files/en-us/mozilla/firefox/releases/148/index.md
This article provides information about the changes in Firefox 148 that affect developers. Firefox 148 was released on February 24, 2026.
about:blank document now loads synchronously. A browsing context's first navigation may resolve to about:blank (for example, when the initial URL is empty or explicitly set to about:blank). In these cases, Firefox no longer replaces the initial empty document with a second, asynchronously loaded one, and instead fires the load event synchronously on the initial document. (Firefox bug 543435).The {{cssxref("position-area")}} property in CSS anchor positioning now correctly keeps the anchored element within the viewport. (Firefox bug 2008537).
The {{cssxref("position-try-order")}} property in CSS anchor positioning is now supported and allows changing the order in which position fallback options are tried based on the space available. This also affects the {{cssxref("position-try")}} shorthand property. (Firefox bug 1989059).
The {{cssxref("overflow")}}, {{cssxref("overflow-x")}}, and {{cssxref("overflow-y")}} CSS properties can now be used on {{glossary("replaced elements")}} such as images, in the same way that they are used with other elements. Prior to this, replaced elements were always clipped to their bounding container. (Firefox bug 1999100).
The CSS {{cssxref("basic-shape/shape")}} function is now available by default. shape() is a {{cssxref("basic-shape")}} data type that enables you to define a shape in the {{cssxref("clip-path")}} and {{cssxref("offset-path")}} properties using one or more "shape commands". These commands are very similar to the SVG path commands. The shape() function is similar in some respects to the {{cssxref("basic-shape/path","path()")}} function, but unlike path(), which uses the SVG path syntax, shape() uses standard CSS syntax. This allows you to use CSS units and CSS math functions, which makes it easy to create and edit shapes.
(Firefox bug 1982941).
The {{jsxref("Iterator.zip()")}} and {{jsxref("Iterator.zipKeyed()")}} static methods are now supported. These "zip" together multiple input iterators, returning a new iterator that yields the group of input elements at each iteration step. They are useful when you need to combine data from multiple input iterators that are positionally aligned (the first value yielded by the first iterator corresponds to the first value yielded by the other iterators, and so on). (Firefox bug 2003333).
The TC39 Legacy RegExp features in JavaScript proposal has been implemented.
This updates {{jsxref("RegExp.prototype.compile()")}} so that a {{jsxref("TypeError")}} is thrown if it is called on a subclass of {{jsxref("RegExp")}}, or if the method is called on a RegExp that was defined in a different realm.
RegExp static properties, such as RegExp.$1 – RegExp.$9 and RegExp.input (and its alias RegExp.$_), are normalized to be configurable and non-enumerable.
In particular this means that they can be deleted from the RegExp object.
(Firefox bug 1306461).
The HTML Sanitizer API is now supported, along with related methods like {{domxref("Element.setHTML", "setHTML()")}}. This allows you to sanitize HTML before inserting it into the DOM, giving you full control over the resulting content, and reducing the risk of XSS attacks. (Firefox bug 1650370).
The Trusted Types API is now supported. This provides mechanisms to ensure that properties and functions that can potentially be used as vectors for XSS attacks are only able to be called with data that has been passed through a transformation function. The mechanisms allow auditing of unsafe uses of code. They don't mandate how the data is transformed, but might, for example, be used to sanitize unsafe HTML elements from user-provided strings. (Firefox bug 1994690).
The {{domxref("Location.ancestorOrigins")}} property is now supported, which enables you to determine whether a document is being embedded in an {{htmlelement("iframe")}} and, if so, by which site(s). (Firefox bug 1085214).
The {{domxref("MouseEvent.movementX", "movementX")}} and {{domxref("MouseEvent.movementY", "movementY")}} properties on the {{domxref("Element/pointerrawupdate_event", "pointerrawupdate")}} event are now populated when the pointer is moved — previously these were set to zero. (Firefox bug 1987671).
The {{domxref("NavigationPrecommitController.addHandler()")}} method of the Navigation API is now supported. This can be used to dynamically register a post-commit navigation handler inside a pre-commit handler, which is useful when the actions of the committed navigation depend on data fetched in the pre-commit phase. (Firefox bug 2009004).
clientWindow ID was incorrectly used as a window handle in Marionette (Firefox bug 2002949).browsingContext.getTree command now accepts the vendor specific moz:scope parameter and returns chrome contexts when set to chrome and Firefox was started with the --remote-allow-system-access argument. These contexts can be used with script.evaluate and script.callFunction to execute privileged JavaScript with access to Gecko APIs. Other commands do not yet support chrome contexts, but support will be added incrementally as needed (Firefox bug 1944568, Firefox bug 1944570, and Firefox bug 1851788).emulation.setGeolocationOverride and emulation.setScreenOrientationOverride commands to implement the new reset behavior: contexts are reset only when the contexts parameter is provided, and user contexts only when the userContexts parameter is specified (Firefox bug 1998732 and Firefox bug 1998734).browsingContext.create where opening a new tab in the foreground could return before the document became visible (Firefox bug 2003857).network.getData that caused a RangeError when decoding chunked response bodies due to a size mismatch (Firefox bug 2004973).browsingContext.userPromptOpened and browsingContext.userPromptClosed events incorrectly reported the top-level context ID instead of the iframe's context ID (Firefox bug 1964905).Reporting:GenerateTestReport command to generate a test report via the Reporting API (Firefox bug 1909662).These features are shipping in Firefox 148 but are disabled by default.
To experiment with them, search for the appropriate preference on the about:config page and set it to true.
You can find more such features on the Experimental features page.
Document Picture-in-Picture API (Nightly): dom.documentpip.enabled
The Document Picture-in-Picture API makes it possible to open an always-on-top window that can be populated with arbitrary HTML content such as a video with custom controls or a set of streams showing the participants of a video conference call. (Firefox bug 1858562).