UNDER CONSTRUCTION
UNDER CONSTRUCTION

Firefox Changes

Subjective selection of those changes to Firefox, which are probably relevant for admins or helpdesk.

How to read this:

  • Normal text describes potentially important changes.
  • Italic text contains my comments, often tells how to disable the new feature.
  • Grey items are changes which are also noteworthy, but will probably not cause you headache.

When will this page be updated:

  • Want to be informed when this page gets a major update? Follow me on twitter. follow me on twitter
  • Is something important missing, or anything wrong? Please tell me!
  • This page will probably be updated whenever a new ESR comes out (see schedule), and maybe a few times inbetween.

Sources: Most info was extracted from the release notes (also the ones for beta and aurora). If you want more, read the notes for developers, Compatibility Notes, Tracking, Meeting Notes. To be completely overwhelmed follow the links "complete list of changes" in each of the release notes.

 
 
PRELIMINARY INFO FOR VERSIONS 46 TO 52:

52-ESR
  NPAPI plugins remain enabled in 32 bit version
    The 64bit version supports only two NPAPI plugins: Flash and Silverlight.
    disable plugins except flash: plugin.load_flash_only = false
  service workers are disabled
    enable: dom.serviceWorkers.enabled = true & dom.serviceWorkers.openWindow.enabled = true
  push notifications are disabled
    enable: enable service workers and set dom.push.enabled = true
  WebAssembly (wasm) is disabled
    enable: javascript.options.wasm = true
  less use of multicrozess architecture Electrolysis (e10s)
    uses the stricter rules of Firefox 50 for enabling it.

52
  compatibility: disable all plugins except Flash
  compatibility: Google Hangouts temporarily won't work
  compatibility: forbids insecure HTTP sites from setting cookies with the "secure" attribute
  UI: shows more warnings when login page is not https
     howto disable: security.insecure_field_warning.contextual.enabled = false
  feature: WebAssembly
  Users of XP and Vista get migrated to 52-ESR.

51
  UI change: shows warning when login page is not https
  security: Firefox will save passwords even in forms that do not have “submit” events 

50.0.2

50.0.1

50
 UI change: "The link to check for plugin security updates has been removed from the
   addon manager as Firefox automatically checks for plugin updates"
 (hmm, this means that plugin updates cannot be disabled?)

49.0.2
  compatibility: asynchronous rendering of the Flash plugins

49.0.1

49
  compatibility: MacOS 10.6, 10.7 and 10.8 not supported any more.
  compatibility: windows version requires CPU with SSE2.
  compatibility: Block some nonessential Flash plugin content
  DRM-blob: "Support of Widevine CDM through the EME API under GNU/Linux"

48.0.2

48.0.1

48
  compatibility: add-ons must be signed by Mozilla
    https://support.mozilla.org/kb/add-on-signing-in-firefox
  compatibility: enables process separation (e10s) for some users
  compatibility: enhanced protection from malicious downloads
    https://blog.mozilla.org/security/2016/08/01/enhancing-download-protection-in-firefox/
  removed Firefox Hello

47.0.2

47.0.1

47
  feature: Google’s Widevine CDM on Windows and Mac OS X
    video streaming services can switch from Silverlight to encrypted HTML5 video
  feature: VP9 video codec
  feature: embedded YouTube videos now play with HTML5 video if Flash is not installed
  compatibility: removed click-to-activate plugin whitelist
  compatibility: removed FUEL (Firefox User Extension Library for add-ons)
  compatibility: "some Changes that can affect add-on compatibility"
     https://blog.mozilla.org/addons/2016/04/07/compatibility-for-firefox-47/

46.0.1

46
  compatibility: GTK3 integration (GNU/Linux only)

click here for very preliminary info for version 34 to 38


Version 33

  • phone home: if you enter a one-word URL, Firefox will do a web search, instead of going to that server.
    You can whitelist URLs by creating a boolean pref with name "browser.fixup.domainwhitelist.", followed by the word to be whitelisted.
    More info: "snappier searches".
  • phone home: search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages.
  • feature: video-format H.264 using a binary plugin from Cisco (running in a sandbox).
    to disable it: set media.gmp-gmpopenh264.enabled to false,
    to remove it: set media.gmp-gmpopenh264.provider.enabled to false.
  • lots of bloat, for example cubic-bezier curves editor (only for developers).

Version 32

  • phone home: malware download detection (see v31) now sends file-info to Google.
  • new cache leaves old cache data on disk, and makes its own read-ahead.
  • password manager stores historical use information (why?).
  • security enhancement: public key pinning (static list of CAs responsible for some selected sites).
  • performance issues on Windows XP.
  • bloat: web audio editor (only for developers).

ESR 31

Version 31

  • bug: steals .pdf and .ogg file associations, and insists to use slow and buggy integrated pdf viewer.
    more info
  • bug: breaks Google Maps (only Windows XP & Linux)
  • bug: some certificates fail
  • compatibility: the installer deletes the directory 'distribution'.
  • compatibility: preferences capability.policy.* removed (except checkloaduri for file:// URIs).
  • security: detect malware downloads with local white & blacklist. Can be disabled by settting browser.safebrowsing.appRepURL to empty string, or by disabling the whole safebrowsing feature.
  • bloat: very many new developer tools.
  • maybe new UI for settings (german text, did not find english version)

See also this blog posting (includes Thunderbird changes).

Why so many new features in an ESR version?!?

Version 30

  • Plugins need whitelisting, otherwise they are blocked (click-to-play). Flash is not on the whitelist. This does not affect plugins that are part of an extension.
  • UI: sidebars button "enables faster access to social, bookmark, & history sidebars".
  • compatibility: outdated and insecure NTLM-authentication deactivated.
  • compatibility: breaks Citrix Receiver.

Version 29

  • new sync for bookmarks, history, passwords, open tabs.
    Incompatible with old sync, no migration available so far, requires new Firefox account, different setup method.
    If you had disabled sync by hiding its setup, this change probably makes it reachable again.
  • new UI ("Australis"):
    • The Firefox menu on the left was replaced with a rectangle full of tiles on the right.
    • The big orange menu button in the upper left corner was replaced with a small line-triplett on the right side of the address bar.
      The original main menu from the time before the orange button can still be re-enabled (F10, View, Toolbars, Menu Bar), and the triple-line thingy can be removed with "#PanelUI-button {display:none !important}" in userChrome.css.
    • The what's new page for this version (shown on the first run) contains a slideshow (only if viewed with Firefox 29), which explains the new UI, highlights the new "menu"-"button", and shows the tiles.
      Even if you usually have the "what's new" page disabled, for this version it probably is important to let it show up. The relevant pref is "browser.startup.homepage_override.mstone".
    • The add-on bar was removed, its contents were moved to the navigation bar.
      Some addons do not like this, need an update.
    • and new UI customization
    This sounds like trying to salvage the UI of the abandoned Metro-app, by implanting it into the desktop version. The addon ClassicThemeRestorer can undo many Australis-changes. Pale Moon is a free clone of Firefox that will keep the standard user interface.

Version 28 after April 1st

Version 28

  • supports videocodec VP9 and audiocodec Opus for WebM videos.
  • removed support for spdy/2.

Version 27

  • better encryption: enabled TLS 1.1 and TLS 1.2 by default.
    If some web pages stop working, change "security.tls.version.max" temporarily back from 3 to 1.
  • optional faster transfer protocol: added support for SPDY 3.1.

Version 26

  • Java: ClickToPlay (to be extended to all plugins, except latest flash)
    workaround: java whitelist deployment.
  • Update-Service fixed: Silent automatic updates now work, even if users have no write permission.
    If you do not want auto-updates: double-check that "app.update.enabled" is locked to false.

Version 25

  • Feature 'welcome back' offers to erase the profile if it is older than 60 days.
    The most important part of every automatic function is the switch to turn it off:
    lockPref("browser.disableResetPrompt", true);
  • UI: The find bar is no longer shared between tabs

ESR 24

Version 23

  • Compatibility: "Mixed Content blocking" blocks active mixed content (allows passive mixed content).
    (more info, useful addons: toggle, display)
  • Compatibility: <blink> removed
  • UI: several options removed (javascript, load images, always show tab bar)
  • UI: logo updated

Version 22

  • Feature: WebRTC enables voice chat and telephone calls inside the browser.
    Privacy: and it allows to find your real IP address, even if you go through a VPN.
    disable: media.peerconnection.enabled = false
  • Feature: connect speculatively to the server, before you actually click on a link (more info)
    Privacy: and it allows to spy on you, for example spammers can verify your email address (explanation)
    disable: network.http.speculative-parallel-limit = 0 (source)

Version 21

  • Config Compatibility: again major changes in directory structure.
    The file 'override.ini' and the directories 'defaults/preferences', 'defaults/profile', 'extensions', 'plugins', and 'searchplugins' have been moved to a newly created subdirectory 'browser'. The function of the directory 'plugin' can be restored by setting the pref 'plugins.load_appdir_plugins' to true. It is still possible to set the AutoConfig-prefs 'general.config.filename' and '.obscure_value' in 'defaults/pref'.
  • Phone Home: health report

Version 20

  • UI: Download does not open new window, flashes green arrow
  • Feature: can access camera and microphone
  • Feature: Private Browsing now per-window

Version 19

  • Feature: PDF-viewer built in
    You can disable this by setting the pref pdfjs.disabled to true

ESR 17

Version 14

  • Config Compatibility: directory structure changed, ignores your preference settings.
    Some config files from defaults/pref must be moved to defaults/preferences to be effective. That new directory does not exist, you must create it. It is still possible to set the Autoconfig-prefs 'general.config.filename' and '.obscure_value' in a file in defaults/pref. By the way its filename should start with letter a, for example 'autoconfig.js'.

Version 13

  • Feature: reset profile. Can be triggered from about:support, and from the safe mode dialog (automatically triggered after consecutive startup crashes).
    Do not deploy Firefox profiles by putting them into default user profile, and do not use add-user scripts to modify them. Mozilla recommends to use the directory 'browser/defaults', or the autoconfig feature. Settings made there will survive the reset.

ESR 10