Mozilla Firefox Version 125.0.1 Released with Security Updates

Mozilla sent Firefox Version 125.0.1 to the release channel.  Firefox ESR was updated to Version 115.9.1.

The update includes fifteen security updates of which nine (9) are rated high, five (5) are rated moderate, and one (1) is rated low.

High

#

#CVE-2024-3852: GetBoundName in the JIT returned the wrong object
#CVE-2024-3853: Use-after-free if garbage collection runs during realm initialization
#CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
#CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds read
#CVE-2024-3856: Use-after-free in WASM garbage collection
#CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection
#CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
#CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
#CVE-2024-3865: Memory safety bugs fixed in Firefox 125

Moderate

#CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
#CVE-2024-3860: Crash when tracing empty shape lists
#CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
#CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment operator on self-assignment
#CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows

Low

#

#CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames

New

• Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers.
• The Firefox PDF viewer now supports text highlighting.
• Firefox View now displays pinned tabs in the Open tabs section. Tab indicators have also been added to Open tabs, so users can do things like see which tabs are playing media and quickly mute or unmute across windows. Indicators were also added for bookmarks, tabs with notifications, and more!
• Firefox now prompts users in the US and Canada to save their addresses upon submitting an address form, allowing Firefox to autofill stored address information in the future.
• Firefox now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy.
• The URL Paste Suggestion feature provides a convenient way for users to quickly visit URLs copied to the clipboard in the address bar of Firefox. When the clipboard contains a URL and the URL bar is focused, an autocomplete result appears automatically. Activating the clipboard suggestion will navigate the user to the URL with 1 click.
• Users of tab-specific Container add-ons can now search in the Address Bar for tabs that are open in different containers. Special thanks to volunteer contributor atararx for kicking off the work on this feature!
• Firefox now provides an option to enable Web Proxy Auto-Discovery (WPAD) while configured to use system proxy settings.

Changed

• In a group of radio buttons where no option is selected, the tab key now only reaches the first option rather than cycling through all available options. The arrow keys navigate between options as they do when there is a selected option. This makes keyboard navigation more efficient and consistent.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...