trium Posted October 13, 2020 Share Posted October 13, 2020 ff v81.0.2 13. october 2020 Fixed Fixed an incompatibility with Twitter.com manifesting itself with the intermittent display of a network protocol violation error page Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted October 20, 2020 Share Posted October 20, 2020 ff v82.0 20. october 2020 New With this release, Firefox introduces a number of improvements that make watching videos more delightful: the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature. Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video. For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life. Firefox is faster than ever with improved performance on both page loads and start up time: Websites that use flexbox-based layouts load 20% faster than before; Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off; For Windows users, opening new windows got quicker by 10%. You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar. WebRender continues to roll out to more Firefox users on Windows. Fixed Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines. Various security fixes Changed Credit card auto-fill is now more accessible with the card type, and the card number in the card editor now available to screen readers. Printing dialog errors for invalid form entries are now reported to screen readers. Developer Developer Information MediaSession API has been enabled by default which allows web authors to provide custom behaviors for standard media playback interactions, giving them more options than ever. DevTools now shows server side events in the Network panel. This allows a server to send new data to a web page at any time allowing developers to see events they previously couldn't and help with lower-level troubleshooting. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted October 20, 2020 Share Posted October 20, 2020 ff v78.4.0 esr 20. october 2020 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.4 Announced October 20, 2020 Impact high Products Firefox ESR Fixed in Firefox ESR 78.4 #CVE-2020-15969: Use-after-free in usersctp Reporter Mark Wodrich of Google Impact high Description A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. References Bug 1666570 [sctplab] upstream usrsctp fix #CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted October 29, 2020 Share Posted October 29, 2020 ff v82.0.1 27. october 2020 Fixed Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715) Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370) Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529) Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755) Stability fix (bug 1660539) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted October 29, 2020 Share Posted October 29, 2020 ff v82.0.2 28. october 2020 Fixed Fixed duplication of WebSocket messages in certain cases (bug 1673340) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 1, 2020 Share Posted December 1, 2020 ff v83.0 17. november 2020 New Firefox keeps getting faster as a result of significant updates to SpiderMonkey, our JavaScript engine, you will now experience improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. We have replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time. Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences. Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. Picture-in-Picture now supports keyboard shortcuts for fast forwarding and rewinding videos: use the arrow keys to move forward and back 15 seconds, along with volume controls. For a list of supported commands see Support Mozilla When you are presenting your screen on a video conference in Firefox, you will see our improved user interface that makes it clearer which devices or displays are being shared. We’ve improved functionality and design for a number of Firefox search features: Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. Our users in India on the English build of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. For the recently released Apple devices built with Apple Silicon CPUs, you can use Firefox 83 and future releases without any change. This release (83) will support emulation under Apple’s Rosetta 2 that ships with macOS Big Sur. We are working toward Firefox being natively-compiled for these CPUs in a future release. This is a major release for WebRender as we roll out to more Firefox users on Windows 7 and 8 as well as on macOS 10.12 to 10.15. Fixed This release also includes a number of accessibility fixes: Screen reader features which report paragraphs now correctly report paragraphs instead of lines in Google Docs When reading by word using a screen reader, words are now correctly reported when there is punctuation nearby The arrow keys now work correctly after tabbing in the picture-in-picture window For users on macOS restoring a session with minimized windows, Firefox now uses much less power and you should see much longer battery life. Various security fixes Enterprise Enterprise Information Developer Developer Information Developers can use the scroll badge in the Page Inspector to Debug scrollable overflow. Selecting the badge highlights elements that are causing overflow and marks them with the overflow badge Web Platform This release adds support for conic gradients in CSS, helping colors to smoothly transition as you spin around the center, rather than as you progress outward from the center. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 1, 2020 Share Posted December 1, 2020 ff 78.5.0 esr 17. november 2020 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.5 Announced November 17, 2020 Impact high Products Firefox ESR Fixed in Firefox ESR 78.5 #CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code Reporter Irvan Kurniawan (@sourc7) Impact high Description A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. References Bug 1667113 #CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls Reporter Aleksejs Popovs Impact moderate Description When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks. References Bug 1642028 #CVE-2020-26953: Fullscreen could be enabled without displaying the security UI Reporter Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research Impact moderate Description It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. References Bug 1656741 #CVE-2020-26956: XSS through paste (manual and clipboard API) Reporter Irvan Kurniawan (@sourc7) Impact moderate Description In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. References Bug 1666300 #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions Reporter Moti Harmats Impact moderate Description Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. References Bug 1669355 #CVE-2020-26959: Use-after-free in WebRequestService Reporter Bharadwaj Machiraju Impact moderate Description During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. References Bug 1669466 #CVE-2020-26960: Potential use-after-free in uses of nsTArray Reporter Zijie Zhao Impact moderate Description If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. References Bug 1670358 #CVE-2020-15999: Heap buffer overflow in freetype Reporter Sergei Glazunov of Google Project Zero Impact moderate Description In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration. References Bug 1672223 #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses Reporter Gabriel Corona Impact moderate Description When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. References Bug 1672528 #CVE-2020-26965: Software keyboards may have remembered typed passwords Reporter Makoto Kato Impact low Description Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. References Bug 1661617 #CVE-2020-26966: Single-word search queries were also broadcast to local network Reporter tiebuchen Impact low Description Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak.Note: This issue only affected Windows operating systems. Other operating systems are unaffected. References Bug 1663571 #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Reporter Mozilla developers and community Impact high Description Mozilla developers Steve Fink, Jason Kratzer, Randell Jesup, Christian Holler, and Byron Campen reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 15, 2020 Share Posted December 15, 2020 have forget one :-) ff v82.0.3 10. nov 2020 Fixed Security fix Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 15, 2020 Share Posted December 15, 2020 ff v84.0 15. dec 2020 New Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non-native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. WebRender rolls out to MacOS Big Sur, Windows devices with Intel Gen 6 GPUs, and Intel laptops running Windows 7 and 8. Additionally we'll ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time, ever! Firefox now uses more modern techniques for allocating shared memory on Linux, improving performance and increasing compatibility with Docker. Firefox 84 is the final release to support Adobe Flash. Fixed Various security fixes Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 84 Release Notes. Developer Developer Information The Network panel is now able to handle unexpected crashes and render useful debugging details such as a related stack-trace. Users can also easily file a bug report by clicking on the available link to help improve the stability of the tool. The Accessibility Panel now includes an option for displaying elements in their tabbing order in order to help developers see what elements are focusable when tabbing and in what sequence. unresolved macOS users running on Apple Silicon systems may encounter playback errors on encrypted content if the Rosetta system software is not installed. macOS users running Cylance antivirus software may see their Firefox installation get corrupted due to being erroneously flagged as malware. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 15, 2020 Share Posted December 15, 2020 ff v78.4.1 esr (belated) 10. nov 2020 Fixed Security fix Quote Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2 Announced November 9, 2020 Impact critical Products Firefox, Firefox ESR, Thunderbird Fixed in Firefox 82.0.3 Firefox ESR 78.4.1 Thunderbird 78.4.2 #CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for Reporter 360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity Contest Impact critical Description In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. References Bug 1675905 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 15, 2020 Share Posted December 15, 2020 ff v78.6.0 esr 15. nov 2020 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.6 Announced December 15, 2020 Impact critical Products Firefox ESR Fixed in Firefox ESR 78.6 #CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed Reporter André Bargull Impact critical Description When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. References Bug 1679003 #CVE-2020-26971: Heap buffer overflow in WebGL Reporter Omair, Abraruddin Khan Impact high Description Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. References Bug 1663466 #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization Reporter Kai Engert Impact high Description Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. References Bug 1680084 #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free Reporter Pham Bao of VinCSS (Member of Vingroup) Impact high Description When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. References Bug 1681022 #CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage Reporter Samy Kamkar, Ben Seri, and Gregory Vishnepolsky Impact moderate Description Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. References Bug 1677047 #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs Reporter Yassine Tioual Impact low Description When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. References Bug 1657916 #CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead Reporter Samuel Attard via the Chrome Security Team Impact low Description If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.Note: This issue only affected Windows operating systems. Other operating systems are unaffected. References Bug 1661365 #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Reporter Christian Holler Impact high Description Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 24, 2020 Share Posted December 24, 2020 ff v84.0.1 22. dec 2020 Fixed Fixed problems loading secure websites and crashes for users with certain third-party PKCS11 modules and smartcards installed (bug 1682881). Fixed slower than expected performance and flickering on Canvas elements for some Windows users (bug 1683116). Fixed a bug causing some Unity JS games to not load on Apple Silicon devices due to improper detection of the OS version (bug 1680516). Fixed crashes caused by various third-party antivirus software. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators nukecad Posted January 6, 2021 Moderators Share Posted January 6, 2021 Critical security updates: first offered to Release channel users on January 6, 2021. 84.0.2 Firefox 84.1.3 Firefox for Android 78.6.1 Firefox ESR https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/ Quote A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
Moderators nukecad Posted January 26, 2021 Moderators Share Posted January 26, 2021 Firefox 85.0 Released 26 Jan 2021. 13 Security fixes. Flash completely removed. No setting available to re-enable Flash support. Changes to how Supercookies are handled. Chages to how Bookmarks/Favourites and Saved Passwords are handled. https://www.mozilla.org/en-US/firefox/85.0/releasenotes/ *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
trium Posted January 27, 2021 Share Posted January 27, 2021 ff v78.7.0 esr 26. jan 2021 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.7 Announced January 26, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 78.7 #CVE-2021-23953: Cross-origin information leakage via redirected PDF requests Reporter Rob Wu Impact high Description If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. References Bug 1683940 #CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements Reporter Gary Kwong Impact high Description Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. References Bug 1684020 #CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been Reporter Andrew Sutherland Impact moderate Description When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. References Bug 1674343 #CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC Reporter Irvan Kurniawan Impact moderate Description Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. References Bug 1675755 #CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 Reporter Mozilla developers and community Impact high Description Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, André Bargull, Jason Kratzer, Jesse Schwartzentruber, Steve Fink, Byron Campen reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 7, 2021 Share Posted February 7, 2021 ff v85.0.1 5. feb 2021 Fixed Security fix Prevent access to NTFS special paths that could lead to filesystem corruption. Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427). Avoid printing an extra blank page at the end of some documents (bug 1689789). Fixed a browser crash in case of unexpected Cache API state (bug 1684838). Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 7, 2021 Share Posted February 7, 2021 ff v78.7.1 esr 5. feb 2021 Fixed Security fix Prevent access to NTFS special paths that could lead to filesystem corruption. Quote Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1 Announced February 5, 2021 Impact critical Products Firefox, Firefox ESR Fixed in Firefox 85.0.1 Firefox ESR 78.7.1 #MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures Reporter Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative Impact critical Description In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.Note: This issue only affected Windows operating systems. Other operating systems are unaffected.This issue has been assigned a temporary identifier, pending assignment of a CVE. References Bug 1676636 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 10, 2021 Share Posted February 10, 2021 ff v85.0.2 9. feb 2021 Fixed Fixed a deadlock during startup (bug 1679933) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 23, 2021 Share Posted February 23, 2021 ff v86.0 23. feb 2021 New Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total Cookie Protection, every website gets its own “cookie jar,” preventing cookies from being used to track you from site to site. We've improved our Print functionality with a cleaner design and better integration with your computer's printer settings. For Firefox users in Canada, credit card management and auto-fill are now enabled. Fixed Reader mode now works with local HTML pages. Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids such as on messenger.com. The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox. Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns. Links in Reader View now have more color contrast. Various security fixes. Changed On Linux and Android, the protection to mitigate the stack clash attack has been activated. From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version. Consolidated all video decoding in the new RDD process which results in a more secure Firefox. Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 86 Release Notes. Developer Developer Information CSS image-set() function in CSS is now enabled, allowing for responsive images in CSS. Inactive CSS tool is now showing a warning when margin or padding is set on internal table elements. Developer Tools Toolbox is now showing a number of errors on the current page. This is a quick way to surface information to a developer that something is wrong with their page. Clicking on the red exclamation icon navigates the user to the Console panel. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 23, 2021 Share Posted February 23, 2021 ff v78.8.0 esr 23. feb 2021 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.8 Announced February 23, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 78.8 #CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect Reporter Masato Kinugawa Impact high Description As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. References Bug 1542194 #CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect Reporter Ademar Nowasky Junior Impact high Description If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. References Bug 1687342 #CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources Reporter Andreas Pehrson Impact low Description When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. References Bug 1690976 #CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Reporter Mozilla developers Impact high Description Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell, and Mats Palmgren reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted March 12, 2021 Share Posted March 12, 2021 ff v86.0.1 11. march 2021 Fixed Fixed an issue on Apple Silicon machines that caused Firefox to be unresponsive after system sleep (bug 1682713) Fixed an issue causing windows to gain or lose focus unexpectedly (bug 1694927) Fixed truncation of date and time widgets due to incorrect width calculation (bug 1695578) Fixed an issue causing unexpected behavior with extensions managing tab groups (bug 1694699) Fixed a frequent Linux crash on browser launch (bug 1694670) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted March 23, 2021 Share Posted March 23, 2021 ff v87.0 23. march 2021 New You’ll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. To further protect your privacy, our new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data. The “Highlight All” feature on Find in Page now displays tick marks alongside your scrollbar that correspond to the location of matches found on that page. We’re proud to announce full support for macOS built-in screen reader, VoiceOver. We’ve added a new locale: Silesian (szl) Fixed We’ve fixed several significant accessibility issues: Video controls now have visible focus styling and video and audio controls are now keyboard navigable. (Bug 1681007) HTML <meter> is now spoken by screen readers. (Bug 1460378) Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537) Firefox will now fire a name/description change event when aria-labelledby/describedby content changes. (Bug 493683) Various security fixes. Changed To prevent user data loss when filling out forms, we’ve disabled the Backspace key as a navigation shortcut for the back navigation button. To re-enable the Backspace keyboard shortcut, you can change the about:config preference browser.backspace_action to 0. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.Firefox keyboard shortcuts We've removed items from the Library menu that weren't used often or have other access points in the browser: Synced tabs, Recent highlights, and Pocket list. We've simplified the Help menu by reducing redundant items, such as those that point to Firefox support pages that can also be accessed via the Get Help item. Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 87 Release Notes. Developer Developer Information We've greatly simplified the Web Developer menu. Go to Application Menu > Web Developer > Web Developer Tools to access Inspector, Web Console, Debugger, Network Style Error, Performance, Storage Inspector, Accessibility, and Application Developers can now use the Page Inspector to simulate prefers-color-scheme media queries, without having to change the operating system to light or dark mode. Developers can now use the Page Inspector to toggle the :target pseudo-class for the currently selected element in addition to the pseudo-classes that were previously supported: :hover, :active and :focus, :focus-within, :focus-visible, and :visited. There is a number of Page Inspector improvements and bug fixes related to inactive CSS rules: The table-layout property is now marked as inactive for non-table elements. The scroll-padding properties (shorthand and longhand) are now marked as inactive for non-scrollable elements. The text-overflow property was previously incorrectly marked as inactive for some overflow values. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted March 23, 2021 Share Posted March 23, 2021 ff v78.9.0 esr 23. march 2021 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.9 Announced March 23, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 78.9 #CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read Reporter Omair Impact high Description A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. References Bug 1692832 #CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage Reporter Samy Kamkar, Ben Seri, and Gregory Vishnepolsky Impact moderate Description Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. References Bug 1677046 #CVE-2021-23984: Malicious extensions could have spoofed popup information Reporter Rob Wu Impact moderate Description A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. References Bug 1693664 #CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Alexis Beingessner, Tyson Smith, Julien Wajsberg, and Matthew Gregan reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted April 20, 2021 Share Posted April 20, 2021 ff v88.0 19. april 2021 New PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. Print updates: Margin units are now localized. Smooth pinch-zooming using a touchpad is now supported on Linux To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more Fixed Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel. Various security fixes. Changed Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access. The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize… FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol. Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 88 Release Notes. Developer Developer Information Introduced a new toggle button in the Network panel for switching between JSON formatted HTTP response and raw data (as received over the wire). Get the most recent version Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted April 20, 2021 Share Posted April 20, 2021 ff v78.10.0 esr 19. april 2021 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.10 Announced April 19, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 78.10 #CVE-2021-23994: Out of bound write due to lazy initialization Reporter Abraruddin Khan and Omair Impact high Description A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. References Bug 1699077 #CVE-2021-23995: Use-after-free in Responsive Design Mode Reporter Irvan Kurniawan Impact high Description When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. References Bug 1699835 #CVE-2021-23998: Secure Lock icon could have been spoofed Reporter Jordi Chancel Impact moderate Description Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. References Bug 1667456 #CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage Reporter Samy Kamkar, Ben Seri, and Gregory Vishnepolsky Impact moderate Description Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. References Bug 1677940 #CVE-2021-23999: Blob URLs may have been granted additional privileges Reporter Nika Layzell Impact moderate Description If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. References Bug 1691153 #CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL Reporter Daniel Santos Impact moderate Description When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. References Bug 1702374 #CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads Reporter Christian Holler Impact moderate Description The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash.Note: This issue only affected x86-32 platforms. Other platforms are unaffected. References Bug 1700690 #CVE-2021-29946: Port blocking could be bypassed Reporter Frederik Braun Impact low Description Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. References Bug 1698503 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now