Mozilla
Firefox é um navegador livre e multiplataforma desenvolvido pela
Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da
fundação é desenvolver um navegador leve, seguro, intuitivo e altamente
extensível. Wikipédia.
Lançado em 19 de dezembro de 2023.
Novo
- O Firefox agora solicita aos usuários do Windows que instalem a Extensão de Vídeo do Microsoft AV1 para habilitar o suporte de decodificação de hardware para o codec de vídeo AV1 se não já estiver instalado.
- O Firefox agora suporta comandos de controle de voz em sistemas macOS.
- No Linux, o Firefox agora está padrão para o compositor Wayland quando disponível em vez do XWayland. Isso traz suporte para gestos touchpad e touchscreen, deslizar para navegação, configurações de DPI por monitor, melhor desempenho gráfico e muito mais.
- Observe que, devido às limitações do protocolo Wayland, as janelas Picture-in-Picture exigem uma interação extra do usuário (geralmente clique com o botão direito da tela na janela) ou um ajuste de shell / ambiente de desktop. Veja bug 1621261 para discussão e rastreamento relacionados, este post para uma configuração do KDE e essa extensão para o GNOME.
- O Firefox agora pode forçar os links a serem sempre sublinhados. Essa opção pode ser ativada na seção Browsing do menu Configurações do Firefox.
- Screenshot of new Always underline links option
- O visualizador de PDF agora inclui um botão flutuante para simplificar a exclusão de desenhos, texto e imagens adicionadas em PDFs.
- Screenshot of new floating delete button
Várias correções de segurança
Security Vulnerabilities fixed in Firefox 121
Announced
December 19, 2023
Impact
high
Products
Firefox
Fixed in
Firefox 121
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
Reporter
DoHyun Lee
Impact
high
Description
The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.
References
Bug 1843782
#CVE-2023-6135: NSS susceptible to "Minerva" attack
Reporter
George Pantela (Red Hat) and Hubert Kario (Red Hat)
Impact
high
Description
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key.
References
Bug 1853908
#CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream
Reporter
Jan Varga
Impact
high
Description
EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.
References
Bug 1864123
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
Reporter
Jed Davis
Impact
moderate
Description
When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary.
This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.
References
Bug 1796023
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
Reporter
Irvan Kurniawan
Impact
moderate
Description
Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling.
References
Bug 1826791
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
Reporter
Irvan Kurniawan
Impact
moderate
Description
A use-after-free condition affected TLS socket creation when under memory pressure.
References
Bug 1840144
#CVE-2023-6866: TypedArrays lack sufficient exception handling
Reporter
Tom Schuster
Impact
moderate
Description
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed.
References
Bug 1849037
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation
Reporter
Andrew Osmond
Impact
moderate
Description
The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox.
References
Bug 1854669
#CVE-2023-6867: Clickjacking permission prompts using the popup transition
Reporter
Hafiizh
Impact
moderate
Description
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.
References
Bug 1863863
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode
Reporter
Yangkang of 360 ATA Team
Impact
moderate
Description
The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode.
References
Bug 1864118
#CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID key
Reporter
John-Mark Gurney
Impact
moderate
Description
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
This bug only affects Firefox on Android.
References
Bug 1865488
#CVE-2023-6869: Content can paint outside of sandboxed iframe
Reporter
Oriol Brufau
Impact
low
Description
A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.
References
Bug 1799036
#CVE-2023-6870: Android Toast notifications may obscure fullscreen event notifications
Reporter
Hafiizh
Impact
low
Description
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
This issue only affects Android versions of Firefox and Firefox Focus.
References
Bug 1823316
#CVE-2023-6871: Lack of protocol handler warning in some instances
Reporter
Roy Gunsen
Impact
low
Description
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler.
References
Bug 1828334
#CVE-2023-6872: Browsing history leaked to syslogs via GNOME
Reporter
honorton via Tor Browser
Impact
low
Description
Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab.
References
Bug 1849186
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
Reporter
Ronald Crane
Impact
low
Description
The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.
References
Bug 1868901
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
Reporter
Andrew McCreight, the Mozilla Fuzzing Team, Randell Jesup, Valentin Gosu (he/him), Karl Tomlinson
Impact
high
Description
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
#CVE-2023-6873: Memory safety bugs fixed in Firefox 121
Reporter
Andrew McCreight, Yury Delendik
Impact
high
Description
Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 121
Instalação
É
aconselhável que você espere a chegada em seus repositórios, mas caso
queira instalar manualmente o Firefox 121 siga os passos.
A instalação será feita usando o Firefox dos servidores da Mozilla e instalado no diretório /opt.
Abra o terminal e de os comandos na sequencia.
Entre no diretório de trabalho.
cd /opt
De o comando abaixo para fazer o download da ultima versão do Firefox, escolha a sua plataforma e linguagem.
Firefox i686 ( 32 bits ) PT_BR
sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=lang=pt-BR"
Ou
Firefox i686 ( 32 bits ) EN_USsudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"
Ou
Firefox amd64 ( 64 bits ) PT_BRsudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=pt-BR"
Ou
Firefox amd64 ( 64 bits ) EN_USsudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"
Descompacte o arquivo do download.
sudo tar -jxvf /opt/firefox.tar.bz2
Vamos criar o atalho no menu, de o comando abaixo no terminal.
sudo nano /usr/share/applications/Firefox.desktop
Copie as linhas abaixo em vermelho no arquivo aberto,salve e feche.
[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Comment=Browse the World Wide Web
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true
Salve teclando CTRL + x tecle s e tecle Enter para fechar.
Para finalizar vamos tornar o seu usuário dono do diretório do Firefox,
com isso o Firefox ira atualizar automaticamente quando a Mozilla
liberar atualizações.
sudo chown -R $USER:$USER /opt/firefox
Ai está o Firefox 121.
Comentários
Postar um comentário
olá, seja bem vindo ao Linux Dicas e suporte !!