Firefox 120 ships today with massive privacy improvements
Later today, Mozilla plans to release Firefox 120. The new stable version of the web browser includes a large number of privacy improvements and some other changes.
The release date is November 21, 2023. All Firefox versions -- Stable, ESR and Development -- will be updated around the same time.
Firefox 120.0 Stable and Firefox ESR 115.5 are the main new releases. Firefox Beta and Dev move to version 121 and Firefox Nightly to 122. The Android version follows the Stable version and will also reach version 120.
Executive Summary
- Firefox 120 includes a large number of privacy improvements.
- There will be another Stable release in December to Firefox 121. This is the last major release of 2023.
Firefox 120.0 download and update
The official release date of Firefox 120 and Firefox 115.5 ESR is November 21, 2023. The new versions will become available via the browser's automatic updating feature.
Users may speed up the installation of the update, once it is released, by going to Menu > Help > About Firefox. The prompt displays the current version and installs any new updates that it finds.
Here are the official download locations:
- Firefox Stable download
- Firefox Beta download
- Nightly download
- Firefox ESR download
- Firefox for Android on Google Play
Firefox 120.0 major changes
Privacy Improvements
Firefox 119 brought support for Encrypted Client Hello, which promises to improve the privacy of domain name lookups.
Mozilla introduces several smaller changes in Firefox 120 that are related to privacy.
The first introduces support for the Global Privacy Control in Settings. The privacy feature informs websites that you visit that you don't want your data sold or shared. It is legally binding in some states in the United States, including in California and Colorado. Mozilla notes that it also works as an indicator that tells sites that you don't want to be tracked and as a general request to "limit the sale or sharing" of personal data in other jurisdictions, including in the EU.
The privacy feature is opt-in. Load about:preferences#privacy in Firefox and scroll down to Website Privacy Preferences. There you find the option to enable "Tell websites not to sell or share my data".
Copy Link without Site Tracking
Firefox users who right-click on links to copy them find a new option in the browser's context menu. Selecting Copy Link Without Site Tracking removes known tracking parameters from URLs before the data is copied to the Clipboard of the operating system.
Firefox is not the first browser to include this feature. Brave introduced its Copy Clean Link feature in September 2022.
Cookie Banner blocking and URL Tracking Protection on by default in Germany
Mozilla is testing two privacy improvements in Firefox. The test limits the features to users from Germany at the time.
The first enables the Cookie Banner Blocking feature, but only in private windows by default. It is designed to auto-refuse cookie banners and dismiss them, so that users don't have to deal with them on a site-by-site basis anymore. Since there is no standard, some cookie banners may still be displayed.
The second privacy feature test applies to private windows only also. URL Tracking Protection is on by default in private windows. Again, only for users in Germany at the time. This feature removes parameters from URLs that are "often used to track users across the web".
Firefox users may load about:preferences#privacy, set Enhanced Tracking Protection to Custom and switch Tracking Content from "only in private windows" to "in all windows" to benefit from this globally.
Other changes and fixes
- Firefox's private windows and ETP-Strict privacy configurations add Fingerprinting Protection to the Canvas API to further strengthen privacy while using the browser.
- Firefox imports TLS trust anchors, such as certificates, from the operating system's root store. It is enabled by default in Windows, macOS and on Android. Users may turn this off under Preferences > Privacy & Security > Certificates > Allow Firefox to automatically trust third-party root certificates you install.
- Firefox users may use keyboard shortcuts on about:logins to edit or delete entries. Alt-Enter edits, Alt-Backspace deletes entries.
- Ubuntu users may now import data from Chromium when Firefox and Chromium are installed as Snap packages.
- Picture-in-Picture mode supports corner snapping on Windows and Linux. Hold down the Ctrl key while moving the Picture-in-Picture window to make use of this.
Developer changes
- Media attribute in the source element is supported again and now includes audio and video elements.
- Firefox supports the light-dark() CSS Color function.
- The line height units lh and rlh are supported.
- Date.parse() accepts new data formats.
- Firefox now supports the 103 Early Hints status code for preconnecting to a particular origin.
- Global Privacy Control is now supported.
- The authenticatorAttachment property of the PublicKeyCredential interface is now supported.
- The Minimum PIN Length Extension (minPinLength) of the Web Authentication API is supported.
- The Navigator.userActivation property and UserActivation interface are now supported.
- WebAssembly GC is now enabled by default, which allows new languages, such as Dart or Kotlin, to run on Firefox.
Enterprise changes
- The PrintingEnabled policy allows administrators to disable printing.
- The Preferences policy was updated to "updated to allow setting preferences beginning with the prefix pref.".
Security updates / fixes
Mozilla patched 10 security issues in Firefox 120 Stable. The overall severity rating of the update is high. All issues are listed on Mozilla's Security Advisories website.
Outlook
Firefox 121 and Firefox ESR 115.6 will be released on December 19, 2023.
Firefox extension reviews and news
Recent Firefox news and tips
Additional information / resources
- Firefox 120 release notes
- Firefox 120 for Developers
- Firefox 120 for Enterprise
- Firefox Security Advisories
- Firefox Release Schedule
A loud har har har from Germany!
My FF 119.0.1 is phoning home non-stop. Since Mozilla uses google webspace and ips for some tasks, i can’ t stop this anymore. All in all Mozilla used or use ~140 different ips to get these task done. I have blocked the ips via iptables and /etc/hosts, but i can’ t block google. If i would then not only google is dead.
is it possible to make that copy link without tracking the default?
MASSIVE! Not.
There are a lot and significant improvements. So yes, the description is correct.
There are two privacy changes for most people. Which of those is “significant”?
Well, DNT never worked and actually could be used to ‘track users’ instead
and GPC breaks websites, because websites like Walmart can FORCE YOU to login to Walmart just because you have it enabled. This is what happened months ago when people couldn’t navigate in walmart without being signed it.
Brave finally added a flag to turn GPC off, but it doesn’t mean websites will not do what walmart did.
Also, how is this a ‘massive privacy improvements’ they are just weird crap some group made up to pretend you are getting more privacy out of it, GPC just like DNT is useless.
What would make a ‘massive improvement’ is Firefox adding a native real adblocker, but they won’t because in Eyeo Adblocking conference a month ago, they said how ‘they can’t break the web’ when adblockers work 99% fine with the proper rules and features.
Of course knowing Mozilla, they would do what Vivaldi and Opera did, release the most basic adblocker and move on…
Also copy clean, which also has been in brave for years, well, it is pretty much useless, so I wouldn’t call it ‘massive improvement’ it is nice to have, but most of the time, people will go to the link and copy from the URL.
That means the browser has to support some Query Filtering, but then, the only way to fully take advantage of this is to have an adblocking with removeparam support, because hardcoding the trackers and all, is not too ‘open’ like if you grab the Adguard removeparam list and move on.
So no, these are not ‘massive’ privacy improvement, are the same ridiculous “we will make some magical header somehow do something which can be used to track you, but you don’t even know it, and while these features won’t be used 99.9% of time… we will make some bloggers say ‘massive privacy improvements'”.
Just say the truth, this is a terrible update is these are the ‘highlights’, nothing about the users but giving some organizations or companies more power, like the GPC is just some random people doing whatever they want and say it like if their GPC will work when DNT didn’t even work for decades. It’s like the EU, nobody elected them, but somehow they hold the power for anyone in the EU, then we have stupid countries wanting to ‘join’ them for the sake of money, and some brainwashed people going with it as a ‘positive thing’.
I understand Google or Mozilla making changes to their engines, like MV3 even if people don’t agree, but when some random lawyers start saying ‘GPC is the new privacy whatever’ it’s just smoke, when many browsers support it and literally Walmart used it to force people to log in to their website = no privacy at all.
It’s just as dumb as cookie notices and all that crap, you literally get tracked by saying NO to cookies, so… imagine. The worst part is cookie notices affect people who are not even from EU (or california), making it EasyCookie and uBlock annoyances needed.
And for that you need a good adblocker, which not all Chromium on mobile have, in fact only Brave does, and then Kiwi and Yandex can load and use extensions = uBlock.
Maybe it is time to stop shilling for a browser and over hype a ridiculous update with terrible privacy features, these are not privacy features, it is just re-enforcing the fact that people’s privacy is an illusion and it is controlled by some unelected people who probably barely know how to use a computer and how JS and Browser APIs work.
GPC is just a header anyway, any extension to modify headers can ‘have support’ for it, and it is better if it gets turned off and you have proper adblocker and stuff like that.
But again, just like Chrome team said at Eyeo conference that performance reason is the reason for not having extensions. Mozilla used ‘breaking web’ the reason for not having a native adblocker in Firefox and depend on extensions which are not meant for mobile.
Sorry anon, but uBlock and adguard are far superior to Brave’s built in “adblocker”.
TLDR
no passkey support?
“Firefox 121 and Firefox ESR 115.6 will be released on November 21, 2023.” should have December 19 according to here https://wiki.mozilla.org/index.php?title=Release_Management/Calendar&redirect=no
Of course, thank you!
Great news! Looking forward to updating!
“Firefox 120 ships today with massive privacy improvements”
vs
“Mozilla introduces several smaller changes in Firefox 120 that are related to privacy.”
Not even a clickbait title can save Mozilla.
It’s an echo chamber at this point. Most users have left except a few who cannot let go.
The layoffs at Brave certainly has not helped the situation. The Brave fanboys just can’t let go of their hatred of Mozilla.
BAT/USD is <20 cents.
LOL! Mozilla fans spreading FUD about competitor browsers. What a no news.
> LOL! Mozilla fans spreading FUD about competitor browsers. What a no news.
Ghacks is one of the most popular platforms for bashing _against_ Mozilla. So you seriously want to pretend that the exact opposite is the rule here? No one who regularly reads the comments here will believe that.
I am Tom Hawack and I endorse @Jerry’s comment.
To make it short : +1
Where is the FUD? I’m checking right now and it’s 6% down today, 5% down month-on-month and 6% down year-on-year. Brave cultist are on denial.
Not a single word about brave was said. Didn’t realize Brave Derangement Syndrome was a thing until now
“Not a single word about brave was said”
What are you talking about?
From the article: “Firefox is not the first browser to include this feature. Brave introduced its Copy Clean Link feature in September 2022.”
Not to mention the numerous references to Brave in the comments.
Reading is essential.
My reply was sent as a new comment — see it below
Learn more about the people behind it and their politics. Toxic.
The politics of Brave supporters is really disturbing, because it is rooted in hatred and bigotry. The classic old trope of blaming other for their own problems. Thank you 45 RPM for point this out.
true. let them enjoy after all they are brave boys