Tuesday, October 01, 2024

Mozilla Firefox Version 131.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 131.0 to the release channel.  Firefox ESR was updated to Version 115.16.0.

The update includes nine security updates of which seven (4) are rated high, three (3) are rated moderate, and three (3) are rated low.

High

#CVE-2024-9391: Prevent users from exiting full-screen mode in Firefox Focus for Android
#CVE-2024-9392: Compromised content process can bypass site isolation
#CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
#CVE-2024-9394: Cross-origin access to JSON contents through multipart responses
#CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9403: Memory safety bugs fixed in Firefox 131 and Thunderbird 131

Moderate

#CVE-2024-9395: Specially crafted filename could be used to obscure download type
#CVE-2024-9396: Potential memory corruption may occur when cloning certain objects
#CVE-2024-9397: Potential directory upload bypass via clickjacking

Low

#CVE-2024-9398: External protocol handlers could be enumerated via popups
#CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service
#CVE-2024-9400: Potential memory corruption during JIT compilation

New

  • Firefox will now offer to temporarily remember when users grant permissions to sites (e.g. geolocation). Temporary permissions will be removed either after one hour or when the tab is closed.
  • A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs.
  • When suggesting a default translation language, Firefox will now take into consideration languages you have previously used for translations.
  • We’ve re-introduced the ability to navigate to the search engine home page when the search bar is empty by using shift-enter/shift-click
    Fixed:
    • Fixed an issue where Copy and Paste context menu items intermittently were not enabled when expected.
    Changed:

    • The following language is now supported by Firefox translation: Swedish
    • The Tab overview (List all tabs) menu has received a new, refreshed icon.


    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: