Mozilla Firefox Version 129.0 Released with Security Updates ~ Security Garden

Tuesday, August 06, 2024

Mozilla Firefox Version 129.0 Released with Security Updates

Mozilla sent Firefox Version 129.0 to the release channel. Firefox ESR was updated to Version 115.14.0.

The update includes fourteen security updates of which eleven (11) are rated high, two (2) are rated moderate, and one (1) is rated low.

High

#CVE-2024-7518: Fullscreen notification dialog can be obscured by document content
#CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
#CVE-2024-7520: Type confusion in WebAssembly
#CVE-2024-7521: Incomplete WebAssembly exception handing
#CVE-2024-7522: Out of bounds read in editor component
#CVE-2024-7523: Document content could partially obscure security prompts
#CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
#CVE-2024-7525: Missing permission check when creating a StreamFilter
#CVE-2024-7526: Uninitialized memory used by WebGL
#CVE-2024-7527: Use-after-free in JavaScript garbage collection
#CVE-2024-7528: Use-after-free in IndexedDB

Moderate
#CVE-2024-7529: Document content could partially obscure security prompts
#CVE-2024-7530: Use-after-free in JavaScript code coverage collection

Low

#CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines

New

Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment. These changes offer a more accessible reading experience.
Reader View now has a Theme menu with additional Contrast and Gray options. You can also select custom colors for text, background, and links from the Custom tab.
A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs.
HTTPS is replacing HTTP as the default protocol in the address bar on non-local sites. If a site is not available via HTTPS, Firefox will fall back to HTTP.
HTTPS DNS records can now be resolved with the operating system's DNS resolver on specific platforms (Windows 11, Linux, Android 10+). Previously this required DNS over HTTPS to be enabled. This capability allows the use of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to HTTPS when the DNS record is present, and enables wider use of ECH.
Added support for multiple languages in the same document spoken in macOS VoiceOver.
Address Autofill is now enabled for users in France and Germany.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Tuesday, August 06, 2024