Mozilla sent Firefox Version 83.0 to the release channel today. The update includes seven security updates of which four (4) are rated high, eleven (11) moderate and six (6) rated low.
Firefox ESR was updated to Version 78.5.
High
- #CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
- #CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
- #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
- #CVE-2020-26969: Memory safety bugs fixed in Firefox 83
Moderate
- #CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
- #CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
- #CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
- #CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
- #CVE-2020-26956: XSS through paste (manual and clipboard API)
- #CVE-2020-26957: OneCRL was not working in Firefox for Android
- #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
- #CVE-2020-26959: Use-after-free in WebRequestService
- #CVE-2020-26960: Potential use-after-free in uses of nsTArray
- #CVE-2020-15999: Heap buffer overflow in freetype
- #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
Low
- #CVE-2020-26962: Cross-origin iframes supported login autofill
- #CVE-2020-26963: History and Location interfaces could have been used to hang the browser
- #CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
- #CVE-2020-26965: Software keyboards may have remembered typed passwords
- #CVE-2020-26966: Single-word search queries were also broadcast to local network
- #CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
New
-
Firefox keeps getting faster as a result of significant updates to SpiderMonkey, our JavaScript engine, you will now experience improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. We have replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time.
-
Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences.
-
Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages.
-
Picture-in-Picture now supports keyboard shortcuts for fast forwarding and rewinding videos: use the arrow keys to move forward and back 15 seconds, along with volume controls. For a list of supported commands see Support Mozilla
-
When you are presenting your screen on a video conference in Firefox, you will see our improved user interface that makes it clearer which devices or displays are being shared.
-
We’ve improved functionality and design for a number of Firefox search features:
- Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click.
- When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results.
- We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history.
-
Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.
-
Our users in India on the English build of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.
-
For the recently released Apple devices built with Apple Silicon CPUs, you can use Firefox 83 and future releases without any change. This release (83) will support emulation under Apple’s Rosetta 2 that ships with macOS Big Sur. We are working toward Firefox being natively-compiled for these CPUs in a future release.
-
This is a major release for WebRender as we roll out to more Firefox users on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
-
This release also includes a number of accessibility fixes:
- Screen reader features which report paragraphs now correctly report paragraphs instead of lines in Google Docs
- When reading by word using a screen reader, words are now correctly reported when there is punctuation nearby
- The arrow keys now work correctly after tabbing in the picture-in-picture window
-
For users on macOS restoring a session with minimized windows, Firefox now uses much less power and you should see much longer battery life.
No comments:
Post a Comment