The Firefox/Mozilla Thread

[trium]

ff v97.0.2

05. march 2022

Fixed

• Security fix

[trium]

ff v91.6.1 esr

05. march 2022

Fixed

• Security fix

Quote

Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0

Announced March 5, 2022

Impact high

Products Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird

Fixed in

• Firefox 97.0.2
• Firefox ESR 91.6.1
• Firefox for Android 97.3
• Focus 97.3
• Thunderbird 91.6.2

#CVE-2022-26485: Use-after-free in XSLT parameter processing

Reporter Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA

Impact critical

Description

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.

References

• Bug 1758062

#CVE-2022-26486: Use-after-free in WebGPU IPC Framework

Reporter Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA

Impact critical

Description

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

References

• Bug 1758070

[trium]

ff v98.0

08. march 2022

New

• Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information

  

  You’ll find you have a number of options, including:

  • Always Open Similar Files: Make Firefox automatically open downloaded files of the same type with the system default application.
  • Show In Folder: Open the folder that contains your downloaded files.
  • Go To Download Page: Surfaces the download reference page even after leaving the site or closing the tab.
  • Copy Download Link: Copy the download link to share it, save it, or for any applicable use.
  • Delete: You can now delete downloaded files directly from the download panel and other download views using the context menu.
  • Remove From History: Remove a file from your list of downloaded files.
  • Clear Preview Panel: Clear the list of downloaded items in the preview panel that opens when you start a download.

  In this release, you’ll also see that Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file.

  And now, every time you start a download, Firefox will automatically bring up the Downloads panel by default. This means you’ll experience minimal interruptions and easily find your downloaded files. Plus, to avoid having to close it several times, the panel won't show if there are multiple downloads in progress.

  You can now click on a file in the Downloads panel to open it even before it has finished downloading. Firefox will open the file as soon as it is available. Firefox: saving you time and helping you get back to what you care about!

  Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder.

• Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox.

Fixed

• Now, you can set a default app to open a file type. Choose the application you want to use to open files of a specific type in your Firefox settings.

• After updating to Firefox version 98, "Always ask" download actions will now be reset.

• Various security fixes.

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 98 Release Notes.

Developer

Developer Information

• The Compatibility sidebar panel in the DevTools Inspector already available on pre-release channels will become available on the release channel in version 98 . It provides compatibility warnings for the CSS properties used on the selected element, as well as for the overall page.

  Developers may use it to detect web-compatibility issues early, without having to test in each browser. All compatibility data are pulled from MDN.

• Event listeners for a given node can now be disabled from the Inspector Event Tooltip, in the markup view. Also, The "event" badge style is updated when at least one event is disabled to remind the user that something was changed.
  

• New UI in the Browser Toolbox to toggle Fluent pseudolocalization bidi / accented
  

• “Ignore line” context menu entry added in the debugger editor gutter when devtools.debugger.features.blackbox-lines is true. Also, there is a better “Ignore source” icon and editor background colors for ignored lines.
  

• Auto-open devtools for tabs opened via window.open (behind devtools.popups.debug). On a page where you already have DevTools opened, if a new tab is created via window.open, the toolbox will automatically move to the new tab, with the new document selected in both the iframe picker and the context selector
  

Web Platform

• The <dialog> HTML element already available on pre-release channels will become available on the release channel in version 98.

• Form associated custom elements will become available on the release channel in version 98. This allows web authors to define and create custom elements that can be participated in form submission.

• The hyphenate-character CSS property can be used to set a string that is used instead of a hyphen character (-) at the end of a hyphenation line break.

[trium]

ff v91.7.0 esr

08. march 2022

Fixed

• Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 91.7

Announced March 8, 2022

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 91.7

#CVE-2022-26383: Browser window spoof using fullscreen mode

Reporter Irvan Kurniawan

Impact high

Description

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.

References

• Bug 1742421

#CVE-2022-26384: iframe allow-scripts sandbox bypass

Reporter Ed McManus

Impact high

Description

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.

References

• Bug 1744352

#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures

Reporter Armin Ebert

Impact high

Description

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed.

References

• Bug 1752979

#CVE-2022-26381: Use-after-free in text reflows

Reporter Mozilla Fuzzing Team and Hossein Lotfi of Trend Micro Zero Day Initiative

Impact high

Description

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.

References

• Bug 1736243

#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users

Reporter attila

Impact low

Description

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.

References

• Bug 1752396

[trium]

ff v98.0.1

14. march 2022

Changed

• Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox.

  If you previously installed a customized version of Firefox with Yandex or Mail.ru, offered through partner distribution channels, this release removes those customizations, including add-ons and default bookmarks. Where applicable, your browser will revert back to default settings, as offered by Mozilla. All other releases of Firefox remain unaffected by the change.

[trium]

ff v91.7.1 esr

14. march 2022

Changed

• Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox.

  If you previously installed a customized version of Firefox with Yandex or Mail.ru, offered through partner distribution channels, this release removes those customizations, including add-ons and default bookmarks. Where applicable, your browser will revert back to default settings, as offered by Mozilla. All other releases of Firefox remain unaffected by the change.

[hazelnut]

Quote

Internet users who download the Firefox web browser from the official Mozilla website get a unique identifier attached to the installer that is submitted to Mozilla on install and first run.

https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/

[nukecad]

The latest Firefox update changes to how it handles downloads managed to reset all my "open-with's" for downloads.

I was sat there clicking PDFs, images, etc. and swearing because the bleeping things weren't opening, till I figured it out.
Firefox had been saving them to downloads rather than opening them. I had to set them up again.

[Andavari]

19 hours ago, nukecad said:

Firefox had been saving them to downloads rather than opening them. I had to set them up again.

One would think they'd know how to by now notify users during upgrading.

[nukecad]

It's also a pain with the download menu popping open and staying open everytime you download something.

The release notes say that is by design; but to me it's just an annoyance and the download icon has now been removed from my menu bar to stop it doing that.

[Andavari]

I'm glad I use ESR Portable which is several versions behind, but one day it too will have that "feature".

[nukecad]

The downloads in Firefox 98 are totally messed up for me at the moment.

It's a guessing game when I click on something whether it will open in the associated app, or be saved to the download folder, or in some cases both.
(And despite what the Mozilla documentation says , it doesn't always also save files that are opened).
There are also issues with setting the associated apps in the first place.

From what I'm reading most of this is intentional, it's now putting them in 'Downloads' instead of'\windows\temp' although nobody seems to know why they have changed this behaviour (possibly it's because of an obscure 'drive by' attack method seen in Chrome?).

Of course you could just regularly/automatically clear out the downloads folder, but there is often stuff in there that I want to keep for a while.

For more issues/solutions see this on AskWoody.
(I note that @lmacrihas posted a good overall solution on there - I've just applied it).
https://www.askwoody.com/forums/topic/problem-with-downloading-behavior-in-firefox-98-0/

I don't like messing with FFx's settings for something that may later get 'fixed' anyway.
But as this seems to be by design then I don't think it will be.

[Winapp2.ini]

2 hours ago, nukecad said:

The downloads in Firefox 98 are totally messed up for me at the moment.

It's a guessing game when I click on something whether it will open in the associated app, or be saved to the download folder, or in some cases both.
(And despite what the Mozilla documentation says , it doesn't always also save files that are opened).
There are also issues with setting the associated apps in the first place.

From what I'm reading most of this is intentional, it's now putting them in 'Downloads' instead of'\windows\temp' although nobody seems to know why they have changed this behaviour (possibly it's because of an obscure 'drive by' attack method seen in Chrome?).

Of course you could just regularly/automatically clear out the downloads folder, but there is often stuff in there that I want to keep for a while.

For more issues/solutions see this on AskWoody.
(I note that @lmacrihas posted a good overall solution on there - I've just applied it).
https://www.askwoody.com/forums/topic/problem-with-downloading-behavior-in-firefox-98-0/

I don't like messing with FFx's settings for something that may later get 'fixed' anyway.
But as this seems to be by design then I don't think it will be.

FWIW downloads work fine for me on Firefox 100.0a1

 

  

On 19/03/2022 at 06:06, nukecad said:

It's also a pain with the download menu popping open and staying open everytime you download something.

The release notes say that is by design; but to me it's just an annoyance and the download icon has now been removed from my menu bar to stop it doing that.

I've had mine off the bar for years, but you can summon the downloads pane of the library with CTRL+J

[trium]

ff v98.0.2

23. march 2022

Fixed

• Fixed an issue preventing users from typing in Address Bar after opening new tab and pressing cmd + enter (bug 1757376)

• Fixed an issue causing some users to crash in out-of-memory conditions (bug 1757618)

• Fixed an issue in session history which caused some sites to fail to load (bug 1758664)

• Fixed an add-on specific compatibility issue (bug 1759162)

[trium]

ff v99.0

05. april 2022

New

• You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."

• You can find added support for search—with or without diacritics—in the PDF viewer.

• The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).

• Firefox now supports credit card autofill and capture in Germany and France.

Fixed

• Various security fixes.

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 99 Release Notes.

Developer

Developer Information

unresolved

• Gallery mode in the Zoom web client is now accessible in Firefox 99. Display of video is not always working with breakout rooms in gallery mode.

  • When a user of the Zoom web client enters a breakout room, one's self view and of other participants may not appear. Leaving the breakout room and re-entering it should resolve the issue.

[trium]

ff v91.8.0 esr

05. april 2022

Various stability, functionality, and security fixes

Quote

Security Vulnerabilities fixed in Firefox ESR 91.8

Announced April 5, 2022

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 91.8

#CVE-2022-1097: Use-after-free in NSSToken objects

Reporter Randell Jesup

Impact high

Description

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash.

References

• Bug 1745667

#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions

Reporter Axel '0vercl0k' Souchet

Impact high

Description

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash.

References

• Bug 1755621

#CVE-2022-1196: Use-after-free after VR Process destruction

Reporter bo13oy of Cyber Kunlun Lab

Impact moderate

Description

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash.

References

• Bug 1750679

#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument

Reporter Kirin

Impact moderate

Description

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash.

References

• Bug 1751609

#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen

Reporter Lukas Bernhard

Impact moderate

Description

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read.

References

• Bug 1756957

#CVE-2022-28286: iframe contents could be rendered outside the border

Reporter prada960808

Impact low

Description

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks.

References

• Bug 1735265

#CVE-2022-24713: Denial of Service via complex regular expressions

Reporter Addison Crump and Jan-Erik Rediger

Impact low

Description

The rust regex crate did not properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing. If an attacker was able to supply input to this crate, they could have caused a denial of service in the browser.

References

• Bug 1758509

#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98 and Firefox ESR 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

[nukecad]

Just to note that since changing that downloads behaviour setting my downloading is back to how I like it.

For information the setting is:
browser.download.improvements_to_download_panel  change it to false if you want the old behaviour.

Note that the setting may be removed in some future update, but for now it does the job.

[trium]

ff v99.0.1

12. april 2022

Fixed

• Fixed an issue for Windows users that prevented hardware video decoding on newer Intel drivers (bug 1762125)

• Fixed an issue with text rendering in Bengali (bug 1763368)

• Fixed a selection issue in the Download panel with drag and drop (bug 1762723)

• Fixed an issue preventing Zoom gallery mode for users who go to zoom.us URLs instead of subdomain.zoom.us URLs (bug 1763801)

[trium]

ff v91.9.0 esr

03. may 2022

Fixed

• Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.9

Announced May 3, 2022

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 91.9

#CVE-2022-29914: Fullscreen notification bypass using popups

Reporter Irvan Kurniawan

Impact high

Description

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.

References

• Bug 1746448

#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

Reporter Armin Ebert

Impact high

Description

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.

References

• Bug 1755081

#CVE-2022-29916: Leaking browser history with CSS variables

Reporter Mateusz Sionkowski

Impact high

Description

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history.

References

• Bug 1760674

#CVE-2022-29911: iframe Sandbox bypass

Reporter Trung Pham

Impact high

Description

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present.

References

• Bug 1761981

#CVE-2022-29912: Reader mode bypassed SameSite cookies

Reporter Matheus Vrech

Impact moderate

Description

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.

References

• Bug 1692655

#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

Reporter Mozilla developers

Impact high

Description

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

 

[trium]

ff v100.0

03. may 2022

New

• We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP.

• Picture-in-Picture now also supports video captions on websites that use WebVTT (Web Video Text Track) format, like Coursera.org, Canadian Broadcasting Corporation, and many more.

• On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages.

• Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu.

• HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”.

• Hardware accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required.

• Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback.

• Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch.

• Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars).

• Firefox now supports credit card autofill and capture in the United Kingdom.

• Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer.

Fixed

• Users can now choose preferred color schemes for websites. Theme authors can now make better decisions about which color scheme Firefox uses for menus. Web content appearance can now be changed in Settings.

• Beginning in this release, the Firefox installer for Windows is signed with a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for successful installation on a computer running Microsoft Windows 7. For more details about this update, visit the Microsoft Technical Support website.

• In macOS 11+ we now only rasterize the fonts once per window. This means that opening a new tab is fast, and switching tabs in the same window is also fast. (There's still work to do to share fonts across windows, or to reduce the time it takes to initialize these fonts.)

• The performance of deeply-nested display: grid elements is greatly improved.

• Support for profiling multiple java threads has been added.

• Soft-reloading a web page will no longer cause revalidation for all resources.

• Non-vsync tasks are given more time to run, which improves behavior on Google docs and Twitch.

• Geckoview APIs have been added to control the start/stop time of capturing a profile.

• Various security fixes.

Changed

• Firefox has a new focus indicator for links which replaces the old dotted outline with a solid blue outline. This change unifies the focus indicators across form fields and links, which makes it easier to identify the focused link, especially for users with low vision.

• New users can now set Firefox as the default PDF handler when setting Firefox as their default browser.

• Some websites might not work correctly in Firefox version 100 due to Firefox's new three-digit number. You can read about it in our blog post here!

  See the Mozilla Support article Difficulties opening or using a website in Firefox 100 for possible workarounds you can use. There, you will also find instructions for reporting a broken website so that Mozilla can help fix the problem.

  Mozilla Support articles for Desktop and Android:
  https://support.mozilla.org/kb/difficulties-opening-or-using-website-firefox-100
  https://support.mozilla.org/kb/difficulties-firefox-android-100

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 100 Release Notes.

Developer

Developer Information

Web Platform

• Support for the WritableStream API has landed. WritableStreams provide an interface for writing streaming data to a sink object.

• Additionally, ReadableStream gained support for the “pipeTo” method, which allows you to connect a ReadableStream to a WritableStream. For example, this would allow you to process data retrieved using “fetch” with the WritableStream Sink object.

• Support for WASM Exceptions is now available. This allows C++ exception handling and unwinding/destructing semantics to be expressed in WASM without an additional JavaScript helper code—and at zero cost to code that does not rely on exception semantics.

[trium]

ff v100.0.1

16. may 2022

Fixed

• Fixed an issue with subtitles in Picture-in-Picture mode while using Netflix (bug 1768818)

• Fixed an issue where some commands were unavailable in the Picture-in-Picture window (bug 1768201)

Changed

• Firefox's security sandbox now blocks access to the Win32k APIs for Content Processes on Windows (bug 1767999)

[trium]

ff v100.0.2

20. may 2022

Fixed

• Security fix

[trium]

ff v91.9.1 esr

20. may 2022

Fixed

• Security fix

Quote

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1

Announced May 20, 2022

Impact critical

Products Firefox, Firefox ESR, Firefox for Android, Thunderbird

Fixed in

• Firefox 100.0.2
• Firefox ESR 91.9.1
• Firefox for Android 100.3
• Thunderbird 91.9.1

#CVE-2022-1802: Prototype pollution in Top-Level Await implementation

Reporter Manfred Paul via Trend Micro's Zero Day Initiative

Impact critical

Description

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

References

• Bug 1770137

#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Reporter Manfred Paul via Trend Micro's Zero Day Initiative

Impact critical

Description

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

References

• Bug 1770048

[trium]

ff v101.0

31. may 2022

New

• Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast.

• It’s your choice! All non-configured MIME types can now be assigned a custom action upon download completion.

• Firefox now allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility).

Fixed

• Various security fixes.

Changed

• Removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818.

Enterprise

• Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 101 Release Notes.

Developer

Developer Information

• Inspector panel: When adding/removing a class name to/from an existing HTML element (using .cls button in Rules View), an autocomplete drop down automatically offers all existing class names on the page. In Firefox 101 the selected class name in the autocomplete drop-down list is auto-applied immediately as the user changes the selection of the autocomplete list (using up/down arrow keys). This is especially useful for quick testing of various styles.

• Inspector panel: This new option can be used to disable “drag to update” features in the Rule View (values of some CSS properties e.g., sizes can be modified by dragging the mouse horizontally).

  

• WebDriver BiDi: This protocol is enabled on the release channel to support external tools such as Selenium, which plan to start using WebDriver BiDi for Firefox. WebDriver-BiDi aims to provide a cross-browser protocol for browser automation that meets the requirements of modern web application testing tools. This allows both the client and the server to send & receive requests and responses.

Web Platform

• Firefox new has added support for large, small, dynamic viewport units and logical ones (*vi and *vb). This gives users the flexibility to choose whether page elements are sized to the “smallest” viewport size (dynamic toolbar visible), “largest” viewport size (dynamic toolbar hidden), or “dynamic” viewport size (based on current status of dynamic toolbar).

• Firefox 101 features added web conferencing support for enumerating (reducing errors caused by transposing or mistyping numbers) and selecting multiple audio input devices (giving you the ability to record or process multiple separate audio sources together, synchronously, at once) through navigator.mediaDevices.enumerateDevices().

[trium]

ff v91.10.0 esr

31. may 2022

Fixed

• Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.10

Announced May 31, 2022

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 91.10

#CVE-2022-31736: Cross-Origin resource's length leaked

Reporter Luan Herrera

Impact high

Description

A malicious website could have learned the size of a cross-origin resource that supported Range requests.

References

• Bug 1735923

#CVE-2022-31737: Heap buffer overflow in WebGL

Reporter Atte Kettunen

Impact high

Description

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.

References

• Bug 1743767

#CVE-2022-31738: Browser window spoof using fullscreen mode

Reporter Irvan Kurniawan

Impact high

Description

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks.

References

• Bug 1756388

#CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files

Reporter Chaobin Zhang

Impact high

Description

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
This bug only affects Firefox for Windows. Other operating systems are unaffected.

References

• Bug 1765049

#CVE-2022-31740: Register allocation problem in WASM on arm64

Reporter Gary Kwong

Impact high

Description

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash.

References

• Bug 1766806

#CVE-2022-31741: Uninitialized variable leads to invalid memory read

Reporter Yaniv

Impact high

Description

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.

References

• Bug 1767590

#CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

Reporter Michal

Impact moderate

Description

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals.

References

• Bug 1730434

#CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10