Today Firefox 52 was released by Mozilla. We just deployed it to our browser cloud and it's now available to all users. You can now cross-browser test your websites in Firefox 52!
Try Firefox 52 in Browserling now!
Firefox 52 is the last Firefox version to support Windows XP and Vista. The next version 53 will no longer work on these platforms. This version adds support for WebAssembly, an emerging standard that brings near-native performance to web-based games, apps, and software libraries without the use of plugins. Automatic captive portal detection, for easier access to Wi-Fi hotspots. User warnings for non-secure HTTP pages with logins. Display of media controls to pause or resume playback on the Android notification bar.
Key summary of new features in Firefox 52:
- Firefox 52 is the first browser to enable WebAssembly support. Chrome is enabling it next Tuesday.
- NPAPI plugin support has been killed. No more Java. Hooray!
- CSS grids are now available.
- CSS grid inspector for quick CSS grid debugging.
The new Firefox 52 features include:
- Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS.
- Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
- Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
- Enhanced Sync to allow users to send and open tabs from one device to another.
- Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
Firefox 52 biggest changes include:
- Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1.
- Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
- Improved experience for downloads: Notification in the toolbar when a download fails. Quick access to five most recent downloads rather than three. Larger buttons for canceling and restarting downloads.
- Removed Battery Status API to reduce fingerprinting of users by trackers.
- When not using Direct2D on Windows, Skia is used for content rendering.
- Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
Firefox 52 developer tool updates include:
- Redesigned Responsive Design Mode to include device selection, network throttling, and more.
- The Animation Inspector now displays timing functions.
- Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain.
- about:debugging now shows service worker state.
- Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design.
Firefox 52 HTML, DOM, SVG and JavaScript updates include:
- Support for the async-family functions has been added. This adds async function, async function expression, and the await keyword.
- SVG documents are now represented using the XMLDocument interface instead of SVGDocument.
- The Selection API has fully shipped, including the new selectstart and selectionchange events.
- The
rel="noopener"
link type has been implemented.
Firefox 52 fixes include:
- Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that: Have chained dead keys. Input two or more characters with a non-printable key or a dead key sequence. Input a character even when a dead key sequence failed to compose a character.
Firefox 52 security fixes include:
- Memory corruption during JavaScript garbage collection incremental sweeping.
- Out of bounds read when parsing HTTP digest authorization responses.
- Memory Corruption when handling ErrorResult.
- Use-after-free in Buffer Storage in libGLES.
- Segmentation fault in Skia with canvas operations.
- DOS attack by using view-source: protocol repeatedly in one hyperlink.
- Overly permissive Gecko Media Plugin sandbox regular expression access.
- Addressbar spoofing by draging and dropping URLs.
- Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.
- Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8.
- Javascript: URLs can obfuscate addressbar location.
- File picker can choose incorrect default directory.
- File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service.
- Use-after-free working with ranges in selections.
- FTP response codes can cause use of uninitialized values for ports.
- Print preview spoofing.
- Memory safety bugs fixed in Firefox 52.
- Repeated authentication prompts lead to DOS attack.
- Addressbar spoofing through blob URL.
- Cross-origin reading of video captions in violation of CORS.
- Non-existent chrome.manifest file loaded during startup.
- Pixel and history stealing via floating-point timing side channel with SVG filters.
- Buffer overflow read in SVG filters.
- Null dereference crash in HttpChannel.
- Use-after-free working with events in FontFace objects.
- asm.js JIT-spray bypass of ASLR and DEP.
- Segmentation fault during bidirectional operations.
Unresolved Firefox 52 issues:
- Google Hangouts temporarily won't work.
Happy cross-browser testing in Firefox 52!
Email this blog post to your friends or yourself!
Try Browserling!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!