Lançado o browser Firefox 116

Por


O browser Mozilla Firefox 116 é lançado com correções de segurança e novidades.

Lançado o browser Firefox 116

Mozilla Firefox é um navegador livre e multiplataforma desenvolvido pela Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da fundação é desenvolver um navegador leve, seguro, intuitivo e altamente extensível. Wikipédia

 
Lançado em 01 de Agosto de 2023.

Novidades

  • O alternador da barra lateral permite que os usuários acessem os painéis de favoritos, histórico e guias sincronizadas facilmente, alternem rapidamente entre eles, movam a barra lateral para outro lado da janela do navegador ou fechem a barra lateral. Agora, os usuários de teclado também poderão fazer tudo com facilidade, com ou sem qualquer tecnologia assistiva em execução, sem a necessidade de memorizar atalhos de teclado para acessar esses painéis.
  • Quando uma atualização estiver disponível em inglês, os usuários agora terão acesso às notas de versão no prompt de notificação de atualização na forma de um link "Saiba mais".
  • Agora é possível copiar qualquer arquivo do seu sistema operacional e colá-lo no Firefox.
  • Você pediu, e nós ouvimos! O controle deslizante de volume agora está disponível em Picture-in-Picture.
  • Adicionamos a possibilidade de editar anotações de texto existentes.

Correções

  • O desempenho de upload de HTTP/2 foi significativamente melhorado a partir do Firefox 115.0, particularmente naqueles com um produto de atraso de largura de banda maior (ou seja, redes caracterizadas por alta largura de banda e alta latência).

Correções de segurança


MFSA-RESERVE-2023-0001: Offscreen Canvas could have bypassed cross-origin restrictions Reporter Max Vlasov Impact high Description Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. References Bug 1833876 #MFSA-RESERVE-2023-0002: Incorrect value used during WASM compilation Reporter Alexander Guryanov Impact high Description In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. References Bug 1837686 #MFSA-RESERVE-2023-0003: Potential permissions request bypass via clickjacking Reporter Axel Chong (@Haxatron) Impact high Description A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. References Bug 1839073 #MFSA-RESERVE-2023-0004: Crash in DOMParser due to out-of-memory conditions Reporter Irvan Kurniawan Impact high Description An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. References Bug 1841368 #MFSA-RESERVE-2023-0005: Fix potential race conditions when releasing platform objects Reporter Nika Layzell Impact high Description Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. References Bug 1842658 #MFSA-RESERVE-2023-0006: Stack buffer overflow in StorageManager Reporter Mark Brand Impact high Description In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. References Bug 1843038 #MFSA-RESERVE-2023-0007: Full screen notification obscured by file open dialog Reporter Hafiizh Impact moderate Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. References Bug 1821884 #MFSA-RESERVE-2023-0008: File deletion and privilege escalation through Firefox uninstaller Reporter ycdxsb Impact moderate Description The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. This bug only affects Firefox on Windows. Other operating systems are unaffected. References Bug 1824420 #MFSA-RESERVE-2023-0009: Full screen notification obscured by external program Reporter P Umar Farooq Impact moderate Description A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. References Bug 1839079 #MFSA-RESERVE-2023-0010: Lack of warning when opening appref-ms files Reporter P Umar Farooq Impact moderate Description When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. This bug only affects Firefox on Windows. Other operating systems are unaffected. References Bug 1840777 #MFSA-RESERVE-2023-0011: Cookie jar overflow caused unexpected cookie jar state Reporter Marco Squarcina Impact low Description When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. References Bug 1782561 #MFSA-RESERVE-2023-0012: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 Reporter Dianna Smith, Ryan VanderMeulen, Timothy Nikkel, and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 #MFSA-RESERVE-2023-0013: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 Reporter The Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 #MFSA-RESERVE-2023-0014: Memory safety bugs fixed in Firefox 116 Reporter Andrew McCreight and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 116

 

Comentários

  1. Anônimo3 de agosto de 2023 às 12:05

    LinuxMint-21 atualizou automaticamente p/ o FF-116... Clodolado

    ResponderExcluir

Postar um comentário

olá, seja bem vindo ao Linux Dicas e suporte !!

Você precisa ver isso

Carregando...

Todos os arquivos do blog

Mostrar mais