Tuesday, July 09, 2024

Mozilla Firefox Version 128.0 Released with Security Updates

 Mozilla sent Firefox Version 128.0 to the Release Channel. ESR was updated to Version 115.13.0.

The update includes sixteen security updates of which four (4) are rated high, eight (8) are rated moderate, and four (4) are rated low.

HIGH

#CVE-2024-6605: Firefox Android missed activation delay to prevent tapjackin
#CVE-2024-6606: Out-of-bounds read in clipboard component
#CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
#CVE-2024-6615: Memory safety bugs fixed in Firefox 128


Moderate

#CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented
#CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock.
#CVE-2024-6609: Memory corruption in NSS
#CVE-2024-6610: Form validation popups could block exiting full-screen mode
#CVE-2024-6600: Memory corruption in WebGL API
#CVE-2024-6601: Race condition in permission assignment
#CVE-2024-6602: Memory corruption in NSS
#CVE-2024-6603: Memory corruption in thread creation


Low

#CVE-2024-6611: Incorrect handling of SameSite cookies
#CVE-2024-6612: CSP violation leakage when using devtools
#CVE-2024-6613: Incorrect listing of stack frames
#CVE-2024-6614: Incorrect listing of stack frames

NEW

  • Firefox can now translate selections of text and hyperlinked text to other languages from the context menu.
  • For users in the US and Canada, Firefox will now show your recent searches or currently trending searches when you open the Address Bar to get you back to your previous search session or inspire your next one.
  • Firefox now has a simpler and more unified dialog for clearing user data. In addition to streamlining data categories, the new dialog also provides insights into the site data size corresponding to the selected time range.
  • Firefox now supports playback of protected content from streaming sites like Netflix while in Private Browsing mode.
  • Firefox now supports the experimental Privacy Preserving Attribution API, which provides an alternative to user tracking for ad attribution. This experiment is only enabled via origin trial and can be disabled in the new Website Advertising Preferences section in the Privacy and Security settings.
  • On macOS, microphone capture through getUserMedia will now use system-provided voice processing when applicable, improving audio quality.
  • Firefox is now available in the Saraiki (skr) language.

Fixed
  • Firefox now proxies DNS by default when using SOCKS v5, avoiding leaking DNS queries to the network when using SOCKS v5 proxies.
Changed

  • Firefox now supports rendering more text/* file types inline, rather than requiring them to be downloaded to be viewed.
  • The root certificate used to verify add-ons and signed content has been renewed to avoid upcoming expiration.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: