The Firefox/Mozilla Thread

[trium]

ff v102.11.0 esr

09. may 2023

Fixed

• Various security fixes and other quality improvements.

Quote

Security Vulnerabilities fixed in Firefox ESR 102.11

Announced May 9, 2023

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 102.11

#CVE-2023-32205: Browser prompts could have been obscured by popups

Reporter Alesandro Ortiz

Impact high

Description

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks.

References

• Bug 1753339
• Bug 1753341

#CVE-2023-32206: Crash in RLBox Expat driver

Reporter Irvan Kurniawan

Impact high

Description

An out-of-bound read could have led to a crash in the RLBox Expat driver.

References

• Bug 1824892

#CVE-2023-32207: Potential permissions request bypass via clickjacking

Reporter Hafiizh

Impact high

Description

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.

References

• Bug 1826116

#CVE-2023-32211: Content process crash due to invalid wasm code

Reporter P1umer and xmzyshypnc

Impact moderate

Description

A type checking bug would have led to invalid code being compiled.

References

• Bug 1823379

#CVE-2023-32212: Potential spoof due to obscured address bar

Reporter Hafiizh

Impact moderate

Description

An attacker could have positioned a datalist element to obscure the address bar.

References

• Bug 1826622

#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()

Reporter Ronald Crane

Impact moderate

Description

When reading a file, an uninitialized value could have been used as read limit.

References

• Bug 1826666

#CVE-2023-32214: Potential DoS via exposed protocol handlers

Reporter Edward Prior

Impact low

Description

Protocol handlers ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service.
Note: This attack only affects Windows. Other operating systems are not affected.

References

• Bug 1828716

#CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

[trium]

ff v113.0.1

12. may 2023

Fixed

• Fixed incorrect colors for Windows users with installed monitor/display color profiles, particularly on wide gamut displays (bug 1832215)

• Fixed borders being visible around fullscreen windows for some configurations (bug 1830721)

• Fixed an issue which may cause users in some configurations to experience tearing when watching videos in fullscreen mode (bug 1830792)

[trium]

ff v113.0.2

23. may 2023

Fixed

• Fixed an issue which caused Picture-in-Picture windows to not be snappable on Windows 11 or on systems with the FancyZones PowerToy installed (bug 1832331)

• Fixed a video playback crash on some Windows systems with Intel graphics (bug 1831329)

• Fixed a bug which could cause Firefox to freeze on some pages when loading them with the Developer Tools Web Console open (bug 1828026)

• Fixed a bug which would cause the bookmarks and history sidebars to not properly react to the browser window being vertically resized (bug 1831535)

[trium]

ff v114.0

06. jun 2023

New

• Added UI to manage the DNS over HTTPS exception list.

• Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar.

• Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons.

• Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720.

• It is now possible to reorder the extensions listed in the extensions panel.

• Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator.

• Pocket Recommended content can now be seen in France, Italy, and Spain.

Fixed

• Various security fixes.

Changed

• DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes.

Enterprise

• You can find information about policy updates and enterprise specific bug fixes in the Firefox for Enterprise 114 Release Notes.

Developer

Developer Information

• The Copy as cURL feature, available in the Network panel, has been enhanced. It now supports the --compressed argument.

• The Accessibility Inspector has been improved to accurately recognize all the ARIA roles like banner, main, navigation, and contentinfo, etc. This enhancement is particularly beneficial for web developers working with ARIA roles to improve web accessibility.

• Firefox now provides support for the CSS Cascading Level 4 supports() syntax for @import rules. This allows for the importation of other stylesheets based on support-dependency. In addition, the Inspector panel now accurately displays the conditions at the top of the imported rule.

  

Web Platform

• DOM: Added support for ES Modules on DedicatedWorker and SharedWorker

• WebTransport is now enabled by default and will be going to release with 114. As the original Explainer notes, it enables multiple use-cases that are hard or impossible to handle without it, especially for Gaming and live streaming. It covers cases that are problematic for alternative mechanisms, such as WebSockets.

  Built on top of HTTP3 (HTTP2 support will be coming later). The current implementation in Firefox is passing 505 out of 565 Web-Platform Tests.

• CSS: The infinity and NaN constants are now supported inside the calc() function.

[trium]

ff v102.12.0 esr

06. jun 2023

Fixed

• Various security fixes and other quality improvements.

Quote

Security Vulnerabilities fixed in Firefox ESR 102.12

Announced June 6, 2023

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 102.12

#CVE-2023-34414: Click-jacking certificate exceptions through rendering lag

Reporter Irvan Kurniawan

Impact high

Description

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site.

References

• Bug 1695986

#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

Reporter Mozilla developers and community

Impact high

Description

Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

[trium]

ff v114.0.1

09. jun 2023

Fixed

• Fix a startup crash (bug 1837201).

[trium]

ff v114.0.2

20. jun 2023

Fixed

• Several crash fixes.

• Web Extensions: Fixes for 114 regressions in our Native Messaging support.

[trium]

ff v115.0

04. july 2023

In January 2023, Microsoft ended support for Windows 7 and Windows 8. As a consequence, this is the last version of Firefox that users on those operating systems will receive. Users on Windows 7 and Windows 8 will automatically be migrated to the ESR 115 version of Firefox so that they continue to receive important security updates. Visit this Firefox support article for more information.

-> support until sep 2024 with security updates

Similarly, this is the last major version of Firefox that will support Apple macOS 10.12, 10.13, and 10.14. Users on those operating systems will be migrated to the ESR 115 version of Firefox so that they continue to receive important updates. Visit this Firefox support article for more information.

 

New

• Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.

• Hardware video decoding is now enabled for Intel GPUs on Linux.

• The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.

• We've refreshed and streamlined the user interface for importing data in from other browsers.

• Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback.

Fixed

• Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible.

• Windows users on low-end/USB wifi drivers and with OS geolocation disabled can now approve geolocation on a case by case basis without causing system-wide network instability.

• Various security fixes.

Changed

• Undo and redo are now available in Password fields.

• On Linux, middle clicks on the new tab button will now open the xclipboard contents in the new tab. If the xclipboard content is a URL then that URL is opened, any other text is opened with your default search provider.

• For users with a Firefox Colorways built-in theme, the theme will be automatically migrated to the same theme hosted on addons.mozilla.org for Firefox profiles that have disabled add-ons auto-updates. This will allow users to keep their Colorways theme when they are later removed from Firefox installer files.

• Certain Firefox users may come across a message in the extensions panel indicating that their add-ons are not allowed on the site currently open. We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns.

Enterprise

• You can find information about policy updates and enterprise specific bug fixes in the Firefox for Enterprise 115 Release Notes.

Developer

Developer Information

• In web development, we rely on third-party libraries which you may not be interested in while debugging. These can be ignored. Ignoring them means that breakpoints will not get hit and they are skipped during stepping.

  You can now choose to Hide ignore-listed sources in the Developer Tools source tree (bug).

  

  Ignored sources are also skipped by JavaScript tracing feature (bug).

• We have introduced a new option, devtools.f12_enabled, that can be utilized to prevent the accidental use of the F12 key, which opens the DevTools toolbox (bug).

Web Platform

• The builtin editor now behaves similarly to other browsers with contenteditable and designMode when splitting a node, e.g. typing Enter to split a paragraph, and also when joining two nodes, e.g. typing Backspace at the start of a paragraph to join the paragraph and the previous one.

  When a node is split, the builtin editor creates a new node after the original one instead of before, i.e. creates the right node instead of the left node.

  Similarly, when two nodes are joined, the builtin editor deletes the latter node and moves its children to the end of the preceding node instead of deleting the former node and moving its child to the start of the following node.

• WebRTC application developers can now specify a target in milliseconds of media for the jitter buffer to hold. Altering the target value allows applications to control the tradeoff between playout delay and the risk of running out of audio or video frames due to network jitter.

• Change array by copy provides additional methods on Array.prototype and TypedArray.prototype to enable changes on the array by returning a new copy of it with the change.

• The animation-composition property is now supported, allowing a declarative way to define the composite operation used when multiple animations affect the same property simultaneously.

• Added the URL.canParse() function to allow easy and fast checking if URLs are valid and parseable.

• IndexedDB is now also supported in private browsing without memory limits thanks to encrypted storage on disk. The temporary keys to decrypt the information are held in RAM only and all stored information is purged at the normal end of a private browsing session from disk.

• Supports conditions are now supported in CSS import rules @import supports(...)

[trium]

ff v102.13.0 esr

04. july 2023

Fixed

• Various security fixes and other quality improvements.

Quote

Security Vulnerabilities fixed in Firefox ESR 102.13

Announced July 4, 2023

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 102.13

#CVE-2023-37201: Use-after-free in WebRTC certificate generation

Reporter Irvan Kurniawan

Impact high

Description

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.

References

• Bug 1826002

#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey

Reporter zx

Impact high

Description

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.

References

• Bug 1834711

#CVE-2023-37207: Fullscreen notification obscured

Reporter Shaheen Fazim

Impact moderate

Description

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

References

• Bug 1816287

#CVE-2023-37208: Lack of warning when opening Diagcab files

Reporter P Umar Farooq

Impact moderate

Description

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.

References

• Bug 1837675

#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

Reporter Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla Fuzzing Team,

Impact high

Description

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

[trium]

ff v115.0 esr     <-- last line for w7/8/8.1 with only security updates until sep 2024

04. july 2023

New

• • Required fields are now highlighted in PDF forms.
  • Improved performance on high-refresh rate monitors (120Hz+).
  • Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details.
  • Windows' "Make text bigger" accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes.
  • Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control.
  • Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux.
  • Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage.
  • Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported.
  • Highlight color is preserved correctly after typing Enter in the mail composer of Yahoo Mail and Outlook.
    After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited.
  • Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area.
  • Added an option to print only the current page from the print preview dialog.
  • Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled.
  • Stability on Windows is significantly improved as Firefox handles low-memory situations much better.
  • Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis.
  • Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low.
  • It is now possible to edit PDFs: including writing text, drawing, and adding signatures.
  • Setting Firefox as your default browser now also makes it the default PDF application on Windows systems if the default PDF application is another browser.
  • Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland.
  • Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot).
  • Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our “Tab Pickup” feature).
  • Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default.
  • Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use.
  • The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources.
  • Firefox now supports properly color correcting images tagged with ICCv4 profiles.
  • Support for non-English characters when saving and printing PDF forms.
  • The bookmarks toolbar's default "Only show on New Tab" state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu.
  • Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button.
  • The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users.
  • The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners.
  • Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built-in dictionary for the Firefox spellchecker.
  • On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS.
  • It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi.
  • GPU sandboxing has been enabled on Windows.
  • On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior.
  • Date, time, and datetime-local input fields can now be cleared with Cmd+Backspace and Cmd+Delete shortcut on macOS and Ctrl+Backspace and Ctrl+Delete on Windows and Linux.
  • GPU-accelerated Canvas2D is enabled by default on macOS and Linux.
  • WebGL performance improvement on Windows, MacOS and Linux.
  • Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality.
  • Windows native notifications are now enabled.
  • Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account.
  • We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc).
  • Right-clicking on password fields now shows an option to reveal the password.
  • Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel.
  • The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the security.webauth.u2f preference.
  • Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites.
  • Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries.
  • Private windows now protect users even better by blocking third-party cookies and storage of content trackers.
  • Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default.
  • Firefox 113 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with:
  • Screen readers, as well as certain other accessibility software;
  • East Asian input methods;
  • Enterprise single sign-on software; and
  • Other applications which use accessibility frameworks to access information.
  • Firefox 113 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web.
  • The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides.
  • A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line!
  • Users on macOS can now access the Services sub-menu directly from Firefox context menus.
  • On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container.
  • Firefox is now available in the Tajik (tg) language.
  • Added UI to manage the DNS over HTTPS exception list.
  • Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar.
  • Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons.
  • Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720.
  • It is now possible to reorder the extensions listed in the extensions panel.
  • Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator.
  • Pocket Recommended content can now be seen in France, Italy, and Spain.
  • DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes.
  • Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.
  • Hardware video decoding enabled for Intel GPUs on Linux.
  • The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.
  • Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible.
  • Undo and redo are now available in Password fields.

Fixed

• Various security fixes.

Developer

Developer Information

Quote

Security Vulnerabilities fixed in Firefox 115

Announced July 4, 2023

Impact high

Products Firefox

Fixed in

• Firefox 115

#CVE-2023-3482: Block all cookies bypass for localstorage

Reporter Martin Hostettler

Impact moderate

Description

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission.

References

• Bug 1839464

#CVE-2023-37201: Use-after-free in WebRTC certificate generation

Reporter Irvan Kurniawan

Impact high

Description

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.

References

• Bug 1826002

#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey

Reporter zx

Impact high

Description

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.

References

• Bug 1834711

#CVE-2023-37203: Drag and Drop API may provide access to local system files

Reporter Paul Nickerson

Impact moderate

Description

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code.

References

• Bug 291640

#CVE-2023-37204: Fullscreen notification obscured via option element

Reporter Irvan Kurniawan

Impact moderate

Description

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks.

References

• Bug 1832195

#CVE-2023-37205: URL spoofing in address bar using RTL characters

Reporter Rohan Sharma

Impact moderate

Description

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing.

References

• Bug 1704420

#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API

Reporter Ameen Basha M K

Impact moderate

Description

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website.

References

• Bug 1813299

#CVE-2023-37207: Fullscreen notification obscured

Reporter Shaheen Fazim

Impact moderate

Description

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

References

• Bug 1816287

#CVE-2023-37208: Lack of warning when opening Diagcab files

Reporter P Umar Farooq

Impact moderate

Description

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.

References

• Bug 1837675

#CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload`

Reporter Simon Descarpentries

Impact moderate

Description

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused.

References

• Bug 1837993

#CVE-2023-37210: Full-screen mode exit prevention

Reporter Hafiizh

Impact low

Description

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks.

References

• Bug 1821886

#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

Reporter Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla Fuzzing Team,

Impact high

Description

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

#CVE-2023-37212: Memory safety bugs fixed in Firefox 115

Reporter Andrew McCreight, and the Mozilla Fuzzing Team

Impact high

Description

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 115

[trium]

ff v115.0.1

07. july 2023

Fixed

• Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bug 1837242)

[trium]

ff v115.0.1 esr

07. july 2023

Fixed

• Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bug 1837242)

[trium]

ff v115.0.2

11. july 2023

Fixed

• Fixed a startup crash experienced by some Windows 10 and 11 users by blocking instances of a malicious injected DLL (bug 1841751)

• Fixed a bug with displaying a caret in the text editor on some websites (bug 1840804)

• Fixed a bug with broken audio rendering on some websites (bug 1841982)

• Fixed a bug with patternTransform translate using the wrong units (bug 1840746)

• A security fix.

• Fixed a crash affecting Windows 7 users related to the DLL blocklist.

[trium]

ff v115.0.2 esr

11. july 2023

Fixed

• Fixed a startup crash experienced by some Windows 10 and 11 users by blocking instances of a malicious injected DLL (bug 1841751)

• Fixed a bug with displaying a caret in the text editor on some websites (bug 1840804)

• Fixed a bug with broken audio rendering on some websites (bug 1841982)

• Fixed a bug with patternTransform translate using the wrong units (bug 1840746)

• A security fix.

• Fixed a crash affecting Windows 7 users related to the DLL blocklist.

Quote

Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2

Announced July 11, 2023

Impact high

Products Firefox, Firefox ESR

Fixed in

• Firefox 115.0.2
• Firefox ESR 115.0.2

#CVE-2023-3600: Use-after-free in workers

Reporter Andrew McCreight

Impact moderate

Description

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.

References

• Bug 1839703

[trium]

ff v115.0.3 esr

18. july 2023

Fixed

• Fixed a startup crash for Windows users with Qihoo 360 Antivirus software installed (bug 1843977)

 

[trium]

ff v115.0.3

27. july 2023

Fixed

• Improved migration experience for users switching to the ESR release. (bug 1845338)

[trium]

ff v116.0

01. aug 2023

New

• Sidebar switcher allows users to access Bookmarks, History and Synced Tabs panels easily, quickly switch between them, move the sidebar to another side of the browser window, or close the sidebar. Now, keyboard users would be able to do it all with ease too, with or without any assistive technology running, without needing to memorize keyboard shortcuts to access these panels.

• When an update is available in English locales, users will now have access to the release notes in the update notification prompt in the form of a "Learn More" link.

• It is now possible to copy any file from your operating system and paste it into Firefox.

• You asked, and we listened! The volume slider is now available in Picture-in-Picture.

• We added the possibility to edit existing text annotations.

Fixed

• The upload performance of HTTP/2 has been significantly improved starting with Firefox 115.0, particularly on those with a higher bandwidth delay product (i.e., networks characterized by both high bandwidth and high latency).

• Various security fixes.

Changed

• The keyboard shortcut to reopen closed tabs (command + shift + t) now reopens last closed tab or last closed window, in the order items were closed. If there aren't any tabs or windows to reopen, this command restores the previous session. This change is in anticipation of upcoming changes to recently closed tabs.

Enterprise

• You can find information about policy updates and enterprise specific bug fixes in the Firefox for Enterprise 116 Release Notes.

Developer

Developer Information

• Added support for the dirname attribute to pass text directionality information about input and textarea elements to the server. (learn more)

• Firefox now supports CSP3 external hashes.

• The Audio Output Devices API now enables sites to redirect audio from media elements to permitted output devices (speakers) other than the system default for the user-agent.
  For example, WebRTC conferencing sites can now redirect audio either to the speakers in a headset or to external speakers.

• With custom formatters, websites can now define how to display specific JavaScript objects and functions within different parts of the DevTools. This feature is disabled by default and can be enabled via the Settings panel. (Learn more)

Web Platform

• This release now supports proper BYOB readers on Fetch and WebTransport, which allows developers to prepare their ArrayBuffer so that it can be reused for read requests and thus saves memory allocation. .getReader({ mode: "byob" }) on Fetch and WebTransport streams was supported on previous releases but without true BYOB support, as new memory allocation still occurred internally.

[trium]

ff v115.1.0 esr

 

there are today no entrys from mozilla - perhaps later

[trium]

ff v102.14.0 esr

01. aug 2023

Fixed

• Various security fixes and other quality improvements.

Quote

Security Vulnerabilities fixed in Firefox ESR 102.14

Announced August 1, 2023

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 102.14

#CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions

Reporter Max Vlasov

Impact high

Description

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy.

References

• Bug 1833876

#CVE-2023-4046: Incorrect value used during WASM compilation

Reporter Alexander Guryanov

Impact high

Description

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process.

References

• Bug 1837686

#CVE-2023-4047: Potential permissions request bypass via clickjacking

Reporter Axel Chong (@Haxatron)

Impact high

Description

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.

References

• Bug 1839073

#CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions

Reporter Irvan Kurniawan

Impact high

Description

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations.

References

• Bug 1841368

#CVE-2023-4049: Fix potential race conditions when releasing platform objects

Reporter Nika Layzell

Impact high

Description

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities.

References

• Bug 1842658

#CVE-2023-4050: Stack buffer overflow in StorageManager

Reporter Mark Brand

Impact high

Description

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape.

References

• Bug 1843038

#CVE-2023-4054: Lack of warning when opening appref-ms files

Reporter P Umar Farooq

Impact moderate

Description

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
This bug only affects Firefox on Windows. Other operating systems are unaffected.

References

• Bug 1840777

#CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state

Reporter Marco Squarcina

Impact low

Description

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing.

References

• Bug 1782561

#CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

Reporter Dianna Smith, Ryan VanderMeulen, Timothy Nikkel, and the Mozilla Fuzzing Team

Impact high

Description

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

Special Notes

There is one more planned release of Firefox 102 ESR, and then it will go out of support on September 26, 2023. Users will then be automatically upgraded to the Firefox 115 ESR.

If you need to prevent upgrades for any reason, you can use the new AppUpdatePin policy.

 

[trium]

On 02/08/2023 at 21:45, trium said:

ff v115.1.0 esr

 

there are today no entrys from mozilla - perhaps later

hello mods -> i cant edit my post above... can one of you insert this new with the belated infos into there and overwrite the old entry? thanks

 

ff v115.1.0 esr

01. aug 2023

Fixed

• Various security fixes.

Quote

Security Vulnerabilities fixed in Firefox ESR 115.1

Announced August 1, 2023

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 115.1

#CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions

Reporter Max Vlasov

Impact high

Description

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy.

References

• Bug 1833876

#CVE-2023-4046: Incorrect value used during WASM compilation

Reporter Alexander Guryanov

Impact high

Description

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process.

References

• Bug 1837686

#CVE-2023-4047: Potential permissions request bypass via clickjacking

Reporter Axel Chong (@Haxatron)

Impact high

Description

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.

References

• Bug 1839073

#CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions

Reporter Irvan Kurniawan

Impact high

Description

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations.

References

• Bug 1841368

#CVE-2023-4049: Fix potential race conditions when releasing platform objects

Reporter Nika Layzell

Impact high

Description

Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities.

References

• Bug 1842658

#CVE-2023-4050: Stack buffer overflow in StorageManager

Reporter Mark Brand

Impact high

Description

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape.

References

• Bug 1843038

#CVE-2023-4052: File deletion and privilege escalation through Firefox uninstaller

Reporter ycdxsb

Impact moderate

Description

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user.
This bug only affects Firefox on Windows. Other operating systems are unaffected.

References

• Bug 1824420

#CVE-2023-4054: Lack of warning when opening appref-ms files

Reporter P Umar Farooq

Impact moderate

Description

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
This bug only affects Firefox on Windows. Other operating systems are unaffected.

References

• Bug 1840777

#CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state

Reporter Marco Squarcina

Impact low

Description

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing.

References

• Bug 1782561

#CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

Reporter Dianna Smith, Ryan VanderMeulen, Timothy Nikkel, and the Mozilla Fuzzing Team

Impact high

Description

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

#CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

Reporter The Mozilla Fuzzing Team

Impact high

Description

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

[trium]

ff v116.0.1

04. aug 2023

Fixed

• Fixed an issue which caused chart elements to render incorrectly for Windows users. (bug 1846613)

[trium]

ff v116.0.2

07. aug 2023

Fixed

• Fixed an issue that was causing keystrokes to be scrambled for users using ZoneAlarm anti-keylogger. (bug 1847033)

[trium]

ff v116.0.3

16. aug 2023

Fixed

• Fixed an issue for OPFS users (especially those using the Adobe Photoshop) that broke access to files that were locally cached in a previous version. (bug 1847989, bug 1847619)

• Fixed an issue that was breaking screensharing for some users on Wayland. (bug 1841851)

• Fixed an issue where a fullscreen notification was persistently being shown to a user, even after disabling it. (bug 1847901)

• Fixed an issue where Firefox would hang when doing a Google search. (bug 1847066)

Unresolved

• A few photoshop users might still encounter issues loading old files which is expected to be resolved in bug 1848916.

[trium]

ff v117.0

29. aug 2023

New

• Support for credit card autofill has been extended to users running Firefox in the IT, ES, AT, BE, and PL locales.

• macOS users can now control the tabability of controls and links via about:preferences.
  

• To avoid undesirable outcomes on sites which specify their own behavior when pressing shift+right-click, Firefox now has a dom.event.contextmenu.shift_suppresses_event preference to prevent the context menu from appearing.

Fixed

• YouTube video lists now scroll correctly when navigating with a screen reader.

• Various security fixes.

Changed

• Firefox no longer shows its own screen sharing indicator on Wayland desktop environments. The system default sharing indicator will be used instead.

Enterprise

• You can find information about policy updates and enterprise specific bug fixes in the Firefox for Enterprise 117 Release Notes.

Developer

Developer Information

• Web compatibility inspection has been enhanced with our new CSS compatibility tooltip in the Developer Tools Inspector. An icon is now displayed next to properties that could lead to web compatibility issues. When hovered, the tooltip indicates which browsers are not supported and displays a link to the MDN page for the property so the user can learn more about it.
  

• console.clear() no longer clears the Console output if the "Enable persistent logs" option is enabled.

Web Platform

• Support for improved CSS nesting is now enabled by default.

• Firefox now supports RTCRtpScriptTransform.

• ReadableStream.from is now supported, allowing creation of a ReadableStream from an (async) iterable.

• Firefox now supports the math-style and math-depth CSS properties and the font-size: math value.

[trium]

ff v102.15.0 esr

29. aug 2023

Fixed

• Various security fixes and other quality improvements.

Quote

Security Vulnerabilities fixed in Firefox ESR 115.2

Announced August 29, 2023

Impact high

Products Firefox ESR

Fixed in

• Firefox ESR 115.2

#CVE-2023-4573: Memory corruption in IPC CanvasTranslator

Reporter sonakkbi

Impact high

Description

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.

References

• Bug 1846687

#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback

Reporter sonakkbi

Impact high

Description

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.

References

• Bug 1846688

#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback

Reporter sonakkbi

Impact high

Description

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.

References

• Bug 1846689

#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation

Reporter fffvr

Impact high

Description

On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.
This bug only affects Firefox on Windows. Other operating systems are unaffected.

References

• Bug 1846694

#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics

Reporter Lukas Bernhard

Impact high

Description

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.

References

• Bug 1847397

#CVE-2023-4051: Full screen notification obscured by file open dialog

Reporter Hafiizh

Impact moderate

Description

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.

References

• Bug 1821884

#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

Reporter Irvan Kurniawan (@sourc7)

Impact moderate

Description

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error.

References

• Bug 1839007

#CVE-2023-4053: Full screen notification obscured by external program

Reporter Umar Farooq

Impact moderate

Description

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

References

• Bug 1839079

#CVE-2023-4580: Push notifications saved to disk unencrypted

Reporter Harveer Singh

Impact moderate

Description

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.

References

• Bug 1843046

#CVE-2023-4581: XLL file extensions were downloadable without warnings

Reporter Umar Farooq (@Puf)

Impact moderate

Description

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.

References

• Bug 1843758

#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv

Reporter Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.

Impact low

Description

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
This bug only affects Firefox on macOS. Other operating systems are unaffected.

References

• Bug 1773874

#CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window

Reporter Thejaka Maldeniya

Impact low

Description

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.

References

• Bug 1842030

#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2

Reporter Randell Jesup, Andrew McCreight, the Mozilla Fuzzing Team

Impact high

Description

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2

#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

ReporterDonal Meehan, Sebastian Hengst, and the Mozilla Fuzzing Team

Impact high

Description

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

• Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2