Here is what is new and changed in Firefox 88.0

[silversurfer]

Mozilla plans to release Firefox 88.0 Stable and Firefox 78.10 ESR to the public on April 19, 2021. The new stable version patches security and non-security issues, and introduces new changes to the browser.

New features and improvements​

Window.name isolation privacy fix
Window.name data is limited to the website that created it in Firefox 88 to "protect against cross-site privacy leaks. The property was preserved previously throughout a tab's lifetime, and that meant that it could leak information and could potentially be abused for tracking.

Other changes

• FTP Support has been disabled in this release. FTP support can be enabled again in Firefox 88 and 89 by setting the preference network.ftp.enabled to TRUE using about:config. Support will be removed permanently in Firefox 90.
• Take Screenshot is no longer listed under Page Actions. Firefox users may either right-click on a page and select Take Screenshot, or use the customize menu to add a screenshot button to the toolbar.
• New grace period for camera and microphone access prompts. Firefox won't ask multiple times within 50 seconds if a request was granted to the same device, site and tab.
• Screen readers won't read content that is visually hidden on a webpage anymore.
• Localized print margins are now supported.
• PDF forms support JavaScript embedded in PDF files.
• Linux users get smooth pinch-zooming support on touch-devices.

Security updates / fixes​

Security updates are revealed after the official release of the web browser. You find the information published here after release.

Here is what is new and changed in Firefox 88.0 - gHacks Tech News

Mozilla plans to release Firefox 88.0 Stable and Firefox 78.10 ESR to the public on April 19, 2021. Both versions are security updates.

www.ghacks.net

 

[silversurfer]

Changes in Firefox 88 that you may have missed: View Page Info, View Image, Reopen Closed Tab, and more - gHacks Tech News

Here are the UI changes introduced by Mozilla in Firefox 88. Some context menu items have been renamed, replaced or removed.

www.ghacks.net

 

[silversurfer]

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.

The patch was part of the non-profit’s Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client. In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.

Tracked as CVE-2021-23998, the secure-lock-icon bug effects both the consumer and corporate versions of Firefox browsers prior to the Monday releases. “Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page,” wrote Mozilla in its security advisory.

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.

threatpost.com

 

[silversurfer]

How to disable JavaScript in PDF documents in Firefox​

Mozilla enabled the execution of JavaScript in PDF documents in Firefox 88; this means that JavaScript code will be executed if it is present in a PDF file that is viewed in Firefox. There are legitimate reasons for supporting JavaScript in PDF documents, for instance to verify the input in form fields or to make changes to a document based on data when it is opened or when certain events happen.

Unfortunately, JavaScript in PDFs may also be used to execute malicious code. In other words: JavaScript is a security risk when it is executed in PDF documents.

Most Firefox users may not need the feature, and it is a good idea to disable the execution of JavaScript in PDF documents in the browser to protect the system against JavaScript-based attacks.

Firefox users may disable the execution of JavaScript by the browser's native PDF viewer in the following way. Note that there is no option to turn it off in the main settings of the browser.

1. Load about:config in the web browser's address bar.
2. Confirm that you will be careful to proceed.
3. Use the search at the top to find pdfjs.enableScripting.
4. Set the preference to FALSE with a click on the toggle button at the end of the line.
   1. A status of FALSE disables JavaScript execution in PDF files.
   2. A status of TRUE enables the execution of JavaScript in PDF documents (default)

Firefox will ignore JavaScript in PDF documents if the preference is set to FALSE.

How to disable JavaScript in PDF documents in Firefox - gHacks Tech News

Find out how to disable the execution of JavaScript in the Firefox web browser when viewing PDF documents, a feature that Mozilla introduced in Firefox 88.

www.ghacks.net