Firefox 52.0 released: find out what is new
Mozilla Firefox 52.0 Stable was released on March 7, 2017 to the public through the web browser's automatic update functionality, and on Mozilla's website.
Note: Firefox 52.0 is being rolled out on March 7, 2017. The release is already on Mozilla's FTP server, but may not be yet available through automatic updating. All Firefox users and interested Internet users will have access to the release at the end of the day.
The new version of Firefox is a major release for several reasons. First, it is the first release that does away with NPAPI plugin support. Second, it marks the beginning of a new Firefox Extended Support Release (ESR) cycle.
Mozilla updates all Firefox channels on the same day when a new major stable version is released. This means that Firefox Beta is updated to Beta 53.0, Firefox Aurora to Aurora 54.0, and Firefox Nightly to Nightly 55.0. Additionally, Firefox ESR 52.0 is available (and so is Firefox ESR 45.8).
- Firefox 52.0 is the new stable version of the web browser.
- The new version does not support NPAPI plugins anymore, apart from Adobe Flash. So, no Silverlight, Java, Google Hangouts and other plugin support anymore.
- Firefox ESR 52.0 is the new Extended Support Release version. You may enable NPAPI plugin support in it.
- Windows XP and Vista users are automatically migrated to Firefox 52.0 ESR during update. Firefox 53.0 won't run on XP or Vista machines anymore.
Firefox 52.0 download and update
Mozilla Firefox 52.0 is available on Mozilla's public FTP server. The update will be made available today through the browser's automatic update feature, and also on the Mozilla website.
You can run manual check for updates in the following way in Firefox:
- Open Firefox if it is not open already.
- Tap on the Alt-key on your computer keybard, and select Help > About Firefox.
This displays the current version and channel of the browser. An update check is performed in the background, and new versions that are found during the check are either downloaded and installed automatically, or on user request.
The latest Firefox versions can be downloaded by following the links below as well:
- Firefox Stable download
- Firefox Beta download
- Firefox Developer download
- Nightly download
- Firefox ESR download
- Firefox unbranded builds information
Firefox 52.0 Changes
Non-Secure warnings for HTTP login pages
Firefox warns you with a security prompt when a page with a login form uses HTTP.Â The browser displays a small notification underneath the login prompt when you activate it if HTTP is used on the page to submit the data.
Also, autofill disabled on these pages.
It reads: Logins entered here could be compromised. Learn more.
Strict Secure Cookies specification implemented
The Strict Secure Cookies specification has been implemented. It prevents insecure (read HTTP) sites from setting cookies with the secure flag. It prevents HTTP sites from overwriting cookies set by HTTPS sites with the secure flag.
You find the draft here.
Firefox 52.0 ESR
Firefox 52.0 ESR marks the beginning of a new extended support release cycle. This release is important for a number of reasons:
- It is the only version of Firefox going forward that supports NPAPI plugins other than Adobe Flash. To enable support for other plugins, set plugin.load_flash_only to false on about:config.
- It is the last version of Firefox going forward that supports Windows XP and Windows Vista. While Firefox 52.0 will install fine on machines running those operating systems, Firefox 53.0 will fail to run.
- You may still disable the signature enforcement for add-on installations. Set xpinstall.signatures.required to false for that.
Other Firefox 52.0 changes
- Added support for WebAssembly.
- Added automatic captive portal detection which should improve access to WiFi hotspots. "When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab".
- Adobe Primetime CDM is removed.
- A warning is displayed when when SHA-1 certificates are encountered that chain up a root certificate. Users may still override the warning.
- Improved text input for third-party keyboards on Windows. According to Mozilla, this fixes several keyboard issues such as chained dead keys and dead key sequences.
- Multi-process Firefox is now available on Windows systems with touch screens.
- Option to expose only whitelisted fonts to websites and services.
- Removed support for the Battery Status API for privacy.
- Sync enables Firefox users to send and open tabs from one device to another.
- When Direct2D is not used on Windows, Skia is used instead for content rendering.
- The Responsive Design Mode of the Developer Tools has been revamped completely.
- CSS Grids highlighter in the Page Inspector module.
- New CSS features implemented. See developer notes linked at the bottom for details.
- Page Inspector: easier element highlighting, and display of whitespace-only text nodes.
- Referrer-Policy supports same-origin, strict-origin, and strict-origin-when-cross-origin directives.
- Rel="noopener" link type has been implemented.
- Selection API shipped.
- Service Worker State shown on about:debugging now.
- Several Firefox OS APIs removed.
- WebExtensions APIs: sessions, topSites, omnibox shipped.
Firefox 52.0 for Android
Many features that landed in Firefox on the desktop landed in Firefox for Android as well. The following changes are Android specific.
- The apk file size of the Firefox browser has been reduced by more than 5 Megabyte. This should improve download speed and installation time.
- Media controls are displayed in the Android notification area to pause and resume media playback.
Security updates / fixes
Mozilla reveals security updates after the final release. We will update the listing with information once Mozilla publishes it.
- CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
- CVE-2017-5401: Memory Corruption when handling ErrorResult
- CVE-2017-5402: Use-after-free working with events in FontFace objects
- CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
- CVE-2017-5404: Use-after-free working with ranges in selections
- CVE-2017-5406: Segmentation fault in Skia with canvas operations
- CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
- CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
- CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
- CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
- CVE-2017-5412: Buffer overflow read in SVG filters
- CVE-2017-5413: Segmentation fault during bidirectional operations
- CVE-2017-5414: File picker can choose incorrect default directory
- CVE-2017-5415: Addressbar spoofing through blob URL
- CVE-2017-5416: Null dereference crash in HttpChannel
- CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
- CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
- CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
- CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
- CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
- CVE-2017-5419: Repeated authentication prompts lead to DOS attack
- CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
- CVE-2017-5421: Print preview spoofing
- CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
- CVE-2017-5399: Memory safety bugs fixed in Firefox 52
- CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
Firefox ESR 45.8 security fixes are here.
Firefox 52.0.1 was released on March 17th, 2017 to the release channel. It includes a security fix that was reported to Mozilla through the Pwn2Own contest.
Firefox 52.0.2 was released on March 28, 2017. The new release fixes four issues, including a crash on startup issue on Linux, a loading tab icons on session restore issue, and another issue where new installs would not prompt users to change the default web browser on the system.
Additional information / sources
- Firefox 52 release notes
- Firefox 52.0.1 release notes
- Firefox 52.0.2 release notes
- Firefox 52 Android release notes
- Add-on compatibility for Firefox 52
- Firefox 52 for developers
- Site compatibility for Firefox 52
- Firefox Security Advisories
- Firefox Release Schedule
Now Read: The state of Mozilla Firefox
Firefox dropping support for pre-7 windows versions.Chrome already did.So what’s left?
Any recommendations to replace Firefox?
Well, you can still use Firefox 45 ESR. Firefox 45.8 ESR was released today and a Firefox 45.9 ESR is going to be released the day Firefox 53 hits. Pale Moon is not an option anymore since Pale Moon 27.0 dropped Windows XP support as well. So realistically you will be left behind in the dust. However, Windows XP is almost 16 years old at this point! You really shouldn’t be surprised that no browser supports it anymore. If you so desperately need XP then grab a Windows 7 Professional license for 15 bucks on EBAY which provides a Windows XP mode (virtual machine, equals Windows XP SP3). Knowing that there is no justification for using XP anymore. It has an extremely high number of security flaws by now and no browser in this world is going to fix that.
Part II: When Firefox 54 hits your Firefox 45.9 ESR installation would automatically be updated to Firefox 52.2 ESR. Firefox 52 ESR will receive support until Firefox 61 is released (mid 2018). At this point Windows XP will have received 17 years of support on Mozilla’s part. Are you really asking for more, Tina Riddley?
“A Windows 7 Professional license for 15 bucks on EBAY” ? A legit license ? Which won’t blow up at you at some point in the future ? This individual would be interested.
@Clairvaux: Yeah, you can get a legit OEM license (The license key worked flawlessly for me, so it pretty much seems to be official, right?) for 15 bucks, sometimes even less. This guy for example: http://www.ebay.com/itm/Genuine-Windows-7-Professional-32-64bit-Full-Version-License-Key-/172466039235?hash=item2827c6e9c3:g:EGAAAOSwLEtYjwoW
He has sold nearly 2000 of them and has a 99.4% positive rating. Get the ISO from Microsoft, install it and then use the key you got there. That’s pretty much it. I give no guarantee, though. However, it seemed to work extremely well for a great many people. Read the description of the article for more info.
You can also use 52 ESR. They purposefully made 52 ESR the latest version to support Windows Vista and older. So these OSes will be supported for another year and some months on the ESR branch.
By the way, I remember now how some of those prices are possible (read it here ? elsewhere ? don’t remember). Get a large number of stolen credit card numbers. Buy legitimate Windows licences with them. Resell them at ridiculously low prices. Make a nice profit. May involve several cascading “partners” between the actual theft and the Windows sale.
SeaMonkey 2.49 will be the last version supporting Windows XP/Server 2003 and Vista/Server 2008. They are currently on 2.46.
Since SeaMonkey 2.49 will be based on Firefox 52 ESR he will get the same time of support when he uses either. To be honest, SeaMonkey is a sinking boat right now. They don’t have the manpower to port their application on new Gecko engines going forward since the workload this port would require (if even feasible) most likely can’t be stemmed by the current team.
K-Meleon is abandonware. Even the semi-current Firefox 45 ESR (uses Gecko 45) is more modern than K-Meleon 75 (uses Gecko 38).
With an OS so out of date and without support for years, why does it matter if the browser stops being supported starting next version?
Firefox uber alles
the diary of firefox on ghacks.com
I sincerely hope the deadline for legacy add-ons gets pushed back to Firefox 60. I would really like to see another ESR cycle (Firefox 59 ESR) maintaining support for them. Alternatively someone else might step up and fork Firefox. Pale Moon is really missing a great chance by clinging to their Pre-Australis interface. If they would continue where Mozilla left off (Firefox 56), including all the features Firefox provided at this point, they could grow their userbase exponentially. The way they are doing it currently is not going to work since many add-ons will require modifications to operate correctly in Pale Moon. I wish somebody would come up with a browser that makes transition from Firefox 56 as easy as possible. Pale Moon is not that browser. Sadly, the guys over there are desperately missing out on a great opportunity.
I’m curious to see what Cyberfox does about legacy add-ons as Cyberfox 52 Beta 3 has a switch in the settings to turn NPAPI plugins back on.
@Sinon: Sorry to say that, but Cyberfox is nearly dead. Read this write-up by Cyberfox’ developer: https://8pecxstudios.com/Forums/viewtopic.php?f=6&t=1756
I have just finished this article: https://www.ghacks.net/2017/03/07/cyberfox-proclaims-death-of-web-browser/
Right now the Firefox ESR version download page provides only the old 45.7 version. Looks like the new 52.0 ESR is not yet available.
I seriously consider moving to this ESR version (as soon as it’s there) because it looks like a great way to fend off (at least for a while) Mozilla’s continuing offensive towards an ever more closed, user-unfriendly browser setup.
@Appster: you’re right, the Pale Moon people are missing a great chance here to attract current Firefox users. They could (if they would) fairly easily restore full compatibility with Firefox add-ons, and once they get that greater number of users, they might perhaps attract some of the current Firefox add-on developers too.
Problem is, they’re caught between the devil and the deep blue sea… For if they would really do this, it would immediately cause a giant uproar among the hardcore Pale Moon supporters, many of whom are totally faithful to their ancient UI and abhor anything Australis-like. In other words, while attracting those new users from the Firefox camp, Pale Moon might then at the same time lose many of their core activists, the people who were essential in keeping PM afloat so far.
I fear there is no easy way to solve this dilemma :-(
You can get Firefox 52 ESR here under “52.0esr/”: https://ftp.mozilla.org/pub/firefox/releases/
As for Pale Moon: Yeah, that’s pretty much the situation right now. Clinging to their UI will prevent them from growing after the demise of Firefox as we knew it. Don’t get me wrong, though. I really hate Australis for several reasons: You can’t move all elements around freely, the tabs are not clearly distinguishable, the Back/Forward buttons are hard-linked to the address bar and so on… However, I was able to restore the previous behavior/look thanks to Classic Theme Restorer. The Cyberfox developer actually came up with the smartest solution, as he has just included CTR by default. Cyberfox gives you the option to choose between Australis and the old UI without losing add-on compatibility. Pale Moon did port the old UI natively at the expense of add-on compatibility. I use CTR as a fix, but this fix won’t work in Firefox 57+. So I could migrate to Pale Moon, thereby losing some of my add-ons (though not all, contrary to Firefox). To be honest I would just like to see Firefox 56 forked and be done with it.
Australis theme was a first Firefox mistake as it pushed it to closer look of Chrome UI.
It removed many abilities to customise interface as it was before without using addons. I wonder now why didn’t I ever switch to Seamonkey as they kept UI as it used to be on Firefox and I guess they didn’t remove features like Firefox did.
Seamonkey is what Firefox used to be before they started to remove features and preferences one by one.
WIthout XUL, Firefox becomes nothing than a little bit more customisable Chrome.
I’m sticking with Firefox 45 ESR until end of life in June, then I might update to 52 ESR.
Agree i just updated my ESR 45.7.0 to version .8 right now. So like you, I will be holding out untill i get some more details but will make the jump to 52 ESR in the next few weeks.
i’m fine with ESR 52, after this some addons stopped working. again.
Hi all! I just added Firefox 52 to Browserling. You can try this latest Firefox version without installing right from your browser via this link:
We run the browsers in virtual machines and stream them to your browser. If the demand is too high then you’ll have to wait in a queue for a while to try it. I’m adding more virtual machines right now to let more people try it without waiting.
Unfortunately, my primary bank (a very large credit union) requires the Java Runtime Environment in order to make on-line deposits. So, now having updated to FF 52.0, I shall download ESR 52.0 and over-install it; my only other option is to use IE 11 (Win 7 Pro x64), which is not particularly appealing. Oh, well… .
Give a try with Seamonkey : http://www.seamonkey-project.org/
Thanks for your suggestion, karlo2105.
I’ve looked at SeaMonkey many times over the past several years (one attraction is its built-in email client, though I know very little about its functionality), but have never installed it.
For a Firefox fork, Cyberfox (with its built-in Classic Theme option) is also a contender (though it is unclear how add-ons will be treated after FF migrates to the WebExtension format).
Perhaps it’s now time to give SeaMonkey some serious consideration.
I do not find that Firefox 52.0 stable is any faster than Firefox 51.0 stable.
Firefox on Win XP, needs Silverlight to watch Netflix.
If the XP user upgraded to the regular version 52 on their own, and don’t know about the NPAPI plug-in changes, their Netflix won’t work.
If I read the above correctly, XP users should go to the 52 ESR version instead (or wait until it is automatically offered to them). ESR 52 supports Silverlight, but regular version 52 does not.
The other big question is whether those users will know how to use about:config to re-enable NPAPI plug-in support.
I’d say there are or will be, a lot of unhappy Netflix users on XP and Firefox.
Mozilla should allow Silverlight, and not just Flash, to keep working “out of the box”.