A Mozilla acaba de lançar a versão 87 do seu navegador de internet com algumas novidades e varias correções de segurança, confira.
Firefox
Mozilla Firefox é um navegador livre e multiplataforma desenvolvido pela Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da fundação é desenvolver um navegador leve, seguro, intuitivo e altamente extensível. Wikipédia
Firefox 87
Lançado em 23 de março de 2021 o Firefox chega com as novidades.
Novidades
- Você encontrará menos quebra de site na navegação privada e proteção de rastreamento aprimorada estrita com SmartBlock, que fornece scripts stand-in para que os sites sejam carregados corretamente.
- Para proteger ainda mais a sua privacidade, nossa nova política padrão de referenciador de HTTP eliminará as informações de caminho e string de consulta dos cabeçalhos de referência para evitar que os sites vazem acidentalmente dados confidenciais do usuário.
- O recurso “Destacar tudo” em Encontrar na página agora exibe marcas de verificação ao lado de sua barra de rolagem que correspondem à localização das correspondências encontradas naquela página.
- Temos o orgulho de anunciar o suporte total para o leitor de tela integrado do macOS, VoiceOver.
- Adicionamos um novo local: Silésia (szl)
Bugs
Também foram feitas varias correções, as mais importantes segundo os desenvolvedores foram as seguintes.
- Os controles de vídeo agora têm um estilo de foco visível e os controles de vídeo e áudio agora são navegáveis pelo teclado. (Bug 1681007)
- HTML <meter> agora é falado por leitores de tela. (Bug 1460378)
- O Firefox agora define um foco inicial útil no Gerenciador de complementos. (Bug 580537)
- O Firefox irá agora disparar um evento de mudança de nome / descrição quando aria-labelledby / describeby content changes. (Bug 493683)
No quadro abaixo você pode conferir todas as correções.
Mozilla Foundation Security Advisory 2021-10
Security Vulnerabilities fixed in Firefox 87
Announced
March 23, 2021
Impact
high
Products
Firefox
Fixed in
Firefox 87
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
Reporter
Omair
Impact
high
Description
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.
References
Bug 1692832
#CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
Reporter
Samy Kamkar, Ben Seri, and Gregory Vishnepolsky
Impact
moderate
Description
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections.
References
Bug 1677046
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
Reporter
Irvan Kurniawan
Impact
moderate
Description
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.
References
Bug 1692684
#CVE-2021-23984: Malicious extensions could have spoofed popup information
Reporter
Rob Wu
Impact
moderate
Description
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.
References
Bug 1693664
#CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
Reporter
Anonymous working with Trend Micro's Zero Day Initiative
Impact
low
Description
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket.
References
Bug 1659129
#CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations
Reporter
Armin Razmjou
Impact
low
Description
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication.
References
Bug 1692623
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
Reporter
Mozilla developers and community
Impact
moderate
Description
Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 87
Instalação
É aconselhavel que você espere a chegada em seus repositórios, mas caso queira instalar manualmente o Firefox 87 siga os passos.
A instalação sera feita usando o Firefox dos servidores da Mozilla e instalado no diretório /opt.
Abra o terminal e de os comandos na sequencia.
Entre no diretório de trabalho.
cd /opt
De o comando abaixo para fazer o download da ultima versão do Firefox, escolha a sua plataforma e linguagem.
Firefox i686 ( 32 bits ) PT_BR
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=lang=pt-BR"
Ou
Firefox i686 ( 32 bits ) EN_US
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"
Ou
Firefox amd64 ( 64 bits ) PT_BR
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=pt-BR"
Ou
Firefox amd64 ( 64 bits ) EN_US
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"
Descompacte o arquivo do download.
sudo tar -jxvf /opt/firefox.tar.bz2
Ai está o firefox instalado na /opt.
Vamos criar o atalho no menu, de o comando abaixo no terminal.
sudo nano /usr/share/applications/Firefox.desktop
Copie as linhas abaixo em vermelho no arquivo aberto,salve e feche.
[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Comment=Browse the World Wide Web
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true
Deve ficar como na imagem.
Salve teclando ctrl +x tecle s e tecle Enter para fechar.
Para finalizar vamos tornar o seu usuário dono do diretório do Firefox,
com isso o Firefox ira atualizar automaticamente quando a Mozilla
liberar atualizações.
sudo chown -R $USER:$USER /opt/firefox
Firefox instalado e atualizado.
Fonte
Já estou usando essa nova versão do Firefox :)
ResponderExcluir