New Update Firefox Stable Release

[silversurfer]

Couldn't wait, so got it from here :
Directory Listing: /pub/firefox/releases/118.0.1/

Well done, this time is more important update as security fix CVE-2023-5217 same vulnerability as for new version of Chrome and all Chromium-based browsers...

Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1.

www.mozilla.org

 

[nicolaasjan]

Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, and Firefox Focus for Android 118.1.0.

#CVE-2023-5217: Heap buffer overflow in libvpx​

Reporter
Clément Lecigne of Google's Threat Analysis Group
Impact
critical

Description​

Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

References​

• Bug https://www.cve.org/CVERecord?id=CVE-2023-5217
• Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1855550
• Bug https://bugs.chromium.org/p/chromium/issues/detail?id=1486441

Oops...
Ninja'd by @silversurfer

 

[silversurfer]

Firefox 118 boosts security with Encrypted Client Hello support​

Firefox 118 Stable is also supporting Encrypted Client Hello, which many may see as even more important. The main purpose of the security feature is to protect data from network spies. A spy can be the Internet Service Provider or anyone listening in on the traffic in the network.

Here is an example to better illustrate the feature. A regular connection to a website uses HTTPS usually. This means that traffic data is encrypted and therefore protected against traffic monitoring. The address of the website, say ghacks.net, is not encrypted, however. This means that it will leak when someone monitors traffic. Encrypted Client Hello resolves this by encrypting the address of the site as well, so that the visited sites are no longer revealed.

Encrypted Client Hello relies on the Domain Name System, and here in particular on DNS over HTTPS. DNS over HTTPS encrypts domain lookups and is used to fetch a key from the web server that Encrypted Client Hello uses to encrypt all traffic to the server and site in question.

Firefox users need to make sure that DNS over HTTPS is used in the browser to utilize Encrypted Client Hello. This is done in the following way:

1. Load about: preferences#privacy in the Firefox address bar to open the Privacy and Security settings.
2. Scroll all the way down to the DNS over HTTPS section on the page.
3. Firefox controls DNS over HTTPS by default. You may want to switch to Increased or Max Protection instead, as it ensures that the feature is used all the time. The difference between Increased and Max protection is that Increased includes a fallback to regular DNS whereas Max protection will not load sites if secure DNS is not available.
4. Select one of the available providers or add a custom provider to Firefox so that it is used.

With DNS over HTTPS enabled, Firefox will use Encrypted Client Hello automatically, provided that the web server of the site supports it. Users who want to know for sure can check out these two test sites to find out.

Mozilla announced support for Encrypted Client Hello on the official blog. A support page on the Mozilla website provides additional information and resource links.

Firefox 118 boosts security with Encrypted Client Hello support - gHacks Tech News

Mozilla has implemented Encrypted Client Hello support in Firefox 118 Stable, which improves privacy significantly.

www.ghacks.net

 

[silversurfer]

Firefox 118.0.2 seems to be in the pipeline...

Firefox 118.0.2, See All New Features, Updates and Fixes

www.mozilla.org

• Fixed games not loading on betsoft.com (bug 1856145)
• Fixed printing issues for some SVG images (bug 1853727)
• Fixed CORS XHR with authentication no longer working (bug 1855650)
• Fixed h264 WebRTC video not working in some contexts (bug 1855636)
• Fixed Firefox Translations not working on some pages (bugs 1841656 - 1855307)
• Stability fixes (bugs 1851991 - 1799326 - 1856637)

 

[ForgottenSeer 97327]

Also in flatpak on Linux

 

[silversurfer]

Mozilla is testing a new built-in “Review Checker” feature for its Firefox browser that rates how reliable a product’s customer reviews are. The experimental feature was initially spotted by MSPowerUser, and Firefox’s senior director of product management Byron Jourdan confirmed that the company is testing the functionality “with a limited audience in the United States,” in a statement given to The Verge.

Firefox tests a built-in checker for fake reviews

Based on technology from Fakespot.

www.theverge.com

---

Firefox 119 introduces review checker, a powerful feature that enables you to know whether reviews are reliable when you shop online with Amazon.com, BestBuy.com, and Walmart.com. In this article, we'll provide you with information about this feature and how to use it.

Firefox Review Checker - Ensure review authenticity in your online shopping | Firefox Help

See how reliable product reviews are when you shop online using Review Checker in Firefox.

support.mozilla.org

 

[silversurfer]

Firefox 119 official release tomorrow, but already available for downloading manually: Directory Listing: /pub/firefox/releases/119.0/
No information yet on release notes:

Firefox 119.0, See All New Features, Updates and Fixes

www.mozilla.org

Most interesting improved features:

• As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual.
• The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting.
• Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled.

 

[nicolaasjan]

 

[Moonhorse]

Since we dont have beta thread going on i post this here

On newest beta 120 there is cookie banner blocker wich is kinda handy

 

[silversurfer]

Since we dont have beta thread going on i post this here

On newest beta 120 there is cookie banner blocker wich is kinda handy
View attachment 279357

Does this new feature work only in Private Browsing Mode?

 

[Moonhorse]

Does this new feature work only in Private Browsing Mode?

I guess, i use ''always run in private mode''

Its so far pretty effective , when you go to google you usually get cookie pop up, with firefox you wont get it, also theres many sites i have not seen cookie notices anymore

 

[ForgottenSeer 97327]

Seems Firefox updates faster in Linux Flatpak's than Chrome. I am only using them recently in Flatpak containers. Is this (short period) perception shared by other Linux flatpak users (although I realize that not many Linux users have Chrome installed).

 

[silversurfer]

Firefox stable release 119.0.1 coming soon:

Firefox 119.0.1, See All New Features, Updates and Fixes

www.mozilla.org

Version 119.0.1, first offered to Release channel users on November 7, 2023

• Fixed a bug causing colors in the <select> HTML element to not be applied to dropdown menu arrows. (bug 1861253)
• Fixed a bug with the <input> HTML element state not changing when dynamically updating the disabled attribute on an ancestor <fieldset>. (bug 1861027)
• Fixed a bug causing elements with the indeterminate CSS selector in a radio group to not update. (bug 1861346)

 

[CyberTech]

Later today, Mozilla plans to release Firefox 120. The new stable version of the web browser includes a large number of privacy improvements and some other changes.

The release date is November 21, 2023. All Firefox versions -- Stable, ESR and Development -- will be updated around the same time.

Firefox 120.0 Stable and Firefox ESR 115.5 are the main new releases. Firefox Beta and Dev move to version 121 and Firefox Nightly to 122. The Android version follows the Stable version and will also reach version 120.

Executive Summary

• Firefox 120 includes a large number of privacy improvements.
• There will be another Stable release in December to Firefox 121. This is the last major release of 2023.
  

Firefox 120.0 major changes:​

Firefox 120 ships today with massive privacy improvements - gHacks Tech News

Firefox 120 Stable includes a large number of privacy improvements designed to better protect the privacy of users of the browser.

www.ghacks.net

 

[silversurfer]

Firefox 120.0, See All New Features, Updates and Fixes

www.mozilla.org

New​

• Firefox supports a new “Copy Link Without Site Tracking” feature in the context menu which ensures that copied links no longer contain tracking information.
• Firefox now supports a setting (in Preferences → Privacy & Security) to enable Global Privacy Control. With this opt-in feature, Firefox informs the websites that the user doesn’t want their data to be shared or sold.
• Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy.
• Firefox has enabled Cookie Banner Blocker by default in private windows for all users in Germany. Firefox will now auto-refuse cookies and dismiss annoying cookie banners for supported sites.
• Firefox has enabled URL Tracking Protection by default in private windows for all users in Germany. Firefox will remove non-essential URL query parameters that are often used to track users across the web.
• Firefox now imports TLS trust anchors (e.g., certificates) from the operating system root store. This will be enabled by default on Windows, macOS, and Android, and if needed, can be turned off in settings (Preferences → Privacy & Security → Certificates).
• Keyboard shortcuts have now been added for editing and deleting a selected credential on about:logins. For editing - Alt + enter (Option + return on macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).
• Users on Ubuntu Linux now have the ability to import from Chromium when both are installed as Snap packages.
• Picture-in-Picture now supports corner snapping on Windows and Linux - just hold Ctrl as you move the PiP window.

Fixed​

• Various security fixes.

 

[HarborFront]

Just updated

 

[silversurfer]

Firefox 120.0.1 Stable Release

Firefox 120.0.1, See All New Features, Updates and Fixes

www.mozilla.org

Version 120.0.1, first offered to Release channel users on November 30, 2023

• Fixed a bug that was causing persistent startup slowdowns. (bug 1867095)
• Fixed an issue that was causing 100% CPU usage on sites such as Google Maps. (bug 1866409)
• Fixed an issue that was causing YouTube videos to show a green screen when hardware acceleration was enabled. (bug 1865928)
• Fixed an issue where the status bar was still visible when viewing fullscreen video. (bug 1853896)
• Fixed a startup crash affecting Linux users on some aarch64 systems with page sizes other than 4KB. (bug 1866025)

 

[HarborFront]

 

[silversurfer]

Firefox 121.0 stable version is ready to download manually: Directory Listing: /pub/firefox/releases/121.0/
Official release coming tomorrow as usual automatically via Firefox built-in update feature...

Firefox 121.0, See All New Features, Updates and Fixes

www.mozilla.org

New​

• Firefox now prompts Windows users to install the Microsoft AV1 Video Extension to enable hardware decoding support for the AV1 video codec from about:support if not already installed.
• Firefox now supports Voice Control commands on macOS systems.
• On Linux, Firefox now defaults to the Wayland compositor when available instead of XWayland. This brings support for touchpad & touchscreen gestures, swipe-to-nav, per-monitor DPI settings, better graphics performance, and more.
  Note that due to Wayland protocol limitations, Picture-in-Picture windows require an extra user interaction (generally right-click on the window) or a shell / desktop-environment tweak. See bug 1621261 for related discussion and tracking, this post for a KDE configuration, and this extension for GNOME.
• Firefox can now force links to always be underlined. This option can be enabled in the Browsing section of the Firefox Settings menu.
• The PDF viewer now includes a floating button to simplify deleting drawings, text, and images added in PDFs.

---

• Various security fixes.

 

[HarborFront]

Just updated