Mozilla sent Firefox Version 110.0 to the release channel today. The update includes nineteen security updates of which ten (10) are rated high, four (4) moderate, and five (5) rated low.
Firefox ESR was updated to Version 102.8.
High
#CVE-2023-25728: Content security policy leak in violation reports using iframes
#CVE-2023-25730: Screen hijack via browser fullscreen mode
#CVE-2023-25743: Fullscreen notification not shown in Firefox Focus
#CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
#CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
#CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
#CVE-2023-25738: Printing on Windows could potentially crash Firefox with some device drivers
#CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
#CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
#CVE-2023-25745: Memory safety bugs fixed in Firefox 110
Moderate
#CVE-2023-25729: Extensions could have opened external schemes without user knowledge
#CVE-2023-25732: Out of bounds memory write from EncodeInputStream
#CVE-2023-25734: Opening local .url files could cause unexpected network loads
#CVE-2023-25740: Opening local .scf files could cause unexpected network loads
Low
#CVE-2023-25731: Prototype pollution when rendering URLPreview
#CVE-2023-25733: Possible null pointer dereference in TaskbarPreviewCallback
#CVE-2023-25736: Invalid downcast in GetTableSelectionMode
#CVE-2023-25741: Same-origin policy leak via image drag and drop
#CVE-2023-25742: Web Crypto ImportKey crashes tab
New
It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi for all the folks who want to move over to Firefox instead!
GPU sandboxing has been enabled on Windows.
Note: A bug in the popular X-Mouse Button Control (XMBC) tool may cause mouse wheel scrolling to stop working. The author(s) are working on an update. Meanwhile, scrolling can be restored by reconfiguring XMBC: either disable the Make scroll wheel scroll window under cursor option in the global settings, or enable the Disable scroll window under cursor option if using a custom profile for Firefox.
On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior.
Date, time, and datetime-local input fields can now be cleared with Cmd+Backspace and Cmd+Delete shortcut on macOS and Ctrl+Backspace and Ctrl+Delete on Windows and Linux.
GPU-accelerated Canvas2D is enabled by default on macOS and Linux.
WebGL performance improvement on Windows, MacOS and Linux.
Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality.
Changed
Colorways are
no longer available in Firefox, at least not in the same way. You can still
access your saved and active Colorways by selecting Add-ons and themes from the
Firefox menu. Additionally, you can now install Colorways from all of the
previous collections by visiting Colorways by Firefox on the Mozilla Add-ons website.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment