trium Posted August 4, 2022 Share Posted August 4, 2022 ff v101.0.1 09. june 2022 Fixed Fixed Firefox clearing the clipboard when closing on macOS (bug 1771823) Fixed a compatibility issue causing severely impaired functionality with win32k lockdown enabled on some Windows systems (bug 1769845) Fixed context menus not appearing when right-clicking Picture-in-Picture windows on some Linux systems (bug 1771914) Various stability fixes Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v102.0 28. june 2022 New Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more. Firefox now mitigates query parameter tracking when navigating sites if you have enabled strict mode for Enhanced Tracking Protection. Fixed When using a screen reader on Windows, pressing enter to activate an element no longer fails or clicks the wrong element and/or another application window. For those blind or with very limited vision, this technology reads out loud what is on the screen, and users can adapt them to their needs (now, on our platform, without errors). Various security fixes. Changed Improved security by moving audio decoding into a separate process with stricter sandboxing, thus improving process isolation. Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 102 Release Notes. Firefox 102 is the new Extended Support Release (ESR). Firefox 91 ESR goes out of support on September 20, 2022. (See the 102 ESR release notes for more information) Developer Developer Information You can now filter style sheets in the Style Editor tab of our developer tools Web Platform TransformStream and ReadableStream.pipeThrough have landed, allowing you to pipe from a ReadableStream to a WritableStream, executing a transformation on each chunk. ReadableStream, TransformStream, and WritableStream are all transferable now. Firefox now supports Content-Security-Policy (CSP) integration with WebAssembly. A document with a CSP that restricts scripts will no longer execute WebAssembly unless the policy uses 'unsafe-eval' or the new 'wasm-unsafe-eval' keyword. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v91.11.0 esr 28. june 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 91.11 Announced June 28, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 91.11 Note: While Bug 1771084 does not represent a specific vulnerability that was fixed, we recommend anyone rebasing patches to include it. 102 branch: Patch 1 and 2. 91 Branch: Patch 1 and 2 (Despite saying Parts 2 and 3, there is no Part 1) #CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content Reporter Irvan Kurniawan Impact high Description A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.This bug only affects Firefox for Linux. Other operating systems are unaffected. References Bug 1745595 #CVE-2022-34470: Use-after-free in nsSHistory Reporter Armin Ebert Impact high Description Navigations between XML documents may have led to a use-after-free and potentially exploitable crash. References Bug 1765951 #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI Reporter Armin Ebert Impact high Description An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. References Bug 1768537 #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt Reporter Ronald Crane Impact moderate Description In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. References Bug 1497246 #CVE-2022-31744: CSP bypass enabling stylesheet injection Reporter Gertjan Impact moderate Description An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. References Bug 1757604 #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked Reporter Laurent Bigonville Impact moderate Description If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. References Bug 1770123 #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt Reporter Gijs Impact moderate Description The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release Firefox has blocked these protocols from prompting the user to open them.This bug only affects Firefox on Windows. Other operating systems are unaffected. References Bug 1773717 #CVE-2022-2200: Undesired attributes could be set as part of prototype pollution Reporter Manfred Paul via Trend Micro's Zero Day Initiative Impact moderate Description If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. References Bug 1771381 #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 Reporter Mozilla developers and community Impact high Description The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v102.0 esr 28. june 2022 New We now provide more secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers. For added viewing pleasure, full-range color levels are now supported for video playback on many systems. Find it easier now! Mac users can now access the macOS share options from the Firefox File menu. Voilà! Support for images containing ICC v4 profiles is enabled on macOS. Firefox now supports the new AVIF image format, which is based on the modern and royalty-free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features. Firefox PDF viewer now supports filling more forms (e.g., XFA-based forms, used by multiple governments and banks). Learn more. When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This helps to reduce Firefox out-of-memory crashes. Forgot something? Switching to an unloaded tab automatically reloads it. To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. Bear in mind, this permission prompt only appears the first time these users run Firefox on their computer. For your safety, Firefox now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads. Learn more and see where to find downloads in Firefox. Improved web compatibility for privacy protections with SmartBlock 3.0: In Private Browsing and Strict Tracking Protection, Firefox goes to great lengths to protect your web browsing activity from trackers. As part of this, the built-in content blocking will automatically block third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. Learn more. Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing. This feature prevents sites from unknowingly leaking private information to trackers. Learn more. Introducing Firefox Suggest, a feature that provides website suggestions as you type into the address bar. Learn more about this faster way to navigate the web and locale-specific features. Firefox macOS now uses Apple's low-power mode for fullscreen video on sites such as YouTube and Twitch. This meaningfully extends battery life in long viewing sessions. Now your kids can find out what the fox says on a loop without you ever missing a beat… With this release, power users can use about:unloads to release system resources by manually unloading tabs without closing them. On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed. On Linux, we’ve improved WebGL performance and reduced power consumption for many users. To better protect all Firefox users against side-channel attacks, such as Spectre, we introduced Site Isolation. Firefox no longer warns you by default when you exit the browser or close a window using a menu, button, or three-key command. This should cut back on unwelcome notifications, which is always nice—however, if you prefer a bit of notice, you’ll still have full control over the quit/close modal behavior. All warnings can be managed within Firefox Settings. No worries! More details here. Firefox supports the new Snap Layouts menus when running on Windows 11. RLBox—a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries—is now enabled on all platforms. We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing. We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video. You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. We’ve made significant improvements in noise suppression and auto-gain-control, as well as slight improvements in echo-cancellation to provide you with a better overall experience. We’ve also significantly reduced main-thread load. When printing, you can now choose to print only the odd/even pages. Firefox now supports and displays the new style of scrollbars on Windows 11. Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file. Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder. Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox. You can now toggle Narrate in ReaderMode with the keyboard shortcut "n." You can find added support for search—with or without diacritics—in the PDF viewer. The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11). Firefox now supports credit card autofill and capture in Germany, France, and the United Kingdom. We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP. Picture-in-Picture now also supports video captions on websites that use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian Broadcasting Corporation, and many more). On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages. Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu. HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”. Hardware-accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required. Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback. Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch. Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars). Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer. Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast. All non-configured MIME types can now be assigned a custom action upon download completion. Firefox now allows users to use as many microphones as they want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility). Print preview has been updated. Fixed Various security fixes. Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ad to ff v102.0 esr Quote Security Vulnerabilities fixed in Firefox 102 Announced June 28, 2022 Impact high Products Firefox Fixed in Firefox 102 Note: While Bug 1771084 does not represent a specific vulnerability that was fixed, we recommend anyone rebasing patches to include it. 102 branch: Patch 1 and 2. 91 Branch: Patch 1 and 2 (Despite saying Parts 2 and 3, there is no Part 1) #CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content Reporter Irvan Kurniawan Impact high Description A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.This bug only affects Firefox for Linux. Other operating systems are unaffected. References Bug 1745595 #CVE-2022-34470: Use-after-free in nsSHistory Reporter Armin Ebert Impact high Description Navigations between XML documents may have led to a use-after-free and potentially exploitable crash. References Bug 1765951 #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI Reporter Armin Ebert Impact high Description An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. References Bug 1768537 #CVE-2022-34482: Drag and drop of malicious image could have led to malicious executable and potential code execution Reporter Attila Suszter Impact moderate Description An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. References Bug 845880 #CVE-2022-34483: Drag and drop of malicious image could have led to malicious executable and potential code execution Reporter Eduardo Braun Prado Impact moderate Description An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. References Bug 1335845 #CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed ASN.1 Reporter Gustavo Grieco Impact moderate Description ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. References Bug 1387919 #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt Reporter Ronald Crane Impact moderate Description In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. References Bug 1497246 Bug 1483699 #CVE-2022-34474: Sandboxed iframes could redirect to external schemes Reporter Amazon Malvertising Team Impact moderate Description Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. References Bug 1677138 #CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android Reporter Peter Gerber Impact moderate Description When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly.This bug only affects Firefox for Android. Other operating systems are unaffected. References Bug 1721220 #CVE-2022-34471: Compromised server could trick a browser into an addon downgrade Reporter Rob Wu Impact moderate Description When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. References Bug 1766047 #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked Reporter Laurent Bigonville Impact moderate Description If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. References Bug 1770123 #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt Reporter Gijs Impact moderate Description The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release Firefox has blocked these protocols from prompting the user to open them.This bug only affects Firefox on Windows. Other operating systems are unaffected. References Bug 1773717 #CVE-2022-2200: Undesired attributes could be set as part of prototype pollution Reporter Manfred Paul via Trend Micro's Zero Day Initiative Impact moderate Description If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. References Bug 1771381 #CVE-2022-34480: Free of uninitialized pointer in lg_init Reporter Ronald Crane Impact low Description Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. References Bug 1454072 #CVE-2022-34477: MediaError message property leaked information on cross-origin same-site pages Reporter jannis Impact low Description The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. References Bug 1731614 #CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script via use tags Reporter Gareth Heyes Impact low Description SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. References Bug 1757210 #CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags Reporter Armin Ebert Impact low Description The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. References Bug 1770888 #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 Reporter Mozilla developers and community Impact high Description The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of these bugs showed evidence of JavaScript prototype or memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 #CVE-2022-34485: Memory safety bugs fixed in Firefox 102 Reporter Mozilla developers and community Impact moderate Description Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 102 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v102.0.1 06. july 2022 Fixed Fixed bookmark shortcut creation by dragging to Windows File Explorer and dropping partially broken (bug 1774683) Fixed bookmarks sidebar flashing white when opened in dark mode (bug 1776157) Fixed multilingual spell checking not working with content in both English and a non-Latin alphabet (bug 1773802) Developer tools: Fixed an issue where the console output keep getting scrolled to the bottom when the last visible message is an evaluation result (bug 1776262) Fixed Delete cookies and site data when Firefox is closed checkbox getting disabled on startup (bug 1777419) Various stability fixes Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v102.1.0 esr 26. july 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 102.1 Announced July 26, 2022 Impact moderate Products Firefox ESR Fixed in Firefox ESR 102.1 #CVE-2022-36319: Mouse Position spoofing with CSS transforms Reporter Irvan Kurniawan Impact moderate Description When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. References Bug 1737722 #CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Reporter Gijs Kruitbosch Impact moderate Description When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. References Bug 1771774 #CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads Reporter akucybersec Impact moderate Description When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This bug only affects Firefox for Windows. Other operating systems are unaffected.* References Bug 1773894 #CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1 Reporter Mozilla developers and community Impact high Description Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 103 and 102.1 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v91.12.0 esr 26. july 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 91.12 Announced July 26, 2022 Impact moderate Products Firefox ESR Fixed in Firefox ESR 91.12 #CVE-2022-36319: Mouse Position spoofing with CSS transforms Reporter Irvan Kurniawan Impact moderate Description When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. References Bug 1737722 #CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Reporter Gijs Kruitbosch Impact moderate Description When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. References Bug 1771774 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v103.0 26. july 2022 New Improved responsiveness on macOS during periods of high CPU load by switching to a modern lock API. Do you always forget something? Required fields are now highlighted in PDF forms. Improved performance on high-refresh rate monitors (120Hz+). Enjoying Picture-in-Picture subtitles feature? It just got better: you can now change subtitles font size directly from the PiP window. Additionally, PiP subtitles are now available at Funimation, Dailymotion, Tubi, Hotstar, and SonyLIV. Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. Windows' "Make text bigger" accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. Rejoice! You can now conveniently access Firefox, which will now be pinned to the Windows taskbar during installation on Windows 10 and 11. (This will also allow for Firefox to be launched quicker after installing.) Fixed Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control. Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. Various security fixes. Changed Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported. Developer Developer Information Web Platform Your information now has increased protection from online tracking via Total Cookie Protection enabled by default. All third-party cookies are now isolated into partitioned storage. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted August 4, 2022 Share Posted August 4, 2022 ff v103.0.1 01. august 2022 New Enabled hardware acceleration on newer AMD cards. Fixed Fixed a crash on Firefox shutdown caused by a bug in the audio manager. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 8, 2022 Share Posted September 8, 2022 ff v103.0.2 09. august 2022 Fixed Fixed menu shortcuts for users of the JAWS screen reader. Fixed an occasional non-overridable certificate error when accessing device configuration pages. Fixed an issue with Picture-in-Picture displaying in fullscreen on macOS. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 8, 2022 Share Posted September 8, 2022 ff v91.13.0 esr 23. august 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 91.13 Announced August 23, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 91.13 #CVE-2022-38472: Address bar spoofing via XSLT error handling Reporter Armin Ebert Impact high Description An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. References Bug 1769155 #CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions Reporter Armin Ebert Impact high Description A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). References Bug 1771685 #CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Reporter Mozilla developers and community Impact high Description Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 8, 2022 Share Posted September 8, 2022 ff v104.0 23. august 2022 New Subtitles are now available for Disney+ in Picture-in-Picture. Firefox now supports both the scroll-snap-stop property as well as re-snapping. You can use the scroll-snap-stop property's always and normal values to specify whether or not to pass the snap points, even when scrolling fast. Re-snapping tries to keep the last snap position after any content/layout changes. The Firefox profiler can analyze power usage of a website (Apple M1 and Windows 11 only). The Firefox UI itself will now be throttled for performance and battery usage when minimized or occluded, in the same way background tabs are. Fixed Highlight color is preserved correctly after typing Enter in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. Various security fixes. Enterprise Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 104 Release Notes. Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 8, 2022 Share Posted September 8, 2022 ff v102.2.0 esr 23. august 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 102.2 Announced August 23, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 102.2 #CVE-2022-38472: Address bar spoofing via XSLT error handling Reporter Armin Ebert Impact high Description An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. References Bug 1769155 #CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions Reporter Armin Ebert Impact high Description A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). References Bug 1771685 #CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW Reporter Marian Laza Impact low Description A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. References Bug 1760998 #CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 Reporter Mozilla developers and community Impact high Description Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 #CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Reporter Mozilla developers and community Impact high Description Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 8, 2022 Share Posted September 8, 2022 ff v104.0.1 30. august 2022 Fixed Addresses an issue with Youtube video playback that was affecting some users. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 8, 2022 Share Posted September 8, 2022 ff v104.0.2 06. sept 2022 Fixed Fixed a bug making it impossible to use touch or a stylus to drag the scrollbar on pages (bug 1787361). Fixed an issue causing some users to crash in out-of-memory conditions (bug 1774155). Fixed an issue that would sometimes affect video & audio playback when loaded via a cross-origin iframe src attribute (bug 1781759). Fixed an issue that would sometimes affect video & audio playback when served with Content-Security-Policy: sandbox (bug 1781063). Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators nukecad Posted July 5, 2023 Moderators Share Posted July 5, 2023 The 'standard' Firefox is dropping support for Windows 7, 8, & 8.1. Firefox v115 (the current version) will be the last to support them, so users of those Windows versions will be moved to Firefox ESR. https://support.mozilla.org/en-US/kb/firefox-users-windows-7-8-and-81-moving-extended-support *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v105.0 20. sept 2022 New Added an option to print only the current page from the print preview dialog. Firefox now supports partitioned service workers in third-party contexts. You can register service workers in a third-party iframe and it will be partitioned under the top-level domain. Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. Firefox is now compliant with the User Timing L3 specification, which adds additional optional arguments to the performance.mark and performance.measure methods to provide custom start times, end times, duration, and attached details. Searching in large lists for individual items is now 2x faster. This performance enhancement replaces array.includes and array.indexOf with an optimized SIMD version. Fixed Stability on Windows is significantly improved as Firefox handles low-memory situations much better. Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. Various security fixes. Developer Developer Information Web Platform Support for the Offscreen Canvas DOM API with full context and font support. The OffscreenCanvas API provides a canvas that can be rendered off-screen in both Window and Web Worker contexts. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v102.3.0 esr 20. sept 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 102.3 Announced September 20, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 102.3 #CVE-2022-3266: Out of bounds read when decoding H264 Reporter Willy R. Vasquez at UT Austin Impact high Description An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. References Bug 1767360 #CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages Reporter Armin Ebert Impact high Description During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. References Bug 1782211 #CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads Reporter Armin Ebert Impact high Description Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. References Bug 1787633 #CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix Reporter Axel Chong (@Haxatron) Impact moderate Description By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. References Bug 1779993 #CVE-2022-40956: Content-Security-Policy base-uri bypass Reporter Satoki Tsuji Impact low Description When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. References Bug 1770094 #CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64 Reporter Gary Kwong Impact low Description Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms. References Bug 1777604 #CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 Reporter Mozilla developers and community Impact high Description Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v105.0.1 23. sept 2022 Fixed Reverted focus behavior for new windows back to the content area instead of the address bar (bug 1784692) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v105.0.2 04. oct 2022 Fixed Fixed poor contrast on various menu items with certain themes on Linux systems (bug 1792063) Fixed the scrollbar appearing on the wrong side of select elements in right-to-left locales (bug 1791219) Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug 1786259) Fixed a bug causing some dynamic appearance changes to not appear when expected (bug 1786521) Fixed a bug causing theme styling to not be properly applied to sidebars for some add-ons in Private Browsing Mode (bug 1787543) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v105.0.3 07. oct 2022 Fixed Mitigated frequent crashes for Windows users with Avast or AVG Antivirus software installed (bug 1794064) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v106.0 18. oct 2022 New It is now possible to edit PDFs: including writing text, drawing, and adding signatures. Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. You can now pin private windows to your Windows taskbar on Window 10 and Windows 11 for simpler access. Also, private windows have been redesigned to increase the feeling of privacy. Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). Extracted text is copied to the clipboard in order to share, store, or search—without needing to manually retype everything. This feature is compatible with “VoiceOver,” the built-in macOS screen reader. For more information, check out our SUMO article. “Firefox View” helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device, access tabs from other devices (via our “Tab Pickup” feature), and change the look of the browser (with Colorways). For more information, read our SUMO article. With the launch of the “Independent Voices” collection, Firefox is introducing 18 new “Colorways.” You can now access a “Colorways” modal experience via “Firefox View”; each new color is accompanied with a bespoke graphic and a text description that speaks to its deeper meaning. The collection will be available through Jan 16. For more information, check out our SUMO article. Fixed Various security fixes. Developer Developer Information Web Platform A major upgrade to our WebRTC capabilities (libwebrtc library upgraded from version 86 to 103) brings multiple improvements: Better screen sharing for Windows and Linux Wayland users. Lower CPU usage and increased frame rates during WebRTC screen capture on macOS. RTP performance and reliability improvements. Richer statistics. Cross-browser and service compatibility improvements. Unresolved We are investigating an increase in crashes reported by users with AMD Zen 1 CPUs (fixed in 106.0.1). We are investigating hangs with Firefox installed from the Windows Store (fixed in 106.0.2). We are investigating with Microsoft hangs experienced by Firefox users on Windows 11 version 22H2 triggered when performing certain copy actions on page content. Our support article provides a temporary workaround until we release a fix for this issue (fixed in 106.0.3). Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v102.4.0 esr 18. oct 2022 Fixed Various stability, functionality, and security fixes. Quote Security Vulnerabilities fixed in Firefox ESR 102.4 Announced October 18, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 102.4 #CVE-2022-42927: Same-origin policy violation could have leaked cross-origin URLs Reporter James Lee Impact high Description A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). References Bug 1789128 #CVE-2022-42928: Memory Corruption in JS Engine Reporter Samuel Groß Impact high Description Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. References Bug 1791520 #CVE-2022-42929: Denial of Service via window.print Reporter Andrei Enache Impact moderate Description If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. References Bug 1789439 #CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4 Reporter Mozilla developers and community Impact moderate Description Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 6, 2023 Share Posted July 6, 2023 ff v106.0.1 20. oct 2022 Fixed Addresses a crash experienced by users with AMD Zen 1 CPUs. (bug 1796126) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now