Firefox Portable

What's new in this version:

New:
- Firefox Translations now supports more languages than ever! Pages in Simplified Chinese, Japanese, and Korean can now be translated and Russian is now available as a target language for translating into
- The credit card autofill feature is now being gradually rolled out to all users globally
- AI Chatbot access is now being gradually rolled out to all users. To use this optional feature, choose AI Chatbot from the sidebar or from Firefox Labs. Then, complete the provider selection to see the chat interface become available on the sidebar.
- Firefox now enforces certificate transparency, requiring web servers to provide sufficient proof that their certificates were publicly disclosed before they will be trusted. This only affects servers using certificates issued by a certificate authority in Mozilla's Root CA Program.
- Additionally, the CRLite certificate revocation checking mechanism is also being gradually rolled out, substantially improving the performance of these checks.
- Firefox now includes safeguards to prevent sites from abusing the history API by generating excessive history entries, which can make navigating with the back and forward buttons difficult by cluttering the history. This intervention ensures that such entries, unless interacted with by the user, are skipped when using the back and forward buttons.

Fixed:
- Made improvements to the Translations feature which will reduce the likelihood that models will invent new, made-up words under some circumstances

Various security fixes:
- CVE-2025-1009: Use-after-free in XSLT
- CVE-2025-1010: Use-after-free in Custom Highlight
- CVE-2025-1018: Fullscreen notification is not displayed when fullscreen is re-requested
- CVE-2025-1011: A bug in WebAssembly code generation could result in a crash
- CVE-2025-1012: Use-after-free during concurrent delazification
- CVE-2025-1019: Fullscreen notification not properly displayed
- CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows
- CVE-2025-1014: Certificate length was not properly checked
- CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
- CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
- CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird 135

Changed:
- The refreshed New Tab layout previously rolled out in Firefox 134 to users in the United States is now being made available in all countries where Stories are available. It features a repositioned logo to prioritize Web Search, Shortcuts, and Recommended Stories at the top. The update also includes changes to the card UI for recommended stories and allows users with larger screens to see up to four columns for better use of space.
- The “Do Not Track” checkbox has been removed from preferences. If you wish to ask websites to respect your privacy, you can use the “Tell websites not to sell or share my data” setting instead. This option is built on top of the Global Privacy Control (GPC).
- The "Copy Without Site Tracking" menu item was renamed to "Copy Clean Link" to help clarify expectations around what the feature does. "Copy Clean Link" is a list based approach to remove known tracking parameters from links. This option can also now be used on plain text links.

Developer:
- A warning is now displayed when content-visibility is used on elements where size containment does not apply
- Introduced a new console command $$$ that allows searching the page, including within shadow roots.
- Enhancements to WebExtension debugging: Workers are now available in the Console panel’s context selector and breakpoints function correctly in content scripts.

Web Platform:
- Added support for a post-quantum key exchange mechanism (mlkem768x25519) for HTTP/3
- The attribute values which indicate the coordinates of PointerEvent may now be fractional values rather than only integers. This allows web apps to handle the events with higher-precision coordinates when the target element is transitioned by CSS and/or the viewport is zoomed.
- The behavior of mouseenter, mouseleave, pointerenter and pointerleave events was changed for improved spec compliance when the last mouseover or pointerover event target is removed
- Added support for the WebAuthn getClientCapabilities() method