[German]Mozilla developers have released versions 100.0 and 91.9esr of the Firefox browser on May 3, 2022. This is a new development branch which, according to the Security Advisory, fixes critical vulnerabilities. Thanks to 1St1 for the tip.
According to the release notes the update of May 3, 2022 brings the following new features.
- Displaying captions/subtitles on YouTube, Prime Video, and Netflix videos that you watch in Picture-in-Picture is now supported. Users can enable the captions in the in-page video player, and they will be displayed in PiP.
- On first launch after installation, Firefox detects if its language is different from the operating system language and offers the user a choice between the two languages.
- Firefox's spell checker now checks spelling in multiple languages. To enable additional languages, select them from the context menu of the text box.
- HDR videos are now supported in Firefox on the Mac – starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher quality video content. No need to manually change settings to enable HDR video support – just make sure battery settings are NOT set to "Optimize video streaming on battery".
- Hardware accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installation of the AV1 video extension from the Microsoft Store may also be required.
- Video overlay is enabled on Windows for Intel GPUs, reducing power consumption during video playback.
- Improved fairness between drawing painting and processing other events. This noticeably improves the performance of the volume slider on Twitch.
- Scrollbars on Linux and Windows 11 no longer take up space by default. On Linux, users can change this in the settings. On Windows, Firefox follows the system preference (System Preferences > Accessibility > Visual Effects > Always show scrollbars).
- Firefox now supports auto-fill and auto-capture of credit cards in the UK.
- Firefox now ignores less restricted referrer policies – including unsafe-url, no-referrer-when-downgrading, and origin-when-cross-origin – for cross-page subresource/iframe requests to prevent privacy leaks through the referrer.
The update to version 100.0 also introduces the following new features.
- Users can now choose preferred color schemes for websites. Theme authors can now better decide which color scheme Firefox uses for menus. The appearance of web content can now be changed in the preferences.
- Starting with this release, the Firefox installer for Windows is signed with a SHA-256 digest instead of SHA-1. Update KB4474419 is required for successful installation on a computer running Microsoft Windows 7. For more information about this update, visit the Microsoft Technical Support website.
- In macOS 11+, fonts are now rasterized only once per window. This means that opening a new tab is fast, and switching tabs in the same window is also fast (there is still work to be done to share fonts across windows, or to reduce the time it takes to initialize those fonts).
- Performance of deeply nested display: grid elements has been greatly improved.
- Support for profiling multiple Java threads has been added.
- Soft-reloading a web page no longer revalidates all resources.
- Non-vsync tasks get more time to execute, which improves Google Docs and Twitch behavior.
- Geckoview APIs have been added to control the start/stop time of capturing a profile.
In addition, a number of critical vulnerabilities have been fixed with the update:
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security settings
- CVE-2022-29915: Leaking cross-origin redirect through the Performance API
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
- CVE-2022-29918: Memory safety bugs fixed in Firefox 100
Firefox 100 also has the following changes:
- Firefox has a new focus indicator for links that replaces the old dotted border with a solid blue border. This change unifies the focus indicators for form fields and links, making it easier to identify the focused link, especially for users with low vision.
- New users can now set Firefox as the default PDF handler when they choose Firefox as their default browser.
Due to Firefox's new three-digit version number, some websites may not work correctly in Firefox version 100. Read more about it in this blog post.
An update of Firefox 91.9esr with one year of long-term support has also been provided with the same fixes to eliminate the above vulnerabilities.
The new Firefox and ESR variants can be downloaded from this website for various platforms (the variant is to be selected from the list boxes displayed).
Cookies helps to fund this blog: Cookie settings