Here is what is new and changed in Firefox 74.0 Stable

[Karlston]

Here is what is new and changed in Firefox 74.0 Stable

Firefox 74.0 is the latest stable version of the web browser. Its release date is March 10, 2020.

 

All major Firefox channels are updated as well. Firefox Beta and Firefox Dev receive an update to version 75.0, Firefox Nightly is moved to version 76.0, and Firefox ESR to version 68.6. Additionally, Firefox for Android will also be upgraded to version 68.6.

 

You may check out the release overview for Firefox 73.0 here in case you missed it. The next stable version of Firefox, Firefox 75.0, is scheduled to be released on April 7, 2020.

Executive Summary

• Firefox does not support TLS 1.0 or TLS 1.1 anymore.
• Privacy improvements by blocking access to certain information, e.g. geolocation from cross-origin iframes.

Firefox 74.0 download and update

 

The official release date of Firefox 74.0 is March 10, 2020. The browser will become available on that day on Mozilla's website and as an in-browser upgrade.

 

Firefox users may select Menu > Help > About Firefox to run a manual check for updates. Once released, Firefox will pick up the new version automatically and install it on the device.

 

The following pages list direct downloads for supported Firefox channels (will be available later on March 10, 2020)

• Firefox Stable download
• Firefox Beta download
• Nightly download
• Firefox ESR download

Firefox 74.0 Changes

Firefox 74.0 is a smaller release with just a few changes and improvements. Mozilla reduced the time period between releases; a new Firefox version is released every four weeks from 2020 on.

TLS 1.0 and TLS 1.1 support removed

 

Mozilla and other prominent browser makers announced plans to deprecate the old standards TLS 1.0 and 1.1 in browsers in 2020. Mozilla started to disable TLS 1.0 and 1.1 in Firefox Nightly last year and has now removed support for the encryption protocols in Firefox 74.0 Stable.

 

Firefox will throw a "secure connection failed" error when a site only supports TLS 1.1 or lower. Sites need to support at least TLS 1.2 to make sure that users can connect to the sites.

 

Non-user installed add-ons may be removed using about:addons

 

Firefox users may remove extensions installed by external applications using the browser's add-ons management page about:addons.

 

Mozilla plans to disallow extension installations by external applications going forward.

Other changes

• Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.
• The Facebook Container extensions for Firefox supports adding custom sites to the container now.
• Firefox Lockwise, the built-in password manager of Firefox, now supports reverse alpha sorting entries (Z-A).
• Geolocation, fullscreen, camera, mic, screen capture requests from cross-origin <iframe> are now disabled by default
• Improved bookmarks and history importing from the new Microsoft Edge on Windows and Mac devices.
• Mozilla fixed an issue that could cause pinned tabs to become lost or reordered.
• Fixed Picture-in-Picture toggle on Instagram which sit on top of the "next" button when uploading photos to the site.
• The shortcut Ctrl-I opens the Page Info window on Windows now (instead of the Bookmarks sidebar).

Firefox for Android

Mozilla lists "various stability and security fixes" without providing additional details.

Developer Changes

• Cross-Origin-Resource-Policy header is enabled by default.
• Feature Policy is enabled by default.
• Javascript: Optional Chaining operator has been implemented

Security updates / fixes

Security updates are revealed after the official release of the web browser. You find the information published here.

 

Additional information / sources

• Firefox 74 release notes
• Add-on compatibility for Firefox 74
• Firefox 74 for Developers
• Site compatibility for Firefox 74
• Firefox Security Advisories
• Firefox Release Schedule

 

 

Source: Here is what is new and changed in Firefox 74.0 Stable (gHacks - Martin Brinkmann)

[Karlston]

What's in the latest Firefox upgrade? Firefox 74 ends add-on sideloading

Focusing on security and privacy, version 74 is the first to arrive in the browser’s new four-week release cadence.

Magdalena Petrova/IDG

Mozilla on Tuesday shipped Firefox 74. Wait, didn't we just get a new Firefox a minute or two ago?

 

It may feel that way. Firefox 74 arrived just four weeks after its predecessor, continuing the faster release cadence promised last year.

 

The refreshed browser dropped support for the now-obsolete TLS 1.0 and 1.1 cryptographic protocols, blocked all add-on "side-loading" except that allowed by enterprise-managed group policy, and enabled support for a header element designed to safeguard against attacks based on the Meltdown and Spectre hardware-based vulnerabilities first revealed two years ago.

 

Mozilla's security engineers also patched a dozen vulnerabilities, half of them labeled "High," Mozilla's second-most-serious threat label. As usual, some of the flaws might be used by criminals.

 

"We presume that with enough effort some of these could have been exploited to run arbitrary code," the firm wrote of two of the bugs. Two others were discovered and reported by members of Google Project Zero, the search company's team of researchers who root out unpatched flaws in Google and non-Google software.

 

Firefox 74 can be downloaded for Windows, macOS and Linux from Mozilla's site. Because Firefox updates in the background, most users can simply relaunch the browser to get the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." (On macOS, "About Firefox" can be found under the "Firefox" menu.) The resulting page shows that the browser is either up to date or describes the refresh process.

 

This was the first version of Firefox to be released four weeks after its predecessor — Mozilla last upgraded the browser on Feb. 11. In September 2019, the company announced it would pick up the development and release pace by shortening the interval between upgrades from six weeks to first five, then to four.

Say farewell to TLS 1.0, 1.1

As expected, Firefox 74 pulled the plug on the outdated encryption protocols of TLS (Transport Layer Security) 1.0 and 1.1. When users try to connect to a site secured with either TLS version, Firefox now shows a "Secure Connection Failed" error page.

 

But as when Mozilla delivered Firefox 73, this month's upgrade included an override button letting users temporarily enable TLS 1.0 and 1.1. That button will remain "for a couple of release cycles," said Chris Mills, content team manager at the Mozilla Developer Network, in a March 10 post to a company blog. "You won't be able to rely on it for too long," Mills also warned. (A "couple of release cycles" might mean through, say, Firefox 76, which will be supplanted by the next version on June 2.)

 

Note: The deprecation of TLS 1.0/1.1 was the result of a 2018 joint decision by makers of the four biggest browsers (including Apple, Safari; Google, Chrome; and Microsoft, Edge and Internet Explorer).

Sideloading stymied

Firefox 74 also put a stop to sideloading, the term describing how a third-party application installs an associated add-on in Firefox. (One example from times past was the "Web Clipper" add-on that Evernote installed in browsers, including Firefox.) Sideloading has been, if not banned outright, certainly frowned upon by browser makers, who have cited security concerns regarding the practice.

 

In October 2019, Mozilla said that it would ban sideloading, noting malware opportunities as well as the lack of user control; sideloaded add-ons were installed without user approval and could not be deleted by the normal method of heading to Firefox's Add-ons Manager portal. At the time, Mozilla targeted Firefox 74 as the version that would drop support for sideloading.

 

That's happened.

 

Users must now take an explicit action to install a sideloaded add-on in Firefox — blocking the hands-off kind of installs sideloading was known for — and can delete them from the Add-Ons Manager. Add-ons that were sideloaded previously won't be removed by Mozilla (that's for users to do if they wish), but no new sideloaded browser add-ons will be permitted from Firefox 74 forward.

 

As is almost always the case with Firefox, this change-up can itself be stymied in the enterprise if IT deploys the appropriate group policies to employees' copies of the browser.

 

More information on Firefox 74's stance on sideloading can be found in this Mozilla post of March 10.

Enhances security, privacy

Mozilla enabled support for the "Cross-Origin Resource Policy" (CORP) header, which can be used by site developers to opt in to protection against cross-origin requests, or those from outside the domain of the website itself.

 

Using CORP can help safeguard against attacks by the likes of Spectre and Meltdown, the side-channel, hardware-based vulnerabilities that went public in early 2018 and triggered major efforts by browser makers, OS developers and chip company Intel to provide patches.

 

Firefox 74 also took the time to trumpet the Mozilla-made Facebook Container, an add-on that locks the social network and a user's interactions with it inside a separate container, or sections of the browser's memory. Anything done inside the container cannot be tracked outside the container; the result is that Facebook then cannot track one of its users when she goes elsewhere on the web.

 

IDG

When Firefox restarts after upgrading to version 74, the first thing the browser does is pitch the Facebook Container to the user.

Facebook Container is not new: Mozilla launched it almost two years ago. (The latest version now lets users add custom sites to a list so that Facebook's credentials can be used for logging on to those websites.) Rather, once Firefox 74 has been installed — or Firefox was upgraded to version 74 — Mozilla uses the opportunity to pitch the add-on.

 

Firefox Container can also be installed from here.

 

The next version, Firefox 75, is to launch on April 7.

 

 

Source: What's in the latest Firefox upgrade? Firefox 74 ends add-on sideloading (Computerworld - Gregg Keizer)