Mozilla Firefox Version 126.0 Released with Security Updates

 Mozilla sent Firefox Version 126.0 to the Release Channel. ESR was updated to Version 115.11.0.

The update includes sixteen security updates of which two (2) are rated high, nine (9) are rated moderate, and five (5) are rated low.

High

#CVE-2024-4764: Use-after-free when audio input connected with multiple consumers

#CVE-2024-4367: Arbitrary JavaScript execution in PDF.js

Moderate

#CVE-2024-4765: Web application manifests could have been overwritten via hash collision

#CVE-2024-4766: Fullscreen notification could have been obscured on Firefox for Android

#CVE-2024-4767: IndexedDB files retained in private browsing mode

#CVE-2024-4768: Potential permissions request bypass via clickjacking

#CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types

#CVE-2024-4770: Use-after-free could occur when printing to PDF

#CVE-2024-4771: Failed allocation could lead to use-after-free

#CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11

#CVE-2024-4778: Memory safety bugs fixed in Firefox 126

Low

#CVE-2024-4772: Use of insecure rand() function to generate nonce

#CVE-2024-4773: URL bar could be cleared after network error

#CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry()

#CVE-2024-4775: Invalid memory access in the built-in profiler

#CVE-2024-4776: Window may remain disabled after file dialog is shown in full-screen

New

• The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!
• Catalan is now available in Firefox Translations.
• Enabled AV1 hardware decode acceleration on macOS for M3 Macs.
• Telemetry was added to create an aggregate count of searches by category to broadly inform search feature development. These categories are based on 20 high-level content types, such as "sports,” "business," and "travel". This data will not be associated with specific users and will be collected using OHTTP to remove IP addresses as potentially identifying metadata. No profiling will be performed, and no data will be shared with third parties.  (read more)

Changed

• The URL Paste Suggestion feature added in Fx125 was temporarily disabled while the team investigates a potential performance issue. The feature will be re-enabled in a future release once the performance issue is addressed.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...