Mozilla Firefox Version 84.0 Released With Security Updates

Mozilla sent Firefox Version 84.0 to the release channel today.  The update includes fourteen security updates of which one (1) is rated critical, six (6) are rated high, four (4) moderate and three (3) rated low.

Firefox ESR was updated to Version 78.6.

Critical

• #CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed

 

High

• #CVE-2020-26971: Heap buffer overflow in WebGL
• #CVE-2020-26972: Use-After-Free in WebGL
• #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
• #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
• #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
• #CVE-2020-35114: Memory safety bugs fixed in Firefox 84

 

Moderate

• #CVE-2020-26975: Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers
• #CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been
• #CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
• #CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage

 

Low

• #CVE-2020-26979: When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended url
• #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
• #CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead

New

• Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non-native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox.

• WebRender rolls out to MacOS Big Sur and Windows devices with Intel Gen 5 and 6 GPUs. Additionally we'll ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time, ever!

• Firefox now uses more modern techniques for allocating shared memory on Linux, improving performance and increasing compatibility with Docker.

• Firefox 84 is the final release to support Adobe Flash.

References

• Common questions after updating Firefox
• Security Updates
  
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...