Lançado o navegador de internet Mozilla Firefox 87

A Mozilla acaba de lançar a versão 87 do seu navegador de internet com algumas novidades e varias correções de segurança, confira.

 

 

Firefox

 

Mozilla Firefox é um navegador livre e multiplataforma desenvolvido pela Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da fundação é desenvolver um navegador leve, seguro, intuitivo e altamente extensível. Wikipédia

 

 

 

 Firefox 87

Lançado em 23 de março de 2021 o Firefox chega com as novidades.

Novidades

• Você encontrará menos quebra de site na navegação privada e proteção de rastreamento aprimorada estrita com SmartBlock, que fornece scripts stand-in para que os sites sejam carregados corretamente.

• Para proteger ainda mais a sua privacidade, nossa nova política padrão de referenciador de HTTP eliminará as informações de caminho e string de consulta dos cabeçalhos de referência para evitar que os sites vazem acidentalmente dados confidenciais do usuário.

• O recurso “Destacar tudo” em Encontrar na página agora exibe marcas de verificação ao lado de sua barra de rolagem que correspondem à localização das correspondências encontradas naquela página.

• Temos o orgulho de anunciar o suporte total para o leitor de tela integrado do macOS, VoiceOver.

• Adicionamos um novo local: Silésia (szl)

Bugs

 

Também foram feitas varias correções, as mais importantes segundo os desenvolvedores foram as seguintes.

• Os controles de vídeo agora têm um estilo de foco visível e os controles de vídeo e áudio agora são navegáveis pelo teclado. (Bug 1681007)

• HTML <meter> agora é falado por leitores de tela. (Bug 1460378)

• O Firefox agora define um foco inicial útil no Gerenciador de complementos. (Bug 580537)

• O Firefox irá agora disparar um evento de mudança de nome / descrição quando aria-labelledby / describeby content changes. (Bug 493683)

No quadro abaixo você pode conferir todas as correções.

Mozilla Foundation Security Advisory 2021-10 Security Vulnerabilities fixed in Firefox 87 Announced March 23, 2021 Impact high Products Firefox Fixed in Firefox 87 #CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read Reporter Omair Impact high Description A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. References Bug 1692832 #CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage Reporter Samy Kamkar, Ben Seri, and Gregory Vishnepolsky Impact moderate Description Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. References Bug 1677046 #CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption Reporter Irvan Kurniawan Impact moderate Description By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. References Bug 1692684 #CVE-2021-23984: Malicious extensions could have spoofed popup information Reporter Rob Wu Impact moderate Description A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. References Bug 1693664 #CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user Reporter Anonymous working with Trend Micro's Zero Day Initiative Impact low Description If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. References Bug 1659129 #CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations Reporter Armin Razmjou Impact low Description A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. References Bug 1692623 #CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 #CVE-2021-23988: Memory safety bugs fixed in Firefox 87 Reporter Mozilla developers and community Impact moderate Description Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 87

Instalação

É aconselhavel que você espere a chegada em seus repositórios, mas caso queira instalar manualmente o Firefox 87 siga os passos.

A instalação sera feita usando o Firefox dos servidores da Mozilla e instalado no diretório /opt.

Abra o terminal e de os comandos na sequencia.


Entre no diretório de trabalho.

cd /opt

De o comando abaixo para fazer o download da ultima versão do Firefox, escolha a sua plataforma e linguagem.

Firefox i686 ( 32 bits ) PT_BR

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=lang=pt-BR"

Ou

Firefox i686 ( 32 bits ) EN_US

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"

Ou

Firefox amd64 ( 64 bits ) PT_BR

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=pt-BR"

Ou

Firefox amd64 ( 64 bits ) EN_US

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"

Descompacte o arquivo do download.

sudo tar -jxvf /opt/firefox.tar.bz2

Ai está o firefox instalado na /opt.

Vamos criar o atalho no menu, de o comando abaixo no terminal.

sudo nano /usr/share/applications/Firefox.desktop

Copie as linhas abaixo em vermelho no arquivo aberto,salve e feche.


[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Comment=Browse the World Wide Web
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true


Deve ficar como na imagem.

Salve teclando ctrl +x tecle s e tecle Enter para fechar.





Para finalizar vamos tornar o seu usuário dono do diretório do Firefox, com isso o Firefox ira atualizar automaticamente quando a Mozilla liberar atualizações.

sudo chown -R $USER:$USER /opt/firefox

Firefox instalado e atualizado.

 

Fonte