Mozilla sent Firefox Version 58.0 to the release channel today. The update comprises three (3) critical, thirteen (13) high, thirteen (13) moderate and three (3) low security updates.ESR was updated to version 52.6.0 and included the critical update for CVE-2018-5089.
Security Updates
Critical
- #CVE-2018-5091: Use-after-free with DTMF timers
- #CVE-2018-5090: Memory safety bugs fixed in Firefox 58
- #CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
High:
- #CVE-2018-5092: Use-after-free in Web Workers
- #CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
- #CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory
- #CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
- #CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
- #CVE-2018-5098: Use-after-free while manipulating form input elements
- #CVE-2018-5099: Use-after-free with widget listener
- #CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory
- #CVE-2018-5101: Use-after-free with floating first-letter style elements
- #CVE-2018-5102: Use-after-free in HTML media elements
- #CVE-2018-5103: Use-after-free during mouse event handling
- #CVE-2018-5104: Use-after-free during font face manipulation
- #CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts
- #CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker
- #CVE-2018-5107: Printing process will follow symlinks for local file access
- #CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs
- #CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution
- #CVE-2018-5110: Cursor can be made invisible on OS X
- #CVE-2018-5111: URL spoofing in addressbar through drag and drop
- #CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel
- #CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
- #CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts
- #CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs
- #CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access
- #CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
- #CVE-2018-5118: Activity Stream images can attempt to load local content through file:
- #CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers
- #CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
- #CVE-2018-5122: Potential integer overflow in DoCrypt
New
- Performance improvements, including:
- Rendering graphics for Windows users by using Off-Main-Thread Painting (OMTP)
- Loading pages faster by changing how Firefox caches and retrieves JavaScript
- Improvements to Firefox Screenshots:
- Copy and paste screenshots directly to your clipboard
- Firefox Screenshots now works in Private Browsing mode
- Added support for credit card autofill
- Added Nepali (ne-NP) locale
- In case you missed it—57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn Tracking Protection on.
Fixed
- Fonts installed in non-standard directories will no longer appear blank for Linux users
- Various security fixes
Changed
- User profiles created in Firefox 58 (and in future releases) are not supported in previous versions of Firefox. Users who downgrade to a previous version should create a new profile for that version. Learn about alternatives to downgrading on our support site.
- Added a warning to alert users and site owners of planned security changes to sites affected by the gradual distrust plan for the Symantec certificate authority
To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
- Common questions after updating Firefox
- Security Updates
- Mozilla Firefox Release Notes
- Rapid Release Calendar
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.