Mozilla today launched Firefox 74 for Windows, Mac, and Linux. Firefox 74 includes stricter rules for add-ons, TLS 1.0 and TLS 1.1 disabled by default, and a handful of developer features.
You can download Firefox 74 for desktop now from Firefox.com, and all existing users should be able to upgrade to it automatically. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider.
Extension sideloading no more
How Firefox manages add-ons (also known as extensions), a concept for browsers that Mozilla first pioneered, is changing with this release. Any add-ons that have been installed by external applications (sideloaded) can now be removed using the Add-ons Manager (navigate to about:addons in Firefox). Furthermore, only users can now install add-ons — Mozilla is making it impossible for other applications to install Firefox add-ons.
Update at 2:10 p.m. Pacific: This change has caused some confusion so Mozilla has shared more information. Here is what you need to know:
- Starting with Firefox 74, users will need to take explicit action to install the extensions they want, and will be able to remove previously sideloaded extensions when they want to.
- Previously installed sideloaded extensions will not be uninstalled for users when they update to Firefox 74. If a user no longer wants an extension that was sideloaded, they must uninstall the extension themselves.
- Firefox will prevent new extensions from being sideloaded.
- Developers will be able to push updates to extensions that had previously been sideloaded. (If you are the developer of a sideloaded extension and you are now distributing your extension through your website or AMO, please note that you will need to update both the sideloaded .xpi and the distributed .xpi; updating one will not update the other.)
This is likely a move to beef up Firefox security, though it might cause headaches for enterprises that deploy Firefox to their employees. Enterprises can, however, continue sideloading extensions using policies.
Now required: TLS 1.2 and up
Update on March 21: Mozilla has reverted this change “for an undetermined amount of time to better enable access to critical government sites sharing COVID19 information,” per the Firefox 74 changelog.
The Firefox 74 release is also notable for anyone who manages a website, even if they don’t use Firefox at home or at work. Firefox 74 will only work with Transport Layer Security (TLS) 1.2 and above. Along with other major browser makers Apple, Google, and Microsoft, in October 2018 Mozilla promised to disable support for TLS 1.0 and TLS 1.1. It’s now delivering on that promise.
TLS is a cryptographic protocol designed to provide communications security over a computer network — websites use it to secure all communications between their servers and browsers. TLS also succeeds Secure Sockets Layer (SSL) and thus handles the encryption of every HTTPS connection.
Firefox now aims to establish a connection using TLS 1.2 or higher. Websites that don’t support TLS 1.2+ will show an error page with an override button to “Enable TLS 1.0 and 1.1.” Mozilla plans to eventually remove this button — website operators should thus upgrade their servers to TLS 1.2 or TLS 1.3.
Windows, Mac, and Linux
There are a few other small additions in this release. For example, Firefox offers a Facebook Container feature that prevents Facebook from tracking you around the web by blocking Facebook logins, likes, and comments automatically on non-Facebook sites. If you need to make an exception for a site where you want Facebook functionality, you can now do so.
Here’s the full Firefox 74 for desktop changelog:
- Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.
- Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.
- Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.
- Facebook Container prevents Facebook from tracking you around the web — Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.
- Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.
- Firefox’s Debugger added support for debugging Nested Web Workers, so their execution can be paused and stepped through with breakpoints.
- Various security fixes.
- We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.
- When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved, allowing you to flip through to the next image of the batch.
- On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar, making keyboard shortcuts more useful for our users.
- We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don’t support TLS version 1.2 will now show an error page.
There are a few other small additions in this release, especially for developers. Firefox 74 brings new CSS text features: the
text-underline-position property is enabled by default, while the
Unlike previous releases, Mozilla did not release a new mobile version of Firefox today. The Android team is still working on Firefox Preview, a new version of Firefox for Android powered by GeckoView. Mozilla plans to launch the new Firefox for Android in the first half of 2020.
Mozilla releases new Firefox versions every four weeks. Firefox 75 is currently slated for April.