News

Firefox 127 out with DNS Prefetching, security updates, and more – gHacks Tech News

stp2y0 Comments
Firefox 127 out with DNS Prefetching, security updates, and more - gHacks Tech News


Mozilla has released a new stable version of the organizations’ Firefox web browser. Firefox 127.0 introduces several new features and important security fixes. It may also break media playback on certain sites.

All Firefox editions are updated as well to the following versions:

  • Firefox 127 for Android
  • Firefox ESR 115.12
  • Firefox 128 Beta
  • Firefox 128 Dev
  • Firefox 129 Nightly

Executive Summary

  • Firefox 127 addresses several security issues in the browser.
  • Firefox ESR 128 will be released on July 9. 2024
  • Option to add additional protections to the Firefox Password Manager on macOS and Windows devices.
  • The browser supports a new DNS prefetching instruction now.
  • Media elements on HTTPS websites that use HTTP will be upgraded. If that fails, they won’t be loaded anymore.

Firefox 127.0 download and update

Firefox is updated automatically by default. Desktop users may check the installed version at any time by selecting Menu > Help > About Firefox. Doing so displays the current version and runs a check for updates. Any new version found is installed at this point.

Here are the official download locations:

Firefox 127.0 changes

Security and privacy improvements

Firefox Device Password

Firefox 127.0 ships with security and privacy improvements. Windows and macOS users may configure the browser to prompt for authentication when the built-in password manager is accessed.

The new option is called “Request device sign in to fill and manage passwords”. It is located in the Preferences of the browser under Privacy. You can load about:preferences#privacy to jump there directly. Check the option, which is disabled by default, to add the protective feature.

The new release improves privacy on Linux by reducing fingerprinting information. Firefox will report 32-bit x86 Linux systems as  x86_64 in Firefox’s User-Agent string and a Web API.

HTTP Media upgrades on HTTPS pages

Firefox won’t play HTTP media — image, video, or audio files — on HTTPS pages anymore, if it cannot upgrade the protocol to HTTPS. Files that cannot be upgraded will not be loaded by the browser anymore.

This can be undone by changing the following preferences:

  • security.mixed_content.block_display_content to FALSE (this was on false on the test system)
  • security.mixed_content.upgrade_display_content to FALSE

The console highlights whenever mixed-content has been upgraded. Firefox does not display an icon anymore to indicate mixed-content on a page.

Other changes and fixes

  • New option to launch Firefox on Windows automatically when the operating system starts. The option is found in the Preferences under General. It is called Open Firefox automatically when your computer starts up.
  • Support for rel=”dns-prefetch” link hints. This allows developers to suggest domain names that should be looked up preemptively by the browser.
  • The List all tabs widget has a new Close duplicate tabs action.
  • On macOS, links and other focusable elements are not “tab-navigable”. Users may restore the previous default in the settings.
  • Firefox’s built-in screenshot tool can now take screenshots of certain file types, including SVG and XML, as well as several internal about: pages. Performance was also improved.

Developer changes

  • data: and javascript: URLs are now forbidden in the href attribute of the <base> element
  • Using a <color-interpolation-method> is now supported in gradients created with certain methods.
  • Firefox supports a number of new JavaScript “Set” methods.
  • The lh and rlh line height units are supported in SVG.
  • The asynchronous Clipboard API is supported fully.
  • All HTML character references are now supported in Web Video Text Tracks Format (WebVTT).

Enterprise changes

The following policies have been added or updated:

  • Added: DisableEncryptedClientHello to control Encrypted Client Hello.
  • Added: PostQuantumKeyAgreementEnabled to control post-quantum key agreement for TLS.
  • Added: HttpsOnlyMode to control HTTPS-Only Mode.
  • Added: HttpAllowlist to add exceptions to HTTPS-Only Mode.
  • Updated: Preferences policy to allow setting
    • security.mixed_content.block_display_content
    • security.mixed_content.upgrade_display_content
  • Updated: UserMessaging policy no longer supports the WhatsNew option.
  • Updated: ExtensionSettings policy was updated to add temporarily_allow_weak_signatures to allow installing extensions signed using deprecated signature algorithms.

Security updates / fixes

Mozilla fixed 15 unique security issues in Firefox 127. The aggregate severity rating is high and exploits in the wild are not mentioned.

Outlook

Firefox 128 will be released on June 9. 2024. It marks the beginning of a new ESR base, which will replace Firefox ESR 115.x eventually.

Recent Firefox news and tips

Additional information / resources

Closing Words

Firefox 127 makes a few privacy and security changes. The option to protect saved passwords with the operating system’s password or biometrics is a welcome option. The remaining changes are smaller. The next version will be a major release.

Have you tried Firefox recently? What is your take on the current state of the browser?

Summary

Firefox 127 out with DNS Prefetching, security updates, and more

Article Name

Firefox 127 out with DNS Prefetching, security updates, and more

Description

We take a close look at Firefox 127.0, the latest stable version of Mozilla’s open source browser. Find out what is new and changed.

Author

Ghacks Technology News

Publisher

Ghacks Technology News

Logo

Advertisement





Source link
lol

By stp2y

Leave a Reply

Your email address will not be published. Required fields are marked *

No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.