Mozilla Firefox Version 99.0 Released with Security Updates

           Mozilla sent Firefox Version 99.0 to the release channel today.  The update includes eleven security updates of which three (3) are rated high, five (5) moderate and three (3) are rated low.

Firefox ESR was updated to Version 91.8.

 

High

#

• CVE-2022-1097: Use-after-free in NSSToken objects
• CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
• CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Moderate

#

• CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
• CVE-2022-28283: Missing security checks for fetching sourceMapURL
• CVE-2022-28284: Script could be executed via svg's use element
• CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
• CVE-2022-28288: Memory safety bugs fixed in Firefox 99

Low

#

• CVE-2022-28286: iframe contents could be rendered outside the border
• CVE-2022-28287: Text Selection could crash Firefox
• CVE-2022-24713: Denial of Service via complex regular expressions

New 

• You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."  
• You can find added support for search—with or without diacritics—in the PDF viewer.
• The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).
• Firefox now supports credit card autofill and capture in Germany and France.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar