Firefox 55 released [LWN.net]

Firefox 55.0 has been released. From the release notes: "Today's release brings innovative functionality, improvements to core browser performance, and more proof that we’re committed to making Firefox better than ever. New features include support for WebVR, making Firefox the first Windows desktop browser to support VR experiences. Performance changes include significantly faster startup times when restoring lots of tabs and settings that let users take greater control of our new multi-process architecture. We’ve also upgraded the address bar to make finding what you want easier, with search suggestions and the integration of our one-click search feature, and safer, by prioritizing the secure - https - version of sites when possible."

Firefox 55 released

Posted Aug 8, 2017 23:04 UTC (Tue) by Frogging101 (guest, #113180) [Link] (6 responses)

>New features include support for WebVR, making Firefox the first Windows desktop browser to support VR experiences.

Yet another silly API to add to the ever-expanding attack surface in modern browsers. But don't fret, the address bar prefers HTTPS now, so at least we'll get our web malware delivered securely.

Firefox 55 released

Posted Aug 8, 2017 23:20 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

FF actually tries to do something with this by developing Rust.

Firefox 55 released

Posted Aug 9, 2017 0:25 UTC (Wed) by ThinkRob (guest, #64513) [Link] (2 responses)

If you're worried about it, disable it.

Firefox is pretty good about allowing various things to be enabled/disabled via about:config. I don't have 55 yet so I can't comment as to whether WebVR can be toggled there, but there's a lot of other stuff that can (and should) be if you're interested in reducing attack surface.

And if not, I'm sure that something like random-agent-spoofer (which does more than the name suggests) will add an option for it, just like they've done with pdfjs, WebRTC, etc.

Firefox 55 released

Posted Aug 9, 2017 4:28 UTC (Wed) by imitev (guest, #60045) [Link] (1 responses)

>> Firefox is pretty good about allowing various things to be enabled/disabled via about:config

It is. I find it easier to tweak stuff with user.js though. My setup consists of a few different FF profiles (Qubes vms), with a very restrictive user.js [1] + some custom changes like re-allowing stuff where needed for my not-so-secure day-to-day browsing. This has worked surprisingly well for the past 2 years I've been using it.

[1] https://github.com/pyllyukko/user.js

Firefox 55 released

Posted Aug 9, 2017 6:51 UTC (Wed) by ThinkRob (guest, #64513) [Link]

Doesn't about:config wind up persisting to user.js in your profile anyways?

But I agree it's a good starting place.

Personally I use random-agent-spoofer for other reasons (specifically the titular one), but I get why one might want to "roll their own" here...

Firefox 55 released

Posted Aug 9, 2017 0:32 UTC (Wed) by roc (subscriber, #30627) [Link]

Either the Web API expands or people use a plethora of non-Web apps written by groups who don't understand security and don't do regular security updates.

Firefox 55 released

Posted Aug 9, 2017 17:13 UTC (Wed) by flussence (guest, #85566) [Link]

Don't worry, it's Windows-only. The Linux version wouldn't ship with a bunch of dead code that only serves to increase attack surface.

Firefox 55 released

Posted Aug 9, 2017 1:51 UTC (Wed) by cesarb (subscriber, #6266) [Link] (2 responses)

> Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.

This will be an annoyance if you have the most recent Firefox release installed through the package manager, but use an ESR release installed on the work account's $HOME to be able to use Hangouts for work, and accidentally run the system Firefox instead of the local Firefox. I guess I'll have to start keeping an online backup copy my work account's ~/.mozilla...

Firefox 55 released

Posted Aug 9, 2017 2:20 UTC (Wed) by flussence (guest, #85566) [Link]

>I guess I'll have to start keeping an online backup copy my work account's ~/.mozilla...
Horrible suggestion but... sounds like Firefox Sync would be a valid workaround?

Firefox 55 released

Posted Aug 9, 2017 5:34 UTC (Wed) by iabervon (subscriber, #722) [Link]

Have a non-default profile for your work Firefox, such that you only get that profile if you run the script that starts the work Firefox with the work profile?

Firefox 55 released

Posted Aug 17, 2017 9:07 UTC (Thu) by callegar (guest, #16148) [Link]

Compared to 54 it seems to hang badly on many complex pages on my kubuntu system. Even taking the great pain of disabling all extensions incompatible with multi-process (most of them) and so loosing one of the greatest benefits of firefox, that is the extensions I'm used to work with, the benefit is only marginal. Rather than getting the whole of firefox to hang, I'm getting single tabs to, with unresponsive buttons to stop loading the page or to reload it. Is anyone else experiencing something similar?