The Firefox 28.0 update introduces several new technologies to the browser. Mozilla has added VP9 video decoding support, support for Opus in WebM, improved volume controls for HTML5 media, and its GamePad api to the browser.
Mozilla is about to release upgrades for all Firefox channels. The stable version of Firefox will be upgraded from Firefox 27.0.1 to Firefox 28 in the coming 24 hour period, while Beta, Aurora and Nightly releases will see a version bump as well to 29.0, 30.0 and 31.0 respectively. Firefox ESR users last but not least will be upgraded to version 24.4.0 in that time period.
The updates are already available on third-party download sites and the official Mozilla FTP server. While it is possible to download the update early, there is always the chance that last minute changes force Mozilla to push out another build as the final update.
To check which version of Firefox you are running, tap on the Alt-key, and select Help > About Firefox from the menu, or load about:support right away.
Downloads will be made available on the official Mozilla website later today. If you have configured automatic updates, you will receive the update automatically the next time you run the Firefox web browser.
Please note that Mozilla distributes so-called net installers or stubs by default. Read this guide to find out how you can download Firefox offline installers.
Firefox 28 Changes
Mozilla planned to release Firefox for Metro, a specialized version of the web browser for Microsoft's Windows 8 operating system with Firefox 28 but decided to pull it in the last minute. The organization made the decision to stop the development at this point in time to concentrate on improvements and products that are higher up on the priority list right now.
On to the improvements in this version:
The GamePad API has been finalized and is now enabled by default (update: moved to Firefox 29)
The GamePad API was launched in Firefox 24, but was locked behind a preference for the time being. While you could enable it by setting dom.gamepad.enabled to true on the Firefox about:config page, that is no longer necessary once Firefox Stable gets updated to version 28 as it is enabled by default then.
The API is also implemented in Chrome, also the browser supports a slightly different set of features.
Web developers can use the api to create games and applications that make use of gamepads, so that gamepads can be used to control actions on the screen. A basic example is a game that supports gamepads next to keyboard, mouse or touch input.
A very basic test is available here.
Volume control for HTML5 audio and video
This introduces an always visible horizontal volume slider on all HTML5 audio and video files that you play in the Firefox web browser.
A vertical slider was used previously, and there were cases where it was not displayed properly to the user.
Check out bug 649490 for additional information about the implementation and reasoning.
Support for VP9 video decoder and Opus in WebM added
Firefox can now play VP9 encoded videos in WebM format. If you open this test page in Firefox 27.0.1 or earlier, you get an error message that the VP9 video cannot be played, while the VP8 video plays fine.
Opening the same page in Firefox 28 or newer plays both videos fine.
Mozilla is currently working on implementing part of MSE to pass the HTML5 video test on YouTube's HTML5 test page.
WebVTT support added
The Web Video Text Tracks Format can be used to display text tracks using the <track> element, for instance in the form of video subtitles or captions.
Information about Mozilla's implementation are listed here on this page.
Mozilla is working on the platform constantly, which means that new technologies get added or old ones removed. Developers should check the additional information and sources listing at the end of the article for links to pages that detail all changes for developers.
This listing contains just the highlights:
- Dark theme and split console mode added to Web Console in Developer Tools.
- Inspector now features a color picker in rules view.
- CSS: Support for multi-line flexbox, background-blend-mode property and none value for font-variant-ligatures.
- WebVTT has been switched on by default.
- Various interface, api and DOM changes such as implementation of the File constructor, improving privacy by stopping navigator.plugins from being enumerable, or activation of the GamePad API by default.
- Opus in WebM is now supported.
- The VP9 video decoder is now supported.
- Support of SPDY/2 has been removed.
Firefox 28 for Android
The desktop version of Firefox and the mobile Firefox browser for Android share important technologies. Here is the list of features that Mozilla added to the mobile version exclusively.
- Multiple quick share buttons added (displayed when you tap on the menu icon and then on Share).
- Predictive lookup now triggered for Awesomebar entries (this is network prefetching).
- Improved native text selection, cut and copy.
- Support for OpenSearch added.
- Toggle dynamic toolbar mode setting switch added. Firefox scrolls the title bar by default in the mobile version. To disable that you had to set the preference browser.chrome.dynamictoolbar to false previously. Now you can make the change under Settings > Display > Scroll title bar.
- Estonian locale added.
Security updates / fixes
These updates are announced after the official release announcement. We will add them once they are published by Mozilla.
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Additional information / sources