Firefox 119 ships with security fixes and privacy enhancements
Mozilla Firefox 119 will be released later today. The new Stable version of Firefox is accompanied by Firefox 119 for Android and Firefox 115.4 ESR.
Core new features of Firefox 119 include Encrypted Client Hello support for all users, extensions imports from Chrome, improved tracking protection and new PDF editing capabilities.
All developer versions of Firefox are updated around the same time. This means that Firefox Beta and Dev move to version 120 and Firefox Nightly to version 121.
- Encrypted Client Hello is now supported.
- Mozilla patched security issues in Firefox 119.
- Firefox 119 includes privacy improvements.
Firefox 119.0 download and update
Firefox 119's and Firefox 115.4 ESR release date is October 24, 2023. Depending on when you read this, it may not be released yet.
Later today, the new Firefox releases will become available via the automatic updating functionality of the browser. Downloads are also offered on Mozilla's official website then.
To display the current version, select Menu > Help > About Firefox. Doing so displays the installed version and runs a check for updates.
Here are the official download locations:
- Firefox Stable download
- Firefox Beta download
- Nightly download
- Firefox ESR download
- Firefox for Android on Google Play
Encrypted Client Hello Support
Firefox 119 supports Encrypted Client Hello officially now. You can check out the full article on the introduction.
Encrypted Client Hello improves the privacy of connections by encrypting information about the domain name during connection attempts. Previously, anyone listening in on network traffic, including ISPs, could monitor the information.
Some ISPs sell information about user activity on the Internet, others may use DNS-based blocking to prevent access to certain sites. With Encrypted Client Hello, DNS-based blocking is no longer effective.
Note that servers need to support this well to work.
Mozilla implemented several privacy enhancements in Firefox 119. The two core additions are the partitioning of Blob URLs and limited visibility of fonts that websites have access to.
The first mitigates a potential tracking vector that third-parties may utilize for tracking purposes. This was the only state partitioning test at Privacy Tests that Firefox failed at.
The limitation of fonts improves Firefox's defenses against font fingerprinting by restricting sites to system fonts and language pack fonts.
Firefox View displays more content
A click on the Firefox View icon in the leftmost section of the tab bar displays the interface.
Firefox users see all content there now from all open browser windows. Synced tabs will also show up and the browsing history can now be sorted by date or site.
Other changes and fixes
- Storage Access API updated "to improve security while mitigating website breakages".
- Firefox's PDF Viewer is getting options to add images and alt text. This is rolling out gradually to the entire population.
- Firefox may now import some extensions from Google Chrome when migrating data.
- Recently closed tabs persist between sessions, if automatic session restore is not enabled.
- Media sniffing is no longer applied to files served as type application/octet-stream.
- Windows users may notice that the mouse pointer is no longer displayed. This happens if a specific mouse properties setting (Hide pointer while typing) is enabled on the system.
- Firefox is now available in Santali.
- Mozilla fixed a scroll position jumping issue on Facebook.
- The <input> element no longer supports the non-standard mozactionhint attribute.
- The attr() CSS function fallback value is now supported.
- The Object.groupBy() and Map.groupBy() static methods are now supported.
- The SVG attributes that accept a <length> value now support level 3 length CSS data types for all SVG elements.
- The credentialless directive of the Cross-Origin-Embedder-Policy HTTP response header is now supported on desktop platforms.
- The Credential Properties Extension (credProps) of the Web Authentication API is supported.
- The getAuthenticatorData(), getPublicKeyAlgorithm(), and getPublicKey() methods of the AuthenticatorAttestationResponse interface are now supported.
Security updates / fixes
Mozilla patched a total of 11 different security issues in Firefox 119. The aggregate severity rating is high, but none of the issues appears to be exploited in the wild.
Firefox 120 and Firefox ESR 115.5 will be released on November 21, 2023.
Firefox extension reviews and news
Recent Firefox news and tips
- Firefox will soon tell you if product reviews are reliable
- Firefox is getting a button to Reset Private Browsing Sessions
Additional information / resources