Mozilla sent Firefox Version 70.0 to the release channel today. The update included thirteen (13) security updates of which one (1) is critical, three (3) are high, eight (8) moderate and one (1) are rated low.
With the release of Version 70.0, the Enhanced Tracking Protection added in Version 69.0 is on by default on all platforms. Information about the feature is available in the Mozilla blog post, Latest Firefox Brings Privacy Protections Front and Center Letting You Track the Trackers.
Also released was Firefox ESR Version 68.2.
Critical
High
- # CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
- # CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
- # CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
Moderate
- # CVE-2019-11759: Stack buffer overflow in HKDF output
- # CVE-2019-11760: Stack buffer overflow in WebRTC networking
- # CVE-2019-11761: Unintended access to a privileged JSONView object
- # CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
- # CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
- # CVE-2019-11765: Incorrect permissions could be granted to a website
- # CVE-2019-17000: CSP bypass using object tag with data: URI
- # CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
Low
New
- More privacy protections from Enhanced Tracking Protection:
- Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
- The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.
- More security protections from Firefox Lockwise, our digital identity and password management tool:
- Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers .
- Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
- Complex password generation, to help you create and save strong passwords for new online accounts.
- Improvements to core engine components, for better browsing on more sites
- A faster Javascript Baseline Interpreter to handle the modern web’s
large codebases and improve page load performance by as much as 8
percent. - WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
- Compositor improvements in Firefox for macOS that reduce power
consumption, speed up page load by as much as 22 percent, and reduce
resource use for video by up to 37 percent.
- A faster Javascript Baseline Interpreter to handle the modern web’s
- More browser features to help you get the most out of Firefox products and services
- A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
- A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
- When a website uses your geolocation, an indicator is shown in the
address bar.
Changed
- Built-in Firefox pages now follow the system dark mode preference
- Aliased theme properties have been removed, which may affect some themes
- Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
- Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.