Starting with Firefox 78, we will produce detailed release notes for issues that impact enterprises including bug fixes, enhancements, and policy changes.
Because this is our first enterprise release notes, we'll also be including notable changes between the last ESR (Firefox 68) and Firefox 78.
- We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page. Users can click a button on that page to view the site. If you want to allow TLS 1.0 and TLS 1.1, you can use the SSLVersionMin policy.
- Support for reading client certificates from the operating system was introduced in Firefox 72 for Windows and 75 for MacOS and Linux. You can read more about it here. You can enable it by setting security.osclientcerts.autoload to true in the Preferences policy.
- Starting with Firefox 75, Firefox will locally cache all trusted Web PKI Certificate Authority certificates known to Mozilla. This will improve HTTPS compatibility with misconfigured web servers and improve security.
- With Firefox 77, You can view and manage web certificates more easily on the new about:certificate page.
- Unlike the standard release of Firefox, user and enterprise added certificates are read from the operating system by default.
- Firefox 78 is the last major release with support for macOS versions 10.9, 10.10 and 10.11. Users of these macOS versions will be supported through Firefox ESR 78.x for the coming year. You can read more about this here.
As previously announced in the Plugin Roadmap for Firefox, in Firefox 69 the Always Activate option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website. You can override this by adding domains in the FlashPlugin policy.
- In Firefox 71, we removed the ability to put the flash plugin in the Firefox application directory. If you need to put the plugin there for some reason, you can use the MOZ_PLUGIN_PATH environment variable to specify the location of the plugin. This was mainly an issue on Linux.
- In Firefox 69, the Block Autoplay feature was enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound. This feature was also added to the Permissions->Autoplay policy.
- Starting with Firefox 70, we show a gift box icon when there are new features in Firefox. This can be managed with the UserMessaging->WhatsNew policy.
- In Firefox 71, the about:config page was reimplemented in HTML.
- Picture-in-Picture support was introduced in Firefox 71 for Windows and 72 for MacOS and Linux. You can read more about it here. This can be managed with the new PictureInPicture policy.
- Kiosk mode was introduced in Firefox 71. You can read more about it here.
- Starting with Firefox 75, certain searches in the URL bar cause the user to receive Firefox specific suggestions. This can be managed with the UserMessaging->URLbarInterventions policy.
- We now handle 407 from a HTTP/2 proxy. This was causing problems using the web version of WhatsApp. This was fixed in bug 1554218.
- Add-ons that were blocked via policy could be installed via Sync. This was fixed in bug 1487529.
- Even if permissions were locked by policy, they could still be updated by the user in the Page info dialog. This was fixed in bug 1630884.
- Starting with 69, Firefox no longer loads userChrome.css or userContent.css by default. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
- Previously if you locked the homepage via the Homepage policy, the user couldn't choose Restore Previous Session option in preferences. We've separated locking the homepage from locking the start page by adding a new homepage-locked option for the Startpage. This was fixed in bug 1635825.
- We made it easier to update add-ons that are installed via policy. If the add-on is installed from the local hard drive, it is updated any time the version changes. If it is installed from the web, it is updated anytime the filename changes. This was fixed in bug 1596481.
- On Linux, you can put a policies.json file in /etc/firefox/policies and it will be used by all users on the system. This will override a policies.json file in the Firefox install directory.
- A new Handlers policy has been added. This allows you to configure default application handlers for mime types, protocols and file extensions.
- The DisabledCiphers policy has been updated. Previously setting a cipher value to true or false would always disable the cipher. Starting with Firefox 78, setting the value to true will disable the cipher and setting the value to false will enable the cipher. This allows you to enable ciphers that Firefox has disabled.
- The ExtensionSettings policy has been updated to allow you to specify domains where you do not want add-ons to access the content.
- Starting with Firefox 75, Firefox added a Default Browser Agent. This can be managed with the DisableDefaultBrowserAgent policy.
- We've added a new PDFjs policy that allows you to turn on document permissions in the PDF viewer so users can't copy from secure documents.
- Service Worker and Push APIs were disabled in all the previous ESRs, but are now enabled. Enterprise apps can utilize the offline support or push notifications in ESR. If your enterprise web application uses AppCache to provide offline support, you should migrate to these new APIs as soon as possible as AppCache will not be available in the next major ESR in 2021
- Starting with Firefox 74, Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application. This change is NOT in the Firefox 78 ESR.