Firefox 75 released with Windows 10 performance improvements

Mozilla has released Firefox 76 today, May 5th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes.

Included with today's release are data breach notifications in the integrated Firefox Lockwise password manager, Picture-in-Picture, and new Audio Worklets for better audio processing.

Windows, Mac, and Linux desktop users can upgrade to Firefox 76 by going to Options -> Help -> About Firefox and the browser will automatically check for the new update and install it when available.

Firefox 76

With the release of Firefox 76, all other Firefox development branches have also moved up a version bringing Firefox Beta to version 77 and the Nightly builds to version 78.

You can download Firefox 76 from the following links:

If the above links haven't yet been updated for Firefox 76, you can also manually download it from Mozilla's FTP release directory.

Below you can find the major changes in Firefox 76, but for those who wish to read the full release notes, you can do so here.

Lockwise now warns of logins leaked in data breaches

With the release of Firefox 76, Firefox's integrated Lockwise password manager will now issue warnings when a web site has had a data breach that you have saved account credentials.

These alerts will be displayed in the Lockwise password manager and display as a red "Website Breach" alert shown below.

Lockwise warning of compromised login
Lockwise warning of data breach

Lockwise will also warn users if your account was found in a data breach and the same password was found to be used for other sites.

This will allow users to change their password at these other sites so that hackers can't use the information found in data breach dumps to breach those accounts as well.

Lockwise now requires OS password to see saved logins

If you do not have a master password setup in Firefox Lockwise, the password manager will now require you to enter your Windows or macOS password before you can view saved login credentials.

Enter operating system password
Enter operating system password

This extra security will protect your saved login credentials from being viewed by others who may have access to your computer.

Picture-in-Picture

Firefox 76 now supports picture-in-picture to detach a video you are watching into a floating stay-on-top player that allows you to continue watching as you move between different applications.

When watching a video, if you hover over the video you may be shown a 'Picture-in-Picture' dialog that allows you to detach the video.

Picture-in-Picture prompt
Picture-in-Picture prompt

In BleepingComputer's tests, this feature is not very reliable and will work with one video on a site and then not work on later videos.

For example. we were able to get the Picture-in-Picture dialog to show on one YouTube video, but on no other videos after that. On Vimeo, we couldn't get it to work at all.

Other bug fixes, improvements, and developer changes

Other changes:

  • Firefox now supports Audio Worklets that will allow more complex audio processing like VR and gaming on the web; and is being adopted by some of your favorite software programs. With this change, you can now join Zoom calls on Firefox without the need for any additional downloads.
  • The shadow around the address bar field is reduced in width when a new tab is opened;
  • The bookmarks toolbar has expanded slightly in size to improve its surface area for touchscreens.

Developer:

  • Testing mobile interactions using DevTools’ Responsive Design Mode now mimics the device behavior for handling double-tap to zoom. This builds on previous improvements to correctly rendering meta-viewport tags, allowing developers to optimize their sites for Firefox for Android without a device.
  • Double-clicking table headers in DevTools’ network request table now resizes the column width to fit the content, making it easier to expand the important data.
  • WebSocket inspection now supports ActionCable message preview, adding to the list of automatically formatted protocols like socket.io, SignalR, WAMP, etc.

Security vulnerabilities fixed

With this release, Mozilla has fixed eleven security vulnerabilities, with four of them rated as 'Critical', three as 'High', four as 'Moderate', and one as 'Low'.

The full list of security issues patched by Mozilla in Firefox 76.0:

  • CVE-2020-12387: Use-after-free during worker shutdown\
  • CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
  • CVE-2020-12389: Sandbox escape with improperly separated process types
  • CVE-2020-6831: Buffer overflow in SCTP chunk input validation
  • CVE-2020-12390: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  • CVE-2020-12391: Content-Security-Policy bypass using object elements
  • CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
  • CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
  • CVE-2020-12394: URL spoofing in location bar when unfocussed
  • CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  • CVE-2020-12396: Memory safety bugs fixed in Firefox 76

    Related Articles:

    Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

    United Nations agency investigates ransomware attack, data theft

    Frontier Communications shuts down systems after cyberattack

    Cisco Duo warns third-party data breach exposed SMS MFA logs

    Chipmaker Nexperia confirms breach after ransomware gang leaks data