O browser Mozilla Firefox 121 é lançado com varias novidades e correções.Destaque para o suporte nativo ao servidor gráfico Wayland nas distros Linux.

 Lançado Firefox 121 com suporte ao servidor gráfico Wayland ativado por padrão no Linux

Mozilla Firefox é um navegador livre e multiplataforma desenvolvido pela Mozilla Foundation com ajuda de centenas de colaboradores. A intenção da fundação é desenvolver um navegador leve, seguro, intuitivo e altamente extensível. Wikipédia.

Lançado em 19 de dezembro de 2023.

Novo

• O Firefox agora solicita aos usuários do Windows que instalem a Extensão de Vídeo do Microsoft AV1 para habilitar o suporte de decodificação de hardware para o codec de vídeo AV1 se não já estiver instalado.
• O Firefox agora suporta comandos de controle de voz em sistemas macOS.
• No Linux, o Firefox agora está padrão para o compositor Wayland quando disponível em vez do XWayland. Isso traz suporte para gestos touchpad e touchscreen, deslizar para navegação, configurações de DPI por monitor, melhor desempenho gráfico e muito mais.
• Observe que, devido às limitações do protocolo Wayland, as janelas Picture-in-Picture exigem uma interação extra do usuário (geralmente clique com o botão direito da tela na janela) ou um ajuste de shell / ambiente de desktop. Veja bug 1621261 para discussão e rastreamento relacionados, este post para uma configuração do KDE e essa extensão para o GNOME.
• O Firefox agora pode forçar os links a serem sempre sublinhados. Essa opção pode ser ativada na seção Browsing do menu Configurações do Firefox.
• Screenshot of new Always underline links option
• O visualizador de PDF agora inclui um botão flutuante para simplificar a exclusão de desenhos, texto e imagens adicionadas em PDFs.
• Screenshot of new floating delete button

Várias correções de segurança

Security Vulnerabilities fixed in Firefox 121 Announced December 19, 2023 Impact high Products Firefox Fixed in Firefox 121 #CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Reporter DoHyun Lee Impact high Description The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. References Bug 1843782 #CVE-2023-6135: NSS susceptible to "Minerva" attack Reporter George Pantela (Red Hat) and Hubert Kario (Red Hat) Impact high Description Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. References Bug 1853908 #CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream Reporter Jan Varga Impact high Description EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. References Bug 1864123 #CVE-2023-6857: Symlinks may resolve to smaller than expected buffers Reporter Jed Davis Impact moderate Description When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected. References Bug 1796023 #CVE-2023-6858: Heap buffer overflow in nsTextFragment Reporter Irvan Kurniawan Impact moderate Description Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. References Bug 1826791 #CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer Reporter Irvan Kurniawan Impact moderate Description A use-after-free condition affected TLS socket creation when under memory pressure. References Bug 1840144 #CVE-2023-6866: TypedArrays lack sufficient exception handling Reporter Tom Schuster Impact moderate Description TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. References Bug 1849037 #CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation Reporter Andrew Osmond Impact moderate Description The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. References Bug 1854669 #CVE-2023-6867: Clickjacking permission prompts using the popup transition Reporter Hafiizh Impact moderate Description The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. References Bug 1863863 #CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode Reporter Yangkang of 360 ATA Team Impact moderate Description The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode. References Bug 1864118 #CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID key Reporter John-Mark Gurney Impact moderate Description In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. References Bug 1865488 #CVE-2023-6869: Content can paint outside of sandboxed iframe Reporter Oriol Brufau Impact low Description A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. References Bug 1799036 #CVE-2023-6870: Android Toast notifications may obscure fullscreen event notifications Reporter Hafiizh Impact low Description Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This issue only affects Android versions of Firefox and Firefox Focus. References Bug 1823316 #CVE-2023-6871: Lack of protocol handler warning in some instances Reporter Roy Gunsen Impact low Description Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. References Bug 1828334 #CVE-2023-6872: Browsing history leaked to syslogs via GNOME Reporter honorton via Tor Browser Impact low Description Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. References Bug 1849186 #CVE-2023-6863: Undefined behavior in ShutdownObserver() Reporter Ronald Crane Impact low Description The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. References Bug 1868901 #CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 Reporter Andrew McCreight, the Mozilla Fuzzing Team, Randell Jesup, Valentin Gosu (he/him), Karl Tomlinson Impact high Description Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 #CVE-2023-6873: Memory safety bugs fixed in Firefox 121 Reporter Andrew McCreight, Yury Delendik Impact high Description Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 121

Instalação

É aconselhável que você espere a chegada em seus repositórios, mas caso queira instalar manualmente o Firefox 121 siga os passos.

A instalação será feita usando o Firefox dos servidores da Mozilla e instalado no diretório /opt.

Abra o terminal e de os comandos na sequencia.

Entre no diretório de trabalho.

cd /opt

De o comando abaixo para fazer o download da ultima versão do Firefox, escolha a sua plataforma e linguagem.

Firefox i686 ( 32 bits ) PT_BR

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=lang=pt-BR"

Ou

Firefox i686 ( 32 bits ) EN_US

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"

Ou

Firefox amd64 ( 64 bits ) PT_BR

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=pt-BR"

Ou

Firefox amd64 ( 64 bits ) EN_US

sudo wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"

Descompacte o arquivo do download.

sudo tar -jxvf /opt/firefox.tar.bz2

Vamos criar o atalho no menu, de o comando abaixo no terminal.

sudo nano /usr/share/applications/Firefox.desktop

Copie as linhas abaixo em vermelho no arquivo aberto,salve e feche.

[Desktop Entry]
Encoding=UTF-8
Name=Firefox
Comment=Browse the World Wide Web
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true

Salve teclando CTRL + x tecle s e tecle Enter para fechar.

Para finalizar vamos tornar o seu usuário dono do diretório do Firefox, com isso o Firefox ira atualizar automaticamente quando a Mozilla liberar atualizações.

sudo chown -R $USER:$USER /opt/firefox

Ai está o Firefox 121.