For web site and application developers

HTML 5 support

Using audio and video in Firefox

Firefox 3.5 adds support for the HTML 5 audio and video elements.

Offline resources in Firefox

Firefox 3.5 now fully supports the HTML 5 offline resource specification.

Drag and drop

The HTML 5 drag and drop API allows support for dragging and dropping items within and between web sites. This also provides a simpler API for use by extensions and Mozilla-based applications.

Newly-supported CSS features

Downloadable fonts support

The new @font-face @rule lets web pages provide downloadable fonts, so that sites can be rendered exactly as the page author expects.

CSS media queries

Firefox 3.5 now supports CSS media queries, which enhance support for media-dependent style sheets.

:before and :after updated to CSS 2.1

The :before and :after pseudo-elements have been updated to full CSS 2.1 support, adding support for the position, float, list-style-*, and some display properties.

opacity

The -moz-opacity Mozilla extension to CSS has been removed in favor of the standard opacity property.

text-shadow

The text-shadow property, which allows web content to specify shadow effects to apply to text and text decorations, is now supported.

word-wrap

This newly-supported property lets content specify whether or not lines may be broken within words in order to prevent overflow when an otherwise unbreakable string is too long to fit on one line.

-moz-box-shadow

-moz-border-image

-moz-column-rule

-moz-column-rule-width

-moz-column-rule-style

-moz-column-rule-color

Firefox 3.5 adds support for these Mozilla extensions to CSS.

The -moz-nativehyperlinktext color value

This new color value represents the user’s system’s default hyperlink color.

The new -moz-window-shadow and -moz-system-metric(mac-graphite-theme) properties

These new CSS properties were added to facilitate theming.

New values for -moz-appearance

The -moz-win-glass and -moz-mac-unified-toolbar values have been added to -moz-appearance.

Using CSS transforms

Firefox 3.5 supports CSS transforms. See -moz-transform and -moz-transform-origin for details.

:nth-child

:nth-last-child

:nth-of-type

:nth-last-of-type

:first-of-type

:last-of-type
nly-of-type

These selectors are all newly-supported in Firefox 3.5.

New DOM features

localStorage

Firefox 3.5 adds support for the Web Storage localStorage property, which provides a way for web applications to store data locally on the client’s computer.

Using DOM workers

Firefox 3.5 supports DOM workers to allow easy multi-threading support in web applications.

Using geolocation

Firefox 3.5 supports the Geolocation API, which allows web applications to obtain information about the user’s current location if a provider for that information is installed and enabled.

Locating DOM elements using selectors

The selectors API allows querying a document to locate the elements that match a given selection rule.

Mouse gesture events

Firefox 3.5 supports mouse gesture events such as trackpad swipes.

The NodeIterator object

The NodeIterator object provides support for iterating over the list of the nodes in a DOM subtree.

The MozAfterPaint event

This new DOM event is sent after painting updates in windows.

The MozMousePixelScroll event

This new DOM event allows detection of pixel-based mouse scroll wheel events instead of line-based scroll events.

New JavaScript features

New in JavaScript 1.8.1

An overview of all the changes in JavaScript 1.8.1.

Object.getPrototypeOf()

This new method returns the prototype of a specified object.

Using native JSON

Firefox 3.5 has native support for JSON.

New trim methods on the String object

The String object now has trim(), trimLeft(), and trimRight() methods.

Networking

Cross-site access controls for HTTP

In Firefox 3.5, it’s now possible for HTTP requests, including those made by XMLHttpRequest, to work across domains if the server supports it.

Progress events for XMLHttpRequest

Progress events are now offered to enable extensions to monitor the progress of requests.

Improved Synchronous XMLHttpRequest support

DOM Timeout and Input Events are now suppressed during a synchronous XMLHttpRequest.

Controlling DNS prefetching

Firefox 3.5 provides DNS prefetching, whereby it performs domain name resolution ahead of time for links included in the current page, in order to save time when links are actually clicked. This article describes how you can tune your web site to disable prefetching, or to adjust how prefetching operates.

New Canvas features

HTML 5 text API for canvas elements

Canvas elements now support the HTML 5 text API.

Shadow effects in a canvas

Canvas shadow effects are now supported.

createImageData()

The canvas method createImageData() is now supported, allowing code to specifically create an ImageData object instead of requiring it to be done automatically. This can improve performance of other ImageData methods by preventing them from having to create the object.

moz-opaque attribute

Added the moz-opaque DOM attribute, which lets the canvas know whether or not translucency will be a factor. If the canvas knows there’s no translucency, painting performance can be optimized.

New SVG features

Applying SVG effects to HTML content

You can now apply SVG effects to HTML and XHTML content; this article describes how.

Miscellaneous new features

ICC color correction in Firefox

Firefox 3.5 now supports ICC color correction for tagged images.

The defer attribute is now supported on script elements

This attribute indicates to the browser that it may choose to continue to parse and render the page without waiting for the script to finish executing.
Other improvements

The ch unit can now be used anywhere that accepts a unit of length; “1ch” is the width of the “0″ (zero) character.

The white-space property now accepts the pre-line value.

The Text node’s wholeText property and replaceWholeText() method have been implemented.

The property element.children has been added. It returns a collection of child elements of the given element.

The Element Traversal API is now supported by the DOM Element object.

HTML nodes may now be cloned using cloneNode().

The non-standard getBoxObjectFor() DOM method has been removed. You should be using getBoundingClientRect() instead.

Dispatched DOM events can now be re-dispatched. This makes Firefox 3.5 pass Acid 3 test 30.

Improvements have been made to DOM 2 Range handling.

In non-chrome scope, caught objects in exceptions are now the actual thrown object instead of an XPConnect wrapper containing the thrown object.

SVG ID references are now live.

SVG filters now work for foreignObject.

The GetSVGDocument() method has been added to object and iframe elements for compatibility.

Implicit setting of properties in object and array initializers no longer execute setters in JavaScript. See the blog post Object and array initializers should not invoke setters when evaluated for details.

The gDownloadLastDir.path variable has been renamed to gDownloadLastDir.file since it refers to an nsIFile , not a path.

The gDownloadLastDirPath variable has been renamed to gDownloadLastDirFile since it refers to an nsIFile , not a path.

Starting in Firefox 3.5, you can no longer use data: bindings in chrome packages that get XPCNativeWrapper automation.
For XUL and add-on developers

If you’re an extension developer, you should start by reading Updating extensions for Firefox 3.5, which offers a helpful overview of what changes may affect your extension.

New components and functionality

Supporting private browsing mode

Firefox 3.5 offers Private Browsing mode, which doesn’t record the user’s activities. Extensions may support private browsing following the guidelines offered by this article.

Security changes in Firefox 3.5

This article covers security-related changes in Firefox 3.5.

Theme changes in Firefox 3.5

This article covers theme-related changes in Firefox 3.5.

Monitoring WiFi access points

Code with UniversalXPConnect privileges can now monitor the list of available access points, getting information on their SSIDs, MAC addresses, and signal strength. This can be used in tandem with Geolocation to offer WiFi-based location service.
Notable changes and improvements

The XUL textbox widget now offers a search type, for use as search fields.

In order to support dragging and dropping tabs between windows, the browser widget now has a swapDocShells() method.

Added the level attribute to the panel element; this specifies whether panels appear on top of other applications, or just on top of the window the panel is contained within.

XUL elements now support the clientXXX and scrollXXX properties.

keysets now include a disabled attribute.

In addition, keysets can now be removed using the node’s removeChild() method.

mozIStorageStatement had the initialize() method removed; consumers should use the createStatement() method instead to get a new statement object.

The Storage API now offers support for asynchronous requests.

The nsICookie2 interface now exposes the time at which cookies were created in its new creationTime attribute.

Added a flag to nsIProtocolHandler (URI_IS_LOCAL_RESOURCE) that is checked during chrome registration to make sure a protocol is allowed to be registered.

Firefox now looks for plugins in /usr/lib/mozilla/plugins on Linux, as well as the previously supported locations.

The plugin API has been updated to include support for private browsing mode; you may now use NPN_GetValue() to query the state of private browsing mode using the variable NPNVprivateModeBool.
New features for end users

User experience
Location aware browsing
If you choose, you may allow Firefox 3.5 to share information about your current location with web sites. Firefox 3.5 can use information about the network you’re connected to to share your location. Of course, it asks for your permission before doing so, to ensure your privacy.
Open audio and video support
Firefox 3.5 supports embedded video and audio using the open Ogg format, as well as WAV for audio. No plugins, no confusing error messages about needing to install something or other that turns out not to be available on your platform anyway.
Local data storage
Web applications can now use Web Storage’s local storage capabilities to store data on your computer. This is great for anything from site preferences to more complex data.

Security and privacy
Private Browsing
Need to use someone else’s computer? Switch on Private Browsing mode and nothing will be recorded about your session, including cookies, history, and any other potentially private information.
Better privacy controls

The Privacy preference pane has been completely redesigned to offer users more control over their private information. Users can choose to retain or discard anything including history information, cookies, downloads, and form field information. In addition, users can specify whether or not to include history and/or bookmarks in the location bar’s automated suggestions, so you can keep private web addresses from popping up unexpectedly while typing in the location bar.
Performance
Faster JavaScript performance
JavaScript, the “J” in “AJAX,” is sped up dramatically in Firefox 3.5 with the new TraceMonkey JavaScript engine. Web applications are much faster than in Firefox 3.
Faster page rendering
Web content draws faster in Firefox 3.5, thanks to technologies such as “speculative parsing.” Your users don’t need to know what it means, other than “it makes things draw faster.”

Check out our blog post on address book integration for more information.

Redesigned More Menu

We’ve also launched a redesign of our more menu. The list of destinations that we were displaying was getting longer and longer so we wanted to create a more usable interface for looking through the list. This will also work nicely as we look to add more services in the future.

Read the blog post on the redesign of the more menu for more information.

The AddThis Firefox Plug-in

This month we were excited to announce AddThis for Firefox. It’s a plug-in which will put the orange plus sign that you’ve all come to know and love right at the top of your browser. So… whenever you see a Web site that you think is rad and want to bookmark it or share it with your friends, you can share it with just a couple of clicks.

If you’re a power sharer, like me, you’ll find yourself using this thing all the time. Oh… and the best part is that the plug-in works with any of the over 40 different destinations that AddThis can share with. Try it out and let us know what you think.

Download the plug-in today.

Establishing an Agreement with the Federal Government

This month, we established a terms of services agreement with the US General Services Administration (GSA). This will provide federal agencies with the ability to more freely use AddThis on their Web sites. The government provides so much great content on the Web. By using AddThis and making their content shareable, the federal government can make it easy for their existing users to help get the content disseminated to every corner of the Social Web and into the hands of United States citizens.

Read the blog post announcing the agreement for more info.

Featured Implementation: American Institute of Architects (AIA)

Every month, we want to feature one of our friends that have recently implemented AddThis. This month, we’ll take a look at the American Institute of Architects (AIA). The AIA is “the leading professional membership association for licensed architects, emerging professionals, and allied partners since 1857.” They have a lot of great content on their Web site about the profession. It’s now all shareable with AddThis.

Here’s an example. It’s a page with resources on managing your architecture practice. With just a couple of clicks in AddThis, you can share this resource to every corner of the Social Web.

Meet our friend the blog search engine Lijit

Previously we highlighted JS-Kit and their powerful commenting system, this month we wanted to point you to our friends at the Lijit. They provide search-powered applications to individual online publishers and online publisher networks that increase page views and reader engagement, while optimizing search ad revenue. Put them on your Web site or blog.

Pwn2Own at the first day of competition, the smart cell phone security has stood the test, while mainstream browsers are not so lucky, the two winners were Charlie Miller and Nils break the Safari (twice), IE8 and Firefox .

Last year’s winners, one of Charlie Miller at the first day of competition in the browser attack, just two minutes when once again break through Mac OS X’s Safari browser.

Another participant Nils, while at the platform Windows7 goods IE8 successfully broke through the security protection, including protection of the use of Microsoft’s latest technology-DEP (Data Execution Prevention, Data Execution Prevention) and ASLR (Address Space Layout Randomization, Address space layout randomization), this act so that the safety of IE8 again aroused widespread public concern, Nils finally won the latest Sony Vaio notebooks and 5000 U.S. dollars in prize money.

However the first two surprises are good only just begun. Not long after, Nils again allow participants Pwn2Own boiling, he used Safari a vulnerability mapping tool, Express win Apple Safari browser and access to 5000 U.S. dollars at the incentives and white apple. At the success of a breakthrough after two mainstream browsers, Nils moves FireFox browser will fall under the cut. It is the second day of competition at Pwn2Own Medium, Nils will challenge Google Chrome, and is likely to become four of the latest mainstream browsers 0day founders.

One of the best ways to secure your connection is to use a VPN, but that isn’t always practical. So here’s a way to securely connect to the net using only an SSH client and a remote box that you control/trust.

Requirements:

1. PuTTY* loaded on your local machine
2. Remote host running OpenSSH (e.g. Linux box at home)
3. Firefox (obviously)
4. Gaim for all your IM needs

Just follow these steps…

1. Create a new PuTTY session
Run PuTTY and create a new session in PuTTY to connect to the remote host that is running OpenSSH. Fill in the hostname, the port (usually 22), make sure SSH is checked, give it a session name and hit Save:

2. Configure a secure tunnel
Click on “Tunnels” on the left and set up dynamic fowarding for a local port (e.g. 7070). Under “Add new forwarded port” type in 7070 for the source port, leave the destination blank, and check Auto and Dynamic. Then it the Add button. If you did it correctly, you’ll see D7070 listed in the Forwarded Ports box:

That’s it for tunnels, as there is no need to create more than one. Remember to save your session profile in PuTTY so you don’t have to set up the tunnel next time.

3. Connect to the remote SSH box
Double click on the connection profile and type in your username and password when prompted.

4. Configure Firefox
Go to Tools, Options, General, and then click on Connection Settings…

Check Manual Proxy Configuration, leave most of the fields blank, but fill in 127.0.0.1 for the SOCKS v5 host with a port of 7070 (or whatever you used in Step 2):

5. Configure Gaim
Fire up Gaim and hit the Preferences button:

Then select Network on the left and set up the Proxy Server. The Proxy Type should be SOCKS 5. The host is 127.0.0.1 and the port is 7070 (or whatever you chose in Step 2).

There’s no need for a user or password. Then hit close.

6. Enjoy
That’s it. From now on, as long as you first log into the remote ssh host with PuTTY, your Firefox and IM traffic will be routed over a secure tunnel to the remote host and then out to the Net. Good stuff.

* Yes, PuTTY is available for Linux. It’s even in Portage!

Update (Email): Actually, the setup for Thunderbird to securely proxy your email traffic is pretty much the same as it is for Firefox.

And then type in 127.0.0.1 and your port number:

That’s it.

Update: Getting some linkage from Digg.

Corrections/Addendum:

1. Note that this method will secure your connection between your remote location (e.g. WiFi hotspot) and the ssh host (e.g. Linux box at home). It is not secure from the ssh host to Internet. For the most part, that’s OK as it will provide reasonable protection from people running packet sniffers at the hotspot. But please recognize that if your ssh host is on your cable connection at home, your ISP can still (obviously) easily sniff all your packets.
2. Quite a few people have correctly pointed out that DNS queries will still be “leaked” to the untrusted network. So the names of any sites you visit will still get logged.Now if you don’t mind people knowing what sites your are connecting to, then there’s nothing to worry about. But if are running the current version of Firefox and would like to protect that information, you can open the about:config page, and change network.proxy.socks_remote_dns to true.You can do the same thing in Thunderbird if you would like.For a greater level of security on all your connections, you should consider running a full VPN (see also: IPCop + OpenVPN HOWTO).
3. As Nate pointed out in the comments, if you have the command-line version of OpenSSH already installed on your computer, you don’t need to mess with PuTTY. Just run ssh -D 7070 user@host.example.com and that will set up your tunnel. I’m not an Apple user, but I think OS X has everything you need.
4. There are portable versions of Firefox, Gaim, and Thunderbird, and PuTTY runs from a USB drive. So using this method (unlike using OpenVPN) there is no need to install anything on the computer you are using. Quite handy if you are borrowing someone’s computer or you are in a school computer lab.
5. How do you know if it’s working? Personally, I used SmartSniff to look at the packets and make sure they looked encrypted and were on the right ports. Of course, any packet sniffer would do.The other method (and I tried this one too) is to get all set up and running with the tunnels. And then after it is apparently working, kill PuTTY and see if you lose the connection.Of the two, the packet sniffer is the better way to go.
6. Apparently Opera only does SOCK4. I didn’t personally try it, but this should work with SOCKS4 proxies as well as SOCKS5.
7. SocksCap (non-commercial, home-use only) will let you run just about anything over a SOCKS5 proxy.

Chinese:http://www.chedong.com/blog/archives/001246.html (利用Putty通过ssh端口转发实现FireFox和MSN加密代理访问)

[via thinkhole.org]

However, the main reason for the memory leaks, according to the release notes, is the new and improved garbage collection system which promises a much improved memory footprint once the bugs are ironed out. The release notes say:

In order to better handle memory issues, a new garbage collection system has been implemented. However, as the process of integrating Gecko into this system is still ongoing, there are some known leaks that result in large memory usage when the browser is used for a long period of time. A restart should resolve the problem, which will be fixed in Alpha 3.

While this alpha may have some memory leaks, I am happy to say that it uses much less CPU power than Firefox 2, especially when it’s idle. One of my main gripes with Firefox 2 is that even when it’s in the background doing nothing it still manages to consume 4-5 percent of my processing power, which seems unnecessary. However, when Gran Paradiso is sitting in the background unused its CPU usage drops to zero, which beats even Safari.

Gran Paradiso is the first release to use the new Gecko 1.9 rendering engine which means that Windows 95, Windows 98, and Windows ME are no longer supported and Mac users will need OS X 10.3.9 or better.

This new release is the first from Mozilla to be totally Acid2 compliant. Gran Paradiso supports the new Cairo graphics layer which seems to render pages a bit faster but still has a few bugs.

Mac users are no doubt looking forward to Firefox 3’s use of native Cocoa widgets which should make the browser feel more “Mac-like.” Perhaps I’m misunderstanding what Cocoa widgets are, but in my testing UI elements like drop down lists and text fields still look the same as they always have in Firefox.

Overall Firefox 3 looks very promising and feels much faster than Firefox 2 (particularly on graphic heavy sites like Flickr). Alpha 2 marks yet another milestone on the way to the finished product, but it’s still obviously only for testing. If you’d like to help out the Firefox team by testing out the alpha 2 build they’d love to hear your feedback.