trium 0 Posted October 13 Share Posted October 13 ff v81.0.2 13. october 2020 Fixed Fixed an incompatibility with Twitter.com manifesting itself with the intermittent display of a network protocol violation error page Link to post Share on other sites
trium 0 Posted October 20 Share Posted October 20 ff v82.0 20. october 2020 New With this release, Firefox introduces a number of improvements that make watching videos more delightful: the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature. Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video. For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life. Firefox is faster than ever with improved performance on both page loads and start up time: Websites that use flexbox-based layouts load 20% faster than before; Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off; For Windows users, opening new windows got quicker by 10%. You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar. WebRender continues to roll out to more Firefox users on Windows. Fixed Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines. Various security fixes Changed Credit card auto-fill is now more accessible with the card type, and the card number in the card editor now available to screen readers. Printing dialog errors for invalid form entries are now reported to screen readers. Developer Developer Information MediaSession API has been enabled by default which allows web authors to provide custom behaviors for standard media playback interactions, giving them more options than ever. DevTools now shows server side events in the Network panel. This allows a server to send new data to a web page at any time allowing developers to see events they previously couldn't and help with lower-level troubleshooting. Link to post Share on other sites
trium 0 Posted October 20 Share Posted October 20 ff v78.4.0 esr 20. october 2020 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.4 Announced October 20, 2020 Impact high Products Firefox ESR Fixed in Firefox ESR 78.4 #CVE-2020-15969: Use-after-free in usersctp Reporter Mark Wodrich of Google Impact high Description A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. References Bug 1666570 [sctplab] upstream usrsctp fix #CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 Link to post Share on other sites
trium 0 Posted October 29 Share Posted October 29 ff v82.0.1 27. october 2020 Fixed Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715) Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370) Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529) Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755) Stability fix (bug 1660539) Link to post Share on other sites
trium 0 Posted October 29 Share Posted October 29 ff v82.0.2 28. october 2020 Fixed Fixed duplication of WebSocket messages in certain cases (bug 1673340) Link to post Share on other sites
trium 0 Posted Tuesday at 18:45 Share Posted Tuesday at 18:45 ff v83.0 17. november 2020 New Firefox keeps getting faster as a result of significant updates to SpiderMonkey, our JavaScript engine, you will now experience improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. We have replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time. Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences. Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. Picture-in-Picture now supports keyboard shortcuts for fast forwarding and rewinding videos: use the arrow keys to move forward and back 15 seconds, along with volume controls. For a list of supported commands see Support Mozilla When you are presenting your screen on a video conference in Firefox, you will see our improved user interface that makes it clearer which devices or displays are being shared. We’ve improved functionality and design for a number of Firefox search features: Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. Our users in India on the English build of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. For the recently released Apple devices built with Apple Silicon CPUs, you can use Firefox 83 and future releases without any change. This release (83) will support emulation under Apple’s Rosetta 2 that ships with macOS Big Sur. We are working toward Firefox being natively-compiled for these CPUs in a future release. This is a major release for WebRender as we roll out to more Firefox users on Windows 7 and 8 as well as on macOS 10.12 to 10.15. Fixed This release also includes a number of accessibility fixes: Screen reader features which report paragraphs now correctly report paragraphs instead of lines in Google Docs When reading by word using a screen reader, words are now correctly reported when there is punctuation nearby The arrow keys now work correctly after tabbing in the picture-in-picture window For users on macOS restoring a session with minimized windows, Firefox now uses much less power and you should see much longer battery life. Various security fixes Enterprise Enterprise Information Developer Developer Information Developers can use the scroll badge in the Page Inspector to Debug scrollable overflow. Selecting the badge highlights elements that are causing overflow and marks them with the overflow badge Web Platform This release adds support for conic gradients in CSS, helping colors to smoothly transition as you spin around the center, rather than as you progress outward from the center. Link to post Share on other sites
trium 0 Posted Tuesday at 18:52 Share Posted Tuesday at 18:52 ff 78.5.0 esr 17. november 2020 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 78.5 Announced November 17, 2020 Impact high Products Firefox ESR Fixed in Firefox ESR 78.5 #CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code Reporter Irvan Kurniawan (@sourc7) Impact high Description A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. References Bug 1667113 #CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls Reporter Aleksejs Popovs Impact moderate Description When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks. References Bug 1642028 #CVE-2020-26953: Fullscreen could be enabled without displaying the security UI Reporter Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research Impact moderate Description It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. References Bug 1656741 #CVE-2020-26956: XSS through paste (manual and clipboard API) Reporter Irvan Kurniawan (@sourc7) Impact moderate Description In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. References Bug 1666300 #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions Reporter Moti Harmats Impact moderate Description Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. References Bug 1669355 #CVE-2020-26959: Use-after-free in WebRequestService Reporter Bharadwaj Machiraju Impact moderate Description During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. References Bug 1669466 #CVE-2020-26960: Potential use-after-free in uses of nsTArray Reporter Zijie Zhao Impact moderate Description If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. References Bug 1670358 #CVE-2020-15999: Heap buffer overflow in freetype Reporter Sergei Glazunov of Google Project Zero Impact moderate Description In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration. References Bug 1672223 #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses Reporter Gabriel Corona Impact moderate Description When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. References Bug 1672528 #CVE-2020-26965: Software keyboards may have remembered typed passwords Reporter Makoto Kato Impact low Description Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. References Bug 1661617 #CVE-2020-26966: Single-word search queries were also broadcast to local network Reporter tiebuchen Impact low Description Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak.Note: This issue only affected Windows operating systems. Other operating systems are unaffected. References Bug 1663571 #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Reporter Mozilla developers and community Impact high Description Mozilla developers Steve Fink, Jason Kratzer, Randell Jesup, Christian Holler, and Byron Campen reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now