Jump to content

The Firefox/Mozilla Thread


nodles

Recommended Posts

ff v91.6.1 esr

05. march 2022

Fixed

Quote

Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0

Announced March 5, 2022
Impact high
Products Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird
Fixed in
  • Firefox 97.0.2
  • Firefox ESR 91.6.1
  • Firefox for Android 97.3
  • Focus 97.3
  • Thunderbird 91.6.2

#CVE-2022-26485: Use-after-free in XSLT parameter processing

Reporter Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA
Impact critical
Description

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.

References

#CVE-2022-26486: Use-after-free in WebGPU IPC Framework

Reporter Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA
Impact critical
Description

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v98.0

08. march 2022

New

  • Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information

    screenshot

    You’ll find you have a number of options, including:

    • Always Open Similar Files: Make Firefox automatically open downloaded files of the same type with the system default application.
    • Show In Folder: Open the folder that contains your downloaded files.
    • Go To Download Page: Surfaces the download reference page even after leaving the site or closing the tab.
    • Copy Download Link: Copy the download link to share it, save it, or for any applicable use.
    • Delete: You can now delete downloaded files directly from the download panel and other download views using the context menu.
    • Remove From History: Remove a file from your list of downloaded files.
    • Clear Preview Panel: Clear the list of downloaded items in the preview panel that opens when you start a download.

    In this release, you’ll also see that Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file.

    And now, every time you start a download, Firefox will automatically bring up the Downloads panel by default. This means you’ll experience minimal interruptions and easily find your downloaded files. Plus, to avoid having to close it several times, the panel won't show if there are multiple downloads in progress.

    You can now click on a file in the Downloads panel to open it even before it has finished downloading. Firefox will open the file as soon as it is available. Firefox: saving you time and helping you get back to what you care about!

    Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder.

  • Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox.

Fixed

  • Now, you can set a default app to open a file type. Choose the application you want to use to open files of a specific type in your Firefox settings.

  • After updating to Firefox version 98, "Always ask" download actions will now be reset.

  • Various security fixes.

Enterprise

Developer

Developer Information

  • The Compatibility sidebar panel in the DevTools Inspector already available on pre-release channels will become available on the release channel in version 98 . It provides compatibility warnings for the CSS properties used on the selected element, as well as for the overall page.

    Developers may use it to detect web-compatibility issues early, without having to test in each browser. All compatibility data are pulled from MDN.

  • Event listeners for a given node can now be disabled from the Inspector Event Tooltip, in the markup view. Also, The "event" badge style is updated when at least one event is disabled to remind the user that something was changed.
    screenshot

  • New UI in the Browser Toolbox to toggle Fluent pseudolocalization bidi / accented
    screenshot

  • “Ignore line” context menu entry added in the debugger editor gutter when devtools.debugger.features.blackbox-lines is true. Also, there is a better “Ignore source” icon and editor background colors for ignored lines.
    screenshot

  • Auto-open devtools for tabs opened via window.open (behind devtools.popups.debug). On a page where you already have DevTools opened, if a new tab is created via window.open, the toolbox will automatically move to the new tab, with the new document selected in both the iframe picker and the context selector
    screenshot

Web Platform

  • The <dialog> HTML element already available on pre-release channels will become available on the release channel in version 98.

  • Form associated custom elements will become available on the release channel in version 98. This allows web authors to define and create custom elements that can be participated in form submission.

  • The hyphenate-character CSS property can be used to set a string that is used instead of a hyphen character (-) at the end of a hyphenation line break.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.7.0 esr

08. march 2022

Fixed

  • Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 91.7

Announced March 8, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 91.7

#CVE-2022-26383: Browser window spoof using fullscreen mode

Reporter Irvan Kurniawan
Impact high
Description

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.

References

#CVE-2022-26384: iframe allow-scripts sandbox bypass

Reporter Ed McManus
Impact high
Description

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.

References

#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures

Reporter Armin Ebert
Impact high
Description

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed.

References

#CVE-2022-26381: Use-after-free in text reflows

Reporter Mozilla Fuzzing Team and Hossein Lotfi of Trend Micro Zero Day Initiative
Impact high
Description

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.

References

#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users

Reporter attila
Impact low
Description

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v98.0.1

14. march 2022

Changed

  • Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox.

    If you previously installed a customized version of Firefox with Yandex or Mail.ru, offered through partner distribution channels, this release removes those customizations, including add-ons and default bookmarks. Where applicable, your browser will revert back to default settings, as offered by Mozilla. All other releases of Firefox remain unaffected by the change.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.7.1 esr

14. march 2022

Changed

  • Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox.

    If you previously installed a customized version of Firefox with Yandex or Mail.ru, offered through partner distribution channels, this release removes those customizations, including add-ons and default bookmarks. Where applicable, your browser will revert back to default settings, as offered by Mozilla. All other releases of Firefox remain unaffected by the change.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

  • Moderators
Quote

Internet users who download the Firefox web browser from the official Mozilla website get a unique identifier attached to the installer that is submitted to Mozilla on install and first run.

https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/

Link to comment
Share on other sites

  • Moderators

The latest Firefox update changes to how it handles downloads managed to reset all my "open-with's" for downloads.

I was sat there clicking PDFs, images, etc. and swearing because the bleeping things weren't opening, till I figured it out.
Firefox had been saving them to downloads rather than opening them. I had to set them up again.
image.png

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites

  • Moderators
19 hours ago, nukecad said:

Firefox had been saving them to downloads rather than opening them. I had to set them up again.

One would think they'd know how to by now notify users during upgrading.

Link to comment
Share on other sites

  • Moderators

It's also a pain with the download menu popping open and staying open everytime you download something.

The release notes say that is by design; but to me it's just an annoyance and the download icon has now been removed from my menu bar to stop it doing that.

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites

  • 2 weeks later...
  • Moderators

The downloads in Firefox 98 are totally messed up for me at the moment.

It's a guessing game when I click on something whether it will open in the associated app, or be saved to the download folder, or in some cases both.
(And despite what the Mozilla documentation says , it doesn't always also save files that are opened).
There are also issues with setting the associated apps in the first place.

From what I'm reading most of this is intentional, it's now putting them in 'Downloads' instead of'\windows\temp' although nobody seems to know why they have changed this behaviour (possibly it's because of an obscure 'drive by' attack method seen in Chrome?).

Of course you could just regularly/automatically clear out the downloads folder, but there is often stuff in there that I want to keep for a while.

For more issues/solutions see this on AskWoody.
(I note that @lmacrihas posted a good overall solution on there - I've just applied it).
https://www.askwoody.com/forums/topic/problem-with-downloading-behavior-in-firefox-98-0/

I don't like messing with FFx's settings for something that may later get 'fixed' anyway.
But as this seems to be by design then I don't think it will be.

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites

2 hours ago, nukecad said:

The downloads in Firefox 98 are totally messed up for me at the moment.

It's a guessing game when I click on something whether it will open in the associated app, or be saved to the download folder, or in some cases both.
(And despite what the Mozilla documentation says , it doesn't always also save files that are opened).
There are also issues with setting the associated apps in the first place.

From what I'm reading most of this is intentional, it's now putting them in 'Downloads' instead of'\windows\temp' although nobody seems to know why they have changed this behaviour (possibly it's because of an obscure 'drive by' attack method seen in Chrome?).

Of course you could just regularly/automatically clear out the downloads folder, but there is often stuff in there that I want to keep for a while.

For more issues/solutions see this on AskWoody.
(I note that @lmacrihas posted a good overall solution on there - I've just applied it).
https://www.askwoody.com/forums/topic/problem-with-downloading-behavior-in-firefox-98-0/

I don't like messing with FFx's settings for something that may later get 'fixed' anyway.
But as this seems to be by design then I don't think it will be.

FWIW downloads work fine for me on Firefox 100.0a1

 

  

On 19/03/2022 at 06:06, nukecad said:

It's also a pain with the download menu popping open and staying open everytime you download something.

The release notes say that is by design; but to me it's just an annoyance and the download icon has now been removed from my menu bar to stop it doing that.

I've had mine off the bar for years, but you can summon the downloads pane of the library with CTRL+J

Link to comment
Share on other sites

ff v98.0.2

23. march 2022

Fixed

  • Fixed an issue preventing users from typing in Address Bar after opening new tab and pressing cmd + enter (bug 1757376)

  • Fixed an issue causing some users to crash in out-of-memory conditions (bug 1757618)

  • Fixed an issue in session history which caused some sites to fail to load (bug 1758664)

  • Fixed an add-on specific compatibility issue (bug 1759162)

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v99.0

05. april 2022

New

  • You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."

  • You can find added support for search—with or without diacritics—in the PDF viewer.

  • The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).

  • Firefox now supports credit card autofill and capture in Germany and France.

Fixed

Enterprise

unresolved

  • Gallery mode in the Zoom web client is now accessible in Firefox 99. Display of video is not always working with breakout rooms in gallery mode.

    • When a user of the Zoom web client enters a breakout room, one's self view and of other participants may not appear. Leaving the breakout room and re-entering it should resolve the issue.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.8.0 esr

05. april 2022

Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 91.8

Announced April 5, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 91.8

#CVE-2022-1097: Use-after-free in NSSToken objects

Reporter Randell Jesup
Impact high
Description

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash.

References

#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions

Reporter Axel '0vercl0k' Souchet
Impact high
Description

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash.

References

#CVE-2022-1196: Use-after-free after VR Process destruction

Reporter bo13oy of Cyber Kunlun Lab
Impact moderate
Description

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash.

References

#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument

Reporter Kirin
Impact moderate
Description

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash.

References

#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen

Reporter Lukas Bernhard
Impact moderate
Description

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read.

References

#CVE-2022-28286: iframe contents could be rendered outside the border

Reporter prada960808
Impact low
Description

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks.

References

#CVE-2022-24713: Denial of Service via complex regular expressions

Reporter Addison Crump and Jan-Erik Rediger
Impact low
Description

The rust regex crate did not properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing. If an attacker was able to supply input to this crate, they could have caused a denial of service in the browser.

References

#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Reporter Mozilla developers and community
Impact high
Description

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98 and Firefox ESR 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

  • Moderators

Just to note that since changing that downloads behaviour setting my downloading is back to how I like it.

For information the setting is:
browser.download.improvements_to_download_panel  change it to false if you want the old behaviour.

Note that the setting may be removed in some future update, but for now it does the job.

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites

  • 1 month later...

ff v99.0.1

12. april 2022

Fixed

  • Fixed an issue for Windows users that prevented hardware video decoding on newer Intel drivers (bug 1762125)

  • Fixed an issue with text rendering in Bengali (bug 1763368)

  • Fixed a selection issue in the Download panel with drag and drop (bug 1762723)

  • Fixed an issue preventing Zoom gallery mode for users who go to zoom.us URLs instead of subdomain.zoom.us URLs (bug 1763801)

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.9.0 esr

03. may 2022

Fixed

  • Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.9

Announced May 3, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 91.9

#CVE-2022-29914: Fullscreen notification bypass using popups

Reporter Irvan Kurniawan
Impact high
Description

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.

References

#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

Reporter Armin Ebert
Impact high
Description

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.

References

#CVE-2022-29916: Leaking browser history with CSS variables

Reporter Mateusz Sionkowski
Impact high
Description

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history.

References

#CVE-2022-29911: iframe Sandbox bypass

Reporter Trung Pham
Impact high
Description

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present.

References

#CVE-2022-29912: Reader mode bypassed SameSite cookies

Reporter Matheus Vrech
Impact moderate
Description

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.

References

#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

Reporter Mozilla developers
Impact high
Description

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

 

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v100.0

03. may 2022

New

  • We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP.

  • Picture-in-Picture now also supports video captions on websites that use WebVTT (Web Video Text Track) format, like Coursera.org, Canadian Broadcasting Corporation, and many more.

  • On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages.

  • Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu.

  • HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”.

  • Hardware accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required.

  • Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback.

  • Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch.

  • Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars).

  • Firefox now supports credit card autofill and capture in the United Kingdom.

  • Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer.

Fixed

  • Users can now choose preferred color schemes for websites. Theme authors can now make better decisions about which color scheme Firefox uses for menus. Web content appearance can now be changed in Settings.

  • Beginning in this release, the Firefox installer for Windows is signed with a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for successful installation on a computer running Microsoft Windows 7. For more details about this update, visit the Microsoft Technical Support website.

  • In macOS 11+ we now only rasterize the fonts once per window. This means that opening a new tab is fast, and switching tabs in the same window is also fast. (There's still work to do to share fonts across windows, or to reduce the time it takes to initialize these fonts.)

  • The performance of deeply-nested display: grid elements is greatly improved.

  • Support for profiling multiple java threads has been added.

  • Soft-reloading a web page will no longer cause revalidation for all resources.

  • Non-vsync tasks are given more time to run, which improves behavior on Google docs and Twitch.

  • Geckoview APIs have been added to control the start/stop time of capturing a profile.

  • Various security fixes.

Changed

  • Firefox has a new focus indicator for links which replaces the old dotted outline with a solid blue outline. This change unifies the focus indicators across form fields and links, which makes it easier to identify the focused link, especially for users with low vision.

  • New users can now set Firefox as the default PDF handler when setting Firefox as their default browser.

  • Some websites might not work correctly in Firefox version 100 due to Firefox's new three-digit number. You can read about it in our blog post here!

    See the Mozilla Support article Difficulties opening or using a website in Firefox 100 for possible workarounds you can use. There, you will also find instructions for reporting a broken website so that Mozilla can help fix the problem.

    Mozilla Support articles for Desktop and Android:
    https://support.mozilla.org/kb/difficulties-opening-or-using-website-firefox-100
    https://support.mozilla.org/kb/difficulties-firefox-android-100

Enterprise

Web Platform

  • Support for the WritableStream API has landed. WritableStreams provide an interface for writing streaming data to a sink object.

  • Additionally, ReadableStream gained support for the “pipeTo” method, which allows you to connect a ReadableStream to a WritableStream. For example, this would allow you to process data retrieved using “fetch” with the WritableStream Sink object.

  • Support for WASM Exceptions is now available. This allows C++ exception handling and unwinding/destructing semantics to be expressed in WASM without an additional JavaScript helper code—and at zero cost to code that does not rely on exception semantics.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v100.0.1

16. may 2022

Fixed

  • Fixed an issue with subtitles in Picture-in-Picture mode while using Netflix (bug 1768818)

  • Fixed an issue where some commands were unavailable in the Picture-in-Picture window (bug 1768201)

Changed

  • Firefox's security sandbox now blocks access to the Win32k APIs for Content Processes on Windows (bug 1767999)

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.9.1 esr

20. may 2022

Fixed

Quote

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1

Announced May 20, 2022
Impact critical
Products Firefox, Firefox ESR, Firefox for Android, Thunderbird
Fixed in
  • Firefox 100.0.2
  • Firefox ESR 91.9.1
  • Firefox for Android 100.3
  • Thunderbird 91.9.1

#CVE-2022-1802: Prototype pollution in Top-Level Await implementation

Reporter Manfred Paul via Trend Micro's Zero Day Initiative
Impact critical
Description

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

References

#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Reporter Manfred Paul via Trend Micro's Zero Day Initiative
Impact critical
Description

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v101.0

31. may 2022

New

  • Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast.

  • It’s your choice! All non-configured MIME types can now be assigned a custom action upon download completion.

  • Firefox now allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility).

Fixed

Changed

  • Removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818.

Enterprise

Developer

Developer Information

  • Inspector panel: When adding/removing a class name to/from an existing HTML element (using .cls button in Rules View), an autocomplete drop down automatically offers all existing class names on the page. In Firefox 101 the selected class name in the autocomplete drop-down list is auto-applied immediately as the user changes the selection of the autocomplete list (using up/down arrow keys). This is especially useful for quick testing of various styles.

  • Inspector panel: This new option can be used to disable “drag to update” features in the Rule View (values of some CSS properties e.g., sizes can be modified by dragging the mouse horizontally).

    Screenshot showing Inspector Panel drag to update option checkbox

  • WebDriver BiDi: This protocol is enabled on the release channel to support external tools such as Selenium, which plan to start using WebDriver BiDi for Firefox. WebDriver-BiDi aims to provide a cross-browser protocol for browser automation that meets the requirements of modern web application testing tools. This allows both the client and the server to send & receive requests and responses.

Web Platform

  • Firefox new has added support for large, small, dynamic viewport units and logical ones (*vi and *vb). This gives users the flexibility to choose whether page elements are sized to the “smallest” viewport size (dynamic toolbar visible), “largest” viewport size (dynamic toolbar hidden), or “dynamic” viewport size (based on current status of dynamic toolbar).

  • Firefox 101 features added web conferencing support for enumerating (reducing errors caused by transposing or mistyping numbers) and selecting multiple audio input devices (giving you the ability to record or process multiple separate audio sources together, synchronously, at once) through navigator.mediaDevices.enumerateDevices().

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.10.0 esr

31. may 2022

Fixed

  • Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.10

Announced May 31, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 91.10

#CVE-2022-31736: Cross-Origin resource's length leaked

Reporter Luan Herrera
Impact high
Description

A malicious website could have learned the size of a cross-origin resource that supported Range requests.

References

#CVE-2022-31737: Heap buffer overflow in WebGL

Reporter Atte Kettunen
Impact high
Description

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.

References

#CVE-2022-31738: Browser window spoof using fullscreen mode

Reporter Irvan Kurniawan
Impact high
Description

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks.

References

#CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files

Reporter Chaobin Zhang
Impact high
Description

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
This bug only affects Firefox for Windows. Other operating systems are unaffected.

References

#CVE-2022-31740: Register allocation problem in WASM on arm64

Reporter Gary Kwong
Impact high
Description

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash.

References

#CVE-2022-31741: Uninitialized variable leads to invalid memory read

Reporter Yaniv
Impact high
Description

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.

References

#CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

Reporter Michal
Impact moderate
Description

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals.

References

#CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10

Reporter Mozilla developers and community
Impact high
Description

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.