Firefox 48 Stable will be released on August 2, 2016 according to the Firefox release schedule. Firefox 48 is a major release that makes add-on signing mandatory on Stable and Beta versions of the browser, and introduces multi-process functionality to the first batch of users (who don't run any add-ons).
Firefox 47.0.1 and earlier versions can be updated to Firefox 48. Additionally, updates for Firefox Beta, Developer, Nightly and Firefox ESR are released on August 2, 2016 as well.
Firefox Beta is updated to 49.0, Firefox Developer to 50.0, Firefox Nightly to 51.0, and Firefox ESR to 45.3.
The majority of Firefox users will receive 48 via the browser's update mechanics. Firefox supports automatic updates but may also be configured for manual checks or no checks at all.
Please note that the new version is released on August 2, 2016, and that it may not be available at the time of publication of this review.
You may check for updates by tapping on the Alt-key on the keyboard, and selecting Help > About Firefox from the menu. This runs a manual check for updates, and displays the current version and channel.
If Firefox is configured to download and install updates automatically, that is what is going to happen if the update is picked up. If not, you get options to download and install it manually instead.
You may download all editions of Firefox using the links below instead.
Add-on signing enforcement
Firefox Stable and Beta users may no longer disable add-on signing in their versions of the browser. This blocks them from installing unsigned add-ons in Firefox. Unsigned add-ons are all add-ons that have not been submitted to Mozilla for signing.
Firefox displays "This add-on could not be installed because it has not been verified" when you try to install an unsigned add-on in Stable or Beta versions of the browser.
This means that it is no longer possible to install add-ons from third-party sources in Firefox, or old add-ons, if they have not been signed.
There is no way around this other than switching to another Firefox channel that still offers a switch to turn the functionality off.
Firefox Developer, Nightly, ESR and unbranded builds fall in that category.
Multi-process Firefox roll out
The second major change is the roll out of multi-process Firefox. The feature separates content which, according to Mozilla, improves the browser's stability, performance and security.
About 1% of users who have not installed a single add-on in Firefox will get it in the beginning. Mozilla plans to increase the figure over time.
Load about:support and check the "multiprocess windows" value to find out whether it is enabled in the browser.
Check out our Firefox multi-process overview for additional details.
Firefox 48 ships with several changes designed to protect users better against unwanted or outright malicious downloads.
First of all, Firefox 48's Safe Browsing implementation supports the two new categories potentially unwanted software and uncommon downloads.
The first warns Firefox users when they download executable files that may contain adware, the second when a file is not very popular.
The change goes hand in hand with user interface changes. The download icon, displayed by default in the main Firefox toolbar, displays malicious downloads with a red exclamation mark, and potentially unwanted programs or uncommon applications with a yellow exclamation mark.
That's not all though. When you click on the download icon to display the last downloads, the default action for each download may either be open or remove.
For potentially unwanted downloads and uncommon downloads, open is the default action indicated by a folder icon. For file downloads identified as malicious it is remove and indicated by an x-icon.
Downloaded files are not opened or removed right away though. Firefox displays prompts that explain the risks of opening the file or allowing the download.
The following three screenshots show the prompts for potentially unwanted, uncommon and malicious downloads in that order.
Experienced users may override any of the prompts or warnings by right-clicking on files and selecting the "allow download" option. This is useful if a download is marked as problematic erroneously.
Firefox users find more control over the download protection functionality under Security in the preferences.
The new "block dangerous and deceptive content" preference is listed on about:preferences#security. You may turn the feature off completely there, or turn if off for dangerous downloads, or unwanted or uncommon downloads separately.
Note: You may notice that the options to "block reported attack sites" and "block reported web forgeries" are no longer provided. While I have no confirmation yet, it appears that "block dangerous and deceptive content" fills that role now.
Experienced users may control safe browsing on about:config or in a user.js file just like before:
All Safe Browsing preferences are listed on the Mozilla Wiki.
Temporary Add-on Reloading
Add-on developers and users may load temporary add-ons in Firefox using the about:debugging page. This can be useful for add-on testing during development, or testing an add-on without installing it permanently in the browser.
Any change made to a temporary loaded add-on required the browser to be restarted. This changes with Firefox 48, as it is now possible to reload extension that are temporarily loaded. (Bug 1246030)
Firefox 48 ships with a new Developer theme. Besides dark and light variants, it is now also possible to load the Firebug theme which resembles the popular Firefox developer add-on.
Firebug functionality is or will be integrated in Firefox natively, and the add-on itself won't receive any more updates because of it.
Other Developer changes
Check the resources section at the bottom of the article for links to full Developer change logs.
To make Firefox the default on Android 6 Marshmallow and higher, do the following:
The previous process which is still valid for older Android versions required a lengthy process detailed here.
Other Firefox 48 for Android changes
Firefox 48.0.1 was released on August 18, 2016. It is a bug fix release that resolves the following issues:
Mozilla released Firefox 48.0.2 on August 24, 2016. It fixes a startup crash issue caused by Wensense on Windows only.
Security updates and fixes are announced after the release of Firefox 48. This guide will be updated when that happens.
2016-84 Information disclosure through Resource Timing API during page navigation
2016-83 Spoofing attack through text injection into internal error pages
2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
2016-81 Information disclosure and local file manipulation through drag and drop
2016-80 Same-origin policy violation using local HTML file and saved shortcut file
2016-79 Use-after-free when applying SVG effects
2016-78 Type confusion in display transformation
2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
2016-76 Scripts on marquee tag can execute in sandboxed iframes
2016-75 Integer overflow in WebSockets during data buffering
2016-74 Form input type change from password to text can store plain text password in session restore file
2016-73 Use-after-free in service workers with nested sync events
2016-72 Use-after-free in DTLS during WebRTC session shutdown
2016-70 Use-after-free when using alt key and toplevel menus
2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
2016-68 Out-of-bounds read during XML parsing in Expat library
2016-67 Stack underflow during 2D graphics rendering
2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
2016-65 Cairo rendering crash due to memory allocation issue with FFMpeg 0.10
2016-64 Buffer overflow rendering SVG with bidirectional content
2016-63 Favicon network connection can persist when page is closed
2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Now You: Which feature or change are you the most excited about? Did we miss a new feature or change? Let us know in the comments.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.