Hooray! Firefox 58 is here. We at Browserling saw the release being uploaded to Mozilla's ftp and grabbed it before it was even announced. We've installed it and it's ready for all your cross-browser testing needs. If you are a developer, this blog post will provide you with all the information needed about this particular release.

Firefox 58

You can try here:

What's new in Firefox 58?

Performance improvements, including:

  • Rendering graphics for Windows users by using Off-Main-Thread Painting (OMTP).
  • Loading pages faster by changing how Firefox caches and retrieves JavaScript.

Improvements to Firefox Screenshots:

  • Copy and paste screenshots directly to your clipboard.
  • Firefox Screenshots now works in Private Browsing mode.

Major changes:

  • User profiles created in Firefox 58 are not supported in previous versions of Firefox.
  • Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority.

Other changes:

  • Added Nepali (ne-NP) locale.

Changes for Web developers in Firefox 58

Developer Tools

  • The Shape Path Editor has been enabled by default for shapes generated via clip-path.
  • The Network Monitor now has a button to pause/play recording of network traffic.
  • In the Network Monitor the "Flash" filter button is no longer available, and Flash requests are included in the "Others" filter.
  • The code for the old Responsive Design Mode has now been removed from the Devtools.
  • The option to view MDN docs from the CSS pane of the page inspector has been removed.

CSS

  • The font-display descriptor is now available by default on all platforms.
  • The proprietary Mozilla :-moz-styleeditor-transitioning pseudo-class is no longer available to web content.
  • The following proprietary Mozilla system metric pseudo-classes are no longer available to web content: :-moz-system-metric(images-in-menus), :-moz-system-metric(mac-graphite-theme), :-moz-system-metric(scrollbar-end-backward), :-moz-system-metric(scrollbar-end-forward), :-moz-system-metric(scrollbar-start-backward), :-moz-system-metric(scrollbar-start-forward), :-moz-system-metric(scrollbar-thumb-proportional), :-moz-system-metric(touch-enabled), :-moz-system-metric(windows-default-theme).
  • The following proprietary Mozilla media features are no longer available to web content: -moz-color-picker-available, -moz-is-glyph, -moz-mac-graphite-theme, -moz-mac-yosemite-theme, -moz-os-version, -moz-overlay-scrollbars, -moz-physical-home-button, -moz-scrollbar-end-backward, -moz-scrollbar-end-forward, -moz-scrollbar-start-backward, -moz-scrollbar-start-forward, -moz-scrollbar-thumb-proportional, -moz-swipe-animation-enabled, -moz-windows-accent-color-in-titlebar, -moz-windows-classic, -moz-windows-compositor, -moz-windows-default-theme, -moz-windows-glass, -moz-windows-theme.

JavaScript

  • The Promise.prototype.finally() method has been implemented.
  • The Intl.PluralRules object has been implemented.
  • The Intl.NumberFormat.prototype.formatToParts() method has been implemented.
  • The Intl.DateTimeFormat object now supports the hourCycle option and the hc language tag.
  • The optional catch binding proposal has been implemented.
  • The non-standard Date.prototype.toLocaleFormat() method has been removed.
  • The non-standard and deprecated Object.prototype.watch() and unwatch() methods have been removed and will no longer work.
  • The legacy Iterator protocol, the StopIteration object, the legacy generator functions and the non-standardFunction.prototype.isGenerator() method have been removed.
  • The non-standard Array comprehensions and Generator comprehensions have been removed.

APIs

  • The PerformanceNavigationTiming API has been implemented.
  • Gecko has also been given a pref that can be used to disable the interface if required — dom.enable_performance_navigation_timing, defaulting to true.
  • The proprietary moz-blob and moz-chunked-text values of the XMLHttpRequest.responseType property were removed completely in Firefox 58.
  • The dom.abortController.enabled and dom.abortController.fetch.enabled prefs that controlled exposure of the Abort API functionality have now been removed, since those features are now enabled by default.
  • The proprietary mozSrcObject property was removed in Firefox 58.

DOM

  • Errors reported via error objects in certain APIs.
  • The PerformanceResourceTiming.workerStart property is now supported.
  • Budget-based background timeout throttling has been implemented.

Media and WebRTC

  • The prefixed version of HTMLMediaElement.srcObject has been removed.
  • Using MediaStream.addTrack() to add tracks to a stream obtained using getUserMedia(), then attempting to record the resulting stream now works as expected.
  • The WebVTT VTTRegion interface has always been created when interpreting WebVTT files, but the resulting regions were not previously utilized.

Canvas and WebGL

  • Support for prefixed WebGL extensions has been removed.
  • For MOZ_WEBGL_compressed_texture_atc use WEBGL_compressed_texture_atc instead.
  • For MOZ_WEBGL_compressed_texture_pvrtc use WEBGL_compressed_texture_pvrtc instead.
  • For MOZ_WEBGL_compressed_texture_s3tc use WEBGL_compressed_texture_s3tc instead.
  • For MOZ_WEBGL_depth_texture use WEBGL_depth_texture instead.
  • For MOZ_WEBGL_lose_context use WEBGL_lose_context instead.

HTTP

  • frame-ancestors is no longer ignored in Content-Security-Policy-Report-Only.
  • Firefox now implements a TLS handshake timeout with a default value of 30 seconds.
  • The worker-src CSP directive has been implemented.
  • The 425: Too Early status code and related Early-Data request header are now supported.

Other

  • "Add to home screen" is now supported in Firefox for Android, part of the Progressive Web Apps effort.
  • WebAssembly now has a tiered compiler providing load time optimizations, and new streaming APIs — WebAssembly.compileStreaming() and WebAssembly.installStreaming().

HTML

  • You can no longer nest an <a> element inside a <map> element to create a hotspot region — an <area> element needs to be used instead.

Changes for add-on and Mozilla developers

WebExtensions

  • browserSettings.webNotificationsDisabled has been implemented.
  • browsingData.localStorage now supports deleting localStorage by host.
  • pkcs11 API to manage security devices.
  • first party isolation can now be toggled though firstPartyIsolate.
  • resist fingerprinting pref can now be toggle through resistFingerprinting.
  • tabs.discard has been implemented.
  • isArticle, isInReaderMode properties of Tab implemented.
  • toggleReaderMode() method implemented.
  • openInReaderMode option of tabs.created implemented.
  • tabs.onUpdated now notifies when entering/exiting reader mode.
  • getCurrent() method to obtain current theme properties.
  • onUpdated method to receive WebExtension theme updates.
  • colors.bookmark_text now supported as alias of colors.toolbar_text.
  • colors.toolbar_top_separator, colors.toolbar_bottom_separator and colors.toolbar_vertical_separator implemented.
  • webRequest.onBeforeRequest now includes a "frameAncestors" parameter.

Bug fixes in Mozilla Firefox 58

  • CVE-2018-5091: Use-after-free with DTMF timers.
  • CVE-2018-5092: Use-after-free in Web Workers.
  • CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing.
  • CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory.
  • CVE-2018-5095: Integer overflow in Skia library during edge builder allocation.
  • CVE-2018-5097: Use-after-free when source document is manipulated during XSLT.
  • CVE-2018-5098: Use-after-free while manipulating form input elements.
  • CVE-2018-5099: Use-after-free with widget listener.
  • CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory.
  • CVE-2018-5101: Use-after-free with floating first-letter style elements.
  • CVE-2018-5102: Use-after-free in HTML media elements.
  • CVE-2018-5103: Use-after-free during mouse event handling.
  • CVE-2018-5104: Use-after-free during font face manipulation.
  • CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts.
  • CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker.
  • CVE-2018-5107: Printing process will follow symlinks for local file access.
  • CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs.
  • CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution.
  • CVE-2018-5110: Cursor can be made invisible on OS X.
  • CVE-2018-5111: URL spoofing in addressbar through drag and drop.
  • CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel.
  • CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow.
  • CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts.
  • CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs.
  • CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access.
  • CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right.
  • CVE-2018-5118: Activity Stream images can attempt to load local content through file:.
  • CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers.
  • CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar.
  • CVE-2018-5122: Potential integer overflow in DoCrypt.
  • CVE-2018-5090: Memory safety bugs fixed in Firefox 58.
  • CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6.

Unresolved issues in Firefox 58

  • Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions.
  • Users running certain screen readers may experience performance issues and are advised to use Firefox ESR until performance issues are resolved in an upcoming future release.
  • When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox may fail to load pages.

Have fun cross-browser testing your webapps in Firefox 58!