Firefox 113 é lançado com novidades e correções de segurança.
Lançado o navegador de internet Firefox 113
Mozilla
Firefox é um navegador livre e multiplataforma desenvolvido pela
Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da
fundação é desenvolver um navegador leve, seguro, intuitivo e altamente
extensível.
Wikipédia
Novidades:
- Picture-in-Picture aprimorado
- Barra de endereços aprimorada
- Janelas privadas com mais proteção
- Senhas automáticas com caracteres especiais
- Mecanismo de acessibilidade reprojetado
- Importação de favoritos do Safari ou de um navegador baseado no Chrome com favicons
- Suporte a AV1 Image
Correções
No quadro temos as correções de segurança do Firefox 113.
Security Vulnerabilities fixed in Firefox 113
Announced
May 9, 2023
Impact
high
Products
Firefox
Fixed in
Firefox 113
#CVE-2023-32205: Browser prompts could have been obscured by popups
Reporter
Alesandro Ortiz
Impact
high
Description
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks.
References
Bug 1753339
Bug 1753341
#CVE-2023-32206: Crash in RLBox Expat driver
Reporter
Irvan Kurniawan
Impact
high
Description
An out-of-bound read could have led to a crash in the RLBox Expat driver.
References
Bug 1824892
#CVE-2023-32207: Potential permissions request bypass via clickjacking
Reporter
Hafiizh
Impact
high
Description
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.
References
Bug 1826116
#CVE-2023-32208: Leak of script base URL in service workers via import()
Reporter
Anne van Kesteren
Impact
moderate
Description
Service workers could reveal script base URL due to dynamic import().
References
Bug 1646034
#CVE-2023-32209: Persistent DoS via favicon image
Reporter
Sam Ezeh
Impact
moderate
Description
A maliciously crafted favicon could have led to an out of memory crash.
References
Bug 1767194
#CVE-2023-32210: Incorrect principal object ordering
Reporter
Nika Layzell
Impact
moderate
Description
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended.
References
Bug 1776755
#CVE-2023-32211: Content process crash due to invalid wasm code
Reporter
P1umer and xmzyshypnc
Impact
moderate
Description
A type checking bug would have led to invalid code being compiled.
References
Bug 1823379
#CVE-2023-32212: Potential spoof due to obscured address bar
Reporter
Hafiizh
Impact
moderate
Description
An attacker could have positioned a datalist element to obscure the address bar.
References
Bug 1826622
#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
Reporter
Ronald Crane
Impact
moderate
Description
When reading a file, an uninitialized value could have been used as read limit.
References
Bug 1826666
#MFSA-TMP-2023-0002: Race condition in dav1d decoding
Reporter
Tyson Smith
Impact
moderate
Description
A race condition during dav1d decoding could have led to an out-of-bounds memory access, potentially leading to memory corruption and execution of malicious code.
References
Bug 1814790
Bug 1819796
Bug 1814560
#CVE-2023-32214: Potential DoS via exposed protocol handlers
Reporter
Gijs Kruitbosch
Impact
low
Description
Protocol handlers ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service.
Note: This attack only affects Windows. Other operating systems are not affected.
References
Bug 1828716
#CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
#CVE-2023-32216: Memory safety bugs fixed in Firefox 113
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 113
Instalação
Caso
a sua distribição tenha o Firefox em seus repositórios, aguarde que em
breve chega a atualização para você. Caso não tenha confira.
A instalação sera feita usando o Firefox dos servidores da Mozilla e instalado no diretório /opt.
Abra o terminal e de os comandos na sequencia.
Entre no diretório de trabalho.
cd /opt
De o comando abaixo para fazer o download da ultima versão do Firefox, escolha a sua plataforma e linguagem.
Firefox i686 ( 32 bits ) PT_BR
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=pt-BR"
Ou
Firefox i686 ( 32 bits ) EN_US
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"
Ou
Firefox amd64 ( 64 bits ) PT_BR
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lan=pt-BR"
Ou
Firefox amd64 ( 64 bits ) EN_US
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"
Descompacte o arquivo do download.
sudo tar -jxvf /opt/firefox.tar.bz2
Vamos criar o atalho no menu, de o comando abaixo no terminal.
sudo nano /usr/share/applications/Firefox.desktop
Copie as linhas abaixo em vermelho no arquivo aberto,salve e feche.
[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Comment=Browse the World Wide Web
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true
Deve ficar como na imagem.
Salve teclando ctrl +x tecle s e tecle Enter para fechar.
Para finalizar vamos tornar o seu usuário dono do diretório do Firefox,
com isso o Firefox ira atualizar automaticamente quando a Mozilla
liberar atualizações.
sudo chown -R $USER:$USER /opt/firefox
Firefox instalado e atualizado.
Fonte
Comentários
Postar um comentário
olá, seja bem vindo ao Linux Dicas e suporte !!