Release: Firefox 51

Mozilla has released version 51 of the open-source Firefox web browser. What can you expect from this release?

For Users

  • Save password prompt allows you to view the password before it is saved
  • Zoom button added to the URL bar that displays the zoom level other than 100% – pressing the button returns to default zoom
  • Video performance for those that cannot make use of hardware GPU acceleration has been improved
  • Passwords are now saved from forms that do not emit a “submit” event
  • Free Lossless Audio Codec (FLAC) codec is now built-in
  • WebGL 2 is now supported – provides more advanced 3D images and animations
  • Subtle warning (crossed lock icon) displayed on sites that are not using a secure certificate (SSL/HTTPS) and asking for login username and password
  • Georgian (ka) and Kabyle (kab) locales added and Belarusian (be) locale removed
  • Improved E10s (multi-process) function with better tab switching
  • More reliable browser sync
  • 25 security issues fixed – includes many potential memory issues, some API issues, privilege escalation or information reveals, and URL spoofing

For Developers

  • HTML

    • The <hr>  tag can now be used within <menu>  tags/elements
    • selectionStart and selectionEnd attributes/properties now return correct position when there is no selection within <input>  and <textarea>  elements
  • CSS

    • :indeterminate pseudo-element selector now supported for <input type=”radio”>
    • :placeholder-shown pseudo-element selector now supported for <input type=”text”>
    • :placeholder pseudo-element selector now unprefixed
    • :valid pseudo-class selector fixed to select valid <form>  elements
    • unicode-bidi: plaintext  now works with vertical writing mode
    • clip-path: fill-box  and clip-path: stroke-box  now properly supported
    • Flexible Box Model’s (flexbox) line height is now clamped in single-line auto-height flex container with max-height (matching change to the specification)
  • JavaScript

    • Symbol.toStringTag, TypedArray.prototype.toString() , and TypedArray.prototype.toLocaleString() implemented
    • DateTimeFormat.prototype.formatToParts() now works
    • const and let are now fully compliant with the specification
    • const used within for … of now gets a new binding on each iteration and no longer throws a SyntaxError
    • Using for each … in now produced a deprecation warning
    • Generator functions can no longer be a child of a label and you can no longer use “let” as a label (for obvious syntax reasons)
    • Legacy generator functions now throw an error when used in method definitions (must use asterisk)
    • next()  iterator method now throws a TypeError when it does not return an object
    • Child-indexed pseudo-class selectors will match when they do not have a parent
  • Developer Tools

    • The Network Monitor now has a “blocked” state which shows when a connection is waiting to execute because the simultaneous connections limit has been reached
  • WebGL

    • WebGL 2 now enabled by default
    • The WEBGL_compressed_texture_es3 extension (implemented in Firefox 46) has been renamed to WEBGL_compressed_texture_etc and is no longer included by default in WebGL 2 contexts
    • The EXT_disjoint_timer_query extension has been updated to use WebGLQuery objects instead of WebGLTimerQuery objects
    • The OES_vertex_array_object extension now uses the WebGL 2 WebGLVertexArrayObject object instead of its own WebGLVertexArrayObjectOES object
    • You can now use ImageBitmap objects as a sources for texture images in methods like WebGLRenderingContext.texImage2D(), WebGLRenderingContext.texSubImage2D(), WebGL2RenderingContext.texImage3D(), or WebGL2RenderingContext.texSubImage3D()
  • IndexedDB v2

    • IndexedDB version 2 is now enabled
      • Supports for the new IDBObjectStore.getKey() method has been added
      • Supports for IDBCursor.continuePrimaryKey() method has been added
      • Binary keys are now supported
  • Canvas

    • The non-standard CanvasRenderingContext2D.mozFillRule() method has been removed; the fill rule can be defined using a parameter of the standard CanvasRenderingContext2D.fill() method
    • The CanvasRenderingContext2D.imageSmoothingEnabled has been unprefixed
  • SVG

    • tabindex attribute Added
    • href attribute added, which renders xlink:href obsolete
    • You can now use custom data attributes on SVG elements through the SVGElement.dataset property and the data-* set of SVG attributes
    • CSS Animations used in an SVG image which is presented in an <img> element now work again; this was an old regression
  • Web Workers

    • WorkerGlobalScope.onclose obsolete event and the close event of Worker objects have been removed
  • Networking

    • image/*, video/*, audio/* or text/csv MIME types served to <script> elements, Worker.importScripts(), Worker(), or SharedWorker() are blocked and no longer allowed
  • XHR

    • XMLHttpRequest.responseXML no longer returns a partial document when there is a parse error. Instead, it now returns null (as the specification dictates)
    • To match the latest specification an XMLHttpRequest without an Accept header set with setRequestHeader() is now sent with such a header, with its value set to */*
    • now correctly nulls out username and password values when omitted according to the specification
  • WebRTC

    • The RTCPeerConnection.removeStream() method has been removed. It was deprecated back in Firefox 22, and has been throwing a NotSupportedError for a long time. You need to use RTCPeerConnection.removeTrack() instead, for each track on the stream.
    • WebRTC now supports the VP9 codec by default
    • The method HTMLMediaElement.captureStream(), which returns a MediaStream containing the content of the specified <video> or <audio>. It’s worth noting that this is prefixed still as mozCaptureStream(), and that it doesn’t yet exactly match the spec.
  • Audio/Video

    • Added FLAC support (FLAC codec) in both FLAC and Ogg containers. Supported FLAC MIME types are: audio/flac and audio/x-flac. For FLAC in Ogg, supported MIME types are: audio/ogg; codecs=flac, and video/ogg; codecs=flac
    • Added support for FLAC in MP4 (both with and without MSE)
    • Throttling in background tabs of timers created by Window.setInterval() and Window.setTimeout() was changed in Firefox 50 to no longer occur if a Web Audio API AudioContext is actively playing sound. However, this didn’t resolve all scenarios in which timing-sensitive audio playback (such as music players generating individual notes using timers) could fail to work properly. For that reason, Firefox 51 no longer throttles background tabs which have an AudioContext, even if it’s not currently playing sound.
  • DOM (Document Object Model)

    • The deprecated DOMImplementation.hasFeature() now returns true for all arguments
    • onerror / error event is now supported for <img> elements and HTMLImageElement objects
    • Animation.effect can now be set rather than being a read-only property
    • Permissions.revoke()  is now behind a browser setting/preference (dom.permissions.revoke.enable) and is disabled by default
    • property and StorageManager.estimate() are now implimented/enabled. Storage unit persistence features are not yet implemented
    • BatteryManager.chargingTime and BatteryManager.dischargingTime round to the nearest 15 minutes
  • Events

    • onanimationstart, onanimationiteration, and onanimationstart event handlers are now supported in addition to supporting the corresponding events using addEventListener()
    • ontransitionend event handler supported


Firefox: Stolen and Fixed

Mozilla, an open-source software community run by the non-profit organization, Mozilla Corporation, and developers of the Firefox web browser, has announced it’s bug tracking software, Bugzilla, was hacked. The organization’s blog post states that the account that was compromised had access to privately-listed bugs representing zero-day security flaws in the browser. However, if you keep your browser up-to-date you are protected. The zero-day flaws that were stolen were all patched as part of version 40.0.3 released August 27, 2015. The post does not state the date that the account was compromised.

Green bug being swept up by a broom. Icon / clip-art.
By Poznaniak, pozostali autorzy w plikach źródłowych via Wikimedia Commons

This should definitely be a wake-up call for you to keep the software you use up-to-date. Many applications today will automatically update (including the more recent versions of Firefox) but some do not. In addition to keeping you safe from security flaws, the latest versions of programs also deliver features that make using the software more enjoyable and sometimes easier. In the case of web browsers, it also delivers new tools for web developers to use to make better web applications and websites that are more visually appealing and interactive.

More Information

More detailed explanation of why you should take the time to ensure the software you use is up-to-date will be in an upcoming post! I will link the post here.