Firefox 40: Find out what is new
Firefox 40 will be released to the stable channel on August 11, 2015 if things go as planned. There is always the chance of delays caused by last minute bug.
The release has just been posted to the official archive website -- Mozilla moved all data from the ftp server it maintained previously to it -- and it is likely that third-party download portals will offer it before the official release date.
All Firefox channels are updated tomorrow. Firefox Stable will be moved for version 40, Firefox Beta to version 41, Firefox Developer to version 42, Firefox Nightly to version 43 and Firefox ESR to version 38.2.
The information you find below reveal all there is to know about the Firefox 40 stable channel update.
The 64-bit version of Firefox for Windows is still not available for stable channel releases.
Firefox 40 download and update
All Firefox versions check for updates automatically by default. The new version will be picked up by the browser tomorrow.
Users who don't want to wait for this to happen -- the check does not run in real-time but in intervals only -- can run a manual update check instead.
To do that tap on the Alt-key and select Help > About Firefox from the menu bar that opens.
Direct downloads are made available by Mozilla once Firefox has been released officially. You can download the version you need using the links below.
- Firefox Stable download
- Firefox Beta download
- Firefox Developer download
- Nightly download
- Firefox ESR download
Firefox 40 Changes
Unsigned add-on installation warning
Firefox users who try to install unsigned extensions in the browser receive a prompt in Firefox 40. The prompt warns them but does not block the installation of the extension.
Just hit the install button to install the extension anyway in Firefox. Note that this happens only on third-party sites offering Firefox add-ons as all add-ons hosted on Mozilla AMO are signed.
Mozilla plans to block the installation of unsigned add-ons starting with version 41 oi stable and beta channels of Firefox.
Suggested Tiles show sites of interest
Mozilla continues its work on Firefox's New Tab Page. The organization introduced sponsored tiles a while ago to the new tab page and complements this with suggested tiles in Firefox 40.
The main difference between sponsored and suggested tiles is that sponsored tiles are advertisement while suggested tiles are not.
Suggested tiles are based on the user's browsing history and Mozilla hopes to display related sites of interest this way.
You can read up on the technology used by the feature here.
Both suggested and sponsored tiles may only be displayed if the New Tab Page cannot be populated with native website and service links.
New Add-on Manager Style
Mozilla has updated the design of the add-on manager which you can access directly by loading about:addons in the browser.
The look matches the style of the in-content preferences (about:preferences). You can find out more about this change on [email protected].
Asynchronous plugin initialization
Firefox's new asynchronous plugin initialization improves plugin handling in the browser significantly.
Not only will it improve plugin startup time in Firefox but also reduce the number of crashes and hangs caused by plugins.
We have reviewed this in detail here and suggest you check it out if you are interested in the technical side of the implementation.
Add context to Firefox Hello conversations
You may now add context to Hello links that you create. Firefox Hello is a built-in real-time communication feature using WebRTC.
When you click on the "add new context" link you may add a title, link and comments.
- Support for Windows 10. Firefox 40 ships with a modified theme for Windows 10 that makes the browser look more in line with other programs running on the operating system.
- Added protection against unwanted software downloads using Safe Browsing.
- Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)
- Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked
- Smoother animation and scrolling with hardware vsync (Windows only)
- JPEG images use less memory when scaled and can be painted faster
- Sub-resources can no longer request HTTP authentication, thus protecting users from inadvertently disclosing login data
Please note that this list includes only the highlights. Consult the link to the developer changes in Firefox 40 at the end of the article for a full list of changes.
- IndexedDB transactions are now non-durable by default
- Show when network resources are loaded from cache.
- Filter requests by url in the network monitor and new context menu options in the network monitor.
- Edit and filter rules in the Page Inspector.
- A context-click on a CSS property in the Rules view offers to display help for that property using MDN.
- Improved Performance tools in the developer tools: Waterfall view, Call Tree view and a Flame Chart view
- Inspector now searches across all content frames in a page
- New rules view tooltip in the Inspector to tweak CSS Filter values
- New page ruler highlighting tool that displays lightweight horizontal and vertical rules on a page
Firefox for Android
The Android version of Firefox shares most improvements with the desktop version. The following changes are Android-specific.
Long press on back/forward buttons brings up history
If you long press on the back or forward button in the Firefox menu, the history of accessed sites is displayed on that page.
This improves navigating back and forth between pages opened in the same tab as you can access any site or service you have accessed previously directly.
Other Android changes
- Support for Android Presentation API for screen casting
- Open links from Android applications in the same tab via EXTRA_APPLICATION_ID
Security updates / fixes
This are released after the official reveal by Mozilla. We will add the information once they become available.
- MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
- MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
- MFSA 2015-90 Vulnerabilities found through code inspection
- MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
- MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
- MFSA 2015-86 Feed protocol with POST bypasses mixed content protections
- FSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
- MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
- MFSA 2015-83 Overflow issues in libstagefright
- MFSA 2015-81 Use-after-free in MediaStream playback
- MFSA 2015-80 Out-of-bounds read with malformed MP3 file
- MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
- MFSA 2015-78 Same origin violation and local file stealing via PDF reader
- MFSA 2015-77 Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer
- MFSA 2015-76 Wifi direct system messages don't require a permission
- MFSA 2015-75 COPPA error screen in FxAccounts signup allows loading arbitrary web content into B2G root process
- MFSA 2015-74 UMS (USB) mounting after reboot even without unlocking
- MFSA 2015-73 Remote HTML tag injection in Gaia System app
- MFSA 2015-72 Remote HTML tag injection in Gaia Search app
Additional information / sources
- Firefox 40 release notes
- Firefox 40 Android release notes
- Add-on compatibility for Firefox 40
- Firefox 40 for developers
- Site compatibility for Firefox 40
- Firefox Security Advisories
So no e10s in v.40?
Also, is there any way to force download 40 stable today, the links you provided only offer it in the beta channel.
edit: apparently not. I found the official archives, and for 40.0, i get the message:
“Thanks for your interest in Firefox 40.0. We aren’t quite finished qualifying Firefox 40.0 yet. You should check out the latest Beta.”
guess I’ll have to wait till tomorrow :)
thanks much for all the info.
There won’t be e10 for a while. It was slated to be introduced in v42, but that looks highly unlikely given the state of e10 in nightlies.
Good, excellent news.
For me, both sponsored and suggested sites are useless features that also invade privacy – no matter what Mozilla would say.
And I also wonder who uses Hello… It’s kind of feature “because so, even if barely someone will use it”.
Probably someone on mozilla team uses hello. I see no other reason for implementing it.
webrtc and hello could be great and universial browser-based messaging platforms – if more companies would push it and more people would use it. the thing is, the messaging-sector is fragmented to no end and mozilla doesn’t have the market share to poularize the new platform alone.
The way I feel it is that messaging services are not a natural component of a web browser, they participate to an inflationary drifting of the core meaning, aim, attributes of a Web browser. This trend to add again and again a layer of extras to a basic principle is noticeable in many applications and even in the real world when insurances get into the banking arena and vice-versa for instance. All this leads to, or participates from a concept which is IMO a negation of intelligence, intelligence which never develops as well as in pluralist conditions and lay-outs.
Noticed Moz locked the ftp releases directory … 550 Permission Denied
That is the
I wonder what is so secret about this release vs all others. Are they expecting a tidal wave of backlash on something I wonder.
they were talking about dropping ftp support to clone chrome even further, so maybe they want to prove that 0% of users came to their ftp to look for the new version…
Why would you “wonder” instead of spending 10 seconds to investigate ?!?
dated Aug 7, 2015
“The contents of ftp://ftp.mozilla.org has moved to http://archive.mozilla.org“
but it’s not true because http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/40.0/win32-EME-free/ works – so they must have not moved. why would they lay in the readme?
Well they tried locking the ftp and http distribution down, but they kept the file name convention the same so, the download for the final release, pending “quality” is:
Can I the German Release of EME Free ?
“Note that this happens only on third-party sites offering Firefox add-ons as all add-ons hosted on Mozilla AMO are signed.
Mozilla plans to block the installation of unsigned add-ons starting with version 41 oi stable and beta channels of Firefox.”
I’ve been worried about this for some time already. Because, what you Martin state in the first sentence, is NOT true!
I’ve 15 addons in Firefox and 4 of them are NOT signed even if they are on AMO:
I remember that at least FireGestures was “signed” when Mozilla made that change in the first place, but the next update to that addon removed the “signed” status.
I don’t understand this situation at all. Now version 40 is out and already in version 41 not-signed addons are disabled though there’s a big mess with the system currently. Firefox is becoming a bigger and bigger mess each day and release.
uBlock Origin was signed starting version 0.9.8.1.1
Firegestures was signed starting version 220.127.116.11
Add-on Update Checker was signed starting version 2.9.1
S3.Google Translator was signed starting version 4.02.1
But I still don’t know if an add-on available on AMO which has been signed once remains implicitly signed for updated versions. If not, you are right, Pete.
Current version of uBlock Origin 1.x is not signed so no, they do not remain signed after updates. Maybe this is why they have hidden the version numbers in add-on manager?
@firmaa, “Current version of uBlock Origin 1.x is not signed” as you state it, or is it not rather is not stated on AMO as signed? Your deduction if based on an add-on explicitly mentioned as signed on AMO seems to me hazardous, otherwise please explain your assertion.
This is why I’d wish to know if an add-on available on AMO which has been signed once remains implicitly signed. My belief is that it is.
“How do I get my add-ons signed if they are hosted on AMO?
No action is required. We automatically signed reviewed versions of all add-ons currently hosted on AMO. All new versions will be signed automatically after they pass review.”
Source : https://wiki.mozilla.org/Addons/Extension_Signing
Therefor I believe that an add-on available once reviewed on AMO is signed be it mentioned or not.
Your speaking manner is so funny. Are you running everything you type through some synonym replacement tool?
As for your question – go install ublock origin in latest nightly with signature enforcement on and see for yourself.
Is that the latest ublock Origin from Mozilla AMO?
firmaa, uBlock Origin latest nightlies are not on AMO when I was referring to reviewed add-ons on AMO which would not be stated explicitly as signed. Do you know what precision means?
If you took the time to read carefully and to carry your comments clearly rather than spending your times on a comment’s rhetoric you wouldn’t appear to be as ridiculous as a tiny big shot : cool!
By the way, uBlock Origin over on its GitHub page hasn’t nighty available at this time….
Yeah, just checked amo and signed. You right. As for speaking manor I was genuinely curious, not belittling or something.
English is not my mother-tongue so I try to be precise in my comments, not zealous. As for synonyms, French language makes it a habit to avoid them (except in technical/medical domains) when English less, or not. So I keep the habit tied to my mother-tongue…
No problem. The main thing is to understand and be understood.
Just download the ublock origin 18.104.22.168 xpi file from A.M.O. and unpack it: inside there is the META-INF folder, so I think that the addon is signed.
I think Mozilla added “-signed” in the extension name only the first time… quite confusing.
“I think Mozilla added “-signed” in the extension name only the first time… quite confusing”
I’m assuming the same until I’d have evidence that this is not the case.
Have they fixed WebRTC yet or are they still ignoring it?
What’s wrong with webrtc?
WebRTC leaks IP over VPN / Tor
Test & Info: https://www.privacytools.io/webrtc.html
How to disable: https://www.privacytools.io/#webrtc
But is this firefox problem or webrtc problem? I think this is a problem with the standard.
As I understand it it’s in the very nature of WebRTC to allow IP peeking, as it is with the Flash Player unless the user modifies (adds) a line to Flash’s mms.cfg file …
For users of the excellent uBlock Origin add-on there is the option to have WebRTC remain silent about the user’s IP (Prevent WebRTC from leaking local IP addresses in its Settings panel). I know there is also a WebRTC dedicated add-on for the same purpose (or perhaps more than one) but forgot the name(s).
Right. Either you allow sites to know you’re on 192.168.0.4 or you turn it off. Does anyone need it for anything anyway?
HAL: I’m coming for you Dave .. 192.168.0.4
It’s a problem for the vast populace of defaultaria, recently exploited by an ad network on newyorktimes (and a whole handful of other popular sites). Firefox refuses to protect the land of defaultaria against this for some reason, by even requiring a simple click through.
I saw the Blockulicious add-on in the screenshot above. Do you use or recommend Blockulicious?
I’m wondering about the performance hit, and also about the privacy implications of allowing the add-on to check every site visited, if you have any info.
Hy, I have installed it on a test profile, I’m not using it on main profiles. I did not notice any performance issues during initial tests but did not have time for a thorough analysis yet.
The new addon manager is ugly as hell. What a waste of space. I would consider this a mode for people with really poor eye-sight. Or a touchscreen mode for people with large fingers.
It’s to unify a “look” across devices and within the browser. inContent options is the same. What was once a modal popup window (not a fan of modal here) that was small and compact, now fills my browser window and I have to scroll. Ludicrous. Big fonts, big spaces. Big buttons. I’m sure everything will become inContent – bookmarks, downloads, history, about Firefox
It’s all about touch and fat piggy fingers: “to change the option you are calling, please mash the screen with your palm, NOW” – Simpsons.
I for one do not want my desktop to look like a giant zoomed in godamn smart phone.
It’s insane. I am currently using an extension plus some custom CSS that allows me to see 20 addons at the same time at a screen size of 1280×1024. And still everything is well readable and of a reasonable size (with version numbers and the descriptions). Anyway, it can get worse, when I started to install extensions for Opera…. holy crap, but Mozilla is on a “good way” to get to that point :D
Particularly bad for those who have a lot of Extensions, scripts and styles. Another thing to fix for Aris.
@Sven – I’m using Slim Addons extension and that’s it (I used to have a user style (stylish) for it as well, I think). I’m on a 1080p screen, but do not maximize my browser – I probably have 850px display in height, and I get 18 extensions displayed per scroll (out of 72). It would be nice if NoSquint would remember individual about: pages *sigh*
I don’t know which addon I have in Firefox, maybe it is none, cause I use it just for testing. I am currently on Pale Moon using Slim Addons Manager with my own tweaks, so this is an SEP (somebody else’s problem). But this change is going the opposite direction, it reduces usability (the ability to see a lot of addons, scripts, styles on one page) for the sake of… empty space, and empty space is useless space.
they see empty space as beautifull. they tell us to use add-ons if we don’t like the current version so we use them and then they break and we wait for a fix and then they are abandoned by the developer and then in a year from now we switch to chrome becouse firefox has even less preference options.
Firefox 40: Firefox warns about signatures but doesn’t enforce them.
Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled (xpinstall.signatures.required in about:config).
Firefox 42: Release and Beta versions of Firefox will not allow unsigned extensions to be installed, with no override.
If implemented on ESR, the first version to support signing would be Firefox ESR 45. The current plan is to have ESR work like 40, with a preference that can turn no enforcement, but that may change in the future.
Baaah, I rather just turn it off. I understand their reasoning, but I just don’t like this walled garden non-sense.
Also do anyone know an addon or a stylesheet fix, to get addon version numbers back in about:addons, without having to click on each one at a time? Preferably something that isn’t too heavy on the memory.
I too understand the benefits and the risk mitigation to firefox’s reputation if an addon goes rogue.
BUT.. I don’t like being plugged into mozilla servers, they are collecting and possibly storing more and more information on users.
Currently, firefox sends info about which addons are installed and about browser start-up times etc. I’m not thrilled about mozilla being able to track my browser use. You can however block update checking etc through mozilla it at the moment.
Soon, this will be enforced and it will require even more effort (switching to unbranded and hunting down the prefs) to avoid :(
Try https://addons.mozilla.org/mk/firefox/addon/amversionnumber/ – it regains the numbers well.
If you happen to use the Classic Theme Restorer add-on there is an option in General UI (1) to show the add-ons version number (last option of that section).
good tip. Thanks!
browser.devedition.theme.enabled preference is gone from about:config. Good bye developer edition theme in the stable version.
“Graphic blocklist mechanism”
What is this?
See here: https://wiki.mozilla.org/Blocklisting/Blocked_Graphics_Drivers
Here’s the Fix for the Add-on Manager: https://userstyles.org/styles/114026/firefox-40-better-add-on-manager-mikhoul-vers
Si c’est Dieu qui le dit ce doit Ãªtre du bon.
If Dieu says it, must be good. (Dieu in French means God).
Thanks, dieu :)
There are several css handling the Addons Manager layout, this one at first view seems nice.
That screen is brought up in response to what?
To removing the version number in the add-ons manager
Sigh. What does one do to get that screen? You know, mouse clicks and all that.
@Dieu. Will the Fix for the Add-on Manager bring it back to the old style? Thanks
Yes and moreover it will be better than before !
Just gave Firefox Light 40 a spin. Very glad I did – all the new stuff but without the bloat. There’s a 64-bit version and it’s natively portable!
I noticed two new files/folders created with Firefox 40. Are these safe or related to more intrusive privacy invasions and ads that Mozilla seems to be about now?
A frequencyCap.json file in the local Firefox profile folder.
A permanent Chrome metadata and idb folder in the roaming Firefox folder.
None of the files/folders you mention appear after equivalent Cyberfox 40 install/usage — Maybe related to an add-on or rather to Firefox’s new about-newtab process?
Did updating to 40 break anyone else’s Dark Theme setting? I loved the Dark Theme. Is it gone now?
gone forever – they say to use dev build. they must like broken websites on pre-beta
I have ghacks added on whitelist in ublock but the ads do not display if the tracking protection from about:config is on. Just wanted to let know if someone didn’t before. Good sites are worth enabling ads.
The ad just told me to use opera. Funny becouse firefox broke so much in this release.
I donÂ´t know what Mozilla has done to Firefox, but this is the most stable version yet… IÂ´ve always experienced crashes in Firefox, which has led me to uninstalling various plugins (i.e Flash, Silverlight etc.), and also extensions, all to no avail, but this version has been up and running now for 24 hours+, with both Flash and also Silverlight enabled, as well as some extensions (TabMix Plus, Adblock Plus, Chatzilla and a dozen other)
Thank You Mozilla!
Is it still possible to put homepage as a new tab page? Or they removed that option?
As I’ve understood it it’s only with Firefox 41 (and higher) that it will no longer be possible to customize the page shown in a new tab via changing the preference browser.newtab.url in about.config. New add-ons already handle this coming limitation such as New Tab Override, not required yet for Firefox 40.x users therefor.
I use about:home as about:newtab and settings I’ve provided in my user.js file still work correctly with latest Firefox (Cyberfox here) version 40.0.2 :
/* NEW TAB PAGE */
Indeed, I installed Firefox 41.0b1 and I cannot define about:home as new tab page, at least not without add-ons.
So, now we need add-ons even for this.
Yeps, Petar. Looks like browser/OSs users are starting to get squeezed from everywhere. And there’s more to come. But let’s remember that it’s for our good, for our safety. If we want them to handle our security we’ll have to be less restrained about our privacy (!!!). But we don’t all want that, do we?! LOL.
I donâ€™t get it. Why do I have to have installed by default Pocket and similar stuff that I do not use and they keep adding that crap, but on the other side they are removing options that are actually useful and functional!?
That’s the way hipster USC* developers think. Sadly, most consumer facing software companies are infested with these people.
BTW FF 40.0 is broken in some wierd way, I can no longer see the ‘comment’ data entry fields on distrowatch. Starting in safe mode doesn’t fix the problem. Other browsers work fine. Grrrrr …….
* With EXTREME APOLOGIES to the fine University of Southern California, I have hijacked their school acronym to use for Unsupervised Spoiled Children, the dominant kind of dev we have now that changes things Just For Changes Sake.
Mozilla disabled the asynchronous plugin initialization via hotfix add-on a few days ago.