The Firefox 67 update, published on May 21, broke many web apps. The new Universal 2nd Factor API, now enabled by default, reserves a global variable called u2f. Updated Vaadin versions are now available.
The new Universal 2nd Factor API may break especially applications using JavaScript obfuscators and minifiers like GWT. As a result, for example, some Vaadin 7 and 8 applications may be broken with the latest Firefox 67. Some applications work to some extent, some break on start, some are unaffected. All Vaadin 10+ applications are verified to be unaffected.
To fix the issue, the u2f variable needs to be blacklisted and applications need to be re-compiled. The easiest way to do this is to update to the latest maintenance releases pushed out already today. Unaffected versions are 8.8.2 upwards and 7.7.19 upwards (covered by our extended support). GWT itself is not yet fixed, but we managed to figure out a workaround for the issue. See the GitHub issue for more details or contact our support in case you need to patch your GWT or older Vaadin 6 application.