Mozilla Firefox Version 87.0 Released With Security Updates

Mozilla sent Firefox Version 87.0 to the release channel today.  The update includes eight security updates of which two (2) are rated high, four (4) moderate and two (2) rated low.

 

Firefox ESR was updated to Version 78.9.

High

• #CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
• #CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

 

Moderate

• #CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
• #CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
• #CVE-2021-23984: Malicious extensions could have spoofed popup information
• #CVE-2021-23988: Memory safety bugs fixed in Firefox 87

 

Low

• #CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
• #CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations

 New

• You’ll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly.
• To further protect your privacy, our new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.
• The “Highlight All” feature on Find in Page now displays tick marks alongside your scrollbar that correspond to the location of matches found on that page.
• We’re proud to announce full support for macOS built-in screen reader, VoiceOver.
• We’ve added a new locale: Silesian (szl)

 

Fixed

• We’ve fixed several significant accessibility issues:
• Video controls now have visible focus styling and video and audio controls are now keyboard navigable. (Bug 1681007)
• HTML <meter> is now spoken by screen readers. (Bug 1460378)
• Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537)
• Firefox will now fire a name/description change event when aria-labelledby/describedby content changes. (Bug 493683)
• Various security fixes.   Security Vulnerabilities fixed in Firefox 87 — Mozilla

 

Changed

• To prevent user data loss when filling out forms, we’ve disabled the Backspace key as a navigation shortcut for the back navigation button. To re-enable the Backspace keyboard shortcut, you can change the about:config preference browser.backspace_action to 0. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
  Firefox keyboard shortcuts
• We've removed items from the Library menu that weren't used often or have other access points in the browser: Synced tabs, Recent highlights, and Pocket list.
• We've simplified the Help menu by reducing redundant items, such as those that point to Firefox support pages that can also be accessed via the Get Help item.
  

 

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download. 

 

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...