Mozilla sent Firefox Version 65.0 to the release channel today. Firefox ESR has been updated to Version 60.5.
The update included seven (7) security updates of which three (3) are critical, three (3) are high, and one (1) is rated low.
Critical
CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18502: Memory safety bugs fixed in Firefox 65
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- CVE-2018-18502: Memory safety bugs fixed in Firefox 65
High
- CVE-2018-18503: Memory corruption with Audio Buffer
- CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer
- CVE-2018-18505: Privilege escalation through IPC channel messages
Moderate
New
- Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.
- A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.
- Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.
- A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.
- Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.
Changed
- Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.
- Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).
- Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.
- Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.
Enterprise
- Firefox for Windows is now available with 32- and 64-bit MSI installers for easier enterprise deployments.
Developer
- Additional support for Flexbox: Launched a new Flexbox inspector tool that details Flexbox containers and helps debug Flex item sizes.
- All CSS changes made in the Rules panel are now tracked in the new Changes tab.
- Added support for the Storage Access API on desktop platforms.