Mozilla sent Firefox Version 79.0 to the release channel today. The update includes ten security updates of which four (4) are rated high, three (3) moderate and three (3) low.
Also released was Firefox ESR Version 68.11.
High
- #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
- #CVE-2020-6514: WebRTC data channel leaks internal address to peer
- #CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
- #CVE-2020-15659: Memory safety bugs fixed in Firefox 79
Moderate
- #CVE-2020-15653: Bypassing iframe sandbox when allowing popups
- #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
- #CVE-2020-15656: Type confusion for special arguments in IonMonkey
Low
- #CVE-2020-15658: Overriding file type when saving to disk
- #CVE-2020-15657: DLL hijacking due to incorrect loading path
- #CVE-2020-15654: Custom cursor can overlay user interface
- We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.
- Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.
- Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.
- Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
- SVG
title
anddesc
elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.