Jump to content

The Firefox/Mozilla Thread


nodles

Recommended Posts

ff v101.0.1

09. june 2022

Fixed

  • Fixed Firefox clearing the clipboard when closing on macOS (bug 1771823)

  • Fixed a compatibility issue causing severely impaired functionality with win32k lockdown enabled on some Windows systems (bug 1769845)

  • Fixed context menus not appearing when right-clicking Picture-in-Picture windows on some Linux systems (bug 1771914)

  • Various stability fixes

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v102.0

28. june 2022

New

  • Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more.

  • Firefox now mitigates query parameter tracking when navigating sites if you have enabled strict mode for Enhanced Tracking Protection.

Fixed

  • When using a screen reader on Windows, pressing enter to activate an element no longer fails or clicks the wrong element and/or another application window. For those blind or with very limited vision, this technology reads out loud what is on the screen, and users can adapt them to their needs (now, on our platform, without errors).

  • Various security fixes.

Changed

Enterprise

  • Various bug fixes and new policies have been implemented in the latest version of Firefox. You can find more information in the Firefox for Enterprise 102 Release Notes.

  • Firefox 102 is the new Extended Support Release (ESR). Firefox 91 ESR goes out of support on September 20, 2022. (See the 102 ESR release notes for more information)

Developer

Developer Information

  • You can now filter style sheets in the Style Editor tab of our developer tools

Web Platform

  • TransformStream and ReadableStream.pipeThrough have landed, allowing you to pipe from a ReadableStream to a WritableStream, executing a transformation on each chunk.

  • ReadableStream, TransformStream, and WritableStream are all transferable now.

  • Firefox now supports Content-Security-Policy (CSP) integration with WebAssembly. A document with a CSP that restricts scripts will no longer execute WebAssembly unless the policy uses 'unsafe-eval' or the new 'wasm-unsafe-eval' keyword.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.11.0 esr

28. june 2022

Fixed

  • Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.11

Announced June 28, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 91.11

Note: While Bug 1771084 does not represent a specific vulnerability that was fixed, we recommend anyone rebasing patches to include it. 102 branch: Patch 1 and 2. 91 Branch: Patch 1 and 2 (Despite saying Parts 2 and 3, there is no Part 1)

#CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content

Reporter Irvan Kurniawan
Impact high
Description

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
This bug only affects Firefox for Linux. Other operating systems are unaffected.

References

#CVE-2022-34470: Use-after-free in nsSHistory

Reporter Armin Ebert
Impact high
Description

Navigations between XML documents may have led to a use-after-free and potentially exploitable crash.

References

#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

Reporter Armin Ebert
Impact high
Description

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link.

References

#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

Reporter Ronald Crane
Impact moderate
Description

In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container.

References

#CVE-2022-31744: CSP bypass enabling stylesheet injection

Reporter Gertjan
Impact moderate
Description

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy.

References

#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked

Reporter Laurent Bigonville
Impact moderate
Description

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown.

References

#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt

Reporter Gijs
Impact moderate
Description

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release Firefox has blocked these protocols from prompting the user to open them.
This bug only affects Firefox on Windows. Other operating systems are unaffected.

References

#CVE-2022-2200: Undesired attributes could be set as part of prototype pollution

Reporter Manfred Paul via Trend Micro's Zero Day Initiative
Impact moderate
Description

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution.

References

#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11

Reporter Mozilla developers and community
Impact high
Description

The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v102.0 esr

28. june 2022

New

    • We now provide more secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers.
    • For added viewing pleasure, full-range color levels are now supported for video playback on many systems.
    • Find it easier now! Mac users can now access the macOS share options from the Firefox File menu.
    • Voilà! Support for images containing ICC v4 profiles is enabled on macOS.
    • Firefox now supports the new AVIF image format, which is based on the modern and royalty-free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features.
    • Firefox PDF viewer now supports filling more forms (e.g., XFA-based forms, used by multiple governments and banks). Learn more.
    • When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This helps to reduce Firefox out-of-memory crashes. Forgot something? Switching to an unloaded tab automatically reloads it.
    • To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. Bear in mind, this permission prompt only appears the first time these users run Firefox on their computer.
    • For your safety, Firefox now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads. Learn more and see where to find downloads in Firefox.
    • Improved web compatibility for privacy protections with SmartBlock 3.0: In Private Browsing and Strict Tracking Protection, Firefox goes to great lengths to protect your web browsing activity from trackers. As part of this, the built-in content blocking will automatically block third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. Learn more.
    • Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing. This feature prevents sites from unknowingly leaking private information to trackers. Learn more.
    • Introducing Firefox Suggest, a feature that provides website suggestions as you type into the address bar. Learn more about this faster way to navigate the web and locale-specific features.
    • Firefox macOS now uses Apple's low-power mode for fullscreen video on sites such as YouTube and Twitch. This meaningfully extends battery life in long viewing sessions. Now your kids can find out what the fox says on a loop without you ever missing a beat…
    • With this release, power users can use about:unloads to release system resources by manually unloading tabs without closing them.
    • On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed.
    • On Linux, we’ve improved WebGL performance and reduced power consumption for many users.
    • To better protect all Firefox users against side-channel attacks, such as Spectre, we introduced Site Isolation.
    • Firefox no longer warns you by default when you exit the browser or close a window using a menu, button, or three-key command. This should cut back on unwelcome notifications, which is always nice—however, if you prefer a bit of notice, you’ll still have full control over the quit/close modal behavior. All warnings can be managed within Firefox Settings. No worries! More details here.
    • Firefox supports the new Snap Layouts menus when running on Windows 11.
    • RLBox—a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries—is now enabled on all platforms.
    • We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing.
    • We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video.
    • You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side.
    • We’ve made significant improvements in noise suppression and auto-gain-control, as well as slight improvements in echo-cancellation to provide you with a better overall experience.
    • We’ve also significantly reduced main-thread load.
    • When printing, you can now choose to print only the odd/even pages.
    • Firefox now supports and displays the new style of scrollbars on Windows 11.
    • Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information
    • Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file.
    • Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder.
    • Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox.
    • You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."
    • You can find added support for search—with or without diacritics—in the PDF viewer.
    • The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).
    • Firefox now supports credit card autofill and capture in Germany, France, and the United Kingdom.
    • We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP.
    • Picture-in-Picture now also supports video captions on websites that use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian Broadcasting Corporation, and many more).
    • On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages.
    • Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu.
    • HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”.
    • Hardware-accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required.
    • Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback.
    • Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch.
    • Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars).
    • Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer.
    • Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast.
    • All non-configured MIME types can now be assigned a custom action upon download completion.
    • Firefox now allows users to use as many microphones as they want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility).
    • Print preview has been updated.

Fixed

 

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ad to ff v102.0 esr

Quote

Security Vulnerabilities fixed in Firefox 102

Announced June 28, 2022
Impact high
Products Firefox
Fixed in
  • Firefox 102

Note: While Bug 1771084 does not represent a specific vulnerability that was fixed, we recommend anyone rebasing patches to include it. 102 branch: Patch 1 and 2. 91 Branch: Patch 1 and 2 (Despite saying Parts 2 and 3, there is no Part 1)

#CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content

Reporter Irvan Kurniawan
Impact high
Description

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
This bug only affects Firefox for Linux. Other operating systems are unaffected.

References

#CVE-2022-34470: Use-after-free in nsSHistory

Reporter Armin Ebert
Impact high
Description

Navigations between XML documents may have led to a use-after-free and potentially exploitable crash.

References

#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

Reporter Armin Ebert
Impact high
Description

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link.

References

#CVE-2022-34482: Drag and drop of malicious image could have led to malicious executable and potential code execution

Reporter Attila Suszter
Impact moderate
Description

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483.

References

#CVE-2022-34483: Drag and drop of malicious image could have led to malicious executable and potential code execution

Reporter Eduardo Braun Prado
Impact moderate
Description

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482.

References

#CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed ASN.1

Reporter Gustavo Grieco
Impact moderate
Description

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1.

References

#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

Reporter Ronald Crane
Impact moderate
Description

In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container.

References

#CVE-2022-34474: Sandboxed iframes could redirect to external schemes

Reporter Amazon Malvertising Team
Impact moderate
Description

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate.

References

#CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android

Reporter Peter Gerber
Impact moderate
Description

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly.
This bug only affects Firefox for Android. Other operating systems are unaffected.

References

#CVE-2022-34471: Compromised server could trick a browser into an addon downgrade

Reporter Rob Wu
Impact moderate
Description

When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version.

References

#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked

Reporter Laurent Bigonville
Impact moderate
Description

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown.

References

#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt

Reporter Gijs
Impact moderate
Description

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release Firefox has blocked these protocols from prompting the user to open them.
This bug only affects Firefox on Windows. Other operating systems are unaffected.

References

#CVE-2022-2200: Undesired attributes could be set as part of prototype pollution

Reporter Manfred Paul via Trend Micro's Zero Day Initiative
Impact moderate
Description

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution.

References

#CVE-2022-34480: Free of uninitialized pointer in lg_init

Reporter Ronald Crane
Impact low
Description

Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated.

References

#CVE-2022-34477: MediaError message property leaked information on cross-origin same-site pages

Reporter jannis
Impact low
Description

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks.

References

#CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script via use tags

Reporter Gareth Heyes
Impact low
Description

SVG <use> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed.

References

#CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags

Reporter Armin Ebert
Impact low
Description

The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes.

References

#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11

Reporter Mozilla developers and community
Impact high
Description

The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of these bugs showed evidence of JavaScript prototype or memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

#CVE-2022-34485: Memory safety bugs fixed in Firefox 102

Reporter Mozilla developers and community
Impact moderate
Description

Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v102.0.1

06. july 2022

Fixed

  • Fixed bookmark shortcut creation by dragging to Windows File Explorer and dropping partially broken (bug 1774683)

  • Fixed bookmarks sidebar flashing white when opened in dark mode (bug 1776157)

  • Fixed multilingual spell checking not working with content in both English and a non-Latin alphabet (bug 1773802)

  • Developer tools: Fixed an issue where the console output keep getting scrolled to the bottom when the last visible message is an evaluation result (bug 1776262)

  • Fixed Delete cookies and site data when Firefox is closed checkbox getting disabled on startup (bug 1777419)

  • Various stability fixes

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v102.1.0 esr

26. july 2022

Fixed

  • Various stability, functionality, and security fixes.

 

Quote

 

Security Vulnerabilities fixed in Firefox ESR 102.1

Announced July 26, 2022
Impact moderate
Products Firefox ESR
Fixed in
  • Firefox ESR 102.1

#CVE-2022-36319: Mouse Position spoofing with CSS transforms

Reporter Irvan Kurniawan
Impact moderate
Description

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

References

#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters

Reporter Gijs Kruitbosch
Impact moderate
Description

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

References

#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads

Reporter akucybersec
Impact moderate
Description

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
This bug only affects Firefox for Windows. Other operating systems are unaffected.*

References

#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1

Reporter Mozilla developers and community
Impact high
Description

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.12.0 esr

26. july 2022

Fixed

  • Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.12

Announced July 26, 2022
Impact moderate
Products Firefox ESR
Fixed in
  • Firefox ESR 91.12

#CVE-2022-36319: Mouse Position spoofing with CSS transforms

Reporter Irvan Kurniawan
Impact moderate
Description

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.

References

#CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters

Reporter Gijs Kruitbosch
Impact moderate
Description

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v103.0

26. july 2022

New

  • Improved responsiveness on macOS during periods of high CPU load by switching to a modern lock API.

  • Do you always forget something? Required fields are now highlighted in PDF forms.

  • Improved performance on high-refresh rate monitors (120Hz+).

  • Enjoying Picture-in-Picture subtitles feature? It just got better: you can now change subtitles font size directly from the PiP window. Additionally, PiP subtitles are now available at Funimation, Dailymotion, Tubi, Hotstar, and SonyLIV.

  • Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details.

  • Windows' "Make text bigger" accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes.

  • Rejoice! You can now conveniently access Firefox, which will now be pinned to the Windows taskbar during installation on Windows 10 and 11. (This will also allow for Firefox to be launched quicker after installing.)

Fixed

  • Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control.

  • Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux.

  • Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage.

  • Various security fixes.

Changed

  • Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported.

Web Platform

  • Your information now has increased protection from online tracking via Total Cookie Protection enabled by default. All third-party cookies are now isolated into partitioned storage.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v103.0.1

01. august 2022

New

  • Enabled hardware acceleration on newer AMD cards.

Fixed

  • Fixed a crash on Firefox shutdown caused by a bug in the audio manager.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

  • 1 month later...

ff v103.0.2

09. august 2022

Fixed

  • Fixed menu shortcuts for users of the JAWS screen reader.

  • Fixed an occasional non-overridable certificate error when accessing device configuration pages.

  • Fixed an issue with Picture-in-Picture displaying in fullscreen on macOS.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v91.13.0 esr

23. august 2022

Fixed

  • Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 91.13

Announced August 23, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 91.13

#CVE-2022-38472: Address bar spoofing via XSLT error handling

Reporter Armin Ebert
Impact high
Description

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin.

References

#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions

Reporter Armin Ebert
Impact high
Description

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).

References

#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

Reporter Mozilla developers and community
Impact high
Description

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v104.0

23. august 2022

New

  • Subtitles are now available for Disney+ in Picture-in-Picture.

  • Firefox now supports both the scroll-snap-stop property as well as re-snapping. You can use the scroll-snap-stop property's always and normal values to specify whether or not to pass the snap points, even when scrolling fast. Re-snapping tries to keep the last snap position after any content/layout changes.

  • The Firefox profiler can analyze power usage of a website (Apple M1 and Windows 11 only).

    Screenshot

  • The Firefox UI itself will now be throttled for performance and battery usage when minimized or occluded, in the same way background tabs are.

Fixed

  • Highlight color is preserved correctly after typing Enter in the mail composer of Yahoo Mail and Outlook.

  • After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited.

  • Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area.

  • Various security fixes.

Enterprise

 

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v102.2.0 esr

23. august 2022

Fixed

  • Various stability, functionality, and security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 102.2

Announced August 23, 2022
Impact high
Products Firefox ESR
Fixed in
  • Firefox ESR 102.2

#CVE-2022-38472: Address bar spoofing via XSLT error handling

Reporter Armin Ebert
Impact high
Description

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin.

References

#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions

Reporter Armin Ebert
Impact high
Description

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).

References

#CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW

Reporter Marian Laza
Impact low
Description

A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password.

References

#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2

Reporter Mozilla developers and community
Impact high
Description

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

Reporter Mozilla developers and community
Impact high
Description

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v104.0.1

30. august 2022

Fixed

  • Addresses an issue with Youtube video playback that was affecting some users.

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

ff v104.0.2

06. sept 2022

Fixed

  • Fixed a bug making it impossible to use touch or a stylus to drag the scrollbar on pages (bug 1787361).

  • Fixed an issue causing some users to crash in out-of-memory conditions (bug 1774155).

  • Fixed an issue that would sometimes affect video & audio playback when loaded via a cross-origin iframe src attribute (bug 1781759).

  • Fixed an issue that would sometimes affect video & audio playback when served with Content-Security-Policy: sandbox (bug 1781063).

Versions of CCleaner Cloud; Introduction Ccleaner Cloud;

Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free

 

Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.