Mozilla sent Firefox Version 120.0 to the release channel. The update includes eleven security updates of which seven (7) are rated high, two (2) moderate, and two (2) rated low.
Firefox ESR was updated to Version 115.5.
High
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6205: Use-after-free in MessagePort::Entangled
#CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
#CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
#CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
#CVE-2023-6213: Memory safety bugs fixed in Firefox 120
#
Moderate
#CVE-2023-6208: Using Selection API would copy contents into X11 primary selection
#CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
Low
#CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up
#CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode
New
Firefox supports a new “Copy Link Without Site Tracking” feature in the context menu which ensures that copied links no longer contain tracking information.
Firefox now supports a setting (in Preferences → Privacy & Security) to enable Global Privacy Control. With this opt-in feature, Firefox informs the websites that the user doesn’t want their data to be shared or sold.
Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy.
Firefox has enabled Cookie Banner Blocker by default in private windows for all users in Germany. Firefox will now auto-refuse cookies and dismiss annoying cookie banners for supported sites.
Firefox has enabled URL Tracking Protection by default in private windows for all users in Germany. Firefox will remove non-essential URL query parameters that are often used to track users across the web.
Firefox now imports TLS trust anchors (e.g., certificates) from the operating system root store. This will be enabled by default on Windows, macOS, and Android, and if needed, can be turned off in settings (Preferences → Privacy & Security → Certificates).
Keyboard shortcuts have now been added for editing and deleting a selected credential on about:logins. For editing - Alt + enter (Option + return on macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).
Users on Ubuntu Linux now have the ability to import from Chromium when both are installed as Snap packages.
Picture-in-Picture now supports corner snapping on Windows and Linux - just hold Ctrl as you move the PiP window.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
No comments:
Post a Comment