Moderators Nergal Posted October 9, 2021 Moderators Share Posted October 9, 2021 3 hours ago, JDPower said: "Beginning in Firefox version 92, you will also receive new, relevant suggestions from our trusted partners" " For sponsored results, our preferred partner is adMarketplace." Excuse me while I just go find the big "kill this" button https://www.theverge.com/2021/10/7/22715179/firefox-suggest-search-ads-browser how to disable ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
trium Posted October 11, 2021 Share Posted October 11, 2021 im on ff v78 esr :-) lucky to havent trusted partner(s) - i hope Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators nukecad Posted October 11, 2021 Moderators Share Posted October 11, 2021 AFAIK 'Firefox suggest' is only currently enabled in the US with v93.0, but no doubt it will be rolled out worldwide. It's certainly not yet on my v93.0 here in the UK, so can't yet be disabled. One concern I've seen is that mozilla must now be reading what you are typing into the address bar and processing this information on it's servers in order to offer you it's own suggestions. But Google, Bing, and other search engines, have been doing that for years anyway. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
trium Posted November 4, 2021 Share Posted November 4, 2021 ff v94.0 02. nov 2021 New With 94, you’ll find a selection of six fun seasonal Colorways (available for a limited time only). Now you can find a color to suit (or lift) your every mood.Fun fact: Did you know we have more daily users with color themes than dark or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to customize their color theme. And that was just on the first day! We decided to introduce these new Colorways to give our users more to love. Firefox macOS now uses Apple's low power mode for fullscreen video on sites such as YouTube and Twitch. This meaningfully extends battery life in long viewing sessions. Now your kids can find out what the fox says on a loop without you ever missing a beat… With this release, power users can use about:unloads to release system resources by manually unloading tabs without closing them. On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed. And on Linux, we’ve improved WebGL performance and reduced power consumption for many users. To better protect all Firefox users against side-channel attacks such as Spectre, we’re introducing Site Isolation. It will be rolled out to Firefox 94 users over the next few weeks. We’ve got your back...errr...side! We’re rolling out the Firefox Multi-Account Containers extension with Mozilla VPN integration. This lets you use a different server location for each container. Firefox no longer warns you by default when you exit the browser or close a window using a menu, button, or three-key command. This should cut back on unwelcome notifications which is always nice--however, if you prefer a bit of notice, you’ll still have full control over the quit/close modal behavior. All warnings can be managed within Firefox Settings. No worries! (More details) And now, Firefox supports the new Snap Layouts menus when running on Windows 11. Fixed We’ve reduced the overhead of using performance.mark() and performance.measure() APIs with a large set of performance entries. Plus, we’ve modified paint suppression during load to greatly improve warmload performance in Site Isolation mode. You’ll also notice a small reduction in Javascript memory usage. With this release, you’ll notice faster Javascript property enumeration as well. We’ve also implemented better scheduling of garbage collection which has improved some pageload benchmarks. This release also sees reduced CPU usage during socket polling for HTTPS connections. Additionally, you’ll notice faster storage initialization. We’ve also improved cold startup by reducing main thread I/O. Plus, closing devtools now reclaims more memory than ever before. And we’ve improved pageload (especially with Site Isolation mode) by setting a higher priority for loading and displaying images. Various security fixes Enterprise Enterprise users now have more control over Firefox deployments with the availability of our MSIX package on Windows platforms. You’ll also notice various bug fixes and new policies have been implemented in this latest version of Firefox. See more details in the Firefox for Enterprise 94 Release Notes. Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted November 4, 2021 Share Posted November 4, 2021 ff v94.0.1 04. nov 2021 Fixed Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted November 4, 2021 Share Posted November 4, 2021 ff v91.3.0 esr 02. nov 2021 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 91.3 Announced November 2, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 91.3 #CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets Reporter Armin Ebert Impact high Description The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. References Bug 1729517 #CVE-2021-38504: Use-after-free in file picker dialog Reporter Irvan Kurniawan Impact high Description When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. References Bug 1730156 #CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data Reporter Sergey Galich Impact high Description Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected. References Bug 1730194 #CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning Reporter Irvan Kurniawan Impact high Description Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. References Bug 1730750 #CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports Reporter Takeshi Terada Impact high Description The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. References Bug 1730935 #MOZ-2021-0008: Use-after-free in HTTP2 Session object Reporter Julien Cristau Impact high Description A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.Note: This issue is pending a CVE assignment and will be updated when available. References Bug 1667102 #CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing Reporter Raphael Impact moderate Description By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. References Bug 1366818 #CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain Reporter Ademar Nowasky Junior Impact moderate Description Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. References Bug 1718571 #CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS Reporter houjingyi647 Impact moderate Description The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected. References Bug 1731779 #MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Reporter Mozilla developers Impact high Description Mozilla developers and community members Christian Holler, Valentin Gosu, and Andrew McCreight reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.Note: This issue is pending a CVE assignment and will be updated when available. References Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
JDPower Posted November 6, 2021 Share Posted November 6, 2021 On 04/11/2021 at 18:41, trium said: On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed. Seems like every new version of Firefox lately there's some new 'feature' that sends me googling the off button. And ooooh, look, new colours. What is going on inside Mozilla lately Link to comment Share on other sites More sharing options...
trium Posted November 11, 2021 Share Posted November 11, 2021 :-) the one or other unnecessary equipment... for downloading older versions: https://archive.mozilla.org/pub/firefox/releases/ Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators Andavari Posted November 12, 2021 Moderators Share Posted November 12, 2021 On 05/11/2021 at 19:52, JDPower said: Seems like every new version of Firefox lately there's some new 'feature' that sends me googling the off button. And ooooh, look, new colours. What is going on inside Mozilla lately That's par for course with them for the past few years, and like you I don't particularly like it which was what had me using different Chromium (not Google Chrome) builds a few years ago but I tired of all those "me too" and "wannabe" clones. Every new feature they've added in over the past few years I'll never use and have no use for so I ignore them or disable them. I use Firefox Portable ESR and the recent huge required bump up from version 70ish something (which looked great to me) to version 91.3.0 has yet again no so many years later left another very bad taste (I almost dumped Firefox again in disgust however using it for one full week has made it slightly less harsh). Such a huge version bump was way too much of a drastic visual change, such as how tabs look which I literally can't stand the look of, and the built in light themes all look like rubbish to me and are too bright. I'm not keen on using the dark theme but it's literally the only one that I can stomach that isn't overly eye searing bright. When looking for replacement themes on their add-ons site the comments/complaints people posted about how they change the look of it were rampant and so true. Link to comment Share on other sites More sharing options...
trium Posted November 12, 2021 Share Posted November 12, 2021 I use also ff esr - i dont jump to ff 91.x, i stay with ff 78.15. I mean also like andavari that the version jumps brings to many visual changes and new features that u never use and blow up firefox with "features". Perhaps to more google look a like contest instead mozilla goes its own way as in the past (time before google chrome). I dont want an google chrome "clone" called firefox. ;-) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 8, 2021 Share Posted December 8, 2021 ff v94.0.2 22. nov 2021 Fixed Improved hangs experienced by users of assistive technology such as NVDA when installing Firefox through the Microsoft Store (bug 1736742) Resolved general instability/crashes on Linux caused by a file descriptor leak when backgrounding tabs using WebGL (bug 1741997) Changed Updated preference design for Firefox Suggest for improved clarity. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 8, 2021 Share Posted December 8, 2021 ff v95.0 07. dec 2021 New RLBox — a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries — is now enabled on all platforms. Good news! You can now download Firefox from the Microsoft Store on Windows 10 and Windows 11 platforms. We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing. We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video. You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users. Fixed After starting Firefox, users of the JAWS screen reader and ZoomText magnifier will no longer need to switch applications in order to access Firefox. You’ll find the state of controls using the ARIA switch role is now correctly reported by Mac OS VoiceOver. You’ll see a faster content process startup on macOS. We’ve also made memory allocator improvements. And we’ve improved page load performance by speculatively compiling JavaScript ahead of time. Various security fixes Changed We’ve added a User Agent override for Slack.com, which allows Firefox users to use more Call features and have access to Huddles. Enterprise Various bug fixes and new policies have been implemented in this latest version of Firefox. Developer Developer Information unresolved On macOS command-clicking links in Gmail still does not open a new tab. Workaround: you can click links in Gmail without pressing command, which will still open a new tab. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 8, 2021 Share Posted December 8, 2021 ff v91.4.0 esr 07. dec 2021 Fixed Various security fixes Quote Security Vulnerabilities fixed in Firefox ESR 91.4.0 Announced December 7, 2021 Impact high Products Firefox ESR Fixed in Firefox ESR 91.4 #CVE-2021-43536: URL leakage when navigating while executing asynchronous function Reporter Sunwoo Kim and Youngmin Kim of SNU CompSec Lab Impact high Description Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. References Bug 1730120 #CVE-2021-43537: Heap buffer overflow when using structured clone Reporter bo13oy of Cyber Kunlun Lab Impact high Description An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. References Bug 1738237 #CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both Reporter Irvan Kurniawan (@sourc7) Impact high Description By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. References Bug 1739091 #CVE-2021-43539: GC rooting failure when calling wasm instance methods Reporter Asumu Takikawa and Ioanna Dimitriou Impact high Description Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. References Bug 1739683 #CVE-2021-43541: External protocol handler parameters were unescaped Reporter chriscla Impact moderate Description When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. References Bug 1696685 #CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler Reporter Raphael Smolik Impact moderate Description Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. References Bug 1723281 #CVE-2021-43543: Bypass of CSP sandbox directive when embedding Reporter Armin Ebert Impact moderate Description Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. References Bug 1738418 #CVE-2021-43545: Denial of Service when using the Location API in a loop Reporter Paul Zühlcke Impact low Description Using the Location API in a loop could have caused severe application hangs and crashes. References Bug 1720926 #CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed Reporter Daniel Veditz Impact low Description It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. References Bug 1737751 #MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94 and Firefox ESR 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 21, 2021 Share Posted December 21, 2021 ff v95.0.1 16. dec 2021 Fixed Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains (bug 1745600) Fix for a WebRender crash on some Linux/X11 systems (bug 1741956) Fix for a frequent Windows shutdown crash (bug 1738984) Fix websites contrast issues for some Linux users with Dark mode set at OS level (bug 1740518) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 21, 2021 Share Posted December 21, 2021 ff v95.0.2 19. dec 2021 Fixed Addresses frequent crashes experienced by users with C/E/Z-Series "Bobcat" CPUs running on Windows 7, 8, and 8.1. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted December 21, 2021 Share Posted December 21, 2021 ff v91.4.1 esr 16. dec 2021 Fixed Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains (bug 1745600) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 4, 2022 Share Posted February 4, 2022 ff v96.0 11. january 2022 New We’ve made significant improvements in noise-suppression and auto-gain-control as well as slight improvements in echo-cancellation to provide you with a better overall experience. We’ve also significantly reduced main-thread load. When printing, you can now choose to print only the odd/even pages. Fixed On macOS, command-clicking links in Gmail now opens them in a new tab as expected. Our newest release fixes an issue where video intermittently drops SSRC. It also fixes an issue where WebRTC downgrades screen sharing resolution to provide you with a clearer browsing experience. Plus, we’ve fixed video quality degradation issues on certain sites. Detached video in fullscreen on macOS has been temporarily disabled to avoid some issues with corruption, brightness changes, missing subtitles and high cpu usage. Various security fixes Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 96 Release Notes. Developer Developer Information Firefox for Linux changes the shortcut key for "Select All" from Alt-A to Ctrl-A for solving web-compatibility and avoiding conflict with access keys. If you want to keep using Emacs like key bindings, e.g., you configured your GTK settings to use Ctrl-A as a shortcut key for moving caret to beginning of a line, you must change ui.key.textcontrol.prefer_native_key_bindings_over_builtin_shortcut_key_definitions and ui.key.use_select_all_in_single_line_editor from about:config. Currently, these are disabled by default but will be enabled by default in a future release. Web Platform The Web Locks API landed. This allows scripts running in different service workers or tabs to coordinate with each other. WebRTC library updated, bringing improved audio and video features for web conferencing applications. Added CSS color-scheme support to allow web pages to indicate which color schemes they can be rendered with (for example, operating system dark mode). Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 4, 2022 Share Posted February 4, 2022 ff v91.5.0 esr 11. january 2022 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 91.5 Announced January 11, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 91.5 #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen window spoof Reporter Irvan Kurniawan Impact high Description A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Thunderbird for Windows. Other operating systems are unaffected. References Bug 1735071 #CVE-2022-22743: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. References Bug 1739220 #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode Reporter Irvan Kurniawan Impact high Description When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. References Bug 1739923 #CVE-2022-22741: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. References Bug 1740389 #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner Reporter bo13oy of Cyber Kunlun Lab Impact high Description Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. References Bug 1742334 #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur Reporter Atte Kettunen Impact high Description Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. References Bug 1742382 #CVE-2022-22737: Race condition when playing audio files Reporter bo13oy of Cyber Kunlun Lab Impact high Description Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. References Bug 1745874 #CVE-2021-4140: Iframe sandbox bypass with XSLT Reporter Peter Van der Beken Impact high Description It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. References Bug 1746720 #CVE-2022-22748: Spoofed origin on external protocol launch dialog Reporter Alesandro Ortiz Impact moderate Description Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol. References Bug 1705211 #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event Reporter Jannis Rautenstrauch Impact moderate Description Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations References Bug 1735856 #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection Reporter Mattias Jacobsson Impact moderate Description The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Firefox for Windows. Other operating systems are unaffected. References Bug 1737252 #CVE-2022-22747: Crash when handling empty pkcs7 sequence Reporter Tavis Ormandy Impact low Description After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. References Bug 1735028 #CVE-2022-22739: Missing throttling on external protocol launch dialog Reporter Alesandro Ortiz Impact low Description Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. References Bug 1744158 #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 Reporter Mozilla developers and community Impact high Description Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 4, 2022 Share Posted February 4, 2022 ff v96.0.1 14. january 2022 Fixed Addresses proxy rule exceptions not working on Windows systems when "Use system proxy settings" is set (bug 1749501) Improvements to make the parsing of content-length headers more robust (bug 1749957) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 4, 2022 Share Posted February 4, 2022 ff v96.0.2 20. january 2022 Fixed Fixed an issue that caused tab height to display inconsistently on Linux when audio was played (bug 1714276) Fixed an issue that caused Lastpass dropdowns to appear blank in Private Browsing mode (bug 1748158) Fixed a crash encountered when resizing a Facebook app (bug 1746084) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 4, 2022 Share Posted February 4, 2022 ff v96.0.3 27. january 2022 Fixed Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry (bug 1752317) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 4, 2022 Share Posted February 4, 2022 ff v91.5.1 esr 27. january 2022 Fixed Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry (bug 1752317) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 11, 2022 Share Posted February 11, 2022 ff v97.0 08. february 2022 New Firefox now supports and displays the new style of scrollbars on Windows 11. Fixed On macOS, we’ve made improvements to system font loading which makes opening and switching to new tabs faster in certain situations. Various security fixes Changed On February 8, we will be expiring the 18 colorway themes of Firefox version 94. This signals the end of a special, limited-time feature set. However, you can hold onto your favorite colorway, as long as you’re using it on the expiration date. In other words, if a colorway is “enabled” in the add-ons manager, that colorway is yours forever. Read more about colorway updates here. Support for directly generating PostScript for printing on Linux has been removed. Printing to PostScript printers still remains a supported option, however. Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 97 Release Notes. Developer Developer Information unresolved Users running WebRoot SecureAnywhere Antivirus may experience impaired functionality when upgrading to Firefox 97. Closing WebRoot will allow Firefox to resume normal operation. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted February 11, 2022 Share Posted February 11, 2022 ff v.91.6.0 esr 08. february 2022 Fixed Various stability, functionality, and security fixes Quote Security Vulnerabilities fixed in Firefox ESR 91.6 Announced February 8, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 91.6 #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service Reporter Seb Patane Impact high Description A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. References Bug 1732435 #CVE-2022-22754: Extensions could have bypassed permission confirmation during update Reporter Rob Wu Impact high Description If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. References Bug 1750565 #CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable Reporter Abdulrahman Alqabandi Impact moderate Description If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. References Bug 1317873 #CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements Reporter Johan Carlsson Impact moderate Description If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. References Bug 1739957 #CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types Reporter Luan Herrera Impact moderate Description When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. References Bug 1740985 Bug 1748503 #CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages Reporter Mart Gil Robles (Mart at FlowCrypt) Impact moderate Description Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. References Bug 1745566 #CVE-2022-22763: Script Execution during invalid object state Reporter Mozilla Fuzzing Team Impact moderate Description When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. References Bug 1740534 #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted March 17, 2022 Share Posted March 17, 2022 ff v97.0.1 17. feb 2022 Fixed Fixed an issue where TikTok videos would fail to load when selected from a user's profile page (bug 1750973) Fixed an issue which led to Picture-in-Picture mode being unable to be toggled on Hulu (bug 1753401) Works around problems with WebRoot SecureAnywhere antivirus rendering Firefox unusable in some situations (bug 1752466) Fixed an issue causing users to see the Restore Session screen unexpectedly when starting Firefox (bug 1749996) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now