Tuesday, November 15, 2022

Mozilla Firefox Version 107.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 107.0 to the release channel today.  The update includes seven security updates of which eight (8) are rated high, nine (9) moderate, and two (2) rated low.

Firefox ESR was updated to Version 102.5.


High


#CVE-2022-45403: Service Workers might have learned size of cross-origin media files

#CVE-2022-45404: Fullscreen notification bypass

#CVE-2022-45405: Use-after-free in InputStream implementation

#CVE-2022-45406: Use-after-free of a JavaScript Realm

#CVE-2022-45407: Loading fonts on workers was not thread-safe

#CVE-2022-45408: Fullscreen notification bypass via windowName

#CVE-2022-45409: Use-after-free in Garbage Collection

#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5


Moderate


#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy

#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers

#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers

#CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via intent URLs

#CVE-2022-40674: Use-after-free vulnerability in expat

#CVE-2022-45415: Downloaded file may have been saved with malicious extension

#CVE-2022-45416: Keystroke Side-Channel Leakage

#CVE-2022-45417: Service Workers in Private Browsing Mode may have been written to disk

#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI


Low


#CVE-2022-45419: Deleting a security exception did not take effect immediately

#CVE-2022-45420: Iframe contents could be rendered outside the iframe

New

  • Improved the performance of the instance when Microsoft's IME and Defender retrieve the URL of a focused document in Windows 11 version 22H2.
  • Power profiling — visualizing performance data recorded from web browsers — is now also supported on Linux and Mac with Intel CPUs, in addition to Windows 11 and Apple Silicon.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: