[The Firefox/Mozilla Thread]

ff v91.1.0 esr

07. september 2021

Fixed

• Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 91.1

Announced September 7, 2021

Impact low

Products Firefox ESR

Fixed in

• Firefox ESR 91.1

#CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer

Reporter James Lee

Impact moderate

Description

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
This bug only affects Firefox for Windows. Other operating systems are unaffected.

References

• Bug 1721107

#CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present in Firefox 91 and Firefox ESR 91.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1

 

[The Firefox/Mozilla Thread]

ff v78.14.0 esr

07. september 2021

Fixed

• Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 78.14

Announced September 7, 2021

Impact moderate

Products Firefox ESR

Fixed in

• Firefox ESR 78.14

#CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer

Reporter James Lee

Impact moderate

Description

When delegating navigations to the operating system, Firefox would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
This bug only affects Firefox for Windows. Other operating systems are unaffected.

References

• Bug 1721107

#CVE-2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1

 

[The Firefox/Mozilla Thread]

ff v92.0

07. september 2021

New

• More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers.

• Full-range color levels are now supported for video playback on many systems.

• Mac users can now access the macOS share options from the Firefox File menu.

• Support for images containing ICC v4 profiles is enabled on macOS.

Fixed

• Firefox performance with screen readers and other accessibility tools is no longer severely degraded if Mozilla Thunderbird is installed or updated after Firefox.

• macOS VoiceOver now correctly reports buttons and links marked as ‘expanded’ using the aria-expanded attribute.

• An open alert in a tab no longer causes performance issues in other tabs using the same process.

• Various security fixes

Changed

• The bookmark toolbar menus on macOS now follow Firefox visual styles.

• Certificate error pages have been redesigned for a better user experience.

• Continuing work to restructure Firefox’s JavaScript memory management to be more performant and use less memory.

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 92 Release Notes.

Developer

Developer Information

Developer Information

[Defraggler detecting my HDD as SSD]

hello computerwhiz,

i mean speccy is correct.

if i looked right your seagate is an 3,5 zoll hdd with 256 mb cache - with perhaps 5.400 or 7.200 u/min?

 

if defraggler makes a "drive-analyse" and read data (less than 256 mb) from this hdd/ssd it could much more faster from the big cache. perhaps with this defraggler sorts this speedy hdd into an ssd...

 

i think defraggler detected your hdd is an ssd because the big hdd-cache-size of 256 mb. normally this hdds have a cache size of 64 mb.

the exact details knows only the programmers of defraggler and/or speccy how it detects hdd/ssd.

 

but there are different kinds of hdds. perhaps defraggler and speccy should be updated.

[Why is Speccy showing I have McAfee when I don't?]

mmmh...

you seems to have installed an mcafee suit with antivirus and firewall with signature database is up to date...

as andavari mean - have you uninstalled this one?

have you looked at "programs and features" (or what is named in w10) to uninstall all kind of "mcafee" entrys?

you can also take ccleaner -> tools -> uninstall

 

there must be an background process of mcafee because the signature is up to date.

take a look with ccleaner -> tools -> startup ---> "windows" and "scheduled tasks" of "mcafee" entries

[The Firefox/Mozilla Thread]

ff v91.0.1 esr

17. august 2021

Fixed

• Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404)

• Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to-tab results in the address bar panel (bug 1720369)

• Various stability fixes

• Security fix

Quote

Security Vulnerabilities fixed in Firefox 91.0.1 and Thunderbird 91.0.1

Announced August 16, 2021

Impact high

Products Firefox, Thunderbird

Fixed in

• Firefox 91.0.1
• Thunderbird 91.0.1

#CVE-2021-29991: Header Splitting possible with HTTP/3 Responses

Reporter Youssef Sammouda

Impact high

Description

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3.

References

• Bug 1724896

 

[The Firefox/Mozilla Thread]

with ff v78.13.0 esr ends this line

the new esr-line is v91.0

 

ff v91.0 esr

10. august 2021

Firefox 91 ESR includes all of the enhancements since Firefox 78 along with many new features to make your enterprise deployments easier and even more flexible.

New

• Some of the highlights of the new Extended Support Release are:

  • A number of user interface changes. For more information, see the Firefox 89 release notes.
  • Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more
  • On Windows, updates can now be applied in the background while Firefox is not running.
  • Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications
  • Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded "just in time" if you decide to "Log in with Facebook" on any website.
  • Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode.
  • PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features.
  • You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly.
  • Improved Print functionality with a cleaner design and better integration with your computer's printer settings.
  • Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next.
  • Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder.
  • Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non-native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox.
  • Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages.
  • We’ve improved functionality and design for a number of Firefox search features:
  • Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click.
  • When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results.
  • We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history.
  • Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.
  • For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient.
  • In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences.

Fixed

• Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404)

Changed

• Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support.

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes.

Developer

Developer Information

[Why You Suddenly Need To Delete Google Chrome]

newer the news - not better news - better not new news...

[The Firefox/Mozilla Thread]

ff v91.0.2

24. august 2021

Fixed

• High Contrast Mode is no longer enabled by default when "Increase Contrast" is checked in macOS settings (bug 1726606)

• Firefox no longer clears authentication data when purging trackers, to avoid repeatedly prompting for a password (bug 1721084)

[The Firefox/Mozilla Thread]

ff v91.0.1

17. august 2021

Fixed

• Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404)

• Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to-tab results in the address bar panel (bug 1720369)

• Various stability fixes

• Security fix

[The Firefox/Mozilla Thread]

ff v78.13.0 esr

10. august 2021

Fixed

• Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 78.13

Announced August 10, 2021

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 78.13

#CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption

Reporter pahhur

Impact high

Description

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash.
Note: This issue only affected Linux operating systems. Other operating systems are unaffected.

References

• Bug 1696138

#CVE-2021-29988: Memory corruption as a result of incorrect style treatment

Reporter Irvan Kurniawan

Impact high

Description

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.

References

• Bug 1717922

#CVE-2021-29984: Incorrect instruction reordering during JIT optimization

Reporter Lukas Bernhard

Impact high

Description

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.

References

• Bug 1720031

#CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption

Reporter Irvan Kurniawan

Impact high

Description

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.

References

• Bug 1722204

#CVE-2021-29985: Use-after-free media channels

Reporter Marcin 'Icewall' Noga of Cisco Talos

Impact moderate

Description

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash.

References

• Bug 1722083

#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13

 

 

[The Firefox/Mozilla Thread]

ff v91.0

10. august 2021

New

• Building on Total Cookie Protection, we've added a more comprehensive logic for clearing cookies that prevents hidden data leaks and makes it easy for users to understand which websites are storing local information. Learn more

• Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more

• The simplify page when printing feature is back! When printing, under More settings > Format select the Simplified option when available to get a clutter-free page. Learn more

• HTTPS-First Policy: Firefox Private Browsing windows now attempt to make all connections to websites secure, and fall back to insecure connections only when websites do not support it. Learn more

• We've added a new locale: Scots (sco)

• The address bar now provides Switch to Tab results also in Private Browsing windows.

• Firefox now automatically enables High Contrast Mode when "Increase Contrast" is checked on MacOS

• Firefox now does catch-up paints for almost all user interactions, enabling a 10-20% improvement in response time to most user interactions.

Fixed

• Various security fixes

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes.

Developer

Developer Information

Web Platform

• The Visual Viewport API is now supported on desktop platforms

[ublock users]

firefox legacy v1.16.4.30

JustOff released this

Jul 20, 2021

Change

• Limit recursion when parsing URL in document-blocked page

[ublock users]

ublock v1.37.2

github-actions released this

Jul 28, 2021

Closed as fixed:

• uBO 1.37 breaks at least some sites that use googletagmanager if specific filters in use

[ublock users]

ublock v1.37.0

github-actions released this

Jul 23, 2021

Closed as fixed

Core

• '$popup' not working
• Service worker "tabless" requests with correct context are still modified when page is whitelisted
• Back/Forward navigation does not work between Ublock Origin option pages
• csp_report filter created via logger is marked as invalid
• Extreme popup blocking - uBo dashboard is blocked when popups are
• ipv6 fe80::1%lo0 localhost from hosts file is marked as error line
• Whitespaces are now stripped from blocking-rule URLs, causing rules targeting whitespaces to fail and/or block extremely broadly
• uBO's dashboard does not refresh custom filters in real-time
• Element picker/zapper don't work if cosmetic filtering is disabled
• Logger always highlights first match
• Static filtering: Cannot prevent my filter from strict-blocking

Notable commits without en entry in the issue tracker

• Provide visual cue in popup panel when base domain has subdomains
• Disclose where uBO's own filter lists are hosted
• Add abort-current-script scriptlet
• Fix spurious error messages when updating contextual menu
• Make getByName() return an dummy Tracker object
• Add asap behavior to remove-attr scriptlet
• Ensure pending callbacks are called only once

[ublock users]

ublock v1.36.2

github-actions released this

Jul 6, 2021

Closed as fixed

• DoS with strict-blocking filter

[The Firefox/Mozilla Thread]

ff v90.0.2

22. july 2021

Fixed

• Fixed truncated output when printing (bug 1720621)

• Fixed menu styling on some Gtk themes (bug 1720441, bug 1720874)

Changed

• Updates to support DoH Canada rollout

[The Firefox/Mozilla Thread]

ff v90.0.1

19. july 2021

Fixed

• Fixed a crash when using some accessibility clients on Windows (bug 1720696)

• Fixed busy looping processing some HTTP3 responses (bug 1720079)

• Fixed transient errors authenticating with some smart cards (bug 1715325)

• Fixed a rare crash on shutdown (bug 1707057)

• Fixed a race on startup that caused about:support to end up empty after upgrade (bug 1717894)

[I have that problem...]

On 22/07/2021 at 22:18, MAMsaki said:

Driver easy to update the drivers,

its your pc and i dont will you advice how to manage the driver-updates... you will know it

here some answers from microsoft-mods about "driver-tools" especially "driver easy"

https://answers.microsoft.com/en-us/windows/forum/all/intel-watchdog-timer-driver-question/7e9f03c9-4de2-45ee-9f1a-61fe271ac9d7

 

here in german:

https://answers.microsoft.com/de-de/windows/forum/all/hauptplatinenressourcen-wie-treiber-aktualisieren/3bb96dbe-b6dc-4fd6-94b8-3cd14af6afc1

 

the issue with your speccy... at this moment i dont know what can be (only the driver-stuff came to my mind...)

On 22/07/2021 at 22:14, MAMsaki said:

i'm not new to use a PC, I start with Windows-ME

sorry

 

On 22/07/2021 at 22:18, MAMsaki said:

just only one is missing to update is the "whatchdog timer driver"

this i dont have since years. i mean i have it uninstalled

 

[I have that problem...]

1 hour ago, MAMsaki said:

I try to admin but did't works.

--> right-click with your mouse on your speccy icon -> a context menu appears -> choose "execute as admin" or "with adminrights" (i dont know how exactly it calls in english - i have german

[I have that problem...]

ok, perhaps there is the problem...

 

you have perhaps installed wrong driver? --> have you this driver from microsoft or somewhere else or from your motherboard - manufacturer?

 

please visit the motherboard website and download the newest driver for your mb!

the same for your cpu - driver for the integrated graphic in your cpu from intel

 

on my case for example microsoft delivers me per optional-updates a driver for "media" and others and as i tryed it 1 time for years - after restart, the laptop drives against the wall.

[I have that problem...]

im not an expert with windows 10...

have you tried speccy with admin-rights?

 

i had something similar in the past with an older windows. i mean i remember me darkly there was missing an "*.dll"

 

have you installed the cpu-driver/chipset-driver?

[Remote assistance]

9 hours ago, Bonzo Briggs said:

It is sometimes very slow,

have you tried an restart? with the time something hangs between drivers and windows and the laptop/pc seems to be very slow and the "softstart" from shutdown dont help. but a restart set the hole stuff on the beginning...

[no update info with v1.32.740]

hi fans,

 

today i find out that there is an update from speccy. so far i have installed v1.32.740. but since (i dont know) there is an update out to v1.32.774.

speccy dont tell me this -> with the update-search of v1.32.740 it means to me: I am uptodate.

with update-search of v1.32.774 it means -> there is an newer version v1.32.740 avialable to download.

and also not the version history... the update description is probably a bit behind

https://www.ccleaner.com/speccy/version-history

 

Quote

Version History

v1.32.740 (20 May 2018)

• Improved SSD detection for newer SSD devices
• Improved SSD detection for laptops
• Added new Privacy menu
• Fixed a bug where the Speccy uninstaller was removing text and log files from the C: drive

 

there is going something wrong -> should i downgrade to v1.32.740 for w8.1 again?

 

[I have that problem...]

36 minutes ago, MAMsaki said:

Is weird... I download it today from the main page...

in fact there is a newer version. sorry for my mistake. perhaps only additional the "privacy eu-stuff"

 

this version works also fine for me, no such problems like on yours...

 

have you tried an restart of your pc and again speccy?