Firefox 51: Find out what is new

Martin Brinkmann
Jan 24, 2017
Updated • Feb 10, 2017
Firefox
|
64

Mozilla Firefox 51.0 Stable was released on January 24, 2017 to the public by Mozilla via automatic updates and on Mozilla's website.

Note: If you are reading this article on January 24, 2017, you may not be able to upgrade Firefox  to version 51 yet as Mozilla may not have enabled the new version through automatic updates. Releases are always available on Mozilla's FTP before they are made available via Firefox's built-in update mechanism.

Mozilla Firefox 51 is the latest stable version of the browser. The new version replaces previous stable versions, including Firefox 50.1, the last version Mozilla released prior to the Firefox 51 release.

All Firefox channels follow the same release schedule. This means that Firefox Beta, Aurora, Nightly and Firefox ESR are updated as well. Mozilla released Firefox Beta 52, Firefox Aurora 53, Firefox Nightly 54, and Firefox ESR 45.7 today as well.

Executive Summary

  1. Firefox 51 is the new stable version of Firefox.
  2. Firefox 52 Beta, 53 Aurora, 54 Nightly, and ESR 45.7 are also available.
  3. The new Firefox version adds native support for FLAC audio and WebGL2, and displays a warning when login pages don't use a secure connection.
  4. It features other interesting new features including new privacy and security options.

Firefox 51 download and update

firefox 51

You may download the latest version of Firefox directly from the Mozilla website, or use the browser's automatic update capabilities to upgrade to the latest version.

To check for updates in Firefox, do the following:

  1. Tap on the Alt-key while the Firefox window is active.
  2. Select Help > About Firefox from the menu bar that is displayed.

Firefox will display the current version, and run a check for updates. Depending on how Firefox is configured, any updates found may be downloaded and installed automatically, or on user command.

You may download all editions of Firefox using the links below instead.

Firefox 51 Changes

FLAC (Free Lossless Audio Codec) support

firefox flac support

Mozilla Firefox 51 supports FLAC audio playback natively (in both FLAC and OGG containers). FLAC is also supported in MP4 with and without Media Source Extensions.

This means among other things that you can play any FLAC file directly in Firefox without issues, and that streaming services may stream FLAC audio streams to Firefox.

See bug 1195723 FLAC support / Create FLAC MediaDataDemuxer for additional information.

Google added FLAC support in Chrome 56 as well.

Firefox 51 highlights insecure login pages

insecure login page

Mozilla Firefox 51 displays an insecure notification in the browser's address bar when you visit a login page in the browser that is not using https.

The notification shows the red "connection is not secure" strike-through icon when that happens. Firefox did not display any notification previously when sites used http for login pages.

Google Chrome will do the same starting with Chrome 56.

Battery Time precision limited for privacy

Privacy improvement: BatteryManager.chargingTime and BatteryManager.dischargingTime precision limited to avoid fingerprinting.

This means that services cannot use the data that these two functions provide anymore for fingerprinting, as it returns a rounded value to the closest 15 minutes now.

Password Manager Improvements

firefox 51 show password

Firefox's built-in password manager received two improvements in this release. The first adds a new "show password" option to the save dialog. This provides you with an option to reveal the password that Firefox is about to save in its database.

The second allows you to save passwords for forms without "submit" events.

Other Firefox 51 changes

firefox zoom level

  1. Added Georgian (ka) and Kabyle (kab) locales, removed Belarusian (be) locale.
  2. Added support for Spatial Audio for 360 Videos on Facebook with Opus 255 Channel Mapping.
  3. Firefox 51 blocks automatic audio playback in non-active tabs.
  4. Firefox 51 has a new search reset feature.
  5. Firefox 51 shows the memory use of processes on about:performance.
  6. Improved reliability of browser data sync.
  7. JavaScript served with wrong MIME type will be blocked.
  8. New WoSign and StartCom certificates will no longer be accepted.
  9. SHA-1 certificates issued by public CA will no longer be accepted.
  10. The Firefox address bar shows an indicator if the zoom level is not the default on a page open in the web browser.
  11. The SocialAPI is deprecated.
  12. Updated to NSS 3.28.1.
  13. Use 2D graphics library (Skia) for content rendering

Developer Changes

Firefox for Android

Coming soon. Release notes list no major changes. At least some of the changes of the desktop versions of Firefox are also part of the Android version of the browser.

Security updates / fixes

Security information is released by Mozilla after the official release of Firefox. We will update the information once Mozilla makes it available.

Firefox 51.0.1

firefox 51.0.1

Firefox 51.0.1 was released on January 26, 2017. It is a bug fix release that fixes Geolocation not working on Windows, and another issue with add-ons that stated that they are not compatible with Firefox's new multi-process architecture but still marked as compatible by Mozilla.

Not released for Android devices.

Firefox 51.0.2 for Android

Mozilla released an update for Firefox for Android that brings the version to 51.0.2. Please note that this update was not released for the desktop versions of Firefox. The patch fixes a crash issue on x86 Android devices.

Firefox 51.0.3 for Android

Firefox 51.0.3 is only available for Android. Mozilla released the update on February 9, 2017. It includes security fixes, and fixes a build issue that caused crashes on some x86 architectures.

Additional information / sources

Now Read: The state of Mozilla Firefox

Summary
Firefox 51: Find out what is new
Article Name
Firefox 51: Find out what is new
Description
Mozilla Firefox 51.0 Stable was released on January 24, 2017 to the public by Mozilla via automatic updates and on Mozilla's website.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Albert McCann said on February 9, 2017 at 2:26 pm
    Reply

    Is there any way to disable the “Connection is not secure” for plain old HTTP websites now? This is nothing more than creeping nannyism, and is unwanted.

  2. DoesNotMatter said on January 30, 2017 at 12:36 am
    Reply

    Undocumented feature: Flash games get broken. For some reason after the update any flash game (for ex. http://www.kongregate.com/games/DivineGames/realm-grinder) runs as if the browser was being being run in a tiny resolution, like 800×600.

    This is pretty bad as games start looking really ugly but also their UI tends to break.

    I got no idea how Firefox even does this (I thought maybe I could fix a setting and go back to normal but no such luck for me)

    As a bonus it also switched the default font to Times New Roman.

    I really wish they’d just stop messing with the UI. Fix bugs, reduce footprint, security. Nothing more.

    1. Ronald Mc Tronald said on January 31, 2017 at 11:07 am
      Reply

      It’s on your end, i.e. only occurs on your computer. Game’s fine here. It could be due to an add-on, a corrupted update or something like that.

      Try Firefox’s safe mode, which automatically restarts Firefox with all add-ons disabled. See if it works. If not, try Firefox’s repair mode or create a new profile. If that still doesn’t work, uninstall and reinstall. If that STILL doesn’t work, update your graphics driver ? (Or use another browser or ask for help on a more appropriate forum where people are better qualified)

      1. anon said on February 22, 2017 at 4:40 pm
        Reply

        If all the adds-on are disabled, Flash won’t work either presumably, so how can you test it?

        I have experienced problems with Flash on particular websites too. Adobe say it’s FF’s fault.

        Much to my disgust I had to install Chrome instead to run the sites in question.

  3. Anonymous said on January 29, 2017 at 9:56 pm
    Reply

    What is the new ‘AlternateServices’ empty text file Firefox creates in the profile directory used for?

  4. ehh said on January 27, 2017 at 8:05 pm
    Reply

    Another release with inability to disable Pocket through about:performance bug.

  5. earthling said on January 27, 2017 at 6:38 pm
    Reply

    Thanks Tom, appreciate your input. As I already wrote on our little user.js thread, I have no clue what’s happening anymore. It must be one of my addons that interferes but it’s still weird that the pref shows as “default” and not “user set”.
    I’ll figure it out eventually.

  6. earthling said on January 27, 2017 at 5:20 pm
    Reply

    Re: WebGL2 – I noticed that ‘webgl.enable-webgl2’ is still (or again?) set to false by default in my FF51.0.1.
    Maybe you guys might want to check that out before you update all your drivers.

    1. Tom Hawack said on January 27, 2017 at 5:45 pm
      Reply

      Here latest Firefox 51.0.1 (x64) has,

      webgl.enable-webgl2 : true (default)
      webgl.webgl2-compat-mode : false (default)

      Quite odd indeed that default settings aren’t the same for all users.

  7. Guest703 said on January 26, 2017 at 8:29 pm
    Reply

    I’m still on Aurora 50 – now that stable has finally caught up, I can update to Aurora 53

  8. Xircal said on January 25, 2017 at 7:55 pm
    Reply

    Hi Martin,

    Please ignore my question concerning “After the Flood” which requires WebGL 2 not playing. I just created a new profile which resolved the problem.

    1. Olivier said on January 26, 2017 at 9:47 pm
      Reply

      To my knowledge, Apple hasn’t released any graphics card drivers updates for the ATI Radeon HD 4850, which is the graphics card installed on my iMac.
      I tried creating a new profile but it hasn’t solved the problem!
      Still getting the error message:
      “This demo requires WebGL 2.0 support. Please update to the latest version of Mozilla Firefox.”

      1. Olivier said on January 27, 2017 at 8:17 pm
        Reply

        Not working in Chrome 56.0 either (despite enabling the appropriate flag). Getting the following error msg:
        “Using Chrome? To enable WebGL 2.0, go to chrome://flags, set the WebGL 2.0 option to Enabled and restart your browser.”

      2. Fez said on January 27, 2017 at 12:50 am
        Reply

        Firefox 51 enables WebGL 2 to 65% of computers, apparently, though this data is based on less than 10 days so it might not be representative, it might change within next month as more people update to Firefox 51. ( https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-18&keys=__none__!__none__!__none__&max_channel_version=release%252F51&measure=CANVAS_WEBGL2_SUCCESS&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-18&table=0&trim=1&use_submission_date=0 )

        WebGL has 99% compatibility, which is astounding, even Flash never went above 95%, and it was not Flash’s 3D functionality (75-85% IIRC), just Flash installs.

        When WebGL was first released, compatibility was around 65% too, I think, maybe even 50%.

        Reasons for that are:
        – Hardware. Nothing to do, just wait for the market to upgrade.
        – Hardware. Some work can be done on WebGL 2’s implementation to enable more hardware without users having to do anything but upgrade Firefox as it gets updated.
        – Drivers. Graphics cards manufacturers fix their drivers which have issues, whether security, incompatibility with WebGL 2’s spec, etc. Some users will therefore become WebGL 2 compatible after a driver update.

        I don’t have WebGL 2 working right now, I’m very surprised about it but I’ll update my 2 years old driver when I get a chance. And if that doesn’t work, I’ll post a bug report on Bugzilla for my graphics card so they can see if it can be enabled.

  9. Xircal said on January 25, 2017 at 7:51 pm
    Reply

    There’s a link to a demo called “After The Flood” in the blog you posted the link to Martin which takes me to https://playcanv.as/e/p/44MRmJRU/

    But when I try to play the demo, it tells me WebGL 2.0 is needed even though I have FF 51 already installed.

    I checked in about:config and “webgl.enable-webgl2” is set to “true” which is the default.

    I tried rebooting in FF Safe Mode just in case an extension was the culprit, but it didn’t make any difference.

    Any idea what the problem might be?

    1. Daniel said on January 25, 2017 at 11:36 pm
      Reply

      If anyone else has this problem, try updating your graphics driver maybe.

  10. Xircal said on January 25, 2017 at 7:32 pm
    Reply

    You’re not really still using FF 32-bit are you Martin?

    1. Martin Brinkmann said on January 25, 2017 at 8:57 pm
      Reply

      I’m using everything :)

  11. Trbeck said on January 25, 2017 at 1:44 pm
    Reply

    Still no automatic update from inside Firefox?

    Any words from Mozilla on this?

    1. Martin Brinkmann said on January 25, 2017 at 5:58 pm
      Reply

      Mozilla announced it yesterday: https://blog.mozilla.org/blog/2017/01/24/gets-better-video-gaming-non-secure-web-warning/

      If you don’t get the update, download the latest version manually and install it this way.

      1. Tom Hawack said on January 26, 2017 at 2:15 pm
        Reply

        If it’s only a “Firefox 51.0.1 build1 partial generation fails due to clamav errors” then I’ll hesitate even less to restore FF 51.0 over 51.0.1.

        Just checked 51.0.1 on VirusTotal and the detection ratio is 0/56 (http://preview.tinyurl.com/gvhpaqq)

        ClamAV is not trully a reference as far as I know. Whatever it’s obviously a false positive

        I’ve backuped FF51.0.1 on a server if anyone’s interested and if you, Martin, agree of course.

      2. Tom Hawack said on January 26, 2017 at 1:57 pm
        Reply

        @Martin, we are both right : Firefox 51.0.1 has been removed from Mozilla Firefox release directory (https://ftp.mozilla.org/pub/firefox/releases/), now that I’ve installed it when it was available (2017-25-01-20:35GMT).

        What are they up to? This is the first time I see a version removed from Mozilla Firefox’s release directory.

        I know you often mention that available latest version on Mozilla Firefox’ release directory are to be considered with caution as they might be modified before the official final release, but this is the very first time I notice, not only a modification but a deliberate removal of a version on a Mozilla’s release directory.

        I’ll keep 51.0.1 and wait …

      3. Martin Brinkmann said on January 26, 2017 at 2:01 pm
        Reply

        Interesting. Bugzilla has this entry which may explain why it got pulled: https://bugzilla.mozilla.org/show_bug.cgi?id=1333663

        Still no idea why they’d release it, but must be a high priority bug fix or security fix.

      4. Tom Hawack said on January 26, 2017 at 11:34 am
        Reply

        Actually latest Firefox version is 51.0.1 downloadable from https://ftp.mozilla.org/pub/firefox/releases/ as well as from major sites.

        Maybe was FF 50 auto-update delayed because 51.0.1 was in perspective?

      5. Martin Brinkmann said on January 26, 2017 at 1:48 pm
        Reply

        Tom are you sure? I don’t see 51.0.1 listed there (did a search, no result). I see 51.0 as the last release version, and before that 50.1.0. Can you please re-check?

      6. Chris said on January 26, 2017 at 5:39 am
        Reply

        It’s now the 26th, and version 51 is still is not available via update from within the browser.

        This is not good of Mozilla, as they have already disclosed the security holes.

        Although I have updated manually by downloading from Mozilla’s site, most of the millions of Firefox users will not be willing to do that, or even be aware that a new version is supposed to be available.

      7. Trbeck said on January 26, 2017 at 4:38 am
        Reply

        Yeah, I already know that blog post, but they don’t mention anything about a delayed roll-out or something.

        This is strange, because, as far as I know, there hasn’t been any issue with the integrated update mechanism for almost two years I think, the updates were always available on the scheduled date in the release calendar (https://wiki.mozilla.org/RapidRelease/Calendar)

        Issues with this update have also been mentioned here:
        https://www.heise.de/forum/heise-online/News-Kommentare/Firefox-51-warnt-vor-unsicheren-Log-ins/Wurde-das-Update-zurueckgezogen/posting-29841842/show/

        Also on mozillazine, with a possible explanation:
        http://forums.mozillazine.org/viewtopic.php?f=38&t=3026850&sid=e77145228854baa62764840d3c75be02

  12. ShintoPlasm said on January 25, 2017 at 7:54 am
    Reply

    I like this new version, some nice changes included. Having switched to a new MacBook Pro Touch Bar, my FF is now blazing fast! Shame about the relatively high battery usage, though.

  13. Chris said on January 25, 2017 at 6:28 am
    Reply

    It’s already well into the 25th and Mozilla’s update servers still aren’t offering version 51.

    It is available on the main download page, however.

  14. Dio said on January 24, 2017 at 5:43 pm
    Reply

    Wait, didn’t a bunch of comments from today disappear ? Or am I on the wrong article, and the correct one was actually deleted ? It was about the removal of Social API.

    1. Martin Brinkmann said on January 24, 2017 at 5:45 pm
      Reply
      1. Dio said on January 24, 2017 at 6:09 pm
        Reply

        Thanks! I failed to notice it was an old article that was linked to by our current article, and not a fresh one from today. Sorry :)

  15. Simeon said on January 24, 2017 at 5:31 pm
    Reply

    Yay! WebGL 2. Now Unity can be reasonably back in browsers!

    Well, not really, needs WebAssembly and SIMD, but that’s a good start.

  16. earthling said on January 24, 2017 at 3:02 pm
    Reply

    I think 51 also landed one-off Searches.
    https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/

    The latest FF51beta I checked, added the ‘browser.urlbar.oneOffSearches’ pref, although it was still set to false.

    1. Pants said on January 24, 2017 at 3:29 pm
      Reply

      // 0819: disable one-off searches from the addressbar (FF51+)
      // https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/
      user_pref(“browser.urlbar.oneOffSearches”, false);

      Yup .. been tagged as 51 for ages. In version “Pants Konami” it was under section 9999 To Investigate. The next version “The House of the Rising Pants” already has it in (as above). Should really get this sucker githubbed

      1. Pants said on January 26, 2017 at 6:55 am
        Reply

        “Might just have to wrap it in an SVG or something ;)”

        ALWAYS wrap your exploits in an SVG, that way you get two holes for the price of one, and who doesn’t like that!

      2. Tom Hawack said on January 25, 2017 at 9:57 am
        Reply

        @Pants and @earthling seem to share several common points and I confess that the idea they be but one soul is a temptation I cannot evacuate rationally. And this is not only due to their common vision of a “just fine’ when the ping-pong of their dialogs appears to me as “built” …

        Anyway, I appreciate your work, you know that :)

      3. Pants said on January 25, 2017 at 1:52 am
        Reply

        @earthling : I’m thinking of doing a new FF51 version 11 final release for Martin once we get our portable 51’s and check a few things, including your diffs dumpie. It’s been six months, so time for another article. But I’m a little scared, truth be told, that Tom will get it and say that it’s “just fine” xD

        * version: 0.11 : The House of the Rising Pants
        * “My mother was a tailor, she sewed my new blue pants”

      4. Martin Brinkmann said on January 25, 2017 at 6:18 am
        Reply

        That sounds great. Dropping pants would be nicer, but hey, you cannot have it all, right?

      5. earthling said on January 24, 2017 at 6:01 pm
        Reply

        Yep, saw that one right when it was first released and created my own polyglot-jpeg-creator-script that same day xD
        And now it’s useless, or so they say …
        Might just have to wrap it in an SVG or something ;)

      6. Pants said on January 24, 2017 at 4:46 pm
        Reply

        security.block_script_with_wrong_mime fixes this exploit, PoC at http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html

      7. earthling said on January 24, 2017 at 4:22 pm
        Reply

        Hey girl!
        Are you ready for another diff-bomb to add to your 999 prefs to investigate? ;)
        I’ll have to wait for portableapps to release FF51 before I can create a diff, but it’ll be coming soon.
        Here’s a short preview created from the latest FF51beta, just to keep you busy xD
        // new:
        pref(“browser.urlbar.oneOffSearches”, false);
        pref(“media.block-autoplay-until-in-foreground”, false);
        pref(“privacy.firstparty.isolate”, false);
        pref(“security.block_script_with_wrong_mime”, true);
        pref(“signon.formlessCapture.enabled”, true);
        // removed:
        pref(“dom.vr.oculus050.enabled”, true);
        pref(“media.block-play-until-visible”, false);
        pref(“network.http.spdy.enabled.v3-1”, false);
        // changed:
        pref(“security.insecure_password.ui.enabled”, true); // prev: false
        pref(“webgl.dxgl.enabled”, true); // prev: false
        pref(“webgl.enable-webgl2”, true); // prev: false

  17. Ed said on January 24, 2017 at 2:13 pm
    Reply

    How can I make my Firefox look like yours?, it looks very nice and clean.

    1. Martin Brinkmann said on January 24, 2017 at 4:09 pm
      Reply

      You need the add-on Classic Theme Restorer for that.

      1. Ed said on January 24, 2017 at 4:20 pm
        Reply

        Ok, thanks!. I need to play with the settings because there are many of them to tweak the interface.

  18. earthling said on January 24, 2017 at 1:31 pm
    Reply

    Thanks Martin! Great post as usual and very helpful.
    But ESR 45.6 was released back in December 2016 already. I still have the portableapps setup file and it’s dated 15.12.2016.
    According to https://wiki.mozilla.org/RapidRelease/Calendar today’s ESR release should be 45.7.

    1. Martin Brinkmann said on January 24, 2017 at 2:48 pm
      Reply

      You are right, thanks and corrected.

  19. Yuliya said on January 24, 2017 at 12:54 pm
    Reply

    BatteryManager.chargingTime and BatteryManager.dischargingTime are about:config entries? The only entry returned when I search for battery is dom.battery.enabled;false which defaults to true.

    Also Mozilla’s site still gives me 50.1 links, so here are the 51 ones for Windows:
    https://download.mozilla.org/?product=firefox-51.0-SSL&os=win&lang=en-US
    https://download.mozilla.org/?product=firefox-51.0-SSL&os=win64&lang=en-US

    1. Martin Brinkmann said on January 24, 2017 at 2:50 pm
      Reply

      No those are API calls, not preferences. Sorry for not making that clearer.

      1. Simeon said on January 24, 2017 at 5:37 pm
        Reply

        On the other hand, niche uses of the web can only be enabled with specific API.

        For instance gaming needs WebGL, Gamepad API and Vibration API. Of course you don’t encounter one game every 10 pages visited, and of course one site will host many games when 1000 others will host none.

        So it’s normal that these APIs are not used by many sites. This reasoning could apply for most APIs for all we know, but that doesn’t mean it would be fair or good for the web as a platform to remove them.

        For the Battery API, it seems that not one site used it as expected by the spec (?), and everyone is using it for fingerprinting. In that case it’s good to remove it, and have browsers deal with low battery on their own.

      2. Pants said on January 24, 2017 at 5:20 pm
        Reply

        Heh .. https://developer.mozilla.org/en/docs/Web/API/Battery_Status_API : “Values for BatteryManager.chargingTime and BatteryManager.dischargingTime are always equal to Infinity.” Now that’s funny. But its not quite what it seems. If the device is plugged in and the power outlet is providing power, *then* it returns infinity, because it will never run out of power.

        Anyway, I guess the API was opened up for web apps etc to be able to take appropriate action if your device battery was low – such as warn you or pause/stop things – eg IDK, maybe an in-game message in a full screen game?

        But just like dozens of other web standards, no one wants it, no one uses it. See http://www.theregister.co.uk/2016/05/24/pointless_features_add_to_browser_bloat_and_insecurity/ . It’s a little old, but of the top 10,000 websites .. 1 used Vibration API, 3 used Gamepad API, 16 used Web Notifications, 30 used WebRTC and so on .. 1553 used SVG (earthling .. 15% dude, yikes, do you feel safe?). A lot of bloat and security surface TBH.

      3. Black cat said on January 24, 2017 at 5:05 pm
        Reply

        From your bug link, it seems that they first decided to do something about (dis)chargingTime precision, which to be fair should be a very quick fix, and then figured the whole API could actually go without breaking web content. I like it when a privacy plan goes further than expected.

      4. earthling said on January 24, 2017 at 4:48 pm
        Reply

        I don’t know. Seems kinda useless to me too. It’s for addons mostly I guess, but addons can already uniquely identify users if they want to. Maybe it was somewhat easy to implement and served as a good bug for a new employee/intern at mozilla or something, who knows. I be a confused lad too mate^^

      5. Black cat said on January 24, 2017 at 4:24 pm
        Reply

        Then, why these (dis)chargingTime changes ? How is it different from the Battery API ? I be a confused lad.

      6. earthling said on January 24, 2017 at 3:58 pm
        Reply

        @Black cat
        You’re right.
        “Remove web content access to Battery API” (https://bugzilla.mozilla.org/show_bug.cgi?id=1313580)
        … it will ride the train in FF52.
        https://developer.mozilla.org/en-US/Firefox/Releases/52#Others

      7. Black cat said on January 24, 2017 at 3:26 pm
        Reply

        Now that I think about it, wasn’t there discussion at Mozilla to remove Battery API access to websites, only keeping it for add-ons and Firefox itself ?

        Did I dream about it ? Was it deemed unsuitable ? The reason was privacy.

  20. Tom Hawack said on January 24, 2017 at 12:30 pm
    Reply

    I’ve encountered two issues with Firefox 51 when not with previous Firefox 50.1 :

    1- A setting so called a TOR contribution which appeared with Firefox 50.1 :

    // TOR CONTRIBUTION (2) – enable first party isolation pref and OriginAttribute — WARNING: this may break some sites
    user_pref(“privacy.firstparty.isolate”, false); // Default=false

    – This setting is no longer hidden.

    – If set to ‘true’ in FF51 there is at least this problem which occurs : the FF ‘Self-Destructing Cookie’ add-on no longer removes non whitelisted cookies, which is the core of it’s pertinence;

    2- TLS maximum supported protocol version

    // security.tls.version.max : maximum supported protocol version (highest version to initiate a connection with before falling back to lower versions).
    user_pref(“security.tls.version.max”, 3); // Default=3

    NOTE :
    // 3 : TLS 1.2 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
    // 4 : TLS 1.3 is the minimum required / maximum supported encryption protocol. (Available since FF49)

    In Firefox 50.1 and before I had set this value to 4 but I just encountered at least two sites now called with FF51.0 that cannot be connected with max version set to 4 : restoring to 3 (default) solves the connection issue.

    No issues if you’ve kept default FF settings. This concerns those who may have tweaked concerned settings as I do and did.

    1. Tom Hawack said on January 26, 2017 at 12:52 pm
      Reply

      The “2- TLS maximum supported protocol version” I reported above is no longer a problem with latest Firefox 51.0.1 which had added a “security.tls.version.fallback-limit” set to 3 by default, which means that “security.tls.version.max” can be set to 4 (= TLS 1.3 is maximum supported encryption protocol) and it will fall back to 3 in case of a problem.

      I had tested “security.tls.version.max” = 4 with https://adguard.com/
      On Firefox 51.0 : connection failed
      On Firefox 51.0.1 : connection succeeded (new “security.tls.version.fallback-limit” left at default ‘3’)

    2. ak said on January 24, 2017 at 4:44 pm
      Reply

      Try this add-on its similar to Self-Destructing Cookie:
      https://addons.mozilla.org/en-US/firefox/addon/cookies-exterminator/
      You need to switch it to active mode to work.

    3. Black cat said on January 24, 2017 at 3:22 pm
      Reply

      1. Pretty sure first-party isolation isn’t ready, so encountering bugs seems likely. You may want to poke the add-on developer and Mozilla in case they don’t know.

      2. TLS 1.3 isn’t ready either, I think. Seems like this could actually be a bug FIXED in Firefox 51, something where Firefox 50 fell back to 1.2 silently while it was supposed to fail hard, with such a setting. Those sites could be “TLS 1.3 intolerant” ( https://bugzilla.mozilla.org/show_bug.cgi?id=1286694 )

      Of course I have no idea, those are just guesses, but I’d be careful about enabling features still in development, especially privacy/security ones. Even if I was on Nightly I’d let Mozilla handle at which time such or such critical feature is ready to be turned on. YMMV of course.

      1. Tom Hawack said on January 24, 2017 at 4:15 pm
        Reply

        I’ll send an email to ‘Self-Destructing Cookies’ developer ‘Support E-mail’ address since one is provided on the add-on’s AMO page.

      2. Pants said on January 24, 2017 at 3:42 pm
        Reply

        FPI is so not ready. There are a ton of tickets for issues with gmail, soundcloud, facebook and so on.
        https://bugzilla.mozilla.org/show_bug.cgi?id=1319773 – soundcloud
        https://bugzilla.mozilla.org/show_bug.cgi?id=1319728 – youtube
        https://bugzilla.mozilla.org/show_bug.cgi?id=1316019 – pixnet
        https://bugzilla.mozilla.org/show_bug.cgi?id=1316536 – facebook
        https://bugzilla.mozilla.org/show_bug.cgi?id=1319756 – instagram
        https://bugzilla.mozilla.org/show_bug.cgi?id=1319761 – pinterest
        https://bugzilla.mozilla.org/show_bug.cgi?id=1319767 – imgur
        https://bugzilla.mozilla.org/show_bug.cgi?id=1319839 – gmail

        Without wanting to read the details too much and get in over my head, the problem (I think) relates mainly to the login being from a different domain.

        The pref (privacy.firstparty.isolate) is, if I understand it correctly which I probably am not, primarily for TBB, and indeed, the restriction is so tight (or the interpretation of how to implement differs) that there is another preference being written as I type to alleviate the strictness of FPI so not so many websites break : privacy.firstparty.isolate.restrict_opener_access – see https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22

  21. RG said on January 24, 2017 at 8:35 am
    Reply

    2017 ;)

    1. Martin Brinkmann said on January 24, 2017 at 8:37 am
      Reply

      Thanks ;)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.