O Firefox 101.0 é lançado com novidades e correções de bugs e segurança, confira

 

Lançado o Firefox 101.0

Mozilla Firefox é um navegador livre e multiplataforma desenvolvido pela Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da fundação é desenvolver um navegador leve, seguro, intuitivo e altamente extensível. Wikipédia

 

O anúncio foi feito em 31 de Maio de 2022.

"Versão 101.0, oferecida pela primeira vez aos usuários do canal de lançamento em 31 de maio de 2022 Gostaríamos de estender um agradecimento especial a todos os novos Mozillians que contribuíram para este lançamento do Firefox"

 

O Firefox 101.0 conta com as novidades.

• A leitura agora é mais fácil com a consulta de mídia prefere-contrast, que permite que os sites detectem se o usuário solicitou que o conteúdo da Web seja apresentado com um contraste maior (ou menor). 

• É a sua escolha! Todos os tipos MIME não configurados agora podem receber uma ação personalizada após a conclusão do download. 

• O Firefox agora permite que os usuários usem quantos microfones quiserem, ao mesmo tempo, durante a videoconferência. O benefício mais interessante é que você pode alternar facilmente seus microfones a qualquer momento (se o seu provedor de serviços de conferência permitir essa flexibilidade).

No quadro abaixo emos as correções de bugs e segurança.

Mozilla Foundation Security Advisory 2022-20 Security Vulnerabilities fixed in Firefox 101 Announced May 31, 2022 Impact high Products Firefox Fixed in Firefox 101 #CVE-2022-31736: Cross-Origin resource's length leaked Reporter Luan Herrera Impact high Description A malicious website could have learned the size of a cross-origin resource that supported Range requests. References Bug 1735923 #CVE-2022-31737: Heap buffer overflow in WebGL Reporter Atte Kettunen Impact high Description A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. References Bug 1743767 #CVE-2022-31738: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. References Bug 1756388 #CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files Reporter Chaobin Zhang Impact high Description When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. This bug only affects Firefox for Windows. Other operating systems are unaffected. References Bug 1765049 #CVE-2022-31740: Register allocation problem in WASM on arm64 Reporter Gary Kwong Impact high Description On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. References Bug 1766806 #CVE-2022-31741: Uninitialized variable leads to invalid memory read Reporter Yaniv Impact high Description A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. References Bug 1767590 #CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information Reporter Michal Impact moderate Description An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. References Bug 1730434 #CVE-2022-31743: HTML Parsing incorrectly ended HTML comments prematurely Reporter Linus Särud Impact moderate Description Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. References Bug 1747388 #CVE-2022-31744: CSP bypass enabling stylesheet injection Reporter Gertjan Impact moderate Description An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. References Bug 1757604 #CVE-2022-31745: Incorrect Assertion caused by unoptimized array shift operations Reporter Lukas Bernhard Impact moderate Description If array shift operations are not used, the Garbage Collector may have become confused about valid objects. References Bug 1760944 #CVE-2022-1919: Memory Corruption when manipulating webp images Reporter Irvan Kurniawan Impact low Description An attacker could have caused an uninitialized variable on the stack to be mistakenly freed, causing a potentially exploitable crash. References Bug 1761275 #CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 #CVE-2022-31748: Memory safety bugs fixed in Firefox 101 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 101

Instalação

Basta manter a sua distribuição de pacotes atualizada que ele também será atualizado.

No caso do Debian que só distribui no Stable a versão ESR e para o Ubuntu 22.04 com a demência da Canonical pelo Firefox no lixo Snap instale o Firefox 101.0 dessa forma.

Abra o terminal e de os comandos na sequencia.

Entre no diretório de trabalho.

cd /opt

De o comando abaixo para fazer o download da ultima versão do Firefox, escolha a sua plataforma e linguagem.

Firefox i686 ( 32 bits ) PT_BR

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=pt-BR"

Ou

Firefox i686 ( 32 bits ) EN_US

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"

Ou

Firefox amd64 ( 64 bits ) PT_BR

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lan=pt-BR"

Ou

Firefox amd64 ( 64 bits ) EN_US

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"

Descompacte o arquivo do download.

sudo tar -jxvf /opt/firefox.tar.bz2

Ai está o firefox instalado na /opt.

Vamos criar o atalho no menu, de o comando abaixo no terminal.

sudo nano /usr/share/applications/Firefox.desktop

Copie as linhas abaixo em vermelho no arquivo aberto,salve e feche.

[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Comment=Browse the World Wide Web
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true

Deve ficar como na imagem.

Salve teclando ctrl +x tecle s e tecle Enter para fechar.

Para finalizar vamos tornar o seu usuário dono do diretório do Firefox, com isso o Firefox ira atualizar automaticamente quando a Mozilla liberar atualizações.

sudo chown -R $USER:$USER /opt/firefox

Basta ir ao menu de aplicativos e abrir o Firefox.