Mozilla Firefox has rolled out version 120, addressing a total of 10 vulnerabilities, including six categorized as 'High Severity,' along with two moderate and low severity issues.
Key Highlights of Changes to Firefox 120
- The update introduces a Global Privacy Control setting.
- Users now have the option to import data from Chromium Snap.
- A new feature allows users to copy links without including site tracking information.
- The Picture-in-Picture mode on Windows and Linux now supports corner snapping.
- The release includes the addition of a new feature in the Developer Tools.
- TLS trust anchors can now be imported.
- Improvements have been made in private windows and the ETP-Strict privacy configuration.
High Severity Flaws Addressed
There were several high-severity issues that were reported upon testing and are now fixed. They are:
CVE-2023-6204
This vulnerability allowed for an out-of-bounds read and memory data leakage into images created on the canvas element. Reported by JSec of Hayyim Security.
CVE-2023-6205
The bug permitted the use of a MessagePort after it had been freed, potentially leading to an exploitable crash. Reported by Yangkang of the 360 ATA Team.
CVE-2023-6206
This issue involved a black fade animation during exit from fullscreen, potentially leading to clickjacking. Reported by Hafiizh.
CVE-2023-6207
A Use-after-free in ReadableByteStreamQueueEntry::Buffer was fixed. Reported by Yangkang of the 360 ATA Team.
CVE-2023-6212
A memory safety bug was fixed in Firefox 120, ESR 115.5, and Thunderbird 115.5.
CVE-2023-6213
Firefox 120 has addressed memory safety issues, which is the flaw identified as CVE-2023-6213. Developers for Mozilla reported both of the bugs with high severity.
In addition, memory safety issues were addressed, and developers at Mozilla reported evidence of memory corruption. There's a presumption that with sufficient effort, some of these could have been exploited to run arbitrary code.
Moderate and Low Severity Issues
Moderate Severity Issues that were addressed include:
CVE-2023-6208
Using the Selection API would copy contents into X11 primary selection.
CVE-2023-6209
Incorrect parsing of relative URLs starting with.
Low Severity Issues Addressed
CVE-2023-6210
Mixed-content resources are no longer unblocked in a javascript: pop-up.
CVE-2023-6211
Clickjacking to load insecure pages in HTTPS-only mode.
For those interested, Firefox 120 is available for download on the Mozilla website, compatible with Windows, macOS, and Linux.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.webp)
.jpg)
.jpg)
.jpg)
.png)
-1.jpg)
.jpg)
.png)
 Wi-Fi you need to know.jpg)
