to go through and check every setting to make sure nothing else has reverted. In a point release...

[Grogan]

Well... I stopped acting stubborn and changed all my shortcuts (new tab page, address bar) to https: for mikeserv sites. I'm still not going to revert the setting disabling https for schemeless URLs, I still don't want my browser forcing that, but I should be using https here to protect my sessions. Why not, I have certs.

[Zema Bus]

I'm checking out the Zen browser after seeing a lot of Linux youtubers talking about it. It's supposed to be like Vivaldi but based on the latest Firefox release. Github page and website.

[Grogan]

So it's firefox based, but I don't really see anything telling me why I should want to use that. So far I haven't read anything that Firefox doesn't do, except that Zen won't pay for a Widevine license to be able to include DRM support (which I disable on principle in Firefox anyway... I spitefully don't want that content to play). They don't even have any screenshots.

[Grogan]

That reminded me to check today... Firefox 130.0 is in the directory now.

https://ftp.mozilla.org/pub/firefox/releases/130.0/

No release notes so I haven't a clue what's new, but it'll take me longer to think about it than start a build.

[Grogan]

One thing it has done is put "Accuweather" in the upper left corner of my New Tab page, for my town though in Fahrenheit. That's pretty invasive, really, I didn't ask for that. That geoclue type stuff actually pisses me off. It uses WiFi location, cell tower location, and IP location (third party compiled databases that have ISP network topology info... on some cable ISPs that can lead someone right to your door.

I can change the location, change to Celcius/Fahr. or hide the widget.

I think it's a sponsor, they probably paid to put their weather widget on the New Tab page. It says "Accuweather Sponsored" underneath if I hover on it, but there are no ads (but there would be if I clicked on it to "See Forecast on AccuWeather")

[Grogan]

Firefox 130.0 Release Notes
https://www.mozilla.org/en-US/firefox/1 ... easenotes/

Firefox now allows translating selected text portions to different languages after a full-page translation.

Firefox now offers an easy way to try experimental features with a new Firefox Labs page in Settings.

AI Chatbot feature lets you add the chatbot of your choice to the sidebar, for quick access as you browse.
Picture-in-Picture auto-open experiment enables PiP on active videos when switching tabs.

I noticed the new Labs category right away in Preferences. Adding an AI chatbot to the sidebar was enough for me to get the fuck out of there and curse the feature. Fuck off, you parrots. "AI" (I don't really like the way they use the term) is just a fad looking for a purpose at this time, in this context.

Overscroll animations are now enabled as the default behavior for scrollable areas on Linux.

Thank you for giving web sites yet another method to annoy me.

Various security fixes.

Fixed an issue where Copy and Paste context menu items intermittently were not enabled when expected.

New languages added for Firefox Translation


Catalan
Croatian
Czech
Danish
Indonesian
Latvian
Lithuanian
Romanian
Serbian
Slovak
Vietnamese