SmartBlock first appeared in Firefox 87, released in March, and it provided local stand-ins for blocked third-party tracking scripts.
“These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact,” Mozilla said at the time.
One area where SmartBlock failed though, was supporting Facebook login buttons across the web. In a blog post, Mozilla explained it was due to Facebook trackers being included on the list of tracker provided by its partner, but the updated SmartBlock 2.0 should fix this.
“Prior to Firefox 90, if you were using a private browsing window, when you clicked on the ‘Continue with Facebook’ button to sign in, the ‘sign in’ would fail to proceed because the third-party Facebook script required had been blocked by Firefox,” the blog states.
“Now, SmartBlock 2.0 in Firefox 90 eliminates this login problem. Initially, Facebook scripts are all blocked, just as before, ensuring your privacy is preserved. But when you click on the ‘Continue with Facebook’ button to sign in, SmartBlock reacts by quickly unblocking the Facebook login script just in time for the sign-in to proceed smoothly.”
Mozilla said the new functionality worked on “numerous websites”, and Firefox would continue blocking Facebook trackers on all sites where a user has not logged in.
Users on Windows will now have Firefox updated in the background, with Firefox 90 checking every 7 hours for a new version. To enable background updating, users need to allow for updates to be automatically installed and tick a “When Firefox is not running” checkbox. The feature only works when the browser has been installed from its installer, rather than decompressed from a zip file, and does not have a language pack installed.
Although Mozilla said it would gradually roll out the feature, a napp.update.background.scheduling.enabled flag exists for users to turn it on now.
Firefox on Windows will also gain an about:third-party page that lists modules, such as anti-virus, that have been injected into the browser and could cause issues.
Firefox 90 will also support Fetch Metadata Request Headers to allow web apps to defend against some cross-site attacks.
“The HTTP request header Sec-Fetch-Site allows the web application server to distinguish between a same-origin request from the corresponding web application and a cross-origin request from an attacker-controlled website,” Mozilla said.
“Inspecting Sec-Fetch-* Headers ultimately allows the web application server to reject or also ignore malicious requests because of the additional context provided by the Sec-Fetch-* header family. In total there are four different Sec-Fetch-* headers: Dest, Mode, Site, and User which together allow web applications to protect themselves and their end users against [cross-site attacks].”
The latest edition of Firefox finally marks the end of support for FTP in the browser, and most users who do not have hardware-accelerated WebRender will use software WebRender instead.
Related Coverage
Firefox 88 clamps down on window.name abuses by trackersFirefox 87 launch packed with private browsing ‘SmartBlock’Chinese cyberspies targeted Tibetans with a malicious Firefox add-onFirefox to block Backspace key from working as “Back” button