Mozilla sent Firefox Version 88.0 to the release channel today. The update includes ten security updates of which five (5) are rated high, six (6) moderate and two (2) rated low.
Firefox ESR was updated to Version 78.10.
High
- #CVE-2021-23994: Out of bound write due to lazy initialization
- #CVE-2021-23995: Use-after-free in Responsive Design Mode
- #CVE-2021-23996: Content rendered outside of webpage viewport
- #CVE-2021-23997: Use-after-free when freeing fonts from cache
- #CVE-2021-29947: Memory safety
bugs fixed in Firefox 88
Moderate
- #CVE-2021-23998: Secure Lock icon could have been spoofed
- #CVE-2021-23999: Blob URLs may have been granted additional privileges
- #CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab
- #CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process
- #CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
- #CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
Low
- #CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View
- #CVE-2021-29946: Port blocking could be bypassed
New
- PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features.
- Print updates: Margin units are now localized.
- Smooth pinch-zooming using a touchpad is now supported on Linux
- To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more
Fixed
- Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel.
Changed
- Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access.
- The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize…
- FTP support has been disabled,
and its full removal is planned for an upcoming release. Addressing this
security risk reduces the likelihood of an attack while also removing
support for a non-encrypted protocol.
Moderate
- #CVE-2021-23998: Secure Lock icon could have been spoofed
- #CVE-2021-23999: Blob URLs may have been granted additional privileges
- #CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab
- #CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process
- #CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
- #CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
Low
- #CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View
- #CVE-2021-29946: Port blocking could be bypassed
New
- PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features.
- Print updates: Margin units are now localized.
- Smooth pinch-zooming using a touchpad is now supported on Linux
- To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more
Fixed
- Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel.
Changed
- Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access.
- The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize…
- FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol.
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.