hi paul, this is likely happening due to this security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730

try to change privacy.file_unique_origin to false in about:config, restart firefox and see if this can make a difference (please note that this makes you vulnerable to the described security problem though).

Yes! That did the trick, many thanks.

Mind you, I still don't understand why the problem arises…

basically this change in 68 was isolating files in your local environment from each other, so a downloaded malicious html file wouldn't be able to access other content on your disk once opened.

This is a major problem for web developers using dreamweaver. In preview mode the URL is going to start with file:/// Which is then going to block all fonts because of your CORS policy.

This now means none of my fonts, webfonts, icon fonts now show in firefox browser without the above hack. This is a serious problem for web designers.

Every version of firefox previously has worked just fine.

This also breaks any one who has an external XSLT; the bug is private in the tracker database. What is the acceptable work around to get this to work?

This is a pretty fundamental change and the description of the CVE really reeks of "Code Execution Results in Code Execution".

I have rolled back to previous version. Version 68, is a seriously botched release. You cannot even get out of responsive mobile view in developer tools. As the toggle mobile/desktop no longer even works.