Mozilla Firefox Version 109.0 Released with Security Updates ~ Security Garden

Tuesday, January 17, 2023

Mozilla Firefox Version 109.0 Released with Security Updates

Mozilla sent Firefox Version 109.0 to the release channel today. The update includes ten security updates of which four (4) are rated high, four (4) moderate, and two (2) rated low.

Firefox ESR was updated to Version 102.7.

High

#CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files

#CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux

#CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7

#CVE-2023-23606: Memory safety bugs fixed in Firefox 109

Moderate

#CVE-2023-23599: Malicious command could be hidden in devtools output on Windows

#CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android

#CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation

#CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

Low

#CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

#CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts

New

Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button.
The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users.
The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners.
Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built-in dictionary for the Firefox spellchecker.

Changed

Effective on January 16, Colorways will no longer be in Firefox. Users will still be able to access saved and active Colorways from the Add-ons and themes menu option.
On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS.
The Recently Closed section of Firefox View now equips users with the ability to manually close/remove url links from the list.
The empty state messages and graphic components surfaced in Firefox View for the Tab Pickup and Recently Closed sections have been updated for an improved user experience.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Tuesday, January 17, 2023