Mozilla sent Firefox Version 127.0 to the Release Channel. ESR was updated to Version 115.12.0.
The update includes fifteen security updates of which four (4) are rated high, eight (8) are rated moderate, and three (3) are rated low.
HIGH
#CVE-2024-5687:
An incorrect principal could have been used when opening new tabs
#CVE-2024-5688:
Use-after-free in JavaScript object transplant
#CVE-2024-5700: Memory safety bugs fixed in Firefox 127,
Firefox ESR 115.12, and Thunderbird 115.12
#CVE-2024-5701: Memory safety bugs fixed in Firefox 127
MODERATE
#CVE-2024-5689:
User confusion and possible phishing vector via Firefox Screenshots
#CVE-2024-5690:
External protocol handlers leaked by timing attack
#CVE-2024-5691: Sandboxed
iframes were able to bypass sandbox restrictions to open a new window
#CVE-2024-5692: Bypass of
file name restrictions during saving
#CVE-2024-5693:
Cross-Origin Image leak via Offscreen Canvas
#CVE-2024-5694:
Use-after-free in JavaScript Strings
#CVE-2024-5695: Memory
Corruption using allocation using out-of-memory conditions
#CVE-2024-5696: Memory
Corruption in Text Fragments
LOW
#CVE-2024-5697: Website was able to detect when Firefox was
taking a screenshot of them
#CVE-2024-5698: Data-list could have overlaid address bar
#CVE-2024-5699: Cookie prefixes not treated as
case-sensitive
NEW
- You can now set Firefox to automatically launch whenever you start or restart your Windows computer. Setting Firefox to auto-launch optimizes efficiency in our browser-centric digital routines, eliminating manual startup delays and facilitating immediate web access. (Learn more)
- We completed work to optimize and enable DNS
prefetching for HTTPS documents via the
rel="dns-prefetch"
link hint. This standard allows web developers to specify domain names for important assets that should be resolved preemptively. - It is now possible to close all duplicate tabs in a window with the Close duplicate tabs command available from the List all tabs widget in the tab bar or a tab context menu.
- Firefox will now automatically try to upgrade
<img>
,<audio>
, and<video>
elements from HTTP to HTTPS if they are embedded within an HTTPS page. If these so-called mixed content elements do not support HTTPS, they will no longer load. - For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page.
Changed
- To reduce user fingerprinting information and
the risk of some website compatibility issues, the CPU architecture for 32-bit
x86 Linux will now be reported as x86_64 in Firefox's User-Agent string and
navigator.platform
andnavigator.oscpu
Web APIs. - Links and other focusable elements are now tab-navigable by default on macOS, instead of following macOS' "Keyboard navigation" setting. This is a more accessible default and matches the default in all other platforms. A checkbox in the settings page still allows users to restore the old behavior.
- The Screenshots feature in Firefox has gotten a big update! It now supports taking screenshots of file types like SVG, XML, and more as well as various about: pages within Firefox. We've also made the screenshot tool more accessible to everyone by implementing new keyboard shortcuts and adding theme compatibility and High Contrast Mode (HCM) support. And finally, performance for capturing large screenshots has been improved.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox". Mac users need to select "About Firefox" from the Firefox menu. For non-English versions, Fully Localized Versions are available for download.
References
References
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.