Mozilla Firefox Version 72.0 Released with Security Updates

Mozilla sent Firefox Version 72.0 to the release channel today.  The update included twelve (12) security updates of which five (5) are high, six (6) are moderate and one (1) rated low.

Also released was Firefox ESR Version 68.4.

High

• CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
• CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
• CVE-2019-17017: Type Confusion in XPCVariant.cpp
• CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
• CVE-2019-17025: Memory safety bugs fixed in Firefox 72

Moderate

• CVE-2019-17017: Type Confusion in XPCVariant.cpp
• CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
• CVE-2019-17019: Python files could be inadvertently executed upon opening a download
• CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
• CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
• CVE-2019-17022: CSS sanitization does not escape HTML tags

Low

• CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sen

New

• Firefox’s Enhanced Tracking Protection marks a major new milestone in our battle against cross-site tracking: we now block fingerprinting scripts by default for all users, taking a new bold step in the fight for our users’ privacy.
  
• Firefox replaces annoying notification request pop-ups with a more delightful experience, by default for all users. The pop-ups no longer interrupt your browsing, in its place, a speech bubble will appear in the address bar when you interact with the site.
  
• Picture-in-picture video is now also available in Firefox for Mac and Linux: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs or apps. Learn how the feature works.
  

Changed

• Support for blocking images from individual domains has been removed from Firefox, because of low usage and poor user experience.

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...