Mozilla Firefox Version 62.0 Released

Mozilla sent Firefox Version 62.0 to the release channel today.

Update:  As usual, Mozilla published the information about the security updates long after releasing the update.  The update included nine (9) security updates of which one (1) is critical, three (3) are high, two (2) moderate and three (3) are rated low.  The updates apply to both  newly released Firefox Version 62.0 as well as earlier released Firefox ESR 60.2.

Critical

• #CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2

High

•  #CVE-2018-12377: Use-after-free in refresh driver timers
• #CVE-2018-12378: Use-after-free in IndexedDB
• #CVE-2018-12375: Memory safety bugs fixed in Firefox 62

Moderate

• #CVE-2018-12379: Out-of-bounds write with malicious MAR file 
• #CVE-2017-16541: Proxy bypass using automount and autofs 

Low

• #CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
• #CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android
• #CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

New

• Firefox Home (the default New Tab) now allows users to display up to 4 rows of top sites, Pocket stories, and highlights
• “Reopen in Container” tab menu option appears for users with Containers that lets them choose to reopen a tab in a different container
• In advance of removing all trust for Symantec-issued certificates in Firefox 63, a preference was added that allows users to distrust certificates issued by Symantec. To use this preference, go to about:config in the address bar and set the preference "security.pki.distrust_ca_policy" to 2.
• Added FreeBSD support for WebAuthn
• Improved graphics rendering for Windows users without accelerated hardware using Parallel-Off-Main-Thread Painting
• Support for CSS Shapes, allowing for richer web page layouts. This goes hand in hand with a brand new Shape Path Editor in the CSS inspector.
• CSS Variable Fonts (OpenType Font Variations) support, which makes it possible to create beautiful typography with a single font file
• Updates for enterprise environments:
  
  • AutoConfig is sandboxed to the documented API by default. You
    can disable the sandbox by setting the preference
    general.config.sandbox_enabled to false. Our long term plan is to
    remove the ability to turn off the sandboxing. If you need to
    continue to use more complex AutoConfig scripts, you will need to use
    Firefox Extended Support Release (ESR).
• Added Canadian English (en-CA) locale

Changed

• Removed the description field for bookmarks. Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.
• Dark theme is automatically enabled in macOS 10.14 dark mode
• Changed the default setting to Enforce (3) for the security.pki.name_matching_mode preference
• Adobe Flash applets now run in a more secure mode using process sandboxing on macOS. Learn how this may affect features here.
• Users disconnecting from Sync are now offered the option to wipe their Firefox profile data (including bookmarks, passwords, history, cookies, and site data) from their desktop computer
• Changed how WebRTC handles screen sharing: When screen-sharing a window, the window will be brought to front

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Mozilla Firefox Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...