1PW Posted July 26 ID:1651212 Share Posted July 26 Version 128.0.3, first offered to Release channel users on July 26, 2024 Quote Fixed Fixed an issue causing some sites to not load when connecting via HTTP/2. (Bug 1908161, Bug 1909666) Fixed collapsed table rows not appearing when expected in some situations. (Bug 1907789) Fixed the Windows on-screen keyboard potentially concealing the webpage when displayed. (Bug 1907766) 2 Link to post
1PW Posted August 6 ID:1653402 Share Posted August 6 Version 129.0, first offered to Release channel users on August 6, 2024 Quote New Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment. These changes offer a more accessible reading experience. Reader View now has a Theme menu with additional Contrast and Gray options. You can also select custom colors for text, background, and links from the Custom tab. A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs. This feature is part of a progressive roll out. What is a progressive roll out? HTTPS is replacing HTTP as the default protocol in the address bar on non-local sites. If a site is not available via HTTPS, Firefox will fall back to HTTP. HTTPS DNS records can now be resolved with the operating system's DNS resolver on specific platforms (Windows 11, Linux, Android 10+). Previously this required DNS over HTTPS to be enabled. This capability allows the use of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to HTTPS when the DNS record is present, and enables wider use of ECH. Added support for multiple languages in the same document spoken in macOS VoiceOver. Address Autofill is now enabled for users in France and Germany. Fixed Various security fixes. Mozilla Foundation Security Advisory 2024-33 14 Security Advisory Impact Fixes: 11 High, 2 Moderate, and 1 Low Quote Security Vulnerabilities fixed in Firefox 129 Announced August 6, 2024 Impact high Products Firefox Fixed in Firefox 129 #CVE-2024-7518: Fullscreen notification dialog can be obscured by document content Reporter Shaheen Fazim Impact high Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. References Bug 1875354 #CVE-2024-7519: Out of bounds memory access in graphics shared memory handling Reporter dalmurino Impact high Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. References Bug 1902307 #CVE-2024-7520: Type confusion in WebAssembly Reporter Nan Wang Impact high Description A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. References Bug 1903041 #CVE-2024-7521: Incomplete WebAssembly exception handing Reporter Nils Bars Impact high Description Incomplete WebAssembly exception handing could have led to a use-after-free. References Bug 1904644 #CVE-2024-7522: Out of bounds read in editor component Reporter Irvan Kurniawan Impact high Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. References Bug 1906727 #CVE-2024-7523: Document content could partially obscure security prompts Reporter Shaheen Fazim Impact high Description A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox. References Bug 1908344 #CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims Reporter Masato Kinugawa Impact high Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. References Bug 1909241 #CVE-2024-7525: Missing permission check when creating a StreamFilter Reporter Rob Wu Impact high Description It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site. References Bug 1909298 #CVE-2024-7526: Uninitialized memory used by WebGL Reporter s48gs.w Impact high Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. References Bug 1910306 #CVE-2024-7527: Use-after-free in JavaScript garbage collection Reporter Norisz Fay Impact high Description Unexpected marking work at the start of sweeping could have led to a use-after-free. References Bug 1871303 #CVE-2024-7528: Use-after-free in IndexedDB Reporter Jason Kratzer Impact high Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. References Bug 1895951 #CVE-2024-7529: Document content could partially obscure security prompts Reporter Hafiizh Impact moderate Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. References Bug 1903187 #CVE-2024-7530: Use-after-free in JavaScript code coverage collection Reporter Christian Holler Impact moderate Description Incorrect garbage collection interaction could have led to a use-after-free. References Bug 1904011 #CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines Reporter Lars Eggert Impact low Description Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. References Bug 1905691 2 Link to post
1PW Posted August 13 ID:1654720 Share Posted August 13 Version 129.0.1, first offered to Release channel users on August 13, 2024 Quote Fixed Fixed playback issues on some websites with copyrighted video served via digital rights management. (Bug 1911283) Fixed a crash when dragging a video file onto some websites. (Bug 1910990) 1 Link to post
1PW Posted August 20 ID:1656203 Share Posted August 20 Version 129.0.2, first offered to Release channel users on August 20, 2024 Quote Fixed Fixed an issue with screen readers prompting “Alert” when hovering over tabs. (Bug 1908873) Fixed an issue where drag-and-drop operations would not work as expected with extensions that rely on this functionality. (Bug 1911486) 2 Link to post
1PW Posted September 4 ID:1658978 Share Posted September 4 Version 130.0, first offered to Release channel users on September 3, 2024 Quote New Firefox now allows translating selected text portions to different languages after a full-page translation. Firefox now offers an easy way to try experimental features with a new Firefox Labs page in Settings. AI Chatbot feature lets you add the chatbot of your choice to the sidebar, for quick access as you browse. Picture-in-Picture auto-open experiment enables PiP on active videos when switching tabs. Overscroll animations are now enabled as the default behavior for scrollable areas on Linux. Fixed Various security fixes. Fixed an issue where Copy and Paste context menu items intermittently were not enabled when expected. Changed The following languages are now supported by Firefox translation: Catalan Croatian Czech Danish Indonesian Latvian Lithuanian Romanian Serbian Slovak Vietnamese Mozilla Foundation Security Advisory 2024-39 Quote Security Vulnerabilities fixed in Firefox 130 Announced September 3, 2024 Impact high Products Firefox Fixed in Firefox 130 #CVE-2024-8385: WASM type confusion involving ArrayTypes Reporter Seunghyun Lee Impact high Description A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. References Bug 1911909 #CVE-2024-8381: Type confusion when looking up a property name in a "with" block Reporter Nils Bars Impact high Description A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. References Bug 1912715 #CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts Reporter Shaheen Fazim, Raphael Saniyazov, Rifa'i Rejal Maynando, James Lee, P Umar Farooq, Hafiizh Impact moderate Description Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. This bug only affects Firefox on Android. Other operating systems are unaffected. References Bug 1902996 Bugs describing ways to abuse specific prompts #CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran Reporter Gregory Pappas Impact moderate Description Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. References Bug 1906744 #CVE-2024-8383: Firefox did not ask before openings news: links in an external application Reporter D7 Impact moderate Description Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. References Bug 1908496 #CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions Reporter the Mozilla Fuzzing Team Impact moderate Description The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. References Bug 1911288 #CVE-2024-8386: SelectElements could be shown over another site if popups are allowed Reporter Shaheen Fazim, Hafiizh Impact low Description If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. References Bug 1909529 Bug 1907032 Bug 1909163 #CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 Reporter Yury Delendik, the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 #CVE-2024-8389: Memory safety bugs fixed in Firefox 130 Reporter the Mozilla Fuzzing Team, Andrew McCreight Impact high Description Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 130 2 Link to post
1PW Posted Tuesday at 02:13 PM ID:1661487 Share Posted Tuesday at 02:13 PM Version 130.0.1, first offered to Release channel users on September 17, 2024 Quote Fixed Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (Bug 1917175) Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (Bug 1916038) 3 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now