Tuesday, October 24, 2023

Mozilla Firefox Version 119.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 119.0 to the release channel.  The update includes eleven security updates of which three (3) are rated high, seven (7) moderate, and one (1) rated low.

Firefox ESR was updated to Version 115.4.

Note: Effective November 1, 2023, Mozilla will be renaming Firefox Accounts to Mozilla Accounts. From Firefox accounts renamed Mozilla accounts - What you need to know:


Why the renaming?
Over the years, Firefox accounts expanded its role beyond being solely an authentication solution for Firefox Sync. It now serves as Mozilla's main authentication and account management service for a wide range of products and services, supporting millions of active account customers globally. As such, the original "Firefox" branding no longer accurately reflects the broad scope of Mozilla's offerings. The renaming is intended to create a more consistent brand experience across all Mozilla surfaces, driving higher awareness of the portfolio of Mozilla products.


A new account isn't needed and sign-in remains the same.  Additional information is available in the referenced support document.


High


#

#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack

#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

#CVE-2023-5731: Memory safety bugs fixed in Firefox 119


Moderate

#CVE-2023-5722: Cross-Origin size and header leakage

#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors

#CVE-2023-5724: Large WebGL draw could have led to a crash

#CVE-2023-5725: WebExtensions could open arbitrary URLs

#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS

#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows

#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.


Low

#CVE-2023-5722: Cross-Origin size and header leakage


New

  • Gradually rolling out in Fx119, Firefox View includes more content. You can now see all open tabs, from all windows. If you sync open tabs, you’ll see all tabs from other devices. Browsing history is now listed and you can sort by date or by site. As before, recently closed tabs are also listed on Firefox View.

    To access Firefox View, select the file folder icon at the top left of your tab strip

  • Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by adding images and alt text, in addition to text and drawings.
  • Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows.
  • If you're migrating your data from Chrome, Firefox now offers the ability to import some of your extensions as well.
  • As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual.
  • The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting.
  • The Storage Access API web standard was updated to improve security while mitigating website breakages and further enabling the phase out of third-party cookies in Firefox.
  • Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled.
  • Media sniffing is no longer applied to files served as type application/octet-stream, this allows these files to be downloaded instead of attempting playback.
  • On Windows, the mouse pointer will disappear while typing if the relevant Windows mouse properties system setting is enabled.
  • Firefox is now available in the Santali (sat) language.

Fixed

  • Fixed an issue causing unexpected jumps in scroll position on Facebook.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)