Mozilla Firefox Version 74.0 Released With Security Updates

Mozilla sent Firefox Version 74.0 to the release channel today.  The update included twelve (12) security updates of which five (5) are high, six (6) are moderate and one (1) are rated low.

Also released was Firefox ESR Version 68.6.

High

• #CVE-2020-6805: Use-after-free when removing data about origins
• #CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
• #CVE-2020-6807: Use-after-free in cubeb during stream destruction
• #CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
• #CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74

Moderate

• #CVE-2020-6808: URL Spoofing via javascript: URL
• #CVE-2020-6809: Web Extensions with the all-urls permission could access local files
• #CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
• #CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
• #CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
• #CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission

Low

• #CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature

New

• Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.
  
• Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.
  
• Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.
  
• Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.
  
• Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.
  

Fixed

• We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.

Changed

• When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved allowing you to flip through to the next image of the batch.
  
• On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar making keyboard shortcuts more useful for our users.
  
• We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.
  

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...