Here is what is new and changed in Firefox 88.0

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Mozilla plans to release Firefox 88.0 Stable and Firefox 78.10 ESR to the public on April 19, 2021. The new stable version patches security and non-security issues, and introduces new changes to the browser.

New features and improvements


Window.name isolation privacy fix
Window.name data is limited to the website that created it in Firefox 88 to "protect against cross-site privacy leaks. The property was preserved previously throughout a tab's lifetime, and that meant that it could leak information and could potentially be abused for tracking.

Other changes
  • FTP Support has been disabled in this release. FTP support can be enabled again in Firefox 88 and 89 by setting the preference network.ftp.enabled to TRUE using about:config. Support will be removed permanently in Firefox 90.
  • Take Screenshot is no longer listed under Page Actions. Firefox users may either right-click on a page and select Take Screenshot, or use the customize menu to add a screenshot button to the toolbar.
  • New grace period for camera and microphone access prompts. Firefox won't ask multiple times within 50 seconds if a request was granted to the same device, site and tab.
  • Screen readers won't read content that is visually hidden on a webpage anymore.
  • Localized print margins are now supported.
  • PDF forms support JavaScript embedded in PDF files.
  • Linux users get smooth pinch-zooming support on touch-devices.

Security updates / fixes​

Security updates are revealed after the official release of the web browser. You find the information published here after release.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications.

The patch was part of the non-profit’s Monday update to Firefox 88 and its corporate Firefox ESR 78.10 browser and its Thunderbird 78.10 email client. In total, Firefox 88 addresses 13 browser bugs, six of which are rated high-severity.

Tracked as CVE-2021-23998, the secure-lock-icon bug effects both the consumer and corporate versions of Firefox browsers prior to the Monday releases. “Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page,” wrote Mozilla in its security advisory.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055

How to disable JavaScript in PDF documents in Firefox​

Mozilla enabled the execution of JavaScript in PDF documents in Firefox 88; this means that JavaScript code will be executed if it is present in a PDF file that is viewed in Firefox. There are legitimate reasons for supporting JavaScript in PDF documents, for instance to verify the input in form fields or to make changes to a document based on data when it is opened or when certain events happen.

Unfortunately, JavaScript in PDFs may also be used to execute malicious code. In other words: JavaScript is a security risk when it is executed in PDF documents.

Most Firefox users may not need the feature, and it is a good idea to disable the execution of JavaScript in PDF documents in the browser to protect the system against JavaScript-based attacks.
Firefox users may disable the execution of JavaScript by the browser's native PDF viewer in the following way. Note that there is no option to turn it off in the main settings of the browser.
  1. Load about:config in the web browser's address bar.
  2. Confirm that you will be careful to proceed.
  3. Use the search at the top to find pdfjs.enableScripting.
  4. Set the preference to FALSE with a click on the toggle button at the end of the line.
    1. A status of FALSE disables JavaScript execution in PDF files.
    2. A status of TRUE enables the execution of JavaScript in PDF documents (default)
Firefox will ignore JavaScript in PDF documents if the preference is set to FALSE.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top