Mozilla Firefox Version 117.0 Released with Security Updates ~ Security Garden

Mozilla sent Firefox Version 117.0 to the release channel. The update includes fourteen security updates of which eight (8) are rated high, four (4) moderate, and two (2) rated low.

Firefox ESR was updated to Versions 102.14 and 115.2.

High

#CVE-2023-4573: Memory corruption in IPC CanvasTranslator
#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

Moderate

#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

#CVE-2023-4579: Persisted search terms were formatted as URLs

#CVE-2023-4580: Push notifications saved to disk unencrypted

#CVE-2023-4581: XLL file extensions were downloadable without warnings

Low

#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv

#CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window

New

Support for credit card autofill has been extended to users running Firefox in the IT, ES ,AT, BE, and PL locales.
macOS users can now control the tabability of controls and links via about:preferences.
To avoid undesirable outcomes on sites which specify their own behavior when pressing shift+right-click, Firefox now has a dom.event.contextmenu.shift_suppresses_event preference to prevent the context menu from appearing.

Fixed

YouTube video lists now scroll correctly when navigating with a screen reader.

Changed

Firefox no longer shows its own screen sharing indicator on Wayland desktop environments. The system default sharing indicator will be used instead.

Web Platform

Support for improved CSS nesting is now enabled by default.
Firefox now supports RTCRtpScriptTransform.
ReadableStream.from is now supported, allowing creation of a ReadableStream from an (async) iterable.
Firefox now supports the math-style and math-depth CSS properties and the font-size: math value.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Tuesday, August 29, 2023