Mozilla sent Firefox Version 68.0 to the release channel today. The update included twenty-one (21) security updates of which two (2) are critical, four (4) are high, ten (10) moderate and five (5) are rated low.
Correction: Firefox ESR 60.8.0 has been released and the Extended Support Release version upgrade to 68.0 ESR is now available.
Critical
- # CVE-2019-11710: Memory safety bugs fixed in Firefox 68
- # CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
High
- # CVE-2019-9811: Sandbox escape via installation of malicious language pack
- # CVE-2019-11711: Script injection within domain through inner window reuse
- # CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
- # CVE-2019-11713: Use-after-free with HTTP/2 cached stream
Moderate
- # CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
- # CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
- # CVE-2019-11715: HTML parsing error can contribute to content XSS
- # CVE-2019-11716: globalThis not enumerable until accessed
- # CVE-2019-11717: Caret character improperly escaped in origins
- # CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
- # CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
- # CVE-2019-11720: Character encoding XSS vulnerability
- # CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
- # CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
Low
- # CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
- # CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
- # CVE-2019-11725: Websocket resources bypass safebrowsing protections
- # CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
- # CVE-2019-11728: Port scanning through Alt-Svc header
New
- Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
- Improved extension security and discovery:
- New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
- Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
- Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.
- Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.
- WebRender will roll out to Windows 10 users with AMD graphics cards.
- Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.
Fixed
- Local files can no longer access other files in the same directory.
Changed
- Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization.
- The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version.
- When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it
- Camera and microphone access now require an HTTPS connection.
- The way non-default preferences are synced has changed. Please see this support article for more details
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.