Mozilla sent Firefox Version 85.0 to the release channel today. The update includes thirteen security updates of which five (5) are rated high, six (6) moderate and two (2) rated low.
Firefox ESR was updated to Version 78.7.
High:
- #CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
- #CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
- #CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
- #CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
- #CVE-2021-23965: Memory safety bugs fixed in Firefox 85
Moderate:
- #CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
- #CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
- #CVE-2021-23958: Screen sharing permission leaked across tabs
- #CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
- #CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
- #CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
Low:
- #CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</code>
- #CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
New
- Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next.
- It’s easier than ever to save and access your bookmarks. Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder.
- The password manager now allows you to remove all of your saved logins with one click, as opposed to having to delete each login individually.
Changed
- Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment