Posted by November 11, 2015
on Today Firefox 42 was released and we just installed it to our browser cloud. You can already start cross-browser testing your websites in this new browser version!
Try Firefox 42 in Browserling now!
New and Changed in Firefox 42
- WebRTC improvements: IPV6 support, Preferences for controlling ICE candidate generation and IP exposure, Hooks for extensions to allow/deny createOffer/Answer, Improved ability for applications to monitor and control which devices are used in getUserMedia.
- Control Center that contains site security and privacy controls.
- Login Manager improvements: Improved heuristics to save usernames and passwords, Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu, Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager.
- Indicator added to tabs that play audio with one-click muting.
- Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites.
- Improved performance on interactive websites that trigger a lot of restyles.
- Various security fixes and updates.
Firefox 42 Security Fixes
- Mixed content WebSocket policy bypass through workers.
- Miscellaneous memory safety hazards.
- Memory corruption in libjar through zip files.
- Crash when accessing HTML tables with accessibility tools on OS X.
- NSS and NSPR memory corruption issues.
- Certain escaped characters in host of Location-header are being treated as non-escaped.
- EV certificates with a validity greater than 39 months are now considered and handled as DV certificates.
- Vulnerabilities found through code inspection.
- Reading sensitive profile files through local HTML file on Android.
- Android intents can be used on Firefox for Android to open privileged files.
- CSP bypass due to permissive Reader mode whitelist.
- Firefox for Android addressbar can be removed after fullscreen mode.
- Information disclosure through NTLM authentication.
- CORS preflight is bypassed when non-standard Content-Type headers are received.
- Trailing whitespace in IP address hostnames can bypass same-origin policy.
- Disabling scripts in Add-on SDK panels has no effect.
- Buffer overflow during image interactions in canvas.
- JavaScript garbage collection crash with Java applet.
- XSS attack through intents on Firefox for Android.
Firefox 42 Developer Updates
- Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
- CSS filter presets in the Inspector.
- View HTML source in a tab.
- Ability to save filter presets inside CSS Filter Tooltip.
- Remote website debugging over WiFi (no USB cable or ADB needed).
- Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs.
Firefox 42 HTML5 Updates
- Media Source Extension for HTML5 video available for all sites.
- Implemented ES6 Reflect.
- Support ImageBitmap and createImageBitmap().
Firefox 42 CSS, JavaScript, HTML Updates
- Vertical writing-mode is now supported with rtl scripts.
- The values of caption-side are now relative to the table, and changing actual meaning according to its writing-mode value.
- Non-standard properties like -moz-margin-start are now aliases of their standard counterpart (margin-inline-start, etc.)
- The prefixed version of CSS gradients can be turned off by setting the layout.css.prefixes.gradients preference to false.
- Several old bugs with float and margin collapsing behavior have been fixed.
- Experimental support for the referrer attribute of the <img>, <iframe>, <a> and <area> has been added.
- The Reflect object has been implemented.
- The implementation of the Proxy handler.ownKeys() trap has been updated to match the final ES2015 specification.
- Calling Map, Set, or WeakMap without new, will now throw a TypeError.
Firefox 42 Canvas, Web Animations and WebGL Updates
- WebGL2 WebGLTransformFeedback has been implemented.
- To obtain a WebGL2 context, HTMLCanvasElement.getContext() now takes webgl2 instead of experimental-webgl2.
- Web Animations API have been extended to support: The AnimationPlayer.playbackRate property, The CSSAnimation and CSSTransition interfaces, The Animation.reverse() method, The AnimationPlaybackEvent interface has been added and cancel and finish are now fired on Animation.
Firefox 42 HTTP and Networking Updates
- Firefox 41 and earlier versions were incorrectly accepting undefined or invalid pseudo-header fields in HTTP/2 responses. This is now fixed and the only pseudo-header field accepted from Firefox 42 is the :status as per the specification. Response headers containing arbitrary fields are considered malformed.
- The CSP upgrade-insecure-requests directive has been implemented.
Firefox 42 Unresolved Issues
- URLs containing a Unicode-format Internationalized Domain Name (IDN) are not redirected properly, leading to a Server Not Found error.
Happy cross-browser testing in Firefox 42!
Email this blog post to your friends or yourself!
Try Browserling!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!