
Firefox 59 released - dikiaap
https://www.mozilla.org/en-US/firefox/59.0/releasenotes/
======
Flimm
Firefox 59 is the first Firefox release to support SameSite cookie attribute,
joining Chrome.

> Same-site cookies ("First-Party-Only" or "First-Party") allow servers to
> mitigate the risk of CSRF and information leakage attacks by asserting that
> a particular cookie should only be sent with requests initiated from the
> same registrable domain.

I like this one!

~~~
lloeki
How does this play out WRT "Block 3rd party cookies" (which wasn't on by
default on Fx and Cr but was on Safari since an eternity?)

~~~
bzbarsky
Note that the definition of "Block 3rd party cookies" in Safari is different
from the one in Firefox (not sure about Chrome). Firefox blocks a lot more
stuff when that option is enabled in Firefox than Safari does when its option
is enabled, which causes more web compat problems.

~~~
driverdan
Blocking 3rd party cookies causes very few problems. I've blocked them for
many years and have seen fewer than 10 sites it caused problems with. For
those you can whitelist the domain.

~~~
saberworks
My experience has been the opposite. It breaks every Amazon Pay integration
and a lot of Paypal integrations as well. It also breaks online banking for
the two credit unions I use, both of which seem to use some 3rd party service
to run their backends. And then just whitelisting the domain isn't a great
solution because then that means they can drop any 3rd party cookies, not just
the desirable ones. So suddenly my online banking works, but now I've got
google trackers and whatever other crap they want to drop. I believe I was
able to whitelist just those cookies but that was quite a few versions ago and
the interface is different now so I can't find where I did it. The cookie
interface is really terribe; when you go to the site information it tells you
whether the site is storing any cookies, and many times it says "No" but if
you click the "view cookies" link it shows a ton of them. This happens when
the domain doesn't match exactly (for example www.example.com vs example.com)
so you can't really trust the Yes|No info box.

~~~
forapurpose
> whitelisting the domain isn't a great solution because then that means they
> can drop any 3rd party cookies, not just the desirable ones

Try something like uMatrix or similar add-ons. They allow you to configure
rules similar to application firewalls:

    
    
      cookie * * DENY
      cookie * 1stparty ALLOW
      cookie creditunion.org finserv.com ALLOW
    

Great interface too, at least what I've seen on uMatrix: Most rules are
configured with one click in a 'matrix' of hosts and applications.

------
dmix
The article about "Off-Main-Thread Painting (OMTP)"is an interesting read:

[https://mozillagfx.wordpress.com/2017/12/05/off-main-
thread-...](https://mozillagfx.wordpress.com/2017/12/05/off-main-thread-
painting/)

Great to see so much effort being put into the fundamentals.

------
ChrisSD
It's great that they're continuing to add back customisation to the new tab
page but why am I still restricted to two rows of "top sites"? I'm on a
desktop here, I'm not going to run out of pixels. Even on Android I liked
having more space for quick links to websites I visit semi-regularly. In fact
it was more useful there because there isn't a good way to bring order to the
history panel.

Is it just to make room for "highlights"? I switched that off because it's
utterly useless for me. I don't find it helpful to be shown a random selection
of things I've clicked on. Besides, I am capable of scrolling.

Yes I know, there's an addon for that (probably). But it just feels like such
an arbitrary restriction.

Why are only twelve "top sites" allowed?

~~~
ams6110
And why can't I have my home page as my new tab page?

I don't want any of that "top sites" BS on a new tab, I want the local HTML
file that I created as my home page. Why not allow it for new tabs?

~~~
dorgo
I'm cursing for about a year about this. I spent days searching for
workarounds and stopped short of hacking into firefox. Maybe I should just
install firefox 50 and disable updates.

~~~
ams6110
Only thing I've found is that hitting ALT-Home keys in the new tab will load
the home page. But it's one of those tiny repeated annoyances that I'd love to
avoid.

~~~
davvolun
I can't really comment fairly here as I've gotten used to Chrome for the last
2+ years, but is there really not an extension in Firefox for this, even if
it's not natively supported? Seems surprising to me.

~~~
ams6110
Yes there are, but for some reason using a local file is a problem. Something
about the ability of WebExtension to access a local file. Probably sensible,
but in this case annoying.

------
teamhappy
"Added settings in about:preferences to stop websites from asking to send
notifications"

Been waiting for this one.

~~~
Piskvorrr
Sites have been replacing the actual API request with a HTML5 overlay,
precisely because of this - only when clicking "notify me" does the actual
permission get requested, with the requisite dialog.

(The rationale is "once the permission is denied, there's no way to bring it
up again; a dismissed HTML5 box can be brought up again an infinite number of
times")

As for me, I went for WebAPI Manager, which blocks most of the annoyances
(Vibrate API? Never saw anyone outside malvertising use _that_ ), while still
allowing me to manually whitelist sites.

~~~
udfalkso
Right. This is also the current standard approach for asking for iOS push
permissions. Without intermediary dialog, the app can't try again.

~~~
Cthulhu_
And as app builders you have to explain people how to enable the permission
anyways if people try to e.g. use their current location. Luckily since a few
versions now, iOS allows apps to directly open a certain settings page, e.g.
location services.

------
sutoor
Sadly, still unusable for me since the Quantum update.

A clean install and profile, no add-ons, and google.com/maps (for example)
will max out my cpu. There must be some bug related to old hardware and OS
(Macbook Pro 2009 + 10.11.x) or more people would be experiencing this.

~~~
zbraniecki
Hi! I'm collecting profiles on cases like yours.

Here are instructions if you'd like to help:
[https://www.reddit.com/r/firefox/comments/7knnn4/firefox_qua...](https://www.reddit.com/r/firefox/comments/7knnn4/firefox_quantum_is_eating_your_cpu_help_us_debug/)

~~~
petecox
Thanks, I will do so.

When Firefox optimised for multi-process, did they test for single-core? I'm
on a machine released this decade - a rare instance of a single core x86_64
machine (fanless Atom NUC)

Facebook is pretty much now unusable with they do their asynchronous page
loading of stories.

------
Santosh83
Although its a minor thing, I'm personally delighted with drag & drop for the
new tab tiles. These are the kind of little usability improvements that can
tip the finely balanced scales between major browsers these days.

~~~
sixothree
Tab Tiles?

~~~
Santosh83
Top sites tiles on the new tab page in Firefox.

[https://www.mozilla.org/media/img/firefox/home/new-
tab.a1c9f...](https://www.mozilla.org/media/img/firefox/home/new-
tab.a1c9f06dcebe.png)

------
grok2
After I switched to Firefox 59 beta on Windows (7 upgraded to 10), I see the
following issue all the time. When accessing finance.google.com in one tab and
etrade.com (internal page) in another, if I am on finance.google.com and if it
refreshes and is slow for some reason I start seeing a blank page with a
spinner on that tab and while this is happening, if I switch to the etrade.com
tab, I see that page is blank too and has a spinner that doesn't refresh until
the finance.google.com tab comes back -- almost like the browser is stuck in a
system call somewhere and all tabs using javascript are blocked. Maybe it's
likely some interaction with some addons I have (mostly NoScript), but it's
been frustrating and for the first time in so many years I am considering
switching browsers :-(.

BTW, where is the best way to ask about issues like this regarding Firefox, it
seems like Googling for Firefox issues mostly only brings up years old issues
and no one is publically posting about more recent issues like this. Also it's
hard to describe problems like this in a reasonable way to come up with search
terms that Google likes and doesn't hit old reported problems.

~~~
crispyporkbites
Google web apps and sites don't work well in Firefox, generally speaking.

Examples where Chrome performance and functionality is superior include:

\- Inbox (try downloading attachments) \- Maps \- Analytics \- ...

~~~
vmarsy
> Inbox (try downloading attachments)

The only times I got issues with this on Firefox was due to some add-on
(Disconnect for instance). On Firefox out of the box I haven't had issues with
downloading attachments lately, even with the add-on on.

------
andrepd
Still on 56, sadly. The addons crucial for my workflow have stopped working.
Shame these concerns were not properly addressed, even after months of clamour
about breaking changes like these.

~~~
robbyt
What add-ons?

~~~
smileypete
For me it's LiveClick.
[http://projects.protej.com/liveclick/](http://projects.protej.com/liveclick/)

'Display preview in live bookmark item tooltip' and 'keep menu open after
middle clicking items' are worth me staying on FF 55 for the time being.

Sure I have tried upgrading and using other addons but nothing really does as
well for me as this addon.

------
symlinkk
> Added settings in about:preferences to stop websites from asking to send
> notifications or access your device’s camera, microphone, and location,
> while still allowing trusted websites to use these features

Good. I get so tired of having to click that little [x] on the location
prompt.

However it's really just covering up a bigger issue, which is that the
permissions prompts in Firefox and Chrome should be redesigned. It would be
good if they were designed so that they were still noticeable, but they:

* don't cover part of the webpage

* don't cover other parts of the browser's UI

* and don't take focus away from the webpage

~~~
skellera
Yeah, why isn’t it one of those thin drop down bars at the top that can be
closed? Have it go away after a certain number of seconds.

------
Aelius
More good news: expect to see Fx60 on Fdroid.

[https://forum.f-droid.org/t/making-it-easier-for-f-droid-
to-...](https://forum.f-droid.org/t/making-it-easier-for-f-droid-to-package-
mozilla-firefox/1649/14)

------
syeaj
I switched to Firefox from Chrome at 58. I've been very happy with the
experience all around. Keep up the good work, Mozilla!

~~~
trevor-e
I too switched for several months, but am already back to using Chrome. Even
with the performance improvements, it's still noticeably slower than Chrome.

~~~
syeaj
I'm curious: what OS do you use and what sites are you visiting?

I've had a stellar experience on Arch Linux. The RAM usage is down. I can't
say I really ever found Chrome slow, but nor is Firefox for me. I think
they're both plenty fast, but I prefer sites without lots of garbage flying
around on the page anyway.

~~~
trevor-e
macOS High Sierra. I generally have a lot of tabs open: two Inbox tabs,
Facebook, StackOverflow chat + question pages for what I'm working on, many
JIRA tickets, HN, sometimes Twitch, etc.

I think it has something to do with video rendering since opening
Twitch/Youtube often causes the problems to start.

~~~
jdeibele
Try [https://addons.mozilla.org/ca/firefox/addon/auto-tab-
discard...](https://addons.mozilla.org/ca/firefox/addon/auto-tab-discard/) I
had been using Tab Suspender from the same author but recently noticed that it
was deprecated for FF 57 or newer.

Pretty happy with it on long-running tabs I check once or twice a day.

------
axelfontaine
Still no proper Yukikey 2FA support. Github kinda works, Gmail still
completely broken. I would love to switch from Chrome for the privacy
benefits, but this is an absolute deal-breaker.

Edit: There is hope for Firefox 60 or 61 ->
[https://bugzilla.mozilla.org/show_bug.cgi?id=1409573](https://bugzilla.mozilla.org/show_bug.cgi?id=1409573)

~~~
nine_k
IIRC it's the problem of Gmail specifically, and how they implemented 2FA.
Spec-compliant sites, like Giithub, work.

~~~
Nokinside
It's the old Microsoft strategy.

Break the standard behaviour slightly to make competitors product unusable in
your products.

------
dmix
> Firefox Private Browsing Mode will remove path information from referrers to
> prevent cross-site tracking

Surprised this wasn't done yet.

~~~
Sylos
Well, politics. As a browser vendor, you need to provide webpage owners ways
to make (more) money, especially when other browsers that users are happily
voting for, do provide these ways.

------
childintime
Sadly no news on the Web-extensions front. Several of my extensions continue
broken.

~~~
proaralyst
What news are you looking for? I'm fairly sure extensions targeting the older
APIs will not be supported in any future release.

~~~
Crespyl
Old extensions won't ever really work again, but part of me is still kind of
holding out hope for WebExtensions API features for things like "allow
extension on 'system' pages (new tab, settings, etc)", "focus addressbar",
"hide/replace address/tab bars", etc.

Some of those are coming or pretty much ready (tab hiding, addressbar focus),
and others I've almost given up on, given how Mozilla seems to have changed
their philosophy.

------
armandduijn
> Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac
> users

Does this update improve its power consumption? Currently, Firefox has a
significantly larger effect on my MacBook's battery life compared to Safari
with similar usage.

~~~
mbesto
Ya, I'm really disappointed with the battery consumption on FF, almost wanting
me to move back to Chrome (shudder).

------
CoffeeDregs
Switched to FF Nightly from Chrome about 6 months ago because Chrome's memory
usage was awful. Firefox has been much better, especially since I modified the
following in about:config:

    
    
        browser.sessionhistory.max_total_viewers => 0
        dom.ipc.processCount                     => 1

~~~
jadbox
Isn't limiting the ipc processes severely capping (CPU) performance?

~~~
CoffeeDregs
I haven't really noticed much of a difference in performance but memory usage
is much lower.

------
crawdingle
[https://bugzilla.mozilla.org/show_bug.cgi?id=1353319](https://bugzilla.mozilla.org/show_bug.cgi?id=1353319)
\- RESOLVED FIXED in Firefox 59, super happy about that.

~~~
severine
I'll save you a click:

> Render the HTML preview within the Response side-panel

> Component: Developer Tools: Netmonitor

> Reported: 11 months ago

------
chmln
Firefox gets raving feedback here, but for me it is unusably slow on a Linux
machine.

While websites do render fast, the UI is not very responsive, whether its
laggy typing into the address bar [1] or the crawling devtools.

[1]
[https://bugzilla.mozilla.org/show_bug.cgi?id=1408699](https://bugzilla.mozilla.org/show_bug.cgi?id=1408699)

~~~
jcadam
I switched back to Firefox for dev work on my system (Arch Linux), because
Chrome would slow to a crawl with its devtools open. Firefox (since quantum)
seems to fare better.

------
zaarn
59 is probably a bit of a less spectacula release than Quantum itself but the
recent updates nonetheless bring me joy.

The "stop notifying me about permissions and just block it" is something I
genuinely didn't know I wanted. Though I do hope (but will have to test later)
if this also works for HTML Canvas since I use the additional anti
fingerprinting.

------
exodust
Won't be updating beyond FF 55.0.3 because 'Status-4-Evar' add-on doesn't work
with Quantum. Apparently it can't be updated to work with Quantum for reasons
I don't know, but was mentioned on the support forum.

Until such time as I can prevent the annoying floating URL pop-up in bottom
corner when hovering over links, I won't be updating. I don't see why I can't
have a harmless fixed status bar extending 100% at bottom of window. It
creates a nice gap between Windows taskbar and the browser, with the URL hover
text contained neatly within and doesn't appear over the page as an irritating
floating layer.

Is it law at Mozilla that FF must imitate Chrome on interface style? Perhaps
my choice of wanting choice is the wrong choice. Perhaps it's my fault as
user, for wanting something that was taken away.

Another add-on I liked, now kaput, is Mozilla's own Lightbeam. The important
list view and domain blocking function of that extension has been broken for
some time. The march towards the "best browser" seems to involve breaking
things and pissing people off.

~~~
mixmastamyk
Used to prefer the status bar but am sort of used to not having it now. But I
think the new way is broken also. Don't see why I have to look down to see the
link target. Why can't it be a tooltip at the mouse pointer, perhaps below any
alt text?

~~~
exodust
I would not choose to have a tooltip link hover, but you should be allowed to
have it if you want. Via options, about:config, or possible via an extension.

In UI terms, the concept of a fixed footer is well established. We see it
often on sites and applications. FF allows adjustment of the millisecond delay
of the link text, but no control over other properties of that element. I
don't get the logic. When vendors move the furniture around in their "security
updates" it makes me distrust the updates, particularly when the furniture
can't be moved back to how it looked before.

------
Something1234
Is allow client side decorations available yet in about:config? It was in a
fedora release about 2 months ago, and it was removed because it wasn't in
mainline. I have the title bar disabled for now, but that's broken in it's own
way(dragging doesn't work right).

~~~
dao-
No, it wasn't ready:
[https://bugzilla.mozilla.org/show_bug.cgi?id=1440461](https://bugzilla.mozilla.org/show_bug.cgi?id=1440461)

Should be part of Firefox 60.

~~~
Something1234
That's a shame. Client side decoration seemed ready when it was enabled on
Fedora.

------
odabaxok
A little OT, but how can I enable/use the Screenshots feature? I cannot find
it.

~~~
teamhappy
Right click -> Take a Screenshot

~~~
magnetic
Is there a way to trigger a full screen screenshot via Selenium/WebDriver?
(not a partial/window screenshot - that I can do)

~~~
mcintyre1994
If I'm understanding correctly, could you just select the body tag and
screenshot that? In Selenium Python that'd be:

    
    
        # driver is a Firefox driver
        body = driver.find_element_by_tag_name('body')
        screenshot = body.screenshot_as_base64 # png bytes

~~~
magnetic
Just tried this - doesn't seem to work:

\- a lot of (visible) elements are missing

\- the screenshot is still cropped to whatever viewport is used

~~~
mcintyre1994
Definitely just speculating here, but there is a
`driver.save_screenshot(path)` method that would probably be worth trying.

This worked for me:

    
    
        from selenium.webdriver import Firefox
        from selenium.webdriver.firefox.options import Options
    
        geckodriver_path = '/usr/local/bin/geckodriver'
        options = Options()
        options.add_argument('-headless')
        driver = Firefox(executable_path=geckodriver_path, firefox_options=options)
    
        url='https://news.ycombinator.com/item?id=16576015'
        driver.get(url)
        driver.save_screenshot('./hn.png')

------
floatboth
> Added support for W3C specs for pointer events and improved platform
> integration with added device support for mouse, pen, and touch screen
> pointer input

ohh yeah finally! I somehow missed that even though I'm following Nightly.

------
szemet
Can't find in the release notes: Is the Android version now based on quantum
as the desktop version? As it was promised a few months back:

[https://www.androidpolice.com/2017/09/26/project-quantum-
enh...](https://www.androidpolice.com/2017/09/26/project-quantum-enhancements-
wont-arrive-firefox-57-android/)

~~~
ac29
One of the major Quantum improvements, Stylo, isn't coming to Android until
Firefox 60:
[https://bugzilla.mozilla.org/show_bug.cgi?id=1366049](https://bugzilla.mozilla.org/show_bug.cgi?id=1366049)

Unfortunately, it'll still be pretty slow until then.

------
Grollicus
Can someone tell me what's behind "Faster load times for content on the
Firefox Home page"?

------
cgrf
I'm sad to say that Firefox Quantum will remain useless to me until proper
session management is restored. But without even the necessary API to enable
features that were provided by the "Session Manager" add-on for many years,
this still seems to be a long way off.

------
acaramanamaraca
Looks like 'client side decorations' on Linux didn't make this release?

~~~
vetinari
CSDs were already in 58 (Customize, Title Bar). What didn't make this release
is Wayland support.

~~~
acaramanamaraca
I think that was only backported into the Fedora version?

~~~
vetinari
Looks like you are right, I cannot find it in Ubuntu version.

------
esturk
Does anyone know why Alt+D doesn't focus into the Address Bar anymore? (I
thought the behavior was suppose to be like Ctrl+L) I'm on Linux.

------
ams6110
I use Firefox Focus on my phone (android). Anyone know if it tracks the full
Firefox releases or is it something completely separate?

~~~
Sylos
It's completely separate.

As in, it doesn't even use Gecko, it uses the native web engine of
iOS/Android, so that's WebKit / Android Webview. With how many trackers and
ads they block in Focus by default, they wouldn't exactly motivate webpage
owners to support Gecko anyways, if they'd use Gecko in it.

This is the current release notes of Firefox Focus on Android:
[https://support.mozilla.org/en-US/kb/whats-new-focus-
android...](https://support.mozilla.org/en-US/kb/whats-new-focus-android-4)

------
marak830
Damn I'm excited about this (specifically those damn notification popups!).

Slightly off topic: has anyone else been getting frequent crashes lately? It's
as if it's running out of memory then freezing a moment. I thought it was
because I'm on an older phone at first (note 3 here) but my wife said the same
thing to me and she is in an edge 7.

(Kinda hoping someone knows a config fix to it haha)

------
MrBuddyCasino
Off-Main-Thread Painting (OMTP) for Mac users is some good stuff. FF is now
noticeably smoother. Nice!

------
nokcha
Has the issue with HSTS supercookies leaking into Private Browsing mode been
fixed yet?

~~~
coolspot
Relevant Mozilla and Chromium bugs:

[https://bugzilla.mozilla.org/show_bug.cgi?id=930638](https://bugzilla.mozilla.org/show_bug.cgi?id=930638)

[https://bugzilla.mozilla.org/show_bug.cgi?id=1232961](https://bugzilla.mozilla.org/show_bug.cgi?id=1232961)

[https://code.google.com/p/chromium/issues/detail?id=104935](https://code.google.com/p/chromium/issues/detail?id=104935)

------
ppbutt
Does this include the forced collection of the user's usage data?

~~~
MikkoFinell
Better stay away from the evil Mozilla corporation, and instead use one of
those other, more privacy-aware, browsers like Google Chrome or Microsoft
Edge.

~~~
yjftsjthsd-h
It's okay to do bad things so long as your main competition is worse?

~~~
abiox
wrt to satisfying every single extant ideological constraint that determines
'good' or 'bad', yes. a pragmatic assessment is that, due to it not being
possible to satisfy contradicting constraints, it is thusly 'okay' to not do
the impossible.

------
superdaniel
cmd+f,"u2f" or "webauth"

Nothing.. I wonder when they'll ever get to fully supporting u2f (probably via
webauth) so I don't have to use Chrome to log into certain websites.

~~~
cpeterso
Mozilla will ship the Webauthn API in Firefox 60 (May 9):

[https://hacks.mozilla.org/2018/01/using-hardware-token-
based...](https://hacks.mozilla.org/2018/01/using-hardware-token-based-2fa-
with-the-webauthn-api/)

------
Tepix
Congratulations!

What's the memory usage like compare to earlier versions?

~~~
bzbarsky
Looking at that bug, one problem with implementing the nonstandard
"mousewheel" event is that the browsers that implement it have different
behavior in terms of what the delta value means, so sites using it tend to do
browser sniffing to decide how to handle it. Which means implementing it is
likely to break sites unless you exactly match the UA string and behavior of
some other browser.

Given that, and given that Firefox does support the per-standard "wheel"
event, what is the argument for implementing "mousewheel"?

~~~
pcwalton
(I think this comment was meant to be posted somewhere else…)

~~~
bzbarsky
No, I posted it in the right place. Tepix subsequently edited his/her comment,
as far as I can tell. The comment I was replying to, about "mousewheel"
events, is certainly no longer in evidence.

~~~
Tepix
Sorry about that, i changed my comment because it was obsolete and i could no
longer delete it.

~~~
bzbarsky
Next time it might make sense to make it clear that the comment was edited and
how... ;)

------
gdulli
Did they fix the bug introduced with multi-process where select lists in their
popped-up state don't respect css styles?

------
dreamygeek
Mozilla should also be focusing on RAM utilization. If they are doing that on
the back end they should explicitly mention it in the update details.

~~~
bzbarsky
There were thousands of changes from Firefox 58 to Firefox 59 (I count > 8900
changesets, though some are merges).

The release notes only list the most visible and most unexpected changes.
Ongoing memory and performance work rarely clears that bar. It's happening all
the time.

------
John_KZ
Firefox is dead to me ever since they killed their addons and marketed it as a
step forward. If I wanted to use Chrome I'd use fucking Chrome.

~~~
the_grue
I don't know why you are being downvoted. I have the same problem. I'm still
stuck with Firefox 56 and no upgrade path in sight. I wish Mozilla declared FF
56 a LTS release for those of us who value their addons more than performance
benefits of Quantum. Right now I'm still using an out-of-date release that
doesn't receive critical security updates, and I have to choose between either
downgrading 4 releases down to FF 52 (bad) or upgrading beyond FF 57 and
losing addons that I came to rely on (unacceptable).

~~~
jimktrains2
The thing that kept me from upgrading was TreeStyleTabs, but there is a non-
XUL version of it which works fairly well.

While it is a pain, it's not as if Mozilla removed XUL support with no
warning. What addons are you missing? Perhaps we can find updates or
replacements?

~~~
Kliment
Session manager is the main one that's missing for me. Nothing else can
reliably selectively restore a session with full history and unloaded tabs on
startup after a crash for me.

~~~
jimktrains2
Interesting. I've never had an issue with the built-in session restore
functionality. I'm not dismissing you, but asking what issues you've had with
it (so that I can watch out for them.)

~~~
Kliment
Sometimes, usually after a crash, firefox will restore an empty session.
Session manager has a working backup in those cases.

