Mozilla sent Firefox Version 112.0 to the release channel today. The update includes twenty-one security updates of which nine (9) are rated high, eight (8) moderate, and four (4) rated low.
Firefox ESR was updated to Version 102.10.
High
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29537: Data Races in font initialization code
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
#CVE-2023-29551: Memory safety bugs fixed in Firefox 112
Moderate
#CVE-2023-29538: Directory information could have been leaked to WebExtensions
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download
#CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls
#CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-29543: Use-after-free in debugging APIs
#CVE-2023-29544: Memory Corruption in garbage collector
#CVE-2023-29545: Windows Save As dialog resolved environment variables
Low
#CVE-2023-29546: Screen recording in Private Browsing included address bar on Android
#CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29549: Javascript's bind function may have failed
New
Right-clicking on password fields now shows an option to reveal the password.
Ubuntu Linux users can now import their browser data from the Chromium Snap package. Currently, this will only work if Firefox is not also installed as a Snap package, but work is underway to address this!
Do you use the tab list panel in the tab bar? If so, you can now close tabs by middle-clicking items in that list.
You've always been able to un-close a tab by using (Cmd/Ctrl)-Shift-T. Now, that same shortcut will restore the previous session if there are no more closed tabs from the same session to re-open.
For all ETP Strict users, we extended the list of known tracking parameters that are removed from URLs to further protect our users from cross-site tracking.
Enables overlay of software-decoded video on Intel GPUs in Windows. Improves video down scaling quality and reduces GPU usage.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment