Mozilla Firefox Version 71.0 Released with Security Updates

Mozilla sent Firefox Version 71.0 to the release channel today.  The update included thirteen (13) security updates of which six (6) are high and five (5) are rated moderate. 

Also released was Firefox ESR Version 68.3.

Note:  The following extensions have been removed from the Mozilla addon repository due to concerns that they were tracking a user's activity as they are browsed the web:  Avast Online Security, Avast SafePrice, AVG Online Security, and AVG SafePrice.  Additional information is available at Bleeping Computer.

High

• #CVE-2019-11756: Use-after-free of SFTKSession object
• #CVE-2019-17008: Use-after-free in worker destruction
• #CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
• #CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
• #CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
• #CVE-2019-17013: Memory safety bugs fixed in Firefox 71

Moderate

• #CVE-2019-17014: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure
• #CVE-2019-17009: Updater temporary files accessible to unprivileged processes
• #CVE-2019-17010: Use-after-free when performing device orientation checks
• #CVE-2019-17005: Buffer overflow in plain text serializer
• #CVE-2019-17011: Use-after-free when retrieving a document in antitracking

New

• Improvements to Lockwise, our integrated password manager:
  
  • Firefox now recognizes subdomains and will autofill domain logins from Lockwise
  • Integrated breach alerts from Firefox Monitor are now available to users with screen readers
• More information about Enhanced Tracking Protection in action:
  
  • Notifications when Firefox blocks cryptominers
  • A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
• Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
• Native MP3 decoding on Windows, Linux, and macOS

Changed

• Configuration page (about:config) reimplemented in HTML
• Firefox will now ship with Catalan (Valencian) (ca-valencia), Tagalog (tl), and Triqui (trs)

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...