Firefox 80 released with new and faster extensions blocklist

• 26 August, 2020
• No Comments

Firefox 80 released with new and faster extensions blocklist

Mozilla has released Firefox 80 today, August 25th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with new features, bug fixes, changes, enterprise improvements, and several security fixes.

The highlight of this release is that it enables Mozilla’s new add-ons blocklist designed to enhance the browser’s performance and scalability by lowering the time needed to parse the list when automatically disabling problematic Firefox extensions.

Firefox 80 also enables users to set it as their system’s default system PDF viewer and fixes several crashes that make the web browser more stable for screen reader users.

Windows, Mac, and Linux desktop users can upgrade to Firefox 80 by going to Options -> Help -> About Firefox and the browser will automatically check for the new update and install it when available.

With the release of Firefox 80, all other Firefox development branches have also moved up a version bringing Firefox Beta to version 81 and the Nightly builds to version 82.

Firefox 81.0 Beta, the next release that Mozilla will promote to the stable branch, also adds support for “control media playback via hardware media keys on a keyboard or headset or virtual media control interface” and “smoother video playback and improved AV sync of 60 fps videos on macOS.”

You can download Firefox 80 from the following links:

• Firefox 80 for Windows 64-bit
• Firefox 80 for Windows 32-bit
• Firefox 80 for macOS
• Firefox 80 for Linux 64-bit
• Firefox 80 for Linux 32-bit

If the links above haven’t yet been updated to download Firefox 80, you can also manually download it from Mozilla’s FTP release directory.

Below you can find the major changes and improvements in Firefox 80 — if you want to read the full release notes, you can do so here.

Firefox’s new add-ons blocklist

Mozilla has been blocking extensions causing stability or security issues with the help of a list of unsafe add-ons since at least 2008.

Starting with Firefox 80, the web browser will use a new and more scalable version of this blocklist which should lower the time Firefox needs to parse it.

“When we become aware of add-ons that go against user expectations or risk user privacy and security, we take steps to block them from running in Firefox using a mechanism called the add-ons blocklist,” Engineering Manager for Firefox Add-ons Stuart Colville said.

“One of the constraints of the previous blocklist was that it required parsing of a large number of regular expressions. Each Firefox instance would need to check if any of its user’s installed add-ons matched any of the regular expressions in the blocklist.

“As the number of blocks increased, the overhead of loading and parsing the blocklist in Firefox became greater. In late 2019, we began looking into a more efficient way for Firefox to determine if an add-on is blocked.”

Firefox disables extensions using three types of blocks, based on the severity of the issues it causes:

• Hard blocks disable an add-on and do not allow you to enable it or override the block (used when add-ons are found to be malicious.)
• Soft blocks disable an extension by default, but allow you to override and continue to use the add-on (issued for non-malicious add-ons.)
• Click-to-activate blocks disable a plugin by default, but allow you to enable the plugin for particular sites (issued for non-malicious plugins.)

The current list of blocked add-ons because of serious security, stability, or performance issues with Firefox is available here.

Other bug fixes, improvements, and developer changes

New:

• Firefox can now be set as the default system PDF viewer.
• The name reported by accessibility tools for items in multi-tiered tree controls no longer incorrectly includes information from items at deeper levels, providing users with the correct level of content when using a screen reader.

Fixed:

• Several crashes while using a screen reader were fixed including a frequently encountered crash when using the JAWS screen reader.
• Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
• SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

Also read: 10 Simple and Useful Tips On Agreement Drafting Services

Changed:

• For users with reduced motion settings, we’ve reduced a number of animations such as tab loading to reduce motion for users with migraines and epilepsy.
• The new add-ons blocklist has been enabled to improve performance and scalability.

Enterprise:

• A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 80 Release Notes.
• Today’s release is the final scheduled for Firefox 68 ESR (68.12) unless there is a critical security issue found prior to the release of Firefox ESR 78.3 on September 22, 2020. Users of Firefox 68 ESR will be automatically upgraded to the Firefox 78 ESR series with the release of 78.3.

Developer:

• We’ve shipped an experimental sidebar panel in the inspector to Firefox Developer Edition that helps developers more quickly identify potential browser compatibility problems based on MDN data.
• In the Network Monitor request list, a turtle icon is shown for “slow” requests that exceed a threshold for the waiting time.
• Firefox now supports RTX and Transport-cc for improved call quality in poor network conditions and better bandwidth estimation. These features also provide better compatibility with many websites using WebRTC.

Security fixes

• CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege

• CVE-2020-15664: Attacker-induced prompt for extension installation

• CVE-2020-12401: Timing-attack on ECDSA signature generation

• CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation

• CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion

• CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown

• CVE-2020-15666: MediaError message property leaks cross-origin response status

• CVE-2020-15667: Heap overflow when processing an update file

• CVE-2020-15668: Data Race when reading certificate information

• CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

Also read: 7 Principles of Personal Data Processing