Firefox 127 out with DNS Prefetching, security updates, and more

Mozilla has released a new stable version of the organizations' Firefox web browser. Firefox 127.0 introduces several new features and important security fixes. It may also break media playback on certain sites.

All Firefox editions are updated as well to the following versions:

• Firefox 127 for Android
• Firefox ESR 115.12
• Firefox 128 Beta
• Firefox 128 Dev
• Firefox 129 Nightly

Executive Summary

• Firefox 127 addresses several security issues in the browser.
• Firefox ESR 128 will be released on July 9. 2024
• Option to add additional protections to the Firefox Password Manager on macOS and Windows devices.
• The browser supports a new DNS prefetching instruction now.
• Media elements on HTTPS websites that use HTTP will be upgraded. If that fails, they won't be loaded anymore.

Firefox 127.0 download and update

Firefox is updated automatically by default. Desktop users may check the installed version at any time by selecting Menu > Help > About Firefox. Doing so displays the current version and runs a check for updates. Any new version found is installed at this point.

Here are the official download locations:

• Firefox Stable download
• Firefox Beta download
• Nightly download
• Firefox ESR download
• Firefox for Android on Google Play

Firefox 127.0 changes

Security and privacy improvements

Firefox 127.0 ships with security and privacy improvements. Windows and macOS users may configure the browser to prompt for authentication when the built-in password manager is accessed.

The new option is called "Request device sign in to fill and manage passwords". It is located in the Preferences of the browser under Privacy. You can load about:preferences#privacy to jump there directly. Check the option, which is disabled by default, to add the protective feature.

The new release improves privacy on Linux by reducing fingerprinting information. Firefox will report 32-bit x86 Linux systems as  x86_64 in Firefox's User-Agent string and a Web API.

HTTP Media upgrades on HTTPS pages

Firefox won't play HTTP media -- image, video, or audio files -- on HTTPS pages anymore, if it cannot upgrade the protocol to HTTPS. Files that cannot be upgraded will not be loaded by the browser anymore.

This can be undone by changing the following preferences:

• security.mixed_content.block_display_content to FALSE (this was on false on the test system)
• security.mixed_content.upgrade_display_content to FALSE

The console highlights whenever mixed-content has been upgraded. Firefox does not display an icon anymore to indicate mixed-content on a page.

Other changes and fixes

• New option to launch Firefox on Windows automatically when the operating system starts. The option is found in the Preferences under General. It is called Open Firefox automatically when your computer starts up.
• Support for rel="dns-prefetch" link hints. This allows developers to suggest domain names that should be looked up preemptively by the browser.
• The List all tabs widget has a new Close duplicate tabs action.
• On macOS, links and other focusable elements are not "tab-navigable". Users may restore the previous default in the settings.
• Firefox's built-in screenshot tool can now take screenshots of certain file types, including SVG and XML, as well as several internal about: pages. Performance was also improved.

Developer changes

• data: and javascript: URLs are now forbidden in the href attribute of the <base> element
• Using a <color-interpolation-method> is now supported in gradients created with certain methods.
• Firefox supports a number of new JavaScript "Set" methods.
• The lh and rlh line height units are supported in SVG.
• The asynchronous Clipboard API is supported fully.
• All HTML character references are now supported in Web Video Text Tracks Format (WebVTT).

Enterprise changes

The following policies have been added or updated:

• Added: DisableEncryptedClientHello to control Encrypted Client Hello.
• Added: PostQuantumKeyAgreementEnabled to control post-quantum key agreement for TLS.
• Added: HttpsOnlyMode to control HTTPS-Only Mode.
• Added: HttpAllowlist to add exceptions to HTTPS-Only Mode.
• Updated: Preferences policy to allow setting
  • security.mixed_content.block_display_content
  • security.mixed_content.upgrade_display_content
• Updated: UserMessaging policy no longer supports the WhatsNew option.
• Updated: ExtensionSettings policy was updated to add temporarily_allow_weak_signatures to allow installing extensions signed using deprecated signature algorithms.

Security updates / fixes

Are not published yet. We will update the article when that happens.

Outlook

Firefox 128 will be released on June 9. 2024. It marks the beginning of a new ESR base, which will replace Firefox ESR 115.x eventually.

Recent Firefox news and tips

• Mozilla is investigating huge Telemetry performance issues in Firefox for Android
• Mozilla confirms it will add Tab Groups, Vertical Tabs, Profile Management to Firefox

Additional information / resources

• Firefox 127 release notes
• Firefox 127 for Developers
• Firefox 127 for Enterprise
• Firefox Security Advisories
• Firefox Release Schedule

Closing Words

Firefox 127 makes a few privacy and security changes. The option to protect saved passwords with the operating system's password or biometrics is a welcome option. The remaining changes are smaller. The next version will be a major release.

Have you tried Firefox recently? What is your take on the current state of the browser?

Thank you for being a Ghacks reader. The post Firefox 127 out with DNS Prefetching, security updates, and more appeared first on gHacks Technology News.