Mozilla's Firefox 57 just came out and we just got it installed our cross-browser testing cloud at Browserling. Firefox 57 has codename Firefox Quantum as it incorporates brand new technology from Mozilla's research group. Are you as excited as we are?

Firefox 57 About Dialog

Try it here immediately:

What's new in Firefox 57?

  • A completely new browsing engine, designed to take full advantage of the processing power in modern devices.
  • A redesigned interface with a clean, modern appearance, consistent visual elements, and optimizations for touch screens.
  • A unified address and search bar.
  • A revamped new tab page that includes top visited sites, recently visited pages, and recommendations from Pocket (in the US, Canada, and Germany).
  • An updated product tour to orient new and returning Firefox users.
  • Video decoding is shut down when the tab playing the media is sent to the background or the video is not visible on the screen.
  • AMD VP9 hardware video decoder support for improved video playback with lower power consumption.
  • An expanded section in preferences to manage all website permissions.
  • Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on.
  • Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work.
  • The browser's autoscroll feature, as well as scrolling by keyboard input and touch-dragging of scrollbars, now use asynchronous scrolling.
  • The content process now has a stricter security sandbox that blocks filesystem reading and writing on Linux, similar to the protections for Windows and macOS that shipped in Firefox 56.
  • Middle mouse paste in the content area no longer navigates to URLs by default on Unix systems.
  • Removed the toolbar Share button.
  • Some older versions of the ATOK IME, including ATOK 2006, 2008, 2009 and 2010, can cause crashes and are therefore disabled on the Windows 64-bit version of Firefox Quantum.
  • The default font for Japanese text is now Meiryo.

Changes for Web developers in Firefox 57

HTML

  • The date and time <input> types are now enabled in all builds.
  • <link rel="preload"> has been disabled in Firefox 57 because of various web compatibility issues.

CSS

  • The minimal-ui and standalone values of the display-mode media query are now supported.
  • The grid-row-gap and grid-column-gap properties are no longer reset by the grid shorthand.
  • The layout.css.clip-path-shapes.enabled preference has been removed.

Quantum CSS notes

Following bugs have been fixed in Quantum:

  • Radial gradient values like radial-gradient(circle gold,red) will work in the old Gecko style system, even though they shouldn't because of the missing comma between circle and gold.
  • When you animate an offscreen element onscreen but specify a delay, Gecko does not repaint on some platforms, e.g. Windows.
  • In Gecko, <details> elements can't be made open by default using the open attribute if they have an animation active on them.
  • In Gecko, transitions will not work when transitioning from a text-shadow with a color specified to a text-shadow without a color specified.
  • In Gecko, cancelling a filling animation can trigger a transition set on the same element, although only once.
  • Animations using em units are not affected by changes to the font-size on the animated element's parent in Gecko, whereas they should be.
  • Gecko also deals with font-size inheritance differently from Quantum CSS, meaning that for some language settings inherited font sizes end up being smaller than expected.
  • Gecko reuses the same mechanism used when parsing a url-token when parsing the domain() or url-prefix() URL matching functions for a @-moz-document rule. Quantum CSS does not use the same mechanism and it does not consider tokens invalid when they contain brackets or quotes.
  • Fixed - In Gecko, when you set a system font as the value of a canvas 2D context's font (e.g. menu), getting the font value fails to return the expected font (it returns nothing).
  • In Gecko, when you create a detached subtree (e.g. a <div> created using createElement() that is not yet inserted into the DOM), the subtree's root element is set as a block-level element. In Quantum CSS this is set as inline, as per spec.
  • In Gecko, calc() expressions are rejected — causing the value to be invalid — when used as the radius component of a radial-gradient() function.
  • Fixed - In Gecko, calc(1*2*3) is not parsed successfully.
  • In Quantum CSS, calc() is supported everywhere that the spec explains it should be and in Gecko it is not.
  • Gecko had a bug whereby the ::before and ::after pseudo-elements are still generated even if the content property value is set to normal or none.
  • Another Gecko bug means that the background-position property can't be transitioned between two values containing different numbers of <position> values.

JavaScript

  • The non-standard for each...in (E4X) loop has been removed.
  • The Object.prototype.watch() and unwatch() methods are deprecated.
  • The non-standard Iterator and StopIteration objects as well as the legacy iteration protocol have been removed.
  • Async generator is now enabled.
  • for await (... of ...) syntax is now enabled.

APIs

  • The PerformanceObserver API is now enabled by default.
  • The AbortController and AbortSignal interfaces (known as the Abort API) have been added, allowing DOM requests (such as fetch requests) to be aborted if desired.
  • The Storage API is implemented and enabled by default.
  • The Selection.type property of the Selection API is now implemented.
  • Document.createEvent('FocusEvent') is now supported.
  • The files property of the HTMLInputElement interface is now settable.
  • The HTMLDocument.getSelection() method has been moved to the Document interface so it is available to XML documents.
  • The messageerror event is now implemented, and can have code run in response to it firing via event handlers implemented on message targets.
  • When Headers values are iterated over, they are automatically sorted in lexicographical order, and values from duplicate header names are combined.
  • Support for messages of arbitrary size (up to 1GiB, although 256kiB is more interoperable) is now supported on RTCDataChannel through use of the end-of-record (EOR) flag on SCTP messages.
  • The RTCDataChannel.send() method can now throw a TypeError exception if the size of the message you're trying to send is not compatible with the receiving user agent.
  • The MediaStream Recording API has been updated so that error events sent to report problems that occur while recording are now of type MediaRecorderErrorEvent rather than being generic events.
  • Updated the documentation around OfflineAudioContext since its constructor's inputs can now be specified in an object rather than as a list of parameters.
  • Mozilla's proprietary Social API has been completely removed.

Security

  • resource:// URLs no longer leak information.
  • Data URIs are now treated as unique opaque origins, rather than inheriting the origin of the settings object responsible for the navigation.

Other

  • Firefox headless mode now includes a -screenshot flag that allows you to take website screenshots directly from the command line.

Changes for add-on and Mozilla developers

The following APIs have been added or extended:

  • bookmarks: support for separators through bookmarks.BookmarkTreeNodeType.
  • browser_action: theme_icons property for light/dark theme icons.
  • browserAction: browserAction.openPopup().
  • browserSettings: allowPopupsForUserEvents, homepageOverride, imageAnimationBehavior, newTabPageOverride.
  • browsingData: browsingData.removeLocalStorage().
  • clipboard: setImageData().
  • contextualIdentities: onCreated, onRemoved, onUpdated, colorCode and iconUrl in contextualIdentitities.ContextualIdentity.
  • devtools.panels: devtools.panels.ElementsPanel.createSidebarPane().
  • downloads: incognito option in downloads.download().
  • estimatedEndTime property in downloads.DownloadItem.
  • find: find(), highlightResults(), removeHighlighting().
  • pageAction.openPopup().
  • privacy: websites.trackingProtectionMode.
  • proxy: FindProxyForURL() can now return an object.
  • runtime: runtime.openOptionsPage() support on Android.
  • sessions: setTabValue(), getTabValue(), removeTabValue(), setWindowValue(), getWindowValue(), removeWindowValue().
  • sidebarAction: sidebarAction.open().
  • storage: storage.managed.
  • tabs: loadReplace option in tabs.update(), discarded property in tabs.Tab, tabs.onUpdated, and tabs.query(), tabs.create() can open "view-source:" URLs, openerTabId property in tabs.Tab, tabs.create(), tabs.query(), and tabs.update().
  • theme: colors.toolbar, colors.toolbar_field, colors.toolbar_field_text, colors.toolbar_text.
  • theme: windowId option to theme.update().
  • webRequest: filterResponseData(), proxyInfo property in webRequest events.
  • windows: allowScriptsToClose option in windows.create().

Bug fixes in Firefox 57

  • CVE-2017-7828: Use-after-free of PressShell while restyling layout.
  • CVE-2017-7830: Cross-origin URL information leak through Resource Timing API.
  • CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects.
  • CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers.
  • CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters.
  • CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections.
  • CVE-2017-7835: Mixed content blocking incorrectly applies with redirects.
  • CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X.
  • CVE-2017-7837: SVG loaded as can use meta tags to set cookies.
  • CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN.
  • CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism.
  • CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags.
  • CVE-2017-7842: Referrer Policy is not always respected for elements.
  • CVE-2017-7827: Memory safety bugs fixed in Firefox 57.
  • CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5.

Source.

Unresolved issues in Firefox 57

  • Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions. Learn how to mitigate this issue until it is corrected in an upcoming release.
  • Users running screen readers may experience performance issues and are advised to use Firefox ESR until performance issues are resolved in an upcoming future release
  • On Windows and Linux, Firefox crashes occasionally on Intel Broadwell-U processors with old microcode. Windows users should ensure Windows Update is set to install updates. Linux users should ensure that the distribution package for Intel microcode is installed.

Have fun cross-browser testing your webapps in Firefox 57!