Firefox 40: Find out what is new

Firefox 40 will be released to the stable channel on August 11, 2015 if things go as planned. There is always the chance of delays caused by last minute bug.

The release has just been posted to the official archive website -- Mozilla moved all data from the ftp server it maintained previously to it -- and it is likely that third-party download portals will offer it before the official release date.

All Firefox channels are updated tomorrow. Firefox Stable will be moved for version 40, Firefox Beta to version 41, Firefox Developer to version 42, Firefox Nightly to version 43 and Firefox ESR to version 38.2.

The information you find below reveal all there is to know about the Firefox 40 stable channel update.

The 64-bit version of Firefox for Windows is still not available for stable channel releases.

Firefox 40 download and update

All Firefox versions check for updates automatically by default. The new version will be picked up by the browser tomorrow.

Users who don't want to wait for this to happen -- the check does not run in real-time but in intervals only -- can run a manual update check instead.

To do that tap on the Alt-key and select Help > About Firefox from the menu bar that opens.

Direct downloads are made available by Mozilla once Firefox has been released officially. You can download the version you need using the links below.

1. Firefox Stable download
2. Firefox Beta download
3. Firefox Developer download
4. Nightly download
5. Firefox ESR download

Firefox 40 Changes

Unsigned add-on installation warning

Firefox users who try to install unsigned extensions in the browser receive a prompt in Firefox 40. The prompt warns them but does not block the installation of the extension.

Just hit the install button to install the extension anyway in Firefox. Note that this happens only on third-party sites offering Firefox add-ons as all add-ons hosted on Mozilla AMO are signed.

Mozilla plans to block the installation of unsigned add-ons starting with version 41 oi stable and beta channels of Firefox.

Suggested Tiles show sites of interest

Mozilla continues its work on Firefox's New Tab Page. The organization introduced sponsored tiles a while ago to the new tab page and complements this with suggested tiles in Firefox 40.

The main difference between sponsored and suggested tiles is that sponsored tiles are advertisement while suggested tiles are not.

Suggested tiles are based on the user's browsing history and Mozilla hopes to display related sites of interest this way.

Both suggested and sponsored tiles may only be displayed if the New Tab Page cannot be populated with native website and service links.

New Add-on Manager Style

Mozilla has updated the design of the add-on manager which you can access directly by loading about:addons in the browser.

The look matches the style of the in-content preferences (about:preferences). You can find out more about this change on Bugzilla@Mozilla.

Asynchronous plugin initialization

Firefox's new asynchronous plugin initialization improves plugin handling in the browser significantly.

Not only will it improve plugin startup time in Firefox but also reduce the number of crashes and hangs caused by plugins.

We have reviewed this in detail here and suggest you check it out if you are interested in the technical side of the implementation.

Add context to Firefox Hello conversations

You may now add context to Hello links that you create. Firefox Hello is a built-in real-time communication feature using WebRTC.

When you click on the "add new context" link you may add a title, link and comments.

Other changes

• Support for Windows 10. Firefox 40 ships with a modified theme for Windows 10 that makes the browser look more in line with other programs running on the operating system.
• Added protection against unwanted software downloads using Safe Browsing.
• Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)
• Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked
• Smoother animation and scrolling with hardware vsync (Windows only)
• JPEG images use less memory when scaled and can be painted faster
• Sub-resources can no longer request HTTP authentication, thus protecting users from inadvertently disclosing login data

Developer Changes

Please note that this list includes only the highlights. Consult the link to the developer changes in Firefox 40 at the end of the article for a full list of changes.

• IndexedDB transactions are now non-durable by default
• Show when network resources are loaded from cache.
• Filter requests by url in the network monitor and new context menu options in the network monitor.
• Edit and filter rules in the Page Inspector.
• A context-click on a CSS property in the Rules view offers to display help for that property using MDN.
• Improved Performance tools in the developer tools: Waterfall view, Call Tree view and a Flame Chart view
• Inspector now searches across all content frames in a page
• New rules view tooltip in the Inspector to tweak CSS Filter values
• New page ruler highlighting tool that displays lightweight horizontal and vertical rules on a page

Firefox for Android

The Android version of Firefox shares most improvements with the desktop version. The following changes are Android-specific.

Long press on back/forward buttons brings up history

If you long press on the back or forward button in the Firefox menu, the history of accessed sites is displayed on that page.

This improves navigating back and forth between pages opened in the same tab as you can access any site or service you have accessed previously directly.

Other Android changes

• Support for Android Presentation API for screen casting
• Open links from Android applications in the same tab via EXTRA_APPLICATION_ID

Security updates / fixes

This are released after the official reveal by Mozilla. We will add the information once they become available.

• MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
• MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
• MFSA 2015-90 Vulnerabilities found through code inspection
• MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
• MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
• MFSA 2015-87 Crash when using shared memory in JavaScript
• MFSA 2015-86 Feed protocol with POST bypasses mixed content protections
• FSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
• MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
• MFSA 2015-83 Overflow issues in libstagefright
• MFSA 2015-82 Redefinition of non-configurable JavaScript object properties
• MFSA 2015-81 Use-after-free in MediaStream playback
• MFSA 2015-80 Out-of-bounds read with malformed MP3 file
• MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
• MFSA 2015-78 Same origin violation and local file stealing via PDF reader
• MFSA 2015-77 Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer
• MFSA 2015-76 Wifi direct system messages don't require a permission
• MFSA 2015-75 COPPA error screen in FxAccounts signup allows loading arbitrary web content into B2G root process
• MFSA 2015-74 UMS (USB) mounting after reboot even without unlocking
• MFSA 2015-73 Remote HTML tag injection in Gaia System app
• MFSA 2015-72 Remote HTML tag injection in Gaia Search app

Additional information / sources

• Firefox 40 release notes
• Firefox 40 Android release notes
• Add-on compatibility for Firefox 40
• Firefox 40 for developers
• Site compatibility for Firefox 40
• Firefox Security Advisories