Firefox 38: find out what is new

Firefox 38 Stable has just been released by Mozilla. The new version of the web browser is already available via the browser's automatic update feature but can also be downloaded from the official Mozilla website instead.

As is the case in every release cycle, Firefox Beta, Developer and Nightly versions were also updated to version 39, 40 and 41 respectively.

In addition, Firefox 38 is the new base for Firefox's Extended Support Release channel.

You can find out which version and channel of Firefox you are running by loading about:support in the web browser's address bar. There you find the version listed under application basics near the top of the page.

The following guide offers complete information about changes in Firefox 38.

Firefox 38 download and update

The version of Firefox that you are running should have picked up the update already if automatic updates are enabled in it.

To run a manual check for updates in Firefox, tap on the Alt-key on your keyboard and select Help > About Firefox from the menu.

This opens the about page in the browser which highlights the current version and runs an update check to find out if updates are available.

If you prefer manual downloads of the new version, use the following links to download the latest version to your local system. You can run those on the system to install the update this way.

1. Firefox Stable download
2. Firefox Beta download
3. Firefox Developer download
4. Nightly download

Firefox 38 Changes

Preferences are now displayed in tabs

The options are no longer displayed in a window when opened in Firefox but displayed in a tab instead.  There are multiple ways to open the options, for instance by loading about:preferences directly in the browser's address bar or through the Firefox menu.

The options have their own address now and one benefit of that is that you can jump directly to specific option pages you are interested in. Here they are:

• General: about:preferences#general
• Search: about:preferences#search
• Content: about:preferences#content
• Applications: about:preferences#applications
• Privacy: about:preferences#privacy
• Security: about:preferences#security
• Sync: about:preferences#sync
• Advanced: about:preferences#advanced

You can restore the old way of displaying preferences in a window instead, at least for now.

1. Type about:config in the browser's address bar.
2. Confirm you will be careful if the message comes up.
3. Search for browser.preferences.inContent
4. Double-click the entry.

If you set it to false, the options open in a window and if you set it to true, they open in a tab in the browser.

Autocomplete=off no longer support for user/password fields

Websites and services can use the HTML input attribute autocomplete to specify whether form fields support auto-completion.

If the feature is disabled, the browser won't display suggestions when you start to type which in turn meant that several password managers would not store login information for sites that use the attribute.

Starting with Firefox 38, the attribute is no longer supported by Firefox for username and password fields which should reduce issues that it caused in the past in this regard.

Encrypted Media Extensions (EME) API support added to Windows Vista and later versions of Windows

Note: A DRM-Free version of Firefox is available as well now. You can download it from the Mozilla FTP server.

This adds DRM playback capabilities to the Firefox web browser. In line with that is the automatic download of the Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME on supported systems.

If you don't watch DRM content in Firefox, you may want to disable or even uninstall the Adobe Primetime CDM especially since it is automatically enabled by default.

Disabling it

If you disable Adobe's Primetime CDM, you can reactivate it easily again at any point in time using the same method:

1. Tap on the Alt-key on your keyboard and select Tools > Add-ons from the menu that opens up.
2. Alternatively, type about:addons in the browser's address bar.
3. Switch to Plugins on the page that opens.
4. Locate Primetime Content Decryption Module provided by Adobe Systems, Incorporated.
5. Click on always activate and switch it to never activate.

To enable it again, switch it back to always activated.

Note: there is no option to set it to ask to activate (click to play).

Uninstall CDM completely and stop future CDM downloads

The second option that you have is to uninstall the CDM in Firefox. This makes sense if you dislike DRM or are sure that you will never use it.

1. Load about:preferences#content in the browser's address bar.
2. Locate Play DRM Content on the page.
3. Uncheck the box next to it.

As soon as you do that, Adobe's Primetime CDM is uninstalled which you can verify by opening the plugins manager in Firefox again.

Note: If you check the box again, Primetime will be downloaded and installed again.

Other changes

• Improved page load times via speculative connection warmup (this seems to be a rewrite of the Seer backend according to Bug 1009122. You can disable it by switching the preference network.predictor.enabled to false. Thanks Sören)
• Partial Media Source Extensions (MSE) API support for Mac OS X versions of Firefox to allow HTML5 playback on YouTube.

Developer Changes

• WebSocket now available in Web Workers
• BroadcastChannel API implemented which is used for messaging between browser contexts that have the same user agent and origin. Basically, information can be passed along to other instances of a web application such as another tab or window. [further information]
• Copy is a new function of the web console that you use to copy the argument to the clipboard.
• The Web Console highlights network requests made as an XMLHTTPRequests now.
• The Network Monitor shows transferred sizes and security warnings starting with Firefox 38.
• Firefox's Animations View allows you to play or pause animations on a page.
• RC4 is disabled when using TLS except for web sites on a whitelist which is only used until the sites on it have fixed the issue (see this list). To disable the whitelist, set the preference security.tls.insecure_fallback_hosts.use_static_list to false using about:config.
• mozIndexedDB has been removed. [link]
• 1024-bit SSL certificates are no longer trusted. (see link, link and link)
• WebRTC now requires Perfect Forward Secrecy (PFS) (see bug 1052610, 1134437 and 1158343)
• Implemented srcset attribute and <picture> element for responsive images

Firefox for Android

Firefox for Android shares most changes with the desktop version of the browser. The following changes are Android-specific:

• User interface improvements: New "Welcome Screen", Reader View Controls, Synced Tabs panel layout on tablets and Add to Firefox feature from outside Firefox.
• Support for Android L Theme
• Send an open tab to another connected device use the new "Send to device" option in the Share menu.
• New "Add to reading list" button in the overflow menu.

Security updates / fixes

• MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
• MFSA 2015-57 Privilege escalation through IPC channel messages
• MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
• MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
• MFSA 2015-54 Buffer overflow when parsing compressed XML
• MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
• MFSA 2015-52 Sensitive URL encoded information written to Android logcat
• MFSA 2015-51 Use-after-free during text processing with vertical text enabled
• MFSA 2015-50 Out-of-bounds read and write in asm.js validation
• MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
• MFSA 2015-48 Buffer overflow with SVG content and CSS
• MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
• MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
• MFSA 2015-45 Memory corruption during failed plugin initialization

Additional information / sources

• Firefox 38 release notes
• Firefox 38 Android release notes
• Add-on compatibility for Firefox 38
• Firefox 38 for developers
• Site compatibility for Firefox 38
• Firefox Security Advisories