Mozilla today launched Firefox 52 for Windows, Mac, Linux, and Android. The new version includes support for WebAssembly, a warning for non-secure HTTP pages with logins, and the removal of NPAPI plugin support.
Firefox 52 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play.
Mozilla doesn’t break out the exact numbers for Firefox, though the company does say “half a billion people around the world” use the browser. In other words, it’s a major platform that web developers target — even in a world increasingly dominated by mobile apps.
Desktop
First up, Firefox 52 has added support for WebAssembly, which allows complex apps and games (including immersive 3D video games, computer-aided design, video and image editing, and scientific visualization) to run in a browser with near-native performance without the use of plugins. The open standard is being designed by a W3C Community Group that includes representatives from all major browsers.
Firefox 51 added a gray lock icon with a red strike-through in the address bar for websites that collect passwords but don’t use HTTPS. Firefox 52 takes this a step further with a warning for non-secure HTTP pages with logins.
HTTPS is a more secure version of the HTTP protocol used on the internet to connect users to websites. Secure connections are widely considered a necessary measure to decrease the risk of users being vulnerable to content injection (which can result in eavesdropping, man-in-the-middle attacks, and other data modification).
As you can see above, Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS. It’s a good way to remind users that their credentials could be easily swiped on pages that aren’t encrypted.
Speaking of messages, Firefox will now automatically detect captive portals, notify you about the need to log in, and replace certificate error pages with a message encouraging you to log in. This is useful if you have trouble connecting to Wi-Fi that requires signing in first and your operating system doesn’t detect it.
Last but not least, Mozilla has removed Netscape Plugin Application Programming Interface (NPAPI) plugin support from Firefox (originally slated to occur “by the end of 2016“). NPAPI plugins are seen as a problem because of their negative impact on a browser’s security, speed, and stability, not to mention the complexity of the code base.
Other browser makers have ditched NPAPI plugins as well; Google dropped support in April with the release of Chrome 42, and Microsoft killed them with the launch of Edge in July. Just like Google and Microsoft, Mozilla is making an exception for Flash because it is still widely used. Later this year, the company will make Flash content in Firefox only turn on with user consent.
Here’s the full Firefox 52 changelog:
- Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
- Enabled multi-process Firefox for Windows users with touch screens
- Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
- Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the “secure” attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing “secure” cookie from the same base domain.
- Enhanced Sync to allow users to send and open tabs from one device to another.
- Various security fixes
- Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that have chained dead keys, input two or more characters with a non-printable key or a dead key sequence, or input a character even when a dead key sequence failed to compose a character
- Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
- Removed Battery Status API to reduce fingerprinting of users by trackers
- Improved experience for downloads: Notification in the toolbar when a download fails, quick access to five most recent downloads rather than three, larger buttons for canceling and restarting downloads
- Display (but allow users to override) an “Untrusted Connection” error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla’s CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.)
- Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
- When not using Direct2D on Windows, Skia is used for content rendering
- Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain
- Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design
- Redesigned Responsive Design Mode to include device selection, network throttling, and more
If you’re a web developer, more details are available for you here: Firefox 52 for developers.
Android
Firefox for Android didn’t get many changes in this release, though its overall size has shrunk and security has been improved. The only breakout feature is media controls on the Android notification bar.
Here’s the full Firefox 52 for Android changelog:
- Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the “secure” attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing “secure” cookie from the same base domain.
- Reduced APK file size by more than 5 MB for faster download and installation
- Display media controls to pause or resume playback on the Android notification bar. This gives users easy access to controls and allows them to see when audio or video is playing (and consuming mobile data) on Firefox.
- Various security fixes.
Mozilla releases new Firefox versions every 6 to 8 weeks, and Firefox 53 is currently slated for mid April.