New Update Firefox Stable Release

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,586
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.

Manfred Paul (@_manfp) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw (CVE-2024-29944) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed dangerous function weakness (CVE-2024-29943).

Mozilla describes the first vulnerability as a privileged JavaScript execution via event handlers that could enable an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.

The second one can let attackers access a JavaScript object out-of-bounds by exploiting range-based bounds check elimination on vulnerable systems.

"An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination," Mozilla explained.

Mozilla fixed the security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1 to block potential remote code execution attacks targeting unpatched web browsers on desktop devices.

The two security vulnerabilities were patched only one day after Manfred Paul exploited and reported them at the Pwn2Own hacking contest.

However, after the Pwn2Own competition, vendors usually take their time to release patches as they have 90 days to push fixes until Trend Micro's Zero Day Initiative publicly discloses them.
Click to expand...
www.bleepingcomputer.com

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Applause
  • Hundred Points
Reactions: vtqhtr413, Trident, Viking and 8 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,163
Firefox 124.0.2 seems to be in the pipeline...
www.mozilla.org

Firefox 124.0.2, See All New Features, Updates and Fixes

www.mozilla.org www.mozilla.org
  • Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (Bug 1884308)
  • Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (Bug 1883932)
  • Fixed a crash that affected Linux AArch64 builds.(Bug 1866396)
  • Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (Bug 1884347)
Click to expand...
 
Last edited:
  • Like
Reactions: vtqhtr413, Gandalf_The_Grey, nicolaasjan and 6 others
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,028
Just updated

1712067733223.png
 
  • Like
Reactions: silversurfer and Berny
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,163
Firefox 125 stable version is available to download manually from Mozilla FTP: Directory Listing: /pub/firefox/releases/125.0/

Probably a part of improvements:
Firefox has expanded its download protection and now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy.
Click to expand...
 
Last edited:
  • Like
  • Applause
Reactions: Andrew999, vtqhtr413, brambedkar59 and 4 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,163
Last edited:
  • Like
  • Applause
  • Thanks
Reactions: vtqhtr413, Gandalf_The_Grey, harlan4096 and 3 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Speedometer test result. I am on standard landline broadband (up to 24mbps but average between 15 - 17 over wifi)

1713283337002.png
 
  • Like
Reactions: silversurfer
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,163
Spiff said:
Did anyone find out why Firefox 125.0 was pulled and what was changed in 125.0.1?
On Kubuntu, I see Firefox snap version 125.0 is offered, not 125.0.1.
Click to expand...
Probably major bug(s) in Firefox 125.0 what forced them to release directly 125.0.1

New or improved features:
New:
  • Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers.
  • The Firefox PDF viewer now supports text highlighting. (This feature is part of a progressive roll out.)
  • Firefox View now displays pinned tabs in the Open tabs section. Tab indicators have also been added to Open tabs, so users can do things like see which tabs are playing media and quickly mute or unmute across windows. Indicators were also added for bookmarks, tabs with notifications, and more!
  • Firefox now prompts users in the US and Canada to save their addresses upon submitting an address form, allowing Firefox to autofill stored address information in the future.
  • Firefox now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy.
  • The URL Paste Suggestion feature provides a convenient way for users to quickly visit URLs copied to the clipboard in the address bar of Firefox. When the clipboard contains a URL and the URL bar is focused, an autocomplete result appears automatically. Activating the clipboard suggestion will navigate the user to the URL with 1 click.
  • Users of tab-specific Container add-ons can now search in the Address Bar for tabs that are open in different containers. Special thanks to volunteer contributor atararx for kicking off the work on this feature!
  • Firefox now provides an option to enable Web Proxy Auto-Discovery (WPAD) while configured to use system proxy settings.
Click to expand...
www.mozilla.org

Firefox 125.0.1, See All New Features, Updates and Fixes

www.mozilla.org www.mozilla.org
 
  • Like
  • +Reputation
  • Applause
Reactions: Andrew999, vtqhtr413, brambedkar59 and 4 others
Spiff

Spiff

Level 1
Jul 20, 2023
10
Spiff said:
Did anyone find out why Firefox 125.0 was pulled and what was changed in 125.0.1? Compared to 125.0, that was what I meant. I'm sorry if I wasn't clear.
Click to expand...

Brummelchen replied, at Wilders Security Forums.
Brummelchen said it was macOS related, holding back Firefox Firefox 125.0 and releasing 125.0.1.

See Brummelchen's posts at Wilders Security Forums:
https://www.wilderssecurity.com/thr...version-releases.361562/page-212#post-3191478
https://www.wilderssecurity.com/thr...version-releases.361562/page-212#post-3191481
 
  • Like
Reactions: silversurfer, Jonny Quest and Gandalf_The_Grey
nicolaasjan

nicolaasjan

Level 3
May 29, 2023
142
Firefox 125.0.2 will be released soon because of a nasty bug.

Unresolved​


  • The recently-shipped functionality more proactively blocking downloads from untrusted sources is not working as intended and causing impaired ability to download files in legitimate situations. We are working to address this ASAP via disabling the feature remotely for existing installs and will also revert the change for the upcoming Firefox 125.0.2 release.
Click to expand...
https://old.reddit.com/r/firefox/comments/1c73eir/v12501_serious_bug_in_file_not_downloaded/ https://old.reddit.com/r/firefox/comments/1c6vzew/problems_with_pdf_files_after_12501_update/
 
  • +Reputation
  • Hundred Points
  • Like
Reactions: Vasudev, HarborFront, Gandalf_The_Grey and 5 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,163
Firefox 125.0.2 is ready via auto-updater... 😉

Fixed​

  • Reverted the changes recently shipped in Firefox 125 that more proactively blocked downloads from potentially untrustworthy URLs. The changes caused unexpected problems with downloading files in some situations. We plan to fix and re-enable these protections in a future release. (Bug 1892069)
Click to expand...
www.mozilla.org

Firefox 125.0.2, See All New Features, Updates and Fixes

www.mozilla.org www.mozilla.org
 
  • Like
  • +Reputation
  • Thanks
Reactions: Andrew999, Viking, oldschool and 7 others
Jonny Quest

Jonny Quest

Level 16
Verified
Top Poster
Well-known
Mar 2, 2023
787
Vasudev said:
Gravely affected by it on Windows 10. All exe were flagged as malicious even from MSFT Edge msi downloads.
Click to expand...
No problem on my end. Two separate Windows 10 PCs, using Edge and Chrome to download. F-Secure didn't flag it, it installed on one of the PCs without a problem (was not previously installed) . Virus Total showed 1 flag by MaxSecure.
 
  • Like
Reactions: silversurfer, oldschool, brambedkar59 and 1 other person

Similar threads

silversurfer
    • Like
New Update Mozilla released a Firefox Nightly test build with vertical tabs
Replies
0
Views
279
Firefox
silversurfer
silversurfer
CyberTech
    • Like
New Update Why we’re renaming ‘Firefox accounts’ to ‘Mozilla accounts’
Replies
1
Views
502
Firefox
sartic
sartic
nicolaasjan
    • Like
    • Applause
    • +Reputation
New Update Firefox gets option to Copy Links without Tracking Parameters
Replies
5
Views
807
Firefox
nicolaasjan
nicolaasjan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top