These release notes are summaries of the most important changes for public releases.
Fixed potential registry name collisions on Windows for file types and protocols.
Renamed Options to Preferences (Windows) and moved Preferences to the Tools menu (Linux).
Switched off automatic form filling of login credentials and added a preference to control this.
Completely removed the "Mozilla Settings Service" and "Blocklist service" client.
Fixed a margin issue for the navigation bar.
Adjusted the performance-timing resolution to prevent timing-based hardware-specific attacks ("Meltdown"/"Spectre").
Limited the number of shared Array Buffers for normal JS code to prevent allocation issues.
Disabled shared JS memory for the time being to make doubly-sure it can't be abused while "Spectre" is investigated further.
Fixed several compatibility issues with WebExtensions.
Disabled Mozilla's "system add-ons" service, which would allow Mozilla to remotely install add-ons.
Disabled Mozilla's "system settings" service, which would allow Mozilla to remotely change settings or block add-ons.
Updated SQLite lib to 3.21.0.
Added an option to block top-level data: URIs.
Removed referrers when opening links in new private windows.
Updated license and rights pages.
Changed the Feedback link to point to the forum instead of Mozilla.
Fixed an issue with exportFunction().
Fixed/enabled the use of Firefox Sync (Firefox Accounts).
Restored the toolkit Error Console for application troubleshooting.
Added '-jsconsole' and '-browserconsole' command-line arguments for launching of either console on startup.
Removed what was left of the underused Social API.
Changed the way element border rounding is done in Goanna to have natural rounding up/down of fractional sizes (IEEE 754).
Fixed a potential leak involving IndexedDB and private browsing mode.
Fixed a crash in ANGLE.
Linux-only update to fix a release channel/update problem.
Fixed add-on/GMP update calls to Mozilla services.
Enabled accessibility features.
Enabled parental Controls features (Windows only).
Changed blocklist hosting to self-hosted.
Removed leveraging the blocklist for CRL purposes.
Included the Universal Runtime Libraries with the browser.
No longer enforcing the "preferred" cipher suite profile on Http/2.
Added support for the worker-src CSP directive.
Fixed freetype glyph metrics in Skia (fixes Freetype 2.8.1+ issues).
Fixed an issue with ContentSecurityManager not passing the correct context.
Fixed a number of issues with Contenteditable elements.
Fixed a number of issues with pointer events.
Implemented "cookie-averse document objects" to mitigate cookie injection.
Fixed an issue with SVG text-based image masks.
Fixed the installer checking for Firefox instead of Basilisk.
Enabled the use of 64-bit plug-ins other than Flash and Silverlight.
Made the SVG texture cache more lenient to large-resolution SVG images.
Fixed several crashes and memory safety hazards.
Fixed several security bugs: CVE-2017-7837, CVE-2017-7832, CVE-2017-7830, CVE-2017-7835, CVE-2017-7831, CVE-2017-7838, CVE-2017-7839, CVE-2017-7828, CVE-2017-7840, and several others from Firefox 57 that do not have a CVE designation.