Jump to content
CCleaner Community Forums

The Firefox/Mozilla Thread


Recommended Posts

  • Moderators

Sorry, early morning Brain Fade.

I've removed that post.

Link to post
Share on other sites
  • 3 weeks later...

ff v79.0

28. july 2020

New

  • We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.

  • Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.

 

Fixed

  • Various security fixes.

  • Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.

  • Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.

  • SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

 

Enterprise

  • A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.

  • Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.

 

Developer

Developer Information

  • Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators.

  • Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.

  • JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.

  • Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.

  • Inspecting accessibility properties from the browser context menu is now available to all users by default.

Link to post
Share on other sites

ff v68.11.0 esr

28. july 2020

Fixed

 

Quote

 

Security Vulnerabilities fixed in Firefox ESR 68.11

Announced July 28, 2020
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 68.11

#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker

Reporter Mikhail Oblozhikhin
Impact high
Description

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.

References

#CVE-2020-6514: WebRTC data channel leaks internal address to peer

Reporter Natalie Silvanovich of Google Project Zero
Impact high
Description

WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR.

References

#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture

Reporter Reported by Pawel Wylecial of REDTEAM.PL
Impact moderate
Description

Crafted media files could lead to a race in texture caches, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.

References

#CVE-2020-15650: Overwriting local files through malicious file picker application

Reporter Pedro Oliveira
Impact moderate
Description

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile).
Note: This issue only affected Firefox for Android. Other operating systems are unaffected.

References

#CVE-2020-15649: Exfiltrating local files through malicious file picker application

Reporter Pedro Oliveira
Impact moderate
Description

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked.
Note: This issue only affected Firefox for Android. Other operating systems are unaffected.

References

#CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11

Reporter Mozilla developers
Impact high
Description

Mozilla developers Jason Kratzer and Luke Wagner reported memory safety bugs present in Firefox 78 and Firefox ESR 68.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

 

Link to post
Share on other sites
  • Moderators

I strongly suggest FF users read this. Especially the comments under the article... it doesn't sound good.

https://www.ghacks.net/2020/08/11/mozilla-lays-off-250-employees-in-massive-company-reorganization/

In case anyone misses this link too in the comments under the article

https://twitter.com/MichalPurzynski/status/1293220570885062657

''They killed entire threat management team. Mozilla is now without detection and incident response''

Link to post
Share on other sites
  • Moderators

Reminds me of what I was saying the other day about needing browser alternatives instead of umpteen Chromium/Chrome clones (i.e.; like needing something like Edge Legacy), I thought Firefox was on borrowed time now this.

Link to post
Share on other sites
  • Moderators

A lot of companies seem to be using C-19 as an excuse to do what they wanted to anyway. (Laying off staff, cutting product ranges, increasing prices, etc).
Much easier to blame 'the plauge' rather than admit it's a business decision.

Did you see the other day that Eurostar claimed that only First Class passengers could now access wifi on their cross-channel trains "due to coronavirus"?
Hard to see how a disease in humans could affect in-tunnel wifi broadcast for some parts of a train but not others, but of course if you pay the extra for first class.....
(They have since u-turned and restored wifi to standard class, they must have found a miracle cure).

As far as mozilla, I suspect that someone has realised that the open source community seem to do most of their work for them so why are they paying all these employees?

The comments about the diversity of new (unwanted?) initiatives and products rather than concentrating on the core product is something that always happens.
(Years ago Kellogs moving into other cereals and not just cornflakes simply lost them most of the cornflake market).
It seems to be happening with quite a few software companies at the moment, I see it as a wave of 'new' executives trying to make an impression by championing new products and forgetting what the company is about.

I see Firefox continuing, run by the open source community, but mozilla maybe not.

I'm not sure about the security issue, not knowing just what that team were doing anyway, we'll see what comes out in the wash once all the shouting dies down.
With Malwarebytes Browser Guard and MB Anti-Exploit both running real time, I'm not too worried yet.

Link to post
Share on other sites
  • Moderators

I think Firefox is in trouble. People are moving to other browsers because of problems the latest builds have caused.

Link to post
Share on other sites
  • Moderators
3 hours ago, hazelnut said:

I think Firefox is in trouble. People are moving to other browsers because of problems the latest builds have caused.

 

That's why I've been using ESR Portable builds for a few years now. It's still my primary browser but it was difficult to migrate back to it after years of only using Chromium clones.

Link to post
Share on other sites

FWIW Mozilla just told us it will use Rust directly within Firefox rather than in a separate Servo project: "Going forward, we will be writing many new browser components in Rust directly in Firefox rather than in a separate project."

Tweet from The Register:

 

Link to post
Share on other sites
  • 2 weeks later...

@namarang

im afraid I can't give you any helpful statements for that ... i dont use such options with firefox. perhaps can help some of the others here

Link to post
Share on other sites

ff v80.0

25. august 2020

New

  • Firefox can now be set as the default system PDF viewer.

  • The name reported by accessibility tools for items in multi-tiered tree controls no longer incorrectly includes information from items at deeper levels, providing users with the correct level of content when using a screen reader.

Fixed
  • Various security fixes.

  • Several crashes while using a screen reader were fixed including a frequently encountered crash when using the JAWS screen reader.

  • Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.

  • SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

Changed

  • For users with reduced motion settings, we’ve reduced a number of animations such as tab loading to reduce motion for users with migraines and epilepsy.

  • The new add-ons blocklist has been enabled to improve performance and scalability.

Enterprise
  • A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 80 Release Notes.

  • Today’s release is the final scheduled for Firefox 68 ESR (68.12) unless there is a critical security issue found prior to the release of Firefox ESR 78.3 on September 22, 2020. Users of Firefox 68 ESR will be automatically upgraded to the Firefox 78 ESR series with the release of 78.3.

Developer

Developer Information

  • We’ve shipped an experimental sidebar panel in the inspector to Firefox Developer Edition that helps developers more quickly identify potential browser compatibility problems based on MDN data.

  • In the Network Monitor request list, a turtle icon is shown for "slow" requests that exceed a threshold for the waiting time.

  • Firefox now supports RTX and Transport-cc for improved call quality in poor network conditions and better bandwidth estimation. These features also provide better compatibility with many websites using WebRTC.

Link to post
Share on other sites

ff v68.12.0 esr

25. august 2020

Fixed

Quote

Security Vulnerabilities fixed in Firefox ESR 68.12

Announced August 25, 2020
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 68.12

#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege

Reporter Xiaoyin Liu
Impact high
Description

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges.
Note: This issue only affected Windows operating systems. Other operating systems are unaffected.

References

#CVE-2020-15664: Attacker-induced prompt for extension installation

Reporter Kaizer Soze
Impact high
Description

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed.

References

#CVE-2020-15669: Use-After-Free when aborting an operation

Reporter Jason Kratzer
Impact high
Description

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code.

References
Link to post
Share on other sites

ff v80.0.1

01. sept 2020

Fixed

  • Fixed a performance regression when encountering new intermediate CA certificates (bug 1661543)

  • Fixed crashes possibly related to GPU resets (bug 1627616)

  • Fixed rendering on some sites using WebGL (bug 1659225)

  • Fixed the zoom-in keyboard shortcut on Japanese language builds (bug 1661895)

  • Fixed download issues related to extensions and cookies (bug 1655190)

Link to post
Share on other sites
  • 2 weeks later...

I always liked the firefox and it really is the best browser in my opinion. I like the security setting that I can set and honestly chrome lacks some of it. Still there would be nice to add the translate option when you access some websites that should be translated. I also had a problem where I could not access some websites, but that was a proxy problem that I solved with help of [a website]. There can be some improvements still, but I like the new updates and how the browser works. They are constantly making it better and that is really good.

Edited by Nergal
removed link
Link to post
Share on other sites
On 16/09/2020 at 15:43, CarlMacLeod said:

I always liked the firefox and it really is the best browser in my opinion. I like the security setting that I can set and honestly chrome lacks some of it. Still there would be nice to add the translate option when you access some websites that should be translated. I also had a problem where I could not access some websites, but that was a proxy problem that I solved with help of https://avoidcensorship.org/. There can be some improvements still, but I like the new updates and how the browser works. They are constantly making it better and that is really good.

Firefox is really great, much safer than chrome.

Edited by Aneano
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...