Mozilla sent Firefox Version 66.0 to the release channel today. The update addresses 21 CVE's of which five (5) are rated critical, seven (7) high, five (5) moderate and four (4) low in severity.
Firefox ESR has been updated to Version 60.6.
Critical
- #CVE-2019-9790: Use-after-free when removing in-use DOM elements
- #CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
- #CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
- #CVE-2019-9789: Memory safety bugs fixed in Firefox 66
- #CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
High
- #CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
- #CVE-2019-9794: Command line arguments not discarded during execution
- #CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
- #CVE-2019-9796: Use-after-free with SMIL animation controller
- #CVE-2019-9797: Cross-origin theft of images with createImageBitmap
- #CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location
- #CVE-2019-9799: Information disclosure via IPC channel messages
Moderate
- #CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content
- #CVE-2019-9802: Chrome process information leak
- #CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
- #CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
- #CVE-2019-9805: Potential use of uninitialized memory in Prio
Low
- #CVE-2019-9806: Denial of service through successive FTP authorization prompts
- #CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages
- #CVE-2019-9809: Denial of service through FTP modal alert error messages
- #CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs
New
- Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.
- Improved search experience:
- Find a specific webpage faster when you have a lot of tabs open: You
can now search within all of your open tabs from the tab overflow
menu - Easier search via a redesigned new tab in Private Windows
- Find a specific webpage faster when you have a lot of tabs open: You
- Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page
- Improved performance and better user experience for extensions:
- Extensions now store their settings in a Firefox database, rather
than individual JSON files, making every site you visit faster - A redesigned keyboard shortcuts section in about:addons makes it
easier to view and adjust default shortcuts
- Extensions now store their settings in a Firefox database, rather
- Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software
- Added basic support for macOS Touch Bar
- Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content
- Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1]
- Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication
Fixed
- The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10
- Linux users: Resolved an issue that caused Firefox to freeze when downloading files
- System title bar is hidden by default to match Gnome guideline for Linux users
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
No comments:
Post a Comment