Firefox 67.0 Release Information
Firefox 67.0 is the new stable version of the web browser. First offered on May 21, 2019, it introduces new features such as private browsing mode extension controls and marks the beginning of the WebRender rollout.
Mozilla updates all Firefox versions using the same schedule: Firefox 66 Stable to 67, Firefox 67 Beta to 68, Firefox 68 Nightly to 69, and Firefox ESR 60.6 to 60.7.
The release overview below highlights new features, major and minor features, development related changes, known issue, and security changes.
You may check the Firefox 66.0 release overview here.
- WebRender will be enabled for 5% of compatible systems.
- New installed extensions won't run in private browsing mode by default.
- Performance improvements.
Firefox 67.0 download and update
The Firefox 67 distribution starts today. You can check for updates with a click on Menu > Help > About Firefox, or wait until the new update is pushed automatically to the device.
Direct downloads are available as well. Note that these may not be available at the time of publication of the guide.
- Firefox Stable download
- Firefox Beta download
- Nightly download
- Firefox ESR download
- Firefox unbranded builds information
Firefox 67.0 Changes
Control which extensions run in private browsing mode
Starting with the release of Firefox 67 Stable, all extensions that do get installed by users in the web browser won't run in private browsing windows by default.
The installation dialog displays an option to allow a particular extension to run in private windows, and there is an option to modify the preference for each individual extension in the browser's add-ons manager.
All you need to do is open about:addons, select Extensions from the menu, and click on any of the extensions to open its profile page. There you may need to scroll down a bit to the bottom section to allow or disallow that extension from running in private windows.
Firefox's add-ons manager displays for each extension if it is allowed to run in private windows on the main page making it easy to keep an overview of the behavior.
All extensions installed previously retain rights to run in private windows; if you want that changed, you have to do so in the add-ons manager.
Extensions that require private window access don't come with a switch. These state "Requires Access to Private Windows".
Firefox Screenshots: upload functionality removed
Firefox Screenshots is still a part of the browser but Mozilla decided to remove the screenshot uploading functionality of the screen capturing feature.
Mozilla announced the decision back in January 2019. Firefox Screenshots users may capture screenshots using the tool and save these to the local system.
Content Blocking: Cryptominers and Fingerprinting
Mozilla added content blocking options to Firefox 63. The update to Firefox 67 improves these by adding options to block cryptominers and fingerprinters automatically.
The options are not enabled by default. Load about:preferences#privacy in the Firefox address bar and locate the content blocking section on the page that opens.
Select Strict or Custom to enable the protection. Strict enables all protections, custom gives you options to select what you want to block. If you select custom, select Cryptominers and Fingerprinters to block these in Firefox.
Profiles per installation to avoid conflicts
New Firefox installations will use a dedicated profile automatically starting with the release of Firefox 67. Firefox used existing profiles previously by default which led to two issues:
- Profiles were shared between different Firefox installations, e.g. Nightly and Stable, which could lead to conflicts.
- You could not run multiple Firefox installations side by side by default.
Firefox supports options to run multiple profiles side-by-side and the new release does not take these away. It makes things easier for users of the browser who install different versions of Firefox on a single device.
- Study: Pocket study with an "improved Pocket experience" featuring "different layouts" and "more topical content".
- FIDO U2F API enabled.
- File Menu has a new Import Data option.
- Firefox Account toolbar menu.
- Firefox may highlight features, e.g. Pin Tabs, to the user.
- Font and date adjustments for new Japanese Era.
- Keyboard accessibility improvements: control the toolbar and overflow menu with keys:
- Ctrl-L to focus the address bar.
- Tab and Shift-Tab to move between toolbar button groups.
- Arrow keys to move in a group.
- Space or Enter to activate a toolbar button.
- F6 to return without action.
- Passwords may be saved in private browsing mode.
- Performance improvements in various areas, e.g. automatically unload unused tabs.
- Pin Tabs from the Page Actions menu.
- Quick access to saved logins from Main Menu and autocomplete.
- User Scripts WebExtensions API is coming to Firefox 68. Users may enable it as early as Firefox 66 by setting the preference extensions.webextensions.userScripts.enabled to true.
- Mozilla plans to roll out WebRender to 5% of Stable users on Windows 10 devices with Nvidia graphics cards. You may enable this manually by setting gfx.webrender.all to true.
Firefox 67.0 known issues
- None listed.
- dav1d is the default media decoder for AV1.
- Developers may disallow extensions from running in private windows.
- External protocol URLs that don't return data can't be loaded anymore in iframes to prevent DOS-like attacks.
- Legacy Touch Events API is disabled on the desktop.
- The Notifications API can't be used by insecure sites anymore.
Firefox 67.0 for Android
Another minor release as Mozilla continues development of a new Firefox for Android browser.
- Guest Session feature has been removed.
- New Search widget with voice input.
Security updates / fixes
Mozilla publishes information about security updates after the official release. You find security information on this page.
Additional information / sources
- Firefox 67 release notes
- Firefox 67 Android release notes
- Add-on compatibility for Firefox 67
- Firefox 67 for Developers
- Site compatibility for Firefox 67
- Firefox Security Advisories
- Firefox Release Schedule
I manually activated Webrender. It runs without problems on my Apollo Lake NUC.
How did you activated it?
@Juraj Masiar: in about:config, go to gfx.webrender.all, change it from false to true.
Does one need an addon like Canvasblocker anymore with FF 67?
Even with “Fingerprinters” enabled in the FF Content Blocker I’m still seeing the CanvasBlocker notification in my address bar so I would say yes. If you go to wired.com that is one example of where I’m seeing the notification. To block canvas fingerprinting you could enable “privacy.resistFingerprinting” in about:config. I don’t use that setting which is why I use CanvasBlocker. Anyway, CanvasBlocker is fairly light on resource use.
By default the FF Content Blocker only works in Private Windows, I have is set to Custom just like the image Martin posted in the article with the addition of all the boxes checked.
I don’t quite understand this new change regarding extensions in Private Browsing mode. If you can’t trust an extension in Private Browsing mode, then you probably shouldn’t have it installed at all.
Look at the second picture up above and specifically, the portion highlighted in yellow. Extensions can require access to a lot of things that you might no want them to be able to see, and Mozilla is giving you the option of saying “NO” to them when you go into Private Browsing Mode. I, for one, appreciate that they’re doing this.
They just copy Chrome features.
thats why i dont use firefox anymore, they are like a crippled chrome clone at this point that will always follow behind chrome at a snail’s pace, frantically removing features in hopes that they will catch up to chrome when at one point they have no features left and you have to get everything from extensions and even then firefox will still be worse than chrome
at this point firefox is basically a “what if” joke that actually exists
Firefox is inferior Chrome clone for privacy freaks users which somehow got many privacy issues but somehow they keep saying it’s privacy respecting browser
Repeating this over and over again doesn’t make it true.
1. Yes – Mozilla adopted the Chromium architecture as it is a proven one. This step was the necessary precondition for implementing multiprocessing, process isolation, sandboxing and limiting the risks of the all-mighty legacy extensions.
2. However, under the hood there are a lot of differences. Particularly important is that more and more crucial components are being replaced by components written in the Rust language under the Servo project. This will make Firefox not only faster but inherently safer as whole classes of vulnerabilities (like the infamous buffer overflows) will be prevented from the beginning. This process is not yet over but progressing: WebRender, e.g., will be supported by more and more hardware. There are still many improvements on their way. One example is PathFinder which will be integrated in WebRender.
3. While FF is also using webextensions like Chromium, Mozilla has been introducing many APIs which are not available in Chromium (and more of them will land). And the existing APIs also differ (example relating uBlock Origin: https://github.com/uBlockOrigin/uBlock-issues/issues/338#issuecomment-456134855). uBO-Extra, the companion add-on to uBO, e.g., is only necessary for Chromium, not for FF.
4. Firefox is still way more configurable via countless switches in about:config than Chromium with its command-line switches. The gHacks user.js is a good demonstration of this extensive configurability. This would not be possible in Chrome – ask Pants if you don’t believe me.
5. Firefox has been integrating many patches from the Tor browser project, like First-Party Isolation and Resist Fingerprinting. Add to them, e.g., features like Containers which are not available in Chrome.
6. The appearance of Firefox is still way more configurable compared to Chrome, and more APIs to improve this even further are on their way.
So calling Firefox a Chrome clone is a very superficial view and a misinterpretation of the reality.
@donny and @Lambo-san
“They just copy Chrome features.”
That explains why Chrome is still working on offering tab groups as a default (a FF feature). Tab bar scrolling (another FF feature) is still wishful thinking but Chrome is supposedly working on it.
“they are like a crippled chrome clone at this point”
Smooth scroll performance in chromium browsers is a joke compared to FF. Not even remotely close.
Font rendering in chromium browsers still looks horrible with its thinner and lighter fonts.
The content blocking in chrome (FF feature) is just a PR stunt.
The content blocker in FF actually works, and it works very well. Available in FF years before Chrome’s flawed copy.
There are dozens of network, security, privacy and appearance options available in FF that will Never be available in chrome.
Video playback of 1080p 60fps video has zero drop frames in FF. Still seeing dropped frames in Chrome and Vivaldi.
In a Future version of Chrome, the use of the ESC key will no longer be seen as a user action to block spam (FF feature).
Firefox does a better job parallelizing the work across all cpu cores.
Firefox does a better job of using my graphics card. It hardly gets used in chromium browsers.
Graphics rendering is noticeably better in FF when scrolling graphics heavy sites like Feedly or Flickr.
The browser UI feels smoother in Firefox.
I can still modify the browser UI, all internal pages and the Dev Tools with CSS.
Page load times are very fast. Sometimes FF is faster, sometimes Chrome is, depends on the site.
Opening a hundred tabs and then watching YouTube videos isn’t a problem.
And, it’s been years since FF has crashed on me.
Of course, if I ignore all of the above then Chrome is the better choice. ;)
I took a screenshot of the font rendering in Chrome and FF to see what the current difference looks like:
I’m a huge fan of using CSS on webpages and in the browser itself:
> Tab bar scrolling (another FF feature) is still wishful thinking but Chrome is supposedly working on it.
They closed the bugreport on this with WONTFIX over 10 years ago.
I thank you for the well-detailed post, Richard.
Non technical users who have been advised to install ublock origin by people who care about their interests will now be confused with the default choice of having it disabled in private browsing mode, and they will probably not question the authority of Mozilla (following Google policy) in making that decision for them. Until now the main problem with “private” browsing was that tracking session cookies were invisible for the user and could not be removed, and now that, just another bad joke from Mozilla.
its not disabled by default .. just updated and ublock origin works just fine in private browsing .. settle down , go use chrome and let google watch every move you make.
@ sunnytimes “its not disabled by default”
Yes it is. Only extensions that were already installed before v67 won’t be disabled by default in private browsing. New installed extensions will be.
“settle down , go use chrome and let google watch every move you make.”
The usual false dichotomy from Mozilla fanboys : if I don’t like Mozilla shitting on me by copying Chrome when it disables ad blockers, I should use Chrome instead ? You don’t seem to realize that a big part of the spyware features in Chrome have been added to Firefox, and that Mozilla got billions from Google can’t be foreign to that problem. You Firefox fanboys always hand-wave about Chrome “watching every user move” and it is actually true even if most of you wouldn’t be able to say how exactly, but when you’re being pointed in extensive detail how Firefox mostly does the same, and occasionally even worse (browser targeted ads for example), you suddenly become deaf. And no, I don’t have to choose between those two diseases that are Firefox and Chrome, I can use a Firefox fork that removes some of its spyware.
“a big part of the spyware features in Chrome have been added to Firefox”
What are you talking about? LMAO
“Mozilla got billions from Google”
So? Every browser out there (Vivaldi, Opera, Safari, Waterfox, Pale Moon, FF), is getting paid to include different search engines. Even the Tor Browser includes Google.
“browser targeted ads”
I like how you use dishonest and extreme over-exaggeration to try and make a point! :)
If… you are talking about the Pocket sponsored stories on the New Tab page, they can very easily be removed, without having to dig through the settings. And… the sponsored stories work without sending data to Mozilla or Pocket.
Every single statement you made is wrong! LoL
Anyone confused by the new default of having extensions disabled in Private Windows should not be using computers or mobile devices. Just being honest. Mozilla makes it very clear and obvious, in the browser, what the changes mean. Anyone that is not illiterate and has some ability to think for themselves should have no problem understanding what is going on.
“Until now the main problem with â€œprivateâ€ browsing was that tracking session cookies were invisible for the user and could not be removed”
I don’t know if you are confused, pushing a false narrative or simply just being deceptive. With the default config of a new FFv67 install, when using Private Windows there will be zero tracking session cookies. Are you aware that Content Blocking is enabled by default when using Private Windows? I suspect you do not.
I wiped one of my FF profiles except for my bookmarks, opened a private window, installed uBlock Origin and left it disabled for private windows. I took some screenshots to try and help you understand how the new extension policy will work and what will be seen by users. I opened 12 tabs, never saw a single ad or tracking cookie, using only FF’s Content Blocker. The joke is on you! ;)
> “Do non-technical users use private browsing mode? I doubt it.”
> “Anyone confused by the new default of having extensions disabled in Private Windows should not be using computers or mobile devices.”
I think that there are a lot more people who use private browsing than people who will enable back their adblocker in private browsing. And even if that was not true, you’re claiming that this is not a bad default because the only users that will be exposed to its effects will revert it anyway. That doesn’t make it look like a good default.
> “when using Private Windows there will be zero tracking session cookies. Are you aware that Content Blocking is enabled by default when using Private Windows?”
“zero tracking cookie”, what a misplaced overconfidence in Mozilla’s content blocker. Even if that was true, there is no reasonable excuse for removing cookie controls and visibility in private browsing.
But more to the point, you were confused by the exact problem I pointed : you saw no cookie in the cookie manager window, and you concluded that you had none. Now instead do the following experiment : use shift+F9 to open the storage inspector of developer tools in private browsing mode, and watch your formerly invisible tracking cookies appear in all their majesty. And as a bonus, notice that Mozilla’s content blocking lets almost all of them go through.
“I think that there are a lot more people who use private browsing than people who will enable back their adblocker in private browsing.”
I find it very hard to believe that Anyone using an adblocker will not realize that it needs to be enabled for it to work in private browsing. Is there any browser, built on current software, that doesn’t require extensions be enabled in private windows?
Even if some half-wit was unable to comprehend the multiple warnings, there is still FF’s Content Blocker working in private windows. I can’t help but think you have no concept about how well it works. It will for example, block trackers from Tweeter and Instagram that the EasyPrivacy filter list will let through.
“you were confused by the exact problem I pointed : you saw no cookie in the cookie manager window, and you concluded that you had none”
That was cute! There will always be session cookies when using private browsing in every browser that I know of. Otherwise people will not be able to log into their bank account, credit card, favorite pron site, shop on Amazon, whatever. After closing the private window cookies and site data will be removed.
“use shift+F9 ”
How BARBARIC. This is just for your edification, I’ve always used CTRL+Shift+I and CTRL+Shift+ALT+I because I like opening the dev tools to the last tab that was used. And too be honest, I’ve already got way too damn many keyboard shortcuts memorized, for way too many programs.
I took a couple screenshots of Chrome and FF showing their respective session cookies during private browsing, as shown in the dev tools. I normally disable all 3rd party cookies but for this experiment, I Enabled 3rd party cookies and Disabled uBO. There is a HUGE difference in how many cookies each browser sees. Notice Chrome lets everything load in the browser; ads, trackers, cryptominers and fingerprinters are all welcomed with open arms. LoL
Screenshot of cookies in private browsing, Chrome and Firefox:
> What are you talking about? LMAO
> â€œMozilla got billions from Googleâ€ So?
So this can’t be foreign to Firefox implementing Chrome spyware features.
> Ifâ€¦ you are talking about the Pocket sponsored stories on the New Tab page, they can very easily be removed, without having to dig through the settings. Andâ€¦ the sponsored stories work without sending data to Mozilla or Pocket.
Irrelevant. The point was that Firefox does what even Chrome doesn’t do, it monetizes its access to browsing data to target ads in the browser itself. It did so with snippets too.
> there is still FFâ€™s Content Blocker working in private windows. I canâ€™t help but think you have no concept about how well it works. It will for example, block trackers from Tweeter and Instagram that the EasyPrivacy filter list will let through.
FF Content Blocker is generally inferior to ublock origin’s default configuration both in blocking ads and in blocking trackers. Mozilla does not want to block all the ads, and is more on the cautious side for tracking blocking by fear of causing breakage.
About the problem of tracking session cookies being invisible in private browsing, you replied :
> Every single statement you made is wrong! LoL
> I donâ€™t know if you are confused, pushing a false narrative or simply just being deceptive.
and you claimed with your https://postimg.cc/ThsjRpXB “Zero tracking cookies from websites in private browsing” screenshot that the cookie manager window was only empty because of the efficiency of the content blocker, not because this mode makes the sites cookies invisible here. I proved you wrong by telling you to look at the storage inspector. Now in your embarrassment, instead of acknowledging that you were wrong you just change the subject by replying that I’m cute and that it’s ok that there are cookies, and that you’re so leet with keyboard shortcuts. Who’s being dishonest here ?
And you’re wrong too in going on with your pretending that none of those are pure tracking cookies, but are required for logins. For example just go to amazon.com in private browsing mode and see the amazon-adsystem.com session tracking cookie being set in the storage inspector. Now with ublock origin, this cookie is not set, the third-party request is not even made. As for the fact that they are cleared at the end of the session, I mentioned from the very beginning that it was a *session* tracking problem.
As a side note, all your “LMAO”, “Lol” and condescending tone only make you more ridiculous once you’re proved wrong, even if you fail to acknowledge it.
> There is a HUGE difference in how many cookies each browser sees
Chrome is shit, no doubt. But Mozilla is using the very low ethical standards set by Google as an excuse to be bad themselves, but just slightly not as bad. That’s not enough for an organization that pretends to defend users against businesses.
Do non-technical users use private browsing mode? I doubt it.
Also this new option is great because someones like me customized their content blocking extension very much so i prevented them in private browsing because with that i can easily bypass my strict rules for a certain website.
I wanted this option far before today :)
Martin, thank you so much for this article and others of its kind. I very much appreciate the effort you put into them and I’m not going to be somebody who “kills the messenger”. Good job!
the first two links in “Additional information / sources” urls need fixing from 65 to 67
Thanks Pants, corrected!
Good eyes “Super Pants”
“That’s what I do. I drink, and I spot things”
So, I wonder what Mozilla broke in this version? LOL
I miss holding down Shift and the pressing enter for .net domains. Why was the removed?
The only disappointment is the screenshot upload functionality removed together to the embedded tools like text, arrow, color and such.
Very strange decision.
Firefox is a must have browser for banking, online commerce, also for students and administration purposes. It works like a charm with no problem at all with every serious web you need to work with. For sure. By the way, it’s the only browser that works fine with my university website, and it has complete all the requirements for my online classes and my student profile account.
in the release notes – https://www.mozilla.org/en-US/firefox/67.0/releasenotes/ – it says “Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues” – The hell does this mean? How will it “protect” us ?
If I had to take a guess, it probably prevents you from using a profile that’s been upgraded to Firefox 67 with older versions.
Probably something to do with having Firefox, Firefox beta, and Firefox nightly installed and all running the same profile. That could potentially corrupt a profile.
‘Users will be able to run different Firefox installs side by side by default’
I’ll be interested to see if blocking fingerprinting stops YouTube from remembering which videos I have viewed. Even though I use BleachBit and Privazer I’ve noticed that after wiping its cookies YouTube still seems to present me with content related to videos I have recently viewed. So I have assumed it was fingerprinting.
I don’t just use these cleaners for privacy but because, â€œCertain algorithms,â€ says Tim Cook, â€œpull you toward the things you already know, believe, or like, and they push away everything else.”
I agree with him that these types of algorithms are not good for personal or cultural/social development. I’m glad to see Firefox implementing this feature.
Also use bleachbit (Linux Mint).
I delete the site entries under storage/default in the Firefox profile. As well as extension entries (“moz-extension+++ etc”), there will be entries such as “https+++www.youtube.com etc”. I assume these have been placed directly from visiting the sites concerned and not indirectly as a result of extension activity such as uBlock.
I don’t delete the extension entries.
There are several ways how to solve that:
1. In the Firefox settings for Privacy under “History” select “use custom settings for history”, check “Clear history when Firefox closes” and make sure that Cache and Offline-Website-Data are checked.
2. Use the add-on Temporary Containers.
3. Use the add-on Invidition which redirects all requests to Youtube to invidio.us instead (or to another instance of invidio.us which might be faster for you – see https://github.com/omarroth/invidious/wiki/Invidious-Instances). In the add-on check “Force Proxy”.
“Iâ€™ll be interested to see if blocking fingerprinting stops YouTube from remembering which videos I have viewed”
No, not from what I’m seeing.
The easiest option I think is to use the Site Info button on the left end of the address bar, then click on Clear Cookies and Site Data.
Optionally, you can use the dev tools (Ctrl+Shift+I or Shift+F9) to clear ALL of the cookies or, clear all of them but leave the PREF cookie.
If you log into YouTube you will need to clear your Watch History.
Is letterboxing out? I have privacy.resistFingerprinting on true and I still have a nearly unique screen size.
The profiles tweak for running different versions side-by-side is a step forward (and perhaps the way it should have been in the first place), although not particularly exciting for those that are already doing it and used to dealing with Profile Manager.
What I’m curious about is if there’s anyone else like me who runs multiple installs of the _same_ version of Firefox side-by-side simply because multi-account containers doesn’t do what they want, and multiple installs is the only way to give each profile a distinct taskbar icon.
Being able to set up custom taskbar icons on a per-profile rather than per-install basis would save a lot of hassle for me, and I figure at least four other people worldwide, so get to it please Mozilla :)
Well, this is ironic. Just updated my 66 installs to 67 and, of all things, my custom Firefox taskbar icons stopped working. After being fine through numerous versions since I set it up more than two years ago.
Turns out 67 no longer pays attention to main-window.ico according to this report from the beta:
All my saved logins (WordPress, Twitter, Pinterest, Bank, etc.) are now highlighted in a disgusting shade of yellow. Is there any way to turn off this highlighting?
I want to disable that “improvement” too.. It leaves a horrible aspect to my web developments
It’s just me or the pref “browser.display.background_color” ceased to work with this version? :-/
> Profiles per installation to avoid conflicts
Now Thunderbird always brings up the profile manager clicking links on emails, at least here… :(
it doesn’t adapt to the colors of Windows theme. background remains white when you switch to Windows high contrast theme, which is super annoying. guess if they copy Chrome they had to copy this annoyance too…
So, what about profiles?
Do I loose any settings when upgrading to FF 67, especially the ones I set up with the Ghacks user.js configuration file … ?
No changes to profiles that exist already.
Seems the forward button is broken in some sites.
i.e. Click a link, go to a site. Click on a link on that site, go to a sub-link on the same site. Click back, see the forward button “liven” up, then go grey again and cannot go forward.
Seen it on several sites, in particular http://www.wowhead.com.
Sorry, went to the link you provided and had no problem going back and forward in both my default and Test profiles. I opened about half a dozen different links and had no problem getting back to the home page.
I just realized I can no longer use “Close tabs to the right” to count open tabs because it will actually close all tabs without asking again. >_<
Would you be able to write an article about this CSP issue that Mozilla isn’t making a priority to fix?
More info here:
Basically only 1 extension is able to inject CSP header modifications, there’s no real way to find out which one without running browser tests and the only way to change the priority is to disable and re-enable the extension and restart the browser.
DId anyone else lose all their addons after the update?
YES. I’m sorry if somebody posted the fix above and I missed it among the discussion (I’m not being sarcastic; I really hope there is some kind of fix), but yes, I had AdBlock Plus, YouTube Video And Audio Downloader + Media Converter And Muxer, Video DownloadHelper, and the Mega.nz add-ons, and they’re all GONE. I have tried to install them again but it doesn’t seem possible.
Should I just give up, go back to Firefox 66 somehow and never update the damn browser again?
Yes same here! I reverted back to FF 66.0.5 to get my Ad-Block and Ghostery working normally again… very frustrating having to re-install it every day just to revert.
Does anyone have a fix for this?
It’s that removal of Ad-Block and Ghostery (and not only) that keeps me from downgrading from v.66 to v.67. Advertisers ruin everything.
> Enable FIDO U2F API, and permit registrations for Google Accounts
I tried to register my security key using firefox but no luck. Google still asks for Chrome to register a new security key.
Went back to ESR 60.7.0. Which version of the Ghacks-user.js should I use? The latest 67-beta master copy or the v60 stable release?
Firefox is not proper working on my system as it hanging and some other kind of issue i have to face..