Today Mozilla has released Firefox 63. It comes with a whole lot of performance and visual improvements as well as new features for users and developers. As soon as it appeared on Mozilla's ftp servers, we grabbed it and installed it on our browser cloud.

Firefox 63 About Dialog

Try Firefox 63 in Browserling now!

Performance and visual improvements for Windows users

  • Moved the build infrastructure of Firefox on Windows to the Clang toolchain, bringing important performance gains.
  • Firefox theme now matches the Windows 10 OS Dark and Light modes.

Performance improvements for macOS users

  • Improved reactivity.
  • Faster tab switching.
  • WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems.

New features

  • Added content blocking, a collection of Firefox settings that offer users greater control over technology that can track them around the web.
  • WebExtensions now run in their own process on Linux.
  • Firefox now warns about having multiple windows and tabs open when quitting from the main menu.
  • Firefox now recognizes the operating system accessibility setting for reducing animation.
  • Added search shortcuts for Top Sites: Amazon and Google appear as Top Sites tiles on the Firefox Home (New Tab) page (U.S. only).
  • Resolved an issue that prevented the address bar from autofilling bookmarked URLs in certain cases.
  • In the Library, the Open in Sidebar feature for individual bookmarks was removed.
  • The option to Never check for updates was removed from about:preferences.
  • The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order.
  • Refreshed visual style of Developer Tools menus to improve navigation and consistency.
  • The Dev Tools accessibility inspector is now enabled by default.
  • Added support for Web Components custom elements and shadow DOM.
  • The inspector now ships with a Font Editor that allows you to control non-variable as well as variable fonts.

For Android:

  • Added support for Picture-In-Picture video.
  • Started using notification channels.
  • Locales added: English from Canada (en-CA), and Ligurian (lij).
  • App now targets Oreo with security and performance improvements and support for new features.

Performance and visual improvements for Windows users

  • Moved the build infrastructure of Firefox on Windows to the Clang toolchain, bringing important performance gains.
  • Firefox theme now matches the Windows 10 OS Dark and Light modes.

Performance improvements for macOS users

  • Improved reactivity.
  • Faster tab switching.
  • WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems.

New features

  • Added content blocking, a collection of Firefox settings that offer users greater control over technology that can track them around the web.
  • WebExtensions now run in their own process on Linux.
  • Firefox now warns about having multiple windows and tabs open when quitting from the main menu.
  • Firefox now recognizes the operating system accessibility setting for reducing animation.
  • Added search shortcuts for Top Sites: Amazon and Google appear as Top Sites tiles on the Firefox Home (New Tab) page (U.S. only).

Fixes in Firefox 63

  • Resolved an issue that prevented the address bar from autofilling bookmarked URLs in certain cases.

Changes in Firefox 63

  • In the Library, the Open in Sidebar feature for individual bookmarks was removed.
  • The option to Never check for updates was removed from about:preferences.
  • The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order.

Developer Tools Changes in Firefox 63

  • Refreshed visual style of Developer Tools menus to improve navigation and consistency.
  • The Dev Tools accessibility inspector is now enabled by default.
  • Added support for Web Components custom elements and shadow DOM.
  • The inspector now ships with a Font Editor that allows you to control non-variable as well as variable fonts.

Unresolved issues in Firefox 63

  • Quick Heal internet security software might crash 32-bit Firefox on Windows. A workaround is documented from this support article until a fixed version of Quick Heal is available.

Firefox 63 For Android

  • Added support for Picture-In-Picture video.
  • Started using notification channels.
  • Locales added: English from Canada (en-CA), and Ligurian (lij).
  • App now targets Oreo with security and performance improvements and support for new features.

Developer tools changes in Firefox 63

  • The Fonts tab in the Page Inspector now includes an editor that makes it easy to view and edit the settings of the fonts on your page. See Edit fonts for details.
  • The Accessibility inspector is now enabled by default.
  • When you hover over an object in the Accessibility Inspector, the item is highlighted and its role and name will be shown in an information bar on the page.
  • The command line in the Web Console is now shown immediately following the console output.
  • A new icon has been added to the content in the Network Monitor to indicate when a URL belongs to a known tracker — see Security icons.
  • The default value of devtools.aboutdebugging.showSystemAddons is now false, meaning that system add-ons will not be listed on the about:debugging page. You can change the settings by navigating to about:config.
  • The Responsive Design Mode toolbar was simplified, and we added the option to left-align the viewport.
  • The Page Inspector includes a link to the class definition for a custom element.

HTML changes in Firefox 63

  • Support for the <img> element's decoding attribute has been added.
  • Support for the the sidebar link type (rel="sidebar") has been removed.

CSS changes in FIrefox 63

  • Support for the :defined pseudo-class has been added.
  • Support for row-gap, column-gap and gap has been added in Flexbox layout.
  • Re-enabled support for webkit-prefixed pixel-density @media queries.
  • Support added for the CSS Flexible Box Layout (Flexbox) properties align-self, align-content, and align-items as well as the justify-content property.
  • Implemented the path() function for offset-path.
  • Implemented syntax improvements from the Media Queries Level 4 specification.
  • Renamed offset-* properties to inset-block-start, inset-block-end, inset-inline-start, and inset-inline-end.
  • Added support for the prefers-reduced-motion media feature.
  • Added flow relative values (block, inline) for the resize property.
  • Implemented flexbox layout for safe & unsafe values in align-self, align-content, and justify-content.
  • The logical properties (where appropriate) are now animatable.
  • Removed offset-block-start, offset-block-end, offset-inline-start and offset-inline-end; these have been renamed to inset-*, as described above.

JavaScript changes in Firefox 63

  • The Symbol.prototype.description property has been implemented.
  • The Object.fromEntries() method has been added.
  • When you try to access a property of an undefined object, the error message is now much improved.
  • Experimental WebAssembly Module IndexedDB serialization support has been removed.

APIs changes in Firefox 63

  • The Shadow DOM and Custom Elements APIs have been enabled by default;
  • The Media Capabilities API been implemented.
  • The Async Clipboard API has been implemented and enabled by default for all channels. As is the case with Chrome, Firefox currently implements only the writeText() and readText() methods; however, unlike Chrome, readText() is only available in browser extensions.
  • The SecurityPolicyViolationEvent interface is now supported.

DOM changes in Firefox 63

  • Enabled: The Animation properties ready and finished, specifying the Animation object's ready and finished Promises. (Web Animations API)
  • Enabled: The Animation object's effect property. (Web Animations API)
  • Enabled: The interfaces KeyframeEffect and AnimationEffect. (Web Animations API)
  • The Element.toggleAttribute() method has been implemented.
  • The historical, previously non-standard, Event.returnValue property is now supported for compatibility purposes.
  • We implemented the Window.event property to improve web compatibility, now that it's become standard.
  • To bring Firefox into alignment with Edge and Chrome, the navigator.platform property now returns "Win32" even when running on 64-bit Windows.
  • Prior to Firefox 63, links that open new windows that had rel="noopener", as well as calls to Window.open() with the noopener window feature enabled would default to having all window features disabled, so that you had to explicitly re-enable any standard features you wanted. Now these windows have the same set of features enabled as any other window, and you need to explicitly turn off any you don't want.

DOM events

  • Handling of the Alt key on the right side of the keyboard has been improved on Windows.

Media, Web Audio, and WebRTC

  • Microphone access now works simultaneously in multiple tabs, even within the same content process.
  • RTCDataChannel has been updated to support the sctp-sdp-21 data format for the data, in addition to the older sctp-sdp-05 format previously supported.
  • The ConstantSourceNode node type for Web Audio API now has a default channel count of 2 rather than 1, in order to match the specification.
  • The Web Audio API interface AudioScheduledSourceNode (and by extension, all the other node types based on it) now throw the correct exception when a negative value is specified for the node start time. That error is RangeError.
  • The minimum and maximum permitted values for an AudioParam object's value have been changed to the minimum negative single-precision floating-point value (-340,282,346,638,528,859,811,704,183,484,516,925,440) and the maximum positive single-precision floating-point value (+340,282,346,638,528,859,811,704,183,484,516,925,440) respectively.
  • The SourceBuffer.changeType method, which allows you to change codecs during an active stream, has been enabled by default.
  • The AudioParam.setValueCurveAtTime() method has been updated to correctly accept an array of floating-point values to indicate the parameter's values to change to over time. Previously, it required a Float32Array.
  • AudioParam.setValueCurveAtTime() has also been updated to correctly return a proper TypeError when a non-finite value is found in the values array.
  • In addition, setValueCurveAtTime() has been updated to ensure that, when the parameter finishes following the specified value curve after the duration elapses, the value of the parameter is set to the last value in the list of values to curve through.
  • The RTCRTPStreamStats dictionary has been renamed to RTCRtpStreamStats for consistency with other WebRTC dictionaries and the specification.
  • Support for the RTCRtpStreamStats dictionary's kind property has been added.
  • The RTCRtpStreamStats dictionary's isRemote property is deprecated and will be removed in Firefox 6

Canvas and WebGL

  • A new powerPreference context attribute has been added to HTMLCanvasElement.getContext(). On macOS this allows WebGL non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems.

Removals in Firefox 63

  • The obsolete and non-standard Firefox-only methods Window.back() and Window.forward() have been removed. Please use the window.history.back() and window.history.forward() methods instead.
  • The createObjectURL() and revokeObjectURL() methods are no longer available on ServiceWorker instances due to the potential they introduced for memory leaks to occur.
  • Since it was deprecated in the specification anyway, the limited support for Doppler effects on PannerNode has been removed from the Web Audio API. The AudioListener properties dopplerFactor and speedOfSound have been removed, along with the PannerNode method setVelocity().

HTTP Changes in Firefox 63

  • The Clear-Site-Data header is implemented and no longer behind a preference.

Security

  • Site favicons are now subject to Content Security Policy, if one is configured for the site.
  • CSP script-src directive's 'report-sample' expression now recognized when generating violation reports. This directive indicates that a short sample of where the violation occurred should be included in the report. Previously, Firefox always included this sample.
  • Firefox now uses NSS 3.39.

WebDriver conformance (Marionette)

New Features:

  • Marionette now returns a setWindowRect capability in the WebDriver:NewSession response that is true if the browser window can be repositioned and resized, which e.g. is the case for Firefox but not any mobile applications.
  • Added support for the unhandledPromptBehavior capability, which allows to define a specific prompt behavior of the WebDriver specification.
  • Handling of user prompts has been added to the WebDriver:ExecuteScript and WebDriver:ExecuteAsyncScript commands.

API changes:

  • Deprecated command end-points without the WebDriver: prefix have been removed.
  • The WebDriver:NewSession command returns recommended strings (linux, mac, windows) for platformName as defined in the WebDriver specification.

Bug fixes:

  • Focus related events were missing on element interaction when Firefox was not running as the top-most application.
  • Performing a pointerDown and pointerUp action in a subsequent action sequence could trigger a double click because WebDriver:ReleaseActions didn't reset the double click tracker.
  • Executing pause actions repeatedly could cause an infinite hang.
  • Fixed a bug where returning an element collection from WebDriver:ExecuteScript and WebDriver:ExecuteAsyncScript would cause a cyclic reference error.
  • To prevent a race condition both the WebDriver:AcceptAlert and WebDriver:DismissAlert commands now wait until the user prompt has been closed.
  • Log entries as emitted by the frame script were no longer limited by MarionettePrefs.logLevel but logged everything.
  • WebDriver:TakeScreenshot raised an error when taking a screenshot of a window larger than 32767 pixels in width or height.
  • WebDriver:SendAlertText didn't replace default user prompt value if text to send is an empty string.

Other

  • Corrected the behavior of PerformanceObserver.observe() to simply do nothing if no valid entry types are found in the specified array of entry types to observe, or if the array is empty or missing.
  • In OpenSearch, Firefox now accepts application/json as a search URL type, as an alias of application/x-suggestions+json.

Changes for add-on developers

API changes

Theming:

  • The default text color for browserAction badges is now automatically set to black or white, to maximise contrast with the background.
  • The accentcolor and textcolor properties of the theme manifest key are now optional.
  • browserAction.getBadgeTextColor() and browserAction.setBadgeTextColor() enable you to get and set the text color of browser action badges.
  • The theme colors key in manifest.json now supports the ntp_text property to set the text color in a new tab, and the ntp_background property to set the color of a new tab.
  • Themes can now define the colors for sidebars, such as the bookmarks sidebar.
  • The method management.install() allows web extensions to install and enable signed browser themes.

Search:

  • The new search API enables you to retrieve the list of installed search engines and perform searches with them.
  • topSites.get() now takes an options parameter enabling you to set various options for the list of sites returned.

Tabs:

  • tabs.onHighlighted now supports multi-select.
  • tabs.highlight now includes an optional field in the highlightInfo object — populate — which defaults to true.
  • tabs.update now supports changing the selection status of a tab by including highlighted: true in the updateProperties parameter.
  • tabs.update supports changing the selection status of a tab without changing the focused tab by including both highlighted: true and active: false in the updateProperties parameter.
  • tabs.query now returns an array of tabs.Tab objects if multiple tabs are selected.
  • The tabs.Tab property now properly reflects which tabs in a browser window are selected (highlighted) and tabs.highlight supports changing the highlighted status of multiple tabs.
  • The isarticle property in the extraParameters object passed into tabs.onUpdated has been renamed to isArticle. The old name is retained but deprecated. This change was uplifted to Firefox 62.
  • The tabs.onUpdated event can be used to track when a tab is drawing the user's attention with attention property of the changeInfo object.

Menus:

  • Added menus.getTargetElement() to the menus API.
  • menus.create() now enables you to create invisible menu items, and menus.update() enables you to toggle menu item visibility.
  • Items created using the menus API now support access keys.
  • The targetUrlPatterns parameter of menus.create() andmenus.update() now supports any URL scheme, even those that are usually not allowed in a match pattern.

Other:

  • commands.onCommand is now treated as user input.
  • The webRequest API now enables you to filter for speculative connections.
  • webRequest.SecurityInfo adds two new properties, keaGroupName and signatureSchemeName.
  • cookies.Cookie now includes a property indicating the SameSite state of the cookie.
  • Match patterns for URLs now explicitly match the "data" URL scheme.

Security vulnerabilities fixed in Firefox 63

  • CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin.
  • CVE-2018-12392: Crash with nested event loops.
  • CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
  • CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
  • CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
  • CVE-2018-12397: Missing warning prompt when WebExtension requests local file access.
  • CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs.
  • CVE-2018-12399: Spoofing of protocol registration notification bar.
  • CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android.
  • CVE-2018-12401: DOS attack through special resource URI parsing.
  • CVE-2018-12402: SameSite cookies leak when pages are explicitly saved.
  • CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP.
  • CVE-2018-12388: Memory safety bugs fixed in Firefox 63.
  • CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.

Have fun cross-browser testing your apps in Firefox 63 and Browserling!