Mozilla Firefox 88 Is Released
Firefox 88 enables the Webrender compositor by default on GNU+Linux operating systems. It provides dismal performance out of the box which can be improved using a hidden new EGL configuration key. Pinch-zoom touchpad support has also been added to the Linux version and there are 11 security fixes with "high" and "moderate" impact in this release.
Mozilla Firefox 88.
Mozilla begun developing a brand new web browser engine called Webrender as part of a independent web browser project called Servo ages ago. They begun porting it to Firefox as part of a "project Quantum" in 2016. Mozilla has made it the default compositor on Linux in Firefox 88. It is, as of Firefox 88, enabled even if
gfx.webrender.enabled is set to false in the special configuration interface you can get by typing
about:config into the Firefox address bar. It is possible to disable it by setting the special
gfx.webrender.force-disabled key to
Webrender provides dismal performance out-of-the-box on GNU/Linux. It's just slow. Mozilla has, luckily, introduced a brand new configuration key for GNU+Linux users using the X display server in
gfx.x11-egl.force-enabled. Flipping that switch makes Firefox render the output form the Webrender compositor using EGL. It is much, much faster. Earlier versions required setting a environmental variable called
MOZ_X11_EGL=1 to enable it. That route is still the only options if you are using a Firefox ESR release. See HOWTO Make Mozilla Firefox Blazing Fast On Linux for benchmarks for some detailed benchmarks of Firefox with Webrender and the old Gecko compositor with and without EGL.
This is how Firefox 88 performs with just Webrender (out of the box performance on Firefox 88), Webrender with EGL rendering, the old "Gecko Basic" rendering previous Firefox versions defaulted to on GNU/Linux and the old Gecko compositor with OpenGL and EGL enabled:
Webrender is, as you can tell by the numbers, not much of an improvement out-of-the-box compared to the old default "Gecko Basic" compositor. That changes if you go type
about:config into the address bar and flip the
There are several other combinations of compositors and rendering options you can use in Firefox 88 beyond those shown above. Webrender+EGL is probably your best bet, though the old Gecko compositor is quite competitive if you manually enable OpenGL and EGL. Mozilla will eventually remove Gecko as a compositor option and require everyone to use Webrender, so it is not something you could rely on long-term.
Fiddling with the settings in the special
about:config page has become a bit easier in Firefox 88.
Firefox 88 has a new button you can click to only see.. a ton of settings you haven't actually modified and the few you probably have. It is somewhat useful if you need to search for some setting you changed in the past.
Linux users who own a touch-pad will be happy to know that Mozilla has added pinch-to-zoom support to the Firefox Linux version.
Mozilla has silently removed thecontext-menu from web pages in Firefox 88. It is still available in the menu if you re-enable the good old menu-bar (right-click next to the tabs and select to enable it) and it can still be accessed by pressing ctrl+I.
Firefox 88 has five "high impact" and six "moderate impact" security fixes. The "high priority" fixes are:
- CVE-2021-29947: Memory safety bugs fixed in Firefox 88
- CVE-2021-23997: Use-after-free when freeing fonts from cache
- CVE-2021-23996: Content rendered outside of webpage viewport
- CVE-2021-23995: Use-after-free in Responsive Design Mode
- CVE-2021-23994: Out of bound write due to lazy initialization
..and the "moderate impact" fixes are:
- CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
- CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
- CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process
- CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab
- CVE-2021-23999: Blob URLs may have been granted additional privileges
- CVE-2021-23998: Secure Lock icon could have been spoofed
There are, additionally, two "low impact" security fixes in Firefox 88.
Speaking of security, Mozilla has introduced a new privacy-related security-concern in this release: Firefox will no longer ask you for access to your microphone and camera if you already given a website access to those things within the last 50 seconds. This may not be a huge concern, if you gave a website access to the physical room you are in 50 seconds ago then you would likely make that same mistake again if you were asked.
Mozilla has disabled all functionality for something they used in the 1990s called "ftp" in this release. It can be re-enabled (type
about:config into the web address bar, search for the key
network.ftp.enabled and flip it to true) in this release, but that will eventually come to an end when the underlying code is removed in one of the next Firefox-releases.
There are two new "Enterprise" policy changes in Firefox 88: There is a new
ShowHomeButton policy and a new
SkipOnboarding option for the
UserMessaging policy. Everyone using Firefox on Linux should be using "Enterprise" policies to tweak Firefox behavior while it is still possible to do to simply by creating a policy file in
/etc/firefox/policies/policies.json. It is the only way to set a lot of the configuration options you could set in
about:config before Mozilla decided to simply disable most of those settings while leaving the configuration keys available with no practical effect.
You can get the latest Firefox 88 version from https://www.mozilla.org/en-US/firefox/new/ if you want Mozilla's official build. You shouldn't if you use a GNU/Linux distribution that makes new Firefox releases available in a reasonably timely manner, most distributions ship Firefox with a lot of the telemetry spyware, automatic updates and other things nobody wants disabled.