New Update Firefox Stable Release

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902

nicolaasjan

Level 5
Verified
Well-known
May 29, 2023
207
Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, and Firefox Focus for Android 118.1.0.

#CVE-2023-5217: Heap buffer overflow in libvpx

Reporter
Clément Lecigne of Google's Threat Analysis Group
Impact
critical

Description​

Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

References​


Oops...
Ninja'd by @silversurfer
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902

Firefox 118 boosts security with Encrypted Client Hello support​

Firefox 118 Stable is also supporting Encrypted Client Hello, which many may see as even more important. The main purpose of the security feature is to protect data from network spies. A spy can be the Internet Service Provider or anyone listening in on the traffic in the network.

Here is an example to better illustrate the feature. A regular connection to a website uses HTTPS usually. This means that traffic data is encrypted and therefore protected against traffic monitoring. The address of the website, say ghacks.net, is not encrypted, however. This means that it will leak when someone monitors traffic. Encrypted Client Hello resolves this by encrypting the address of the site as well, so that the visited sites are no longer revealed.

Encrypted Client Hello relies on the Domain Name System, and here in particular on DNS over HTTPS. DNS over HTTPS encrypts domain lookups and is used to fetch a key from the web server that Encrypted Client Hello uses to encrypt all traffic to the server and site in question.

Firefox users need to make sure that DNS over HTTPS is used in the browser to utilize Encrypted Client Hello. This is done in the following way:
  1. Load about: preferences#privacy in the Firefox address bar to open the Privacy and Security settings.
  2. Scroll all the way down to the DNS over HTTPS section on the page.
  3. Firefox controls DNS over HTTPS by default. You may want to switch to Increased or Max Protection instead, as it ensures that the feature is used all the time. The difference between Increased and Max protection is that Increased includes a fallback to regular DNS whereas Max protection will not load sites if secure DNS is not available.
  4. Select one of the available providers or add a custom provider to Firefox so that it is used.
With DNS over HTTPS enabled, Firefox will use Encrypted Client Hello automatically, provided that the web server of the site supports it. Users who want to know for sure can check out these two test sites to find out.

Mozilla announced support for Encrypted Client Hello on the official blog. A support page on the Mozilla website provides additional information and resource links.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
Firefox 118.0.2 seems to be in the pipeline...
 
Last edited:
F

ForgottenSeer 97327

Also in flatpak on Linux
1696956890962.png
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
Mozilla is testing a new built-in “Review Checker” feature for its Firefox browser that rates how reliable a product’s customer reviews are. The experimental feature was initially spotted by MSPowerUser, and Firefox’s senior director of product management Byron Jourdan confirmed that the company is testing the functionality “with a limited audience in the United States,” in a statement given to The Verge.


Firefox 119 introduces review checker, a powerful feature that enables you to know whether reviews are reliable when you shop online with Amazon.com, BestBuy.com, and Walmart.com. In this article, we'll provide you with information about this feature and how to use it.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
Firefox 119 official release tomorrow, but already available for downloading manually: Directory Listing: /pub/firefox/releases/119.0/
No information yet on release notes:

Most interesting improved features:
  • As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual.
  • The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting.
  • Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled.
 
Last edited:
F

ForgottenSeer 97327

Seems Firefox updates faster in Linux Flatpak's than Chrome. I am only using them recently in Flatpak containers. Is this (short period) perception shared by other Linux flatpak users (although I realize that not many Linux users have Chrome installed).
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
Firefox stable release 119.0.1 coming soon:
Version 119.0.1, first offered to Release channel users on November 7, 2023
  • Fixed a bug causing colors in the <select> HTML element to not be applied to dropdown menu arrows. (bug 1861253)
  • Fixed a bug with the <input> HTML element state not changing when dynamically updating the disabled attribute on an ancestor <fieldset>. (bug 1861027)
  • Fixed a bug causing elements with the indeterminate CSS selector in a radio group to not update. (bug 1861346)
 
Last edited:

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Later today, Mozilla plans to release Firefox 120. The new stable version of the web browser includes a large number of privacy improvements and some other changes.

The release date is November 21, 2023. All Firefox versions -- Stable, ESR and Development -- will be updated around the same time.

Firefox 120.0 Stable and Firefox ESR 115.5 are the main new releases. Firefox Beta and Dev move to version 121 and Firefox Nightly to 122. The Android version follows the Stable version and will also reach version 120.

Executive Summary
  • Firefox 120 includes a large number of privacy improvements.
  • There will be another Stable release in December to Firefox 121. This is the last major release of 2023.

Firefox 120.0 major changes:​

 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902

New​

  • Firefox supports a new “Copy Link Without Site Tracking” feature in the context menu which ensures that copied links no longer contain tracking information.
  • Firefox now supports a setting (in Preferences → Privacy & Security) to enable Global Privacy Control. With this opt-in feature, Firefox informs the websites that the user doesn’t want their data to be shared or sold.
  • Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy.
  • Firefox has enabled Cookie Banner Blocker by default in private windows for all users in Germany. Firefox will now auto-refuse cookies and dismiss annoying cookie banners for supported sites.
  • Firefox has enabled URL Tracking Protection by default in private windows for all users in Germany. Firefox will remove non-essential URL query parameters that are often used to track users across the web.
  • Firefox now imports TLS trust anchors (e.g., certificates) from the operating system root store. This will be enabled by default on Windows, macOS, and Android, and if needed, can be turned off in settings (Preferences → Privacy & Security → Certificates).
  • Keyboard shortcuts have now been added for editing and deleting a selected credential on about:logins. For editing - Alt + enter (Option + return on macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).
  • Users on Ubuntu Linux now have the ability to import from Chromium when both are installed as Snap packages.
  • Picture-in-Picture now supports corner snapping on Windows and Linux - just hold Ctrl as you move the PiP window.

Fixed​

 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
Firefox 120.0.1 Stable Release
Version 120.0.1, first offered to Release channel users on November 30, 2023
  • Fixed a bug that was causing persistent startup slowdowns. (bug 1867095)
  • Fixed an issue that was causing 100% CPU usage on sites such as Google Maps. (bug 1866409)
  • Fixed an issue that was causing YouTube videos to show a green screen when hardware acceleration was enabled. (bug 1865928)
  • Fixed an issue where the status bar was still visible when viewing fullscreen video. (bug 1853896)
  • Fixed a startup crash affecting Linux users on some aarch64 systems with page sizes other than 4KB. (bug 1866025)
 
Last edited:

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
Firefox 121.0 stable version is ready to download manually: Directory Listing: /pub/firefox/releases/121.0/
Official release coming tomorrow as usual automatically via Firefox built-in update feature...

New​

  • Firefox now prompts Windows users to install the Microsoft AV1 Video Extension to enable hardware decoding support for the AV1 video codec from about:support if not already installed.
  • Firefox now supports Voice Control commands on macOS systems.
  • On Linux, Firefox now defaults to the Wayland compositor when available instead of XWayland. This brings support for touchpad & touchscreen gestures, swipe-to-nav, per-monitor DPI settings, better graphics performance, and more.
    Note that due to Wayland protocol limitations, Picture-in-Picture windows require an extra user interaction (generally right-click on the window) or a shell / desktop-environment tweak. See bug 1621261 for related discussion and tracking, this post for a KDE configuration, and this extension for GNOME.
  • Firefox can now force links to always be underlined. This option can be enabled in the Browsing section of the Firefox Settings menu.
  • The PDF viewer now includes a floating button to simplify deleting drawings, text, and images added in PDFs.

 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top