Mozilla sent Firefox Version 133.0 to the release channel. Firefox ESR was updated to Version 128.5.
Note: For Firefox users on Windows 7, 8 and 8.1, Firefox Version 115 is the last supported version for those operating systems and will be moved to the latest ESR version by automatic update. See Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release.
The update includes seventeen security updates of which two (2) are rated high, nine (9) are rated moderate, and six (6) are rated low.
High
#CVE-2024-11691: Memory corruption
in Apple GPU drivers
#CVE-2024-11699: Memory safety
bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5
CVE-2024-11691: Memory corruption in Apple GPU drivers
#CVE-2024-11700:
Potential Tapjacking Exploit for Intent Confirmation on Android
#CVE-2024-11692:
Select list elements could be shown over another site
#CVE-2024-11701:
Misleading Address Bar State During Navigation Interruption
#CVE-2024-11702:
Inadequate Clipboard Protection in Private Browsing Mode on Android
#CVE-2024-11693:
Download Protections were bypassed by .library-ms files on Windows
#CVE-2024-11694:
CSP Bypass and XSS Exposure via Web Compatibility Shims
#CVE-2024-11695:
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
#CVE-2024-11703:
Password access without authentication via PIN bypass on Android
#CVE-2024-11696:
Unhandled Exception in Add-on Signature Verification
Low
#CVE-2024-11697:
Improper Keypress Handling in Executable File Confirmation Dialog
#CVE-2024-11704:
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
#CVE-2024-11698:
Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
#CVE-2024-11705:
Null Pointer Dereference in NSC_DeriveKey
#CVE-2024-11706:
Null Pointer Dereference in PKCS#12 Utility
#CVE-2024-11708:
Data race with PlaybackParams
New
- Firefox now has a new anti-tracking feature, Bounce Tracking Protection, which is now available in Enhanced Tracking Protection's "Strict" mode. This feature detects bounce trackers based on their redirect behavior and periodically purges their cookies and site data to block tracking.
- The sidebar to view tabs from other devices can now be opened via the Tab overview menu.
- GPU-accelerated Canvas2D is now enabled by default on Windows providing a performance improvement.
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References