Mozilla sent Firefox Version 67.0 to the release channel today. The update included twenty-two (22) security updates of which two (2) are critical, twelve (12) are high, six (6) moderate and two (2) are rated low.
Firefox ESR was updated to version 60.7.
Critical
- # CVE-2019-9814: Memory safety bugs fixed in Firefox 67
- # CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
High
- # CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
- # CVE-2019-9816: Type confusion with object groups and UnboxedObjects
- # CVE-2019-9816: Type confusion with object groups and UnboxedObjects
- # CVE-2019-9817: Stealing of cross-domain images using canvas
- # CVE-2019-9818: Use-after-free in crash generation server
- # CVE-2019-9819: Compartment mismatch with fetch API
- # CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
- # CVE-2019-9821: Use-after-free in AssertWorkerThread
- # CVE-2019-11691: Use-after-free in XMLHttpRequest
- # CVE-2019-11692: Use-after-free removing listeners in the event listener manager
- # CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
- # CVE-2019-7317: Use-after-free in png_image_free of libpng library
- # CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
- # CVE-2019-11695: Custom cursor can render over user interface outside of web content
- # CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts
- # CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
- # CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
- # CVE-2019-11700: res: protocol can be used to open known local files
Low
- # CVE-2019-11699: Incorrect domain name highlighting during page navigation
- # CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
New
- Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon i
- Firefox 67 demonstrates improved performance thanks to a number of changes such as:
- Lowering priority of
setTimeout
during page load - Delayed component initialization until after start up
- Painting sooner during page load but less often
- Suspending unused tabs
- Lowering priority of
- Users can block known cryptominers and fingerprinters in the Custom settings of their Content Blocking preferences.
- Keyboard accessibility has improved in the latest version of Firefox. Toolbar and toolbar overflow menu are both fully keyboard accessible: keyboard users can now access add-ons, the downloads panel, the overflow, Page actions and Firefox menus, and much more.
- Private Browsing sees both usability and security improvements:
- Save passwords in private browsing mode
- Choose which extensions to exclude from private tabs
- A myriad of new features help make Firefox easier to use:
- We’ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
- Tabs can now be pinned from the Page Actions menu in the address bar
- Firefox will highlight useful features (like Pin Tabs) when users are most likely to benefit from them.
- Easier access to your list of saved logins from the main menu and login autocomplete. Learn about all the ways you can manage your passwords in Firefox.
- The Import Data from Another Browser feature is now also available from the File menu
- Users will be able to run different Firefox installs side by side by default so that you can run the beta and release versions simultaneously
- Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues
- Firefox is upgrading to the newer, higher performance, AV1 decoder known as ‘dav1d’
- WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards
- Mozilla’s highest performing JavaScript compiler now supports ARM64 Windows devices.
- Enable FIDO U2F API, and permit registrations for Google Accounts
- Some users will see experiments with an improved Pocket experience in Firefox Home with different layouts and more topical content.
Changed:
- Firefox no longer supports handling webcal: links with 30boxes.com
- Change to extensions in Private Windows: Any new extensions you add to the browser won’t work in Private Windows unless you allow this in the settings.
- Users will no longer be able to upload and share screenshots through the Firefox Screenshots server. Users who want to keep existing screenshots need to export them before the server shuts down in the coming months.
- Included Twemoji Mozilla font updated to support Emoji 11.0
- Font and date adjustments to accommodate the new Reiwa era in Japan
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment