New Update Firefox Stable Release

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,685
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.

Manfred Paul (@_manfp) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw (CVE-2024-29944) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed dangerous function weakness (CVE-2024-29943).

Mozilla describes the first vulnerability as a privileged JavaScript execution via event handlers that could enable an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.

The second one can let attackers access a JavaScript object out-of-bounds by exploiting range-based bounds check elimination on vulnerable systems.

"An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination," Mozilla explained.

Mozilla fixed the security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1 to block potential remote code execution attacks targeting unpatched web browsers on desktop devices.

The two security vulnerabilities were patched only one day after Manfred Paul exploited and reported them at the Pwn2Own hacking contest.

However, after the Pwn2Own competition, vendors usually take their time to release patches as they have 90 days to push fixes until Trend Micro's Zero Day Initiative publicly discloses them.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
Firefox 124.0.2 seems to be in the pipeline...
  • Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (Bug 1884308)
  • Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (Bug 1883932)
  • Fixed a crash that affected Linux AArch64 builds.(Bug 1866396)
  • Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (Bug 1884347)
 
Last edited:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,039
Just updated

1712067733223.png
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
Firefox 125 stable version is available to download manually from Mozilla FTP: Directory Listing: /pub/firefox/releases/125.0/

Probably a part of improvements:
Firefox has expanded its download protection and now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy.
 
Last edited:

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
Last edited:

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,027
Speedometer test result. I am on standard landline broadband (up to 24mbps but average between 15 - 17 over wifi)

1713283337002.png
 
  • Like
Reactions: silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
Did anyone find out why Firefox 125.0 was pulled and what was changed in 125.0.1?
On Kubuntu, I see Firefox snap version 125.0 is offered, not 125.0.1.
Probably major bug(s) in Firefox 125.0 what forced them to release directly 125.0.1

New or improved features:
New:
  • Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers.
  • The Firefox PDF viewer now supports text highlighting. (This feature is part of a progressive roll out.)
  • Firefox View now displays pinned tabs in the Open tabs section. Tab indicators have also been added to Open tabs, so users can do things like see which tabs are playing media and quickly mute or unmute across windows. Indicators were also added for bookmarks, tabs with notifications, and more!
  • Firefox now prompts users in the US and Canada to save their addresses upon submitting an address form, allowing Firefox to autofill stored address information in the future.
  • Firefox now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy.
  • The URL Paste Suggestion feature provides a convenient way for users to quickly visit URLs copied to the clipboard in the address bar of Firefox. When the clipboard contains a URL and the URL bar is focused, an autocomplete result appears automatically. Activating the clipboard suggestion will navigate the user to the URL with 1 click.
  • Users of tab-specific Container add-ons can now search in the Address Bar for tabs that are open in different containers. Special thanks to volunteer contributor atararx for kicking off the work on this feature!
  • Firefox now provides an option to enable Web Proxy Auto-Discovery (WPAD) while configured to use system proxy settings.
 

Spiff

Level 1
Jul 20, 2023
11
Did anyone find out why Firefox 125.0 was pulled and what was changed in 125.0.1? Compared to 125.0, that was what I meant. I'm sorry if I wasn't clear.

Brummelchen replied, at Wilders Security Forums.
Brummelchen said it was macOS related, holding back Firefox Firefox 125.0 and releasing 125.0.1.

See Brummelchen's posts at Wilders Security Forums:
https://www.wilderssecurity.com/thr...version-releases.361562/page-212#post-3191478
https://www.wilderssecurity.com/thr...version-releases.361562/page-212#post-3191481
 

nicolaasjan

Level 4
May 29, 2023
161
Firefox 125.0.2 will be released soon because of a nasty bug.

Unresolved​


  • The recently-shipped functionality more proactively blocking downloads from untrusted sources is not working as intended and causing impaired ability to download files in legitimate situations. We are working to address this ASAP via disabling the feature remotely for existing installs and will also revert the change for the upcoming Firefox 125.0.2 release.
https://old.reddit.com/r/firefox/comments/1c73eir/v12501_serious_bug_in_file_not_downloaded/ https://old.reddit.com/r/firefox/comments/1c6vzew/problems_with_pdf_files_after_12501_update/
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
Firefox 125.0.2 is ready via auto-updater... 😉

Fixed​

  • Reverted the changes recently shipped in Firefox 125 that more proactively blocked downloads from potentially untrustworthy URLs. The changes caused unexpected problems with downloading files in some situations. We plan to fix and re-enable these protections in a future release. (Bug 1892069)
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
799
Gravely affected by it on Windows 10. All exe were flagged as malicious even from MSFT Edge msi downloads.
No problem on my end. Two separate Windows 10 PCs, using Edge and Chrome to download. F-Secure didn't flag it, it installed on one of the PCs without a problem (was not previously installed) . Virus Total showed 1 flag by MaxSecure.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top