Tuesday, October 29, 2024

Mozilla Firefox Version 132.0 Released with Security Updates

  FirefoxMozilla sent Firefox Version 132.0 to the release channel.  

The update includes nine security updates of which two (2) are rated high, six (6) are rated moderate, and three (3) are rated low.

High

#

#CVE-2024-10458: Permission leak via embed or object elements
#CVE-2024-10459: Use-after-free in layout with accessibility

Moderate

#CVE-2024-10460: Confusing display of origin for external protocol handler prompt
#CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
#CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
#CVE-2024-10463: Cross origin video frame leak
#CVE-2024-10468: Race conditions in IndexedDB
#CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4

Low

#CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser
#CVE-2024-10465: Clipboard "paste" button persisted across tabs#CVE-2024-10466: DOM push subscription message could hang Firefox
#CVE-2024-10466: DOM push subscription message could hang Firefox

New

  • Microsoft PlayReady encrypted media playback is now being rolled out to select sites on Windows. Through this support, we are gradually rolling out a 1080p baseline and 4K Ultra HD support with key streaming partners. An added benefit is that viewers get less battery drain and better performance when streaming their favorite movies and shows.
  • A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs.
  • Wide Color Gamut WebGL is now available for Windows and macOS users! With this support, Firefox is bringing a richer, more vivid range of colors to the videos, games, and images on your screen. This implementation currently supports wider color (P3) profiles in 8-bit.
  • WebRender hardware accelerated rendering is now enabled for most SVG filter primitives, improving performance for certain graphics-heavy content. Accelerated filters are feBlend, feColorMatrix, feComponentTransfer, feComposite, feDropShadow, feFlood, feGaussianBlur, feMerge and feOffset.
  • Added support for macOS’ new screen and window sharing selection features on macOS 15 and later. Support for macOS 14 will be added in a future release.
  • The macOS session resume feature has been enhanced. Firefox will now automatically relaunch if it was open before a system restart, like after an OS update.
  • Firefox now blocks third-party cookie access when Enhanced Tracking Protection's Strict mode is enabled.
    Fixed:
    • Fixed an issue where Copy and Paste context menu items intermittently were not enabled when expected.
    Changed:


    • As a follow-up to our work to upgrade mixed content starting with Firefox 127, HTTP-favicons will now also be blocked if they can not be received over HTTPS instead
    • The Copy Without Site Tracking option is now grayed out when no known tracking parameters are found within the link. Additionally, more tracking parameter support has been added for websites such as LinkedIn and Shopee. Please report tracking parameters that aren't removed by filing a bug in Bugzilla.

    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: