Firefox Changes

Subjective selection of those changes to Firefox, which are probably relevant for admins or helpdesk.

How to read this:

  • Normal text describes potentially important changes.
  • Italic text contains my comments, often tells how to disable the new feature.
  • Grey items are changes which are also noteworthy, but will probably not cause you headache.

When will this page be updated:

  • Want to be informed when this page gets a major update? Follow me on twitter. follow me on twitter
  • Is something important missing, or anything wrong? Please tell me!
  • This page will probably be updated whenever a new ESR comes out (see schedule), and maybe a few times inbetween.

Sources: Most info was extracted from the release notes (also the ones for beta and aurora). If you want more, read the notes for developers, Compatibility Notes, Tracking, Meeting Notes. To be completely overwhelmed follow the links "complete list of changes" in each of the release notes.



click here for preliminary info for version 46 to 52


hotfix restore safebrowsing

43.0.4 undo blocking of sha-1 certificates, because many security devices and web interfaces of home routers stopped working
          alternative: set security.pki.sha1_enforcement_level to 0

hotfix re-enable high-res youtube videos

43.0.3 undo blocking of NVidia DLLs, because it made the problem worse instead of fixing it

43.0.2 add sha-256 signing certificate, to meet new signing requirement
       security fix

43.0.1 prepare to use SHA-256 signing certificate for Windows builds, to meet new signing requirement

43.0.0 many security fixes
       turns off safebrowsing (accidentally)
       will reject sha1-certificates starting January 1st 2016

42 ??

41 ??

  Compatibility: faster Plugin-Initialization
     apparently none of the beta-testers plays Farmville.

39.0.3 ??

39.0 ??

38.2.0 ??

38.1.1 ??

38.1.0 ??

  Privacy: Keep track of articles and videos with ???Pocket???
  Privacy: Share the active tab or window in a Hello conversation
  Noteworthy improvement: Clean formatting for articles and blog posts with Reader View

  a few fixes

see also https://mike.kaply.com/2015/05/05/firefox-esr-38-overview/

  UI: preferences moved from separate window to a tab
  unclear: Ruby annotation support
  unclear: Improved page load times via speculative connection warmup
  unclear: BroadcastChannel API implemented
  unclear: Implemented Encrypted Media Extensions (EME) API to support
     encrypted HTML5 video/audio playback (Windows Vista or later only)
  wtf: Automatically download Adobe Primetime Content Decryption Module (CDM) 
     for DRM playback through EME (Windows Vista or later only)
  unclear: WebRTC now has multistream and renegotiation support
  present for hackers: Implemented DOM3 Events KeyboardEvent.code

  several fixes

  disabled Disabled HTTP/2 AltSvc

  phone home & UI: pop-up request for rating ("Heartbeat", feedback system)
     disable: pref ("browser.selfsupport.url", "")
  phone home: OneCRL centralized certificate revocation
  Compatibility: Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc
  UI: Yandex set as default search provider for the Turkish locale

  one security fix

  one security fix

  several fixes

  Compatibility: No longer accept insecure RC4 ciphers whenever possible
  Compatibility: Phasing out Certificates with 1024-bit RSA Keys
  Compatibility: some addons might fail
  UI: For users who removed the Share & Hello buttons, this new version brings them back unexpectedly

  lots of bug fixes

  Feature: Firefox Hello with new ???rooms-based conversations model???
  Feature: Access the Firefox Marketplace from the Tools menu and optional toolbar button
  UI: "New search UI improved and enabled for more locales", whatever that means
  UI & Compatibility: Plugin-Finder-Service removed
     Firefox will not offer to install missing plugins, for example the Flash player, if a web page needs it.

  UI: Default search engine changed to Yahoo! for North America

  Feature: Firefox ???Hello??? real-time communication client
     disable: loop.enabled = false
  UI: Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales
  UI: "Improved search bar (en-US only)", whatever that means
  Compatibility: Disabled SSLv3

Version 33

  • phone home: if you enter a one-word URL, Firefox will do a web search, instead of going to that server.
    You can whitelist URLs by creating a boolean pref with name "browser.fixup.domainwhitelist.", followed by the word to be whitelisted.
    More info: "snappier searches".
  • phone home: search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages.
  • feature: video-format H.264 using a binary plugin from Cisco (running in a sandbox).
    to disable it: set media.gmp-gmpopenh264.enabled to false,
    to remove it: set media.gmp-gmpopenh264.provider.enabled to false.
  • lots of bloat, for example cubic-bezier curves editor (only for developers).

Version 32

  • phone home: malware download detection (see v31) now sends file-info to Google.
  • new cache leaves old cache data on disk, and makes its own read-ahead.
  • password manager stores historical use information (why?).
  • security enhancement: public key pinning (static list of CAs responsible for some selected sites).
  • performance issues on Windows XP.
  • bloat: web audio editor (only for developers).

ESR 31

Version 31

  • bug: steals .pdf and .ogg file associations, and insists to use slow and buggy integrated pdf viewer.
    more info
  • bug: breaks Google Maps (only Windows XP & Linux)
  • bug: some certificates fail
  • compatibility: the installer deletes the directory 'distribution'.
  • compatibility: preferences capability.policy.* removed (except checkloaduri for file:// URIs).
  • security: detect malware downloads with local white & blacklist. Can be disabled by settting browser.safebrowsing.appRepURL to empty string, or by disabling the whole safebrowsing feature.
  • bloat: very many new developer tools.
  • maybe new UI for settings (german text, did not find english version)

See also this blog posting (includes Thunderbird changes).

Why so many new features in an ESR version?!?

Version 30

  • Plugins need whitelisting, otherwise they are blocked (click-to-play). Flash is not on the whitelist. This does not affect plugins that are part of an extension.
  • UI: sidebars button "enables faster access to social, bookmark, & history sidebars".
  • compatibility: outdated and insecure NTLM-authentication deactivated.
  • compatibility: breaks Citrix Receiver.

Version 29

  • new sync for bookmarks, history, passwords, open tabs.
    Incompatible with old sync, no migration available so far, requires new Firefox account, different setup method.
    If you had disabled sync by hiding its setup, this change probably makes it reachable again.
  • new UI ("Australis"):
    • The Firefox menu on the left was replaced with a rectangle full of tiles on the right.
    • The big orange menu button in the upper left corner was replaced with a small line-triplett on the right side of the address bar.
      The original main menu from the time before the orange button can still be re-enabled (F10, View, Toolbars, Menu Bar), and the triple-line thingy can be removed with "#PanelUI-button {display:none !important}" in userChrome.css.
    • The what's new page for this version (shown on the first run) contains a slideshow (only if viewed with Firefox 29), which explains the new UI, highlights the new "menu"-"button", and shows the tiles.
      Even if you usually have the "what's new" page disabled, for this version it probably is important to let it show up. The relevant pref is "browser.startup.homepage_override.mstone".
    • The add-on bar was removed, its contents were moved to the navigation bar.
      Some addons do not like this, need an update.
    • and new UI customization
    This sounds like trying to salvage the UI of the abandoned Metro-app, by implanting it into the desktop version. The addon ClassicThemeRestorer can undo many Australis-changes. Pale Moon is a free clone of Firefox that will keep the standard user interface.

Version 28 after April 1st

Version 28

  • supports videocodec VP9 and audiocodec Opus for WebM videos.
  • removed support for spdy/2.

Version 27

  • better encryption: enabled TLS 1.1 and TLS 1.2 by default.
    If some web pages stop working, change "security.tls.version.max" temporarily back from 3 to 1.
  • optional faster transfer protocol: added support for SPDY 3.1.

Version 26

  • Java: ClickToPlay (to be extended to all plugins, except latest flash)
    workaround: java whitelist deployment.
  • Update-Service fixed: Silent automatic updates now work, even if users have no write permission.
    If you do not want auto-updates: double-check that "app.update.enabled" is locked to false.

Version 25

  • Feature 'welcome back' offers to erase the profile if it is older than 60 days.
    The most important part of every automatic function is the switch to turn it off:
    lockPref("browser.disableResetPrompt", true);
  • UI: The find bar is no longer shared between tabs

ESR 24

Version 23

  • Compatibility: "Mixed Content blocking" blocks active mixed content (allows passive mixed content).
    (more info, useful addons: toggle, display)
  • Compatibility: <blink> removed
  • UI: several options removed (javascript, load images, always show tab bar)
  • UI: logo updated

Version 22

  • Feature: WebRTC enables voice chat and telephone calls inside the browser.
    Privacy: and it allows to find your real IP address, even if you go through a VPN.
    disable: media.peerconnection.enabled = false
  • Feature: connect speculatively to the server, before you actually click on a link (more info)
    Privacy: and it allows to spy on you, for example spammers can verify your email address (explanation)
    disable: network.http.speculative-parallel-limit = 0 (source)

Version 21

  • Config Compatibility: again major changes in directory structure.
    The file 'override.ini' and the directories 'defaults/preferences', 'defaults/profile', 'extensions', 'plugins', and 'searchplugins' have been moved to a newly created subdirectory 'browser'. The function of the directory 'plugin' can be restored by setting the pref 'plugins.load_appdir_plugins' to true. It is still possible to set the AutoConfig-prefs 'general.config.filename' and '.obscure_value' in 'defaults/pref'.
  • Phone Home: health report

Version 20

  • UI: Download does not open new window, flashes green arrow
  • Feature: can access camera and microphone
  • Feature: Private Browsing now per-window

Version 19

  • Feature: PDF-viewer built in
    You can disable this by setting the pref pdfjs.disabled to true

ESR 17

Version 14

  • Config Compatibility: directory structure changed, ignores your preference settings.
    Some config files from defaults/pref must be moved to defaults/preferences to be effective. That new directory does not exist, you must create it. It is still possible to set the Autoconfig-prefs 'general.config.filename' and '.obscure_value' in a file in defaults/pref. By the way its filename should start with letter a, for example 'autoconfig.js'.

Version 13

  • Feature: reset profile. Can be triggered from about:support, and from the safe mode dialog (automatically triggered after consecutive startup crashes).
    Do not deploy Firefox profiles by putting them into default user profile, and do not use add-user scripts to modify them. Mozilla recommends to use the directory 'browser/defaults', or the autoconfig feature. Settings made there will survive the reset.

ESR 10