Mozilla Firefox Version 86.0 Released With Security Updates

Mozilla sent Firefox Version 86.0 to the release channel today.  The update includes ten security updates of which five (5) are rated high, two (2) moderate and three (3) rated low.

 

Firefox ESR was updated to Version 78.8.

High

• #CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
• #CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
• #CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
• #CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
• #CVE-2021-23979: Memory safety bugs fixed in Firefox 86

Moderate

• #CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
• #CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer

Low

• #CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
• #CVE-2021-23975: about:memory’s Measure function caused an incorrect pointer operation
• #CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources

New

• Firefox now supports simultaneously watching multiple videos in Picture-in-Picture.

• Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total Cookie Protection, every website gets its own “cookie jar,” preventing cookies from being used to track you from site to site.

• We've improved our Print functionality with a cleaner design and better integration with your computer's printer settings.
  

• For Firefox users in Canada, credit card management and auto-fill are now enabled.

• Notable performance and stability improvements are achieved by moving canvas drawing and WebGL drawing to the GPU process.

Fixed

• Reader mode now works with local HTML pages.

• Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids such as on messenger.com.

• The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox.

• Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns.

• Links in Reader View now have more color contrast.

Changed

• On Linux and Android, the protection to mitigate the stack clash attack has been activated.
  

• From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.

• Consolidated all video decoding in the new RDD process which results in a more secure Firefox.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...