Firefox 58.0 release overview
Mozilla plans to release Firefox 58.0 to the stable channel on January 23, 2018. It is the first major update for Firefox's stable channel of 2018. Firefox 58.0 follows Firefox 57.0 which introduced major changes to the browser.
Our overview offers detailed information on new features, improvements and changes in Firefox 58.0.
Note: The user profiles created with Firefox 58 are not compatible with earlier versions of the Firefox web browser. If you want to retain the option to downgrade Firefox to a previous version, create a new profile for that version.
Executive Summary
- Firefox 58 user profiles are not compatible with older versions of Firefox.
- Firefox 58 features performance improvements, new WebExtensions API, and other improvements.
Firefox 58.0 download and update
Mozilla plans to release Firefox 58.0 to the release channel on January 23, 2018. Firefox users can run manual checks for updates on the day to install the new Firefox release automatically in the browser.
Select Menu > Help > About Firefox to run a manual check for Firefox updates.
Direct download links for Firefox installation files.
- Firefox Stable download
- Firefox Beta download
- Nightly download
- Firefox ESR download
- Firefox unbranded builds information
Firefox 58.0 Changes
Performance improvements
Mozilla engineers made several performance enhancing improvements to Firefox 58. Off-Main-Thread Painting moves rasterization to its own thread to improve the page rendering performance.
I reviewed Off-Main-Thread painting in Firefox in December when it was revealed in Firefox Nightly. Mozilla noted back then that the feature improved FPS benchmarks by up to 30% in Firefox 58 when compared to Firefox 57.
JavaScript Startup Bytecode Cache reduces the time between the "start of navigation" and when the "onload event for each website is fired". Mozilla noted in December 2017 that Firefox with JavaScript Startup Bytecode Cache enabled loads pages "on average 43ms faster".
Also, WebAssembly Performance improvements.
Tab page, Homepage and Search Engine overrides
WebExtension capabilities improve with every new release. Mozilla wants to make sure that Firefox users are aware of some of the changes that extensions made in the browser.
That's why Firefox highlights when extensions changed the Tab page, Homepage or default Search engine in the Preferences.
If an extension changed one of the default or user set values, it is highlighted by Firefox. Even better, the name of the extension is listed so that you know right away which extension is responsible, and there is a "disable extension" button to disable it right away from the preferences page you are on.
WebExtensions API changes
Development of the WebExtensions-based add-on system is an ongoing process. A first initial set of APIs launched in Firefox 57 but work on improving those APIs and adding new APIs continued.
Firefox 58 features several API improvements. The Theme API supports new features to give theme creators more options and customization options.
Reader Mode, a feature of Firefox that converts articles on the Web into a format that improves readability, is now available via an API.
Firefox 58 features other improvements, including improvements to the webRequest API and a new option for extensions to change the default saerch engine. Mozilla added a prompt to prevent extensions from changing the search engine silently in the background.
Other Firefox 58.0 changes
- Firefox Screenshots improvements: screenshots can be copied and pasted directly to the Clipboard, and it works in Private Browsing mode as well.
- Credit Card Autofill support. You control the feature under Forms & Passwords on about:preferences#privacy. Note that this is rolled out gradually and may not be visible on your end yet.
- Nepali ne-NP locale added.
- Fixed a blank font issue if fonts for fonts installed in non-standard directories on Linux.
- Warning to inform users and site owners about Mozilla's gradual distrust plan for Symantec certificate authority.
- Blocks top-level data URL navigation.
Firefox 58.0 Issues
Firefox 58.0 has two known unresolved issues that Mozilla hopes to address in future releases.
- Audio playback may be disabled on Firefox for Windows over Remote Desktop Connection sessions. You can mitigate the issue by loading about:config?filter=security.sandbox.content.level and setting the value to 2.
- Users who run screen readers may run into performance issues. Mozilla suggest that users use Firefox ESR until the issue is fixed.
Developer Changes
- PerformanceNavigationTiming API implemented. It is controlled by the preference dom.enable_performance_navigation_timing (default true)
- Implemented PerformanceResourceTiming.workerStart to give sites options to measure the Service Worker start performance.
Firefox 58.0 for Android
One of the main new features of Firefox 58 for Android is support for runtime permission request prompts. Extensions that you install in Firefox on Android display permission requirements during installation.
If an installation requires additional permissions during runtime, a prompt is displayed to the user to accept or deny these permissions.
Other changes include:
- Support for Progressive Web Apps.
- Performance improvements thanks to JavaScript Startup Bytecode Cache.
- Option added to Sync only over non-metered connections.
- Bengali bn-BD and Nepali ne-NP added.
- Full screen bookmark management with folder support.
- Support for FLAC playback.
- Added ability to change the status bar color in themes.
- Removed Firefox Search widget from home screen.
- Safe Browsing protocol updated to version 4.
Security updates / fixes
Fixes are announced after the release of Firefox. We update the article once Mozilla publishes them.
You can access the list of security vulnerabilities fixed in Firefox 58 here.
If you use Firefox EST 52.6, check out the list of fixed security issues here.
Additional information / sources
- Firefox 58 release notes
- Firefox 58 Android release notes
- Add-on compatibility for Firefox 58
- Firefox 58 for Developers
- Site compatibility for Firefox 58
- Firefox Security Advisories
- Firefox Release Schedule
FF58 Blocked by Webroot
FYI People, if your using Webroot Secure Anywhere you need to do some tweaking to get FF58 working.
Open your Webroot CP and click on the gear by “Identity Protection”.
Click on the “Application Protection” tab.
Firefox.exe should be in the list, set it to “allow” instead of “protect”.
I’m not sure at this point which program is at fault. I personally would suspect FF is trying to “extract personal information with my consent”, and Webroot is doing exactly what it is supposed to, but that’s just my personal and biased opinion.
The Mac version is still heavy on my battery, unfortunately. Not much of a difference compared to FF57… Pffff.
Hi all. Could someone recap all the steps to “create a new profile for that version”. The 2011 guide linked in the article explains how to create new profiles but doesn’t say much about installing several versions of Firefox.
I hoped the FF58 installer would give the option to pick a different Program folder or something but it just replaced my ESR installation. No option, no prompt. I had to do a system restore to roll back.
As a side note, I was appalled at the number of useful addons that got disabled in Quantum. I really can’t see myself using it as my default browser at this stage.
I have many different versions of firefox that I can use (most of them cannot be launched at the same time without using Sandboxie). I install the browser as portable installs using Sandboxie, and I create a custom user profile folder used by the specific firefox version I want to use.
I tell a certain firefox version to use a certain profile folder using a custom shortcut.
For some (older) versions of firefox you can copy and use the profile folder form an older version of firefox to the new firefox (still old version, pre-firefox 55) install folder – i.e. you copy the profile folder from another install to your current installation).
For newer version of firefox 55-57, 57 and above, you have to create new Profile folders and add working add-ons for the new versions of firefox.
So this are the steps:
Download, install inside Sandboxie, copy outside the Sandbox, copy/create custom Profile folder, update the shortcut for Profile folder, use firefox as portable version.
Details:
Download a certain firefox/waterfox/palemoon version.
Install it inside Sandboxie. You don’t need to launch it.
Copy the firefox.exe install directory – the default is “Mozilla Firefox†from the sandboxed folder to a location outside the Sandboxie folders, anywhere you want.
Don’t move it, copy the install folder instead, because firefox.exe will still be launched inside Sanboxie if you don’t restart the PC – it’s a weird Sandboxie behavior that temporarily remembers programs that were installed inside Sandboxie and moved outside the sandbox.
Create a shortcut for firefox.exe that points to the new Profile folder – i.e.
In the “Target:†box enter something like this:
“D:\Applications\Mozilla Firefox 54\firefox.exe†-profile “D:\Applications\Mozilla Firefox 54\Profiles\5ks593mp.defaultâ€
The folder 5ks593mp.default contains all the firefox preferences, for example the “prefs.js†file.
Create a firewall rule for the new firefox.exe if you need to.
Always use the new shortcut to launch the new version of firefox as a portable installation.
You can create as many Profile folders and accompanying shortcuts as you want.
If you don’t have a previous Profile folder, or if you need to create a new one, launch firefox from the console with the parameters, or create a shortcut with the parameter “ -profilemanager†for the Target:
e.g.:
“D:\Applications\Mozilla Firefox 54\firefox.exe†-profilemanager
or
“D:\Applications\Mozilla Firefox 54\firefox.exe†-p
Sometimes it’s a little tricky to get the folder location that you want – just play with the 2 settings from the wizard:
“Enter the new profile name:â€
and
“Choose Folder…â€
and click Finish;
Repeat the process of creating a custom Profile folder with new settings for the destination folder if you didn’t create the profile folder in the right location. It’s not very difficult.
“You can use -P, -p or -ProfileManager†– see:
https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
Good luck creating portable installs!
Laurent, if you can, use a portable version. If not, install the “other version” of Firefox in a separate directory but don’t run it right away. Use the parameter -p to launch it. This opens the profile manager. Create a new profile, name it accordingly, and use it to launch that version of Firefox.
Thanks Martin, I’ll try the portable version or maybe I’ll move to Waterfox as my default browser (which I intended to do at some point) and give up on ESR just to toy with Quantum.
As for the other option, the issue was as I said, that the installer (both regular and “Advanced” on Mozilla’s page) would not let me install firefox in another directory. It automatically overwrote the old version and immediately launched the browser.
Apparently, for a custom install, I needed to get the offline installer from the “Download in another language” page… Go figure.
Mozilla really isn’t about easy customization anymore and they made going back to a sane version as painful as possible (because it does screw up your profile if you don’t have a backup) :/
Try reading through these comments from FF57.
https://www.ghacks.net/2017/11/13/firefox-57-release-overview/#comment-4280898
Thanks, that seems pretty comprehensive. I’ll give it a try now that I’ve figured out the issue with their “streamlined” installer. Another FF55+ “improvement” I guess.
https://support.mozilla.org/en-US/kb/custom-installation-firefox-on-windows
What about..
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
showing up in “https://www.ssllabs.com/ssltest/?”
Cheers.
You can change a couple entries in about:config but it might break some sites.
security.ssl3.rsa_aes_128_sha=false
security.ssl3.rsa_aes_256_sha=false
I saw this in Chrome:
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK
I use a command line switch for 3DES but I’m not going to worry about the others yet. I don’t use
Chrome that much.
@ MARTIN:
“Note: The user profiles created with Firefox 58 are not compatible with earlier versions of the Firefox web browser. If you want to retain the option to downgrade Firefox to a previous version, create a new profile for that version.”
User profiles created with or loaded in Firefox 55 were already non-downgradable to earlier versions of Firefox. Is that what you meant to write, or are there now two non-downgradable classes of user profiles: (1) 55-57 to pre-55, and (2) 58+ to pre-58?
I took a look at the release notes, and there are indeed now two classes of non-downgradable profiles, so I now have *three* Firefox profiles: (1) pre-55, (2) 55-57, and (3) 58+. Pre-55 is for Firefox ESR (through ~June 2018), 55-57 is in case I have to install Firefox Quantum 57 for some reason, and 58+ is for the current version of Firefox Quantum. I had to rebuild my Firefox profile from scratch in order to use Classic Theme Restorer and it was tedious enough that I don’t want to have to do it again, so I prefer to copy and rename my profile folders prophylactically. (Thank you, Martin, for the timely heads-up.) And then I edit the profile listings in my Firefox profiles.ini file and edit my Firefox shortcuts’ properties to reference the appropriate profile names. And if I ever make one of my installed Firefoxes my default browser, I guess I might have to remember to make its profile the default Firefox profile, for when it gets launched without its shortcut’s profile switch. I’ll figure it out if and when the time comes.
As for Firefox 58 itself, I’m having a serious problem with it: it won’t load Google (Search, Gmail, Calendar), Dropbox, Amazon, and many other sites because, e.g., “www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER.” Renaming/moving the profile’s cert8.db and cert9.db files so that they get regenerated on the following start fixes the problem for the following session only. I’m not having this problem in any other browser.
In distantly related Firefox-family news, it seems that Google Calendar’s and Dropbox’s new interfaces don’t work in Pale Moon. It’s a good thing I have Firefox ESR and Google Chrome as fallback browsers, but still … sigh.
Hi, I talked about Heartbeat here: https://www.ghacks.net/2015/02/28/mozilla-integrates-heartbeat-user-rating-system-in-firefox-beta/
Thank you sir : )
“Note: The user profiles created with Firefox 58 are not compatible with earlier versions of the Firefox web browser.”
Note2: Mozilla’s plans are not compatible with what was the Firefox web browser.
Hope this is not like MS’s Spectre fix and AMD processors running Win 10.
Every release short of them restoring full add-on capabilities is wasted time.
To all those folks who have the bad habit to download from Mozilla’s ftp page, you need to read this, it’s from a Mozilla employee.
https://www.reddit.com/r/firefox/comments/7s7jq5/a_word_of_warning_about_new_versions/
@Hafner7, Maybe, but after years of downloading latest final releases on Mozilla’s ftp pages I remember having encountered only once a difference between a final release there and the final release on Mozilla’s “official” downloads. Moreover seems to me Firefox EME-free is only available on the ftp pages.
I installed Firefox 58 64-BIT (EN-US) on January 19th and compared the 64-BIT (normal, not the EME-free I use) with the official 58 now available on Mozilla’s download page : exactly the same.
FF58 ok here. Slightly faster than 57.0.4. Not a major update. To be noted nevertheless : add-ons which deal with cookie cleanup such as ‘Cookie Autodelete’ can now, starting with FF58, cleanup localStorage as well. This was expected with FF58 and it is functional. Good point.
Good point. The newest version that I see available is basically Release Candidate v6. That said, I’ve been using it for a few days with no problems. Doesn’t always work out that way. ;)
I dropped Firefox because it feels more and more clunky, with all those things you can’t disable (telemetry, pocket, etc. etc.) and installed Waterfox.
All of those things can be disabled, for a long time now. This is a good resource: “https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js”
Uhm, Richie A… Why would he switch back to Firefox? Mozilla will only extend its spyware efforts, while Waterfox won’t. So, what’s the point?
Well Appsti, you know as well as I do that “all those things you can’t disable” was an incorrect statement. That was the point. I never suggested going back to FF.
Well, Richie A… Of course there is about:config. However, Cliqz and Mr Robot stuff couldn’t be disabled via about:config, and we shouldn’t delude ourselves into thinking that Mozilla will back off now, just because a measly about:config is around. Not gonna happen.
App-sti, you crack me up. Thank you.
Richie A… You are wrong. The Cliqz add-on was bundled with 1% of all installations in Germany. Users weren’t notified of its existence before downloading Firefox. So they downloaded and installed it, and the add-on immediately started calling home. Where do you think users had any chance to disable it beforehand? LOL.
And regarding Mr Robot… You probably didn’t see it because you had disabled FF experiments beforehand. They DID potentially distribute it to everyone else (read: 99% of the user base).
Yep, that’s serious business practice. You get the point, Richie A?
App-sti, you are wrong. Cliqz was announced before it was pushed out to less than 1% of those installing Firefox from the download page, in Germany. “https://blog.mozilla.org/press-uk/2017/10/06/testing-cliqz-in-firefox/” Personally, I don’t care. Being uninformed is a choice that people make. LoL
Richie A… So you are basically admitting that there was in fact no way to disable it beforehand. Good.
I think it’s pretty ignorant to support or defend bad actions unless they are targeted at you personally. That’s like saying: “I trust this thieve. He has robbed multiple people already, but it didn’t happen to me. He would never steal anything from me. I trust him.” Sounds stupid? Yes, that’s because it is. Your attitude is something along those lines.
I find it pretty disturbing how you think that an announcement would make things ANY better. So, proclaiming that you’ll implement a spyware does change anything about the spyware itself? It doesn’t, of course. It’s still spyware, whether it was announced before or not.
PS: Mozilla is in the datamining business via Cliqz, the owner of Ghostery. Of course they would never ever abuse Firefox to generate money via user data. Never, LOL.
App-sti…You’re like a dog with a bone. I take you do not have Firefox installed then. LoL
> People can’t complain about the security and/or privacy implications of Firefox installing addons when they can’t be bothered with configuring the Security & Privacy settings available in the Options which would have prevented any addons from being installed.
It doesn’t apply to Cliqz. Cliqz was installed via a drive-by attack (because that is what it was, a drive-by attack), by chance. It installed itself silently and without user consent the very moment the user installed Firefox. So, no chance to react beforehand.
> The option of disabling data collection and removing the addon was always there.
You realize that any data collection should be opt-in, rather than opt-out, right? That it is opt-out is pretty telling. Mozilla wants to generate as much data as possible. So every statement they are making regarding their willingness to defend user privacy is full of lies. You are defending liars at this very moment.
By the way, WebExtensions were introduced in the same mood. Users are not supposed to have (theoretically) full control of the browser anymore. Mozilla could implement spyware features and add-on authors would have no way to respond, because of artificial API restrictions. Artificial? Yes, that’s right. It has already been proven that Mozilla could have implemented an equally capable tech, one with XUL-like capabilities. Have a look at the link I have sent John Fenderson above and you’ll see. Mozilla wants to deliberately take away control from the user.
Combine that with the fact that they are involved with Ghostery. Absolutely trustworthy, right? Hahaha…
> App-sti…You’re like a dog with a bone. I take you do not have Firefox installed then. LoL
What does my PC have to do with general Mozilla decisions and strategy? You may not be able to grasp it, but I’m not like you thinking: “Everything is fine and well unless I am the target.”
App-sti… People can’t complain about the security and/or privacy implications of Firefox installing addons when they can’t be bothered with configuring the Security & Privacy settings available in the Options which would have prevented any addons from being installed. The option of disabling data collection and removing the addon was always there. Firefox’s ability to install addons on my install was disabled beforehand.
> People can’t complain about the security and/or privacy implications of Firefox installing addons when they can’t be bothered with configuring the Security & Privacy settings available in the Options which would have prevented any addons from being installed.
It doesn’t apply to Cliqz. Cliqz was installed via a drive-by attack (because that is what it was, a drive-by attack), by chance. It installed itself silently and without user consent the very moment the user installed Firefox. So, no chance to react beforehand.
> The option of disabling data collection and removing the addon was always there.
You realize that any data collection should be opt-in, rather than opt-out, right? That it is opt-out is pretty telling. Mozlla wants to generate as much data as possible. So every statement they are making regarding their willingness to defend user privacy is full of lies. You are defending liars at this very moment.
By the way, WebExtensions were introduced in the same mood. Users are not supposed to have (theoretically) full control of the browser anymore. Mozilla could implement spyware features and add-on authors would have no way to respond, because of artificial API restrictions. Artificial? Yes, that’s right. It has already been proven that Mozilla could have implemented an equally capable tech, one with XUL-like capabilities. Have a look at the link I have sent John Fenderson above and you’ll see. Mozilla wants to deliberately take away control from the user.
Combine that with the fact that they are involved with Ghostery. Absolutely trustworthy, right? Hahaha…
Actually, Cliqz was announced prior to the rollout on many different websites, gHacks being just one of them.
I never saw Cliqz or Mr Robot stuff. Did you? I feel for you. LoL
And yes, it could be prevented via about:config.
“Mozilla plans to release Firefox 58.0 to the stable channel on January 23, 2018.”
Installed two days ago from FTP without any problems so far.
“The Theme API supports new features to give theme creators more options and customization options.”
This is encouraging news. Is the new API robust enough to allow something like Classic Theme Restorer to be written yet?
Well, here is a lot of customizations with userChrome.css already. For example you can make Firefox 57+ to look like old ones. https://github.com/Aris-t2/CustomCSSforFx/issues/2
No CSS for menubar?
That’s interesting. I’ll have to reinstall Quantum and see if those files at least address the largest pain points in the UI. Thanks!
I tried out the CSS way. It can solve a lot of the UI issues, but leaves a lot out (and it’s a pretty kludgy solution). It’s not good enough to make FF a better choice than Waterfox for me.
> Is the new API robust enough to allow something like Classic Theme Restorer to be written yet?
In short: No. Classic Theme Restorer would need something like this:
https://bugzilla.mozilla.org/show_bug.cgi?id=1427377
This bug was immediately “WONTFIXED”, meaning that it will never make its way into Firefox. To quote Kris Maglione (major Mozilla guy) from the thread: “Sorry, but this is a non-starter.”
There you have your answer.
@appster
That bug is interesting reading. Andy McKay even pointed to two policy documents that he said explains why the API change request was a non-starter — but after reading them, I’m not seeing how they contradict this sort of change at all. In fact, the vision document specifically says one of the goals of Web Extensions is “Making it easier for users to personalize Firefox using extensions and themes”.
Hrmph. Mozilla confuses me mightily.
No, and it likely it will never be. You can still do a lot with custom CSS for now.
Hi Martin,
I just received a message about Firefox’s Heartbeat integration in regards to needing to update my browser to Quantum.
Anyhow, was curious if you’re aware that this may be enabled for many Firefox users.
https://wiki.mozilla.org/Firefox/Shield/Heartbeat
Just wanted to bring it to your attention in case it’s something you’d like to mention to your followers.
Have a great day and thanks as always for your time & effort here : )
They’ll take that functionality away eventually too, most likely, judging by their internal discussion on the matter.
Ah, that’s too bad. I know I can get much of the way there through custom CSS, but the cost/benefit for doing that is too low for my use case. It’s easier to just stay with Waterfox.
In spite of all that you’ve mentioned in the article Martin, I’m still not encouraged to switch from either Basilisk or Waterfox to FF57+
The only thing which might persuade me otherwise would be unresolved security issues in either.
e10s are not supported on Basilisk which is based on FF55, and as long as multiprocess isn’t enabled on Waterfox incompatible addons don’t have any effect on performance.
I’m curious what other promotional ad they’re going to include this time.
Mozilla’s ability to remotely install add-ons at will is frightening, considering that those add-ons (which are possibly malicious, see Cliqz incident) are silently being rolled out. That’s unacceptable. However, you can turn that behavior off as long as Mozilla offers this option. I agree that this behavior is pretty bad business practice, though.