Root Admin AdvancedSetup Posted November 2, 2022 Author Root Admin ID:1540359 Share Posted November 2, 2022 For now we'll continue as is. Thank you for the feedback everyone 1 1 Link to post
Root Admin AdvancedSetup Posted November 3, 2022 Author Root Admin ID:1540481 Share Posted November 3, 2022 Version 106.0.4, first offered to Release channel users on November 3, 2022https://www.mozilla.org/en-US/firefox/106.0.4/releasenotes/ 3 Link to post
Root Admin AdvancedSetup Posted November 4, 2022 Author Root Admin ID:1540667 Share Posted November 4, 2022 Version 106.0.5, first offered to Release channel users on November 4, 2022https://www.mozilla.org/en-US/firefox/106.0.5/releasenotes/ 2 Link to post
1PW Posted November 15, 2022 ID:1541913 Share Posted November 15, 2022 Version 107.0, first offered to Release channel users on November 15, 2022 https://www.mozilla.org/en-US/firefox/107.0/releasenotes/ 2 Link to post
Root Admin AdvancedSetup Posted November 16, 2022 Author Root Admin ID:1541974 Share Posted November 16, 2022 Security Fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/ 8 High 9 Medium 2 Low 2 Link to post
1PW Posted November 29, 2022 ID:1543712 Share Posted November 29, 2022 Version 107.0.1, first offered to Release channel users on November 29, 2022 https://www.mozilla.org/firefox/107.0.1/releasenotes/ 5 fixes. 3 Link to post
1PW Posted December 13, 2022 ID:1545401 Share Posted December 13, 2022 (edited) Version 108.0, first offered to the Release channel users on December 13, 2022. Release Notes | Security Vulnerabilities Fixed Edited December 13, 2022 by 1PW 2 1 Link to post
Root Admin AdvancedSetup Posted December 14, 2022 Author Root Admin ID:1545580 Share Posted December 14, 2022 Thanks @1PW Security Fixes 5 High | 3 Moderate | 1 Low Link to post
sten2 Posted December 16, 2022 ID:1545893 Share Posted December 16, 2022 (edited) Version 108.0.1 released December 16 2022 https://www.mozilla.org/en-US/firefox/108.0.1/releasenotes/ Fixed Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location. Edited December 16, 2022 by sten2 2 1 Link to post
1PW Posted January 5, 2023 ID:1548170 Share Posted January 5, 2023 Version 108.0.2, first offered to Release channel users on January 5, 2023 https://www.mozilla.org/firefox/108.0.2/releasenotes/ 2 fixes & 1 change. Fixed Fixes a crash for some users on Mac OS X 10.12-10.14 during video playback (bug 1806391). Fixes a crash that might occur when managing browser history (bug 1806408). Changed The “Tabs sharing devices” menu item for WebRTC is now located in the tools menu on macOS only (bug 1807697). 3 Link to post
1PW Posted January 17, 2023 ID:1550066 Share Posted January 17, 2023 Version 109.0, first offered to Release channel users on January 17, 2023. https://www.mozilla.org/firefox/109.0/releasenotes/ New Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built-in dictionary for the Firefox spellchecker. Fixed Various security fixes. Changed Effective on January 16, Colorways will no longer be in Firefox. Users will still be able to access saved and active Colorways from the Add-ons and themes menu option. On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. The Recently Closed section of Firefox View now equips users with the ability to manually close/remove URL links from the list. The empty state messages and graphic components surfaced in Firefox View for the Tab Pickup and Recently Closed sections have been updated for an improved user experience. Security Vulnerabilities fixed in Firefox 109 10 fixes: 4 high, 4 moderate and 2 low. Mozilla Foundation Security Advisory 2023-01 Security Vulnerabilities fixed in Firefox 109 Announced January 17, 2023 Impact high Products Firefox Fixed in Firefox 109 #CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files Reporter Niklas Baumstark Impact high Description A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. References Bug 1538028 #CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux Reporter Tom Schuster Impact high Description Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. References Bug 1800425 #CVE-2023-23599: Malicious command could be hidden in devtools output on Windows Reporter Vadim Impact moderate Description When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. References Bug 1777800 #CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android Reporter Kazuki Nomoto of Waseda University Impact moderate Description Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.This bug only affects Firefox for Android. Other operating systems are unaffected. References Bug 1787034 #CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation Reporter Luan Herrera Impact moderate Description Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks References Bug 1794268 #CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers Reporter Dave Vandyke Impact moderate Description A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. References Bug 1800890 #CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive Reporter Dan Veditz Impact low Description Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. References Bug 1800832 #CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts Reporter Nika Layzell Impact low Description A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. References Bug 1802346 #CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 Reporter Mozilla developers Impact high Description Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 #CVE-2023-23606: Memory safety bugs fixed in Firefox 109 Reporter Mozilla developers Impact high Description Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 109 3 Link to post
Root Admin AdvancedSetup Posted January 17, 2023 Author Root Admin ID:1550117 Share Posted January 17, 2023 Yeah, the Manifest 3 update will be curious. I'm not sure if I'm remember correctly but I could swear it came up before as an issue for some of the content blocker apps. Link to post
1PW Posted January 31, 2023 ID:1552427 Share Posted January 31, 2023 Version 109.0.1, first offered to Release channel users on January 31, 2023 Fixed Reverted changes to Windows font smoothing, which caused poor rendering on some configurations (bug 1803154) Fixed jank when loading pages containing numerous emoji characters (bug 1809081) Fixed an issue causing authentication prompts to not appear when loading pages in some enterprise environments (bug 1809151) Fixed inconsistent sizing of event listener checkboxes inside the Inspector developer tool (bug 1811760) No security fixes. 1 2 Link to post
sten2 Posted February 14, 2023 ID:1554469 Share Posted February 14, 2023 110.0 Firefox Release February 14, 2023 Fixed:https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ 3 Link to post
1PW Posted February 28, 2023 ID:1556755 Share Posted February 28, 2023 (edited) Version 110.0.1, first offered to Release channel users on February 28, 2023 Fixed Fixed clearing recent cookies clears all cookies (bug 1816279). Fixed a bug causing the context menu to sometimes display on the background of other Firefox UI elements instead of the foreground on macOS (bug 1763990). Fixed Manage bookmarks link on empty bookmarks toolbar not responding to clicks on Windows (bug 1812636). Fixed WebGL crashes on Linux when ran inside a VMWare virtual machine (bug 1807942). Fixed a bug with CSP serialization causing bugs with the MitID Digital ID in Denmark (Bug 1819096). Edited February 28, 2023 by 1PW 1 1 Link to post
1PW Posted March 14, 2023 ID:1558626 Share Posted March 14, 2023 (edited) Version 111.0, first offered to Release channel users on March 14, 2023 Quote New Windows native notifications are now enabled. Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). Fixed Various security fixes. Mozilla Foundation Security Advisory 2023-09 Security Vulnerabilities fixed in Firefox 111 Announced March 14, 2023 Impact high Products Firefox Fixed in Firefox 111 #CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android Reporter Axel Chong (@Haxatron) Impact high Description The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks.This bug only affects Firefox for Android. Other operating systems are unaffected. References Bug 1783561 #CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android Reporter Hafiizh Impact high Description By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks.This bug only affects Firefox for Android. Other operating systems are unaffected. References Bug 1798798 #CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt Reporter Kirtikumar Anandrao Ramchandani Impact high Description Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so.This bug only affects Firefox for Android. Other versions of Firefox are unaffected. References Bug 1810705 #CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode Reporter Kagami Rosylight Impact high Description Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. References Bug 1814733 #CVE-2023-25751: Incorrect code generation during JIT compilation Reporter Lukas Bernhard Impact high Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. References Bug 1814899 #CVE-2023-28160: Redirect to Web Extension files may have leaked local path Reporter Rob Wu Impact moderate Description When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. References Bug 1802385 #CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation Reporter Luan Herrera Impact moderate Description Dragging a URL from a cross-origin iframe that was removed during the drag could have lead to user confusion and website spoofing attacks. References Bug 1809122 #CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab Reporter Khiem Tran Impact moderate Description If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. References Bug 1811181 #CVE-2023-28162: Invalid downcast in Worklets Reporter Lukas Bernhard Impact moderate Description While implementing on AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have lead to a potentially exploitable crash. References Bug 1811327 #CVE-2023-25752: Potential out-of-bounds when accessing throttled streams Reporter Ronald Crane Impact moderate Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. References Bug 1811627 #CVE-2023-28163: Windows Save As dialog resolved environment variables Reporter Shaheen Fazim Impact moderate Description When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.This bug only affects Firefox on Windows. Other versions of Firefox are unaffected. References Bug 1817768 #CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 Reporter Mozilla developers and community Impact high Description Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 #CVE-2023-28177: Memory safety bugs fixed in Firefox 111 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 111 Edited March 14, 2023 by 1PW 4 Link to post
1PW Posted March 22, 2023 ID:1559942 Share Posted March 22, 2023 Version 111.0.1, first offered to Release channel users on March 21, 2023 Fixed Fixed a crash on macOS while pinch-zooming under some circumstances (bug 1658986). Fixed a bug causing Firefox to freeze on startup for some Windows users (bug 1823159). 3 Link to post
sten2 Posted March 25, 2023 ID:1560533 Share Posted March 25, 2023 Still no support for playing HDR content in Firefox. I wonder why it takes to long for Mozilla to add that feature? 1 Link to post
1PW Posted March 25, 2023 ID:1560561 Share Posted March 25, 2023 (edited) Hello @sten2: The answer remains the same as in your other topic on the same subject. So far, only Firefox 100+ supports HDR w/macOS Catalina (10.15) and above. Pity. Your plea will unlikely be read here by management at Mozilla. Please consider adding your wishes to a relevant Mozilla forum. HTH Edited March 26, 2023 by 1PW 1 1 Link to post
sten2 Posted March 26, 2023 ID:1560591 Share Posted March 26, 2023 13 hours ago, 1PW said: Hello @sten2: The answer remains the same as in your other topic on the same subject. So far, only Firefox 100+ supports HDR w/macOS Catalina (10.15) and above. Pity. Your plea will unlikely be read here by management at Mozilla. Please consider adding your wishes to a relevant Mozilla forum. HTH Hello 1PW I know that there is no representative from Mozilla at this forum,and i have mentioned the missing feature of HDR support in Firefox before. I just wanted to express my thoughts about it. Well,lets see whats coming in future releases. 1 Link to post
1PW Posted March 26, 2023 ID:1560616 Share Posted March 26, 2023 Hello @sten2: I, too, believe it has been an extraordinarily long time for the Windows community to wait for the HDR feature in Firefox. I hope you can find an excellent forum within Mozilla to keep attention on that shortcoming. Cheers 1 Link to post
sten2 Posted April 11, 2023 ID:1562825 Share Posted April 11, 2023 112.0 Firefox Release April 11, 2023 https://www.mozilla.org/en-US/firefox/112.0/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew Fixed Various security fixes. 2 1 Link to post
1PW Posted April 13, 2023 ID:1563122 Share Posted April 13, 2023 Firefox Schedule Update Quote Schedule Update 112 Desktop 112.0 currently throttled @ 0% rollout Unthrottling to 100% currently blocked pending stability investigation Two active incidents Oy! 1 1 Link to post
Root Admin AdvancedSetup Posted April 13, 2023 Author Root Admin ID:1563128 Share Posted April 13, 2023 Thanks @1PW Link to post
1PW Posted April 17, 2023 ID:1563532 Share Posted April 17, 2023 Version 112.0.1, first offered to Release channel users on April 17, 2023 Quote Fixed Fixed a bug where cookie dates appear to be set in the far future after updating Firefox. This may have caused cookies to be unintentionally purged. (bug 1827669). 2 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now