[German]Mozilla's developers have released an update for the Firefox browser on 21 May 2017, which upgrades the browser to version 67. The update to Firefox 60.7.0 ESR has now also been released.
German blog reader trenncrohl has left a comment (thanks) about this update. The new browser version should auto update itself within the next days. A Firefox restart is required for installation. Version 67 brings some new features:
- Starting with Firefox 67, several Firefox versions can be installed in parallel. Each installation uses its own profile.
- The content blocker was extended in Firefox 67 by two functions. The Custom area allows to block Cryptominer and Fingerprinting elements.
Mozilla plans to roll out WebRender with the release of Firefox 67 to 5% of users. This should allow a faster display. Mozilla has published this release notes with more details. Some details are also discussed within the Mozilla Blog.
In a security advisory, the developers also announced what critical vulnerabilities they had fixed in Firefox 67.
- CVE-2019-9816: Type confusion with object groups and UnboxedObjects
- CVE-2019-9817: Stealing of cross-domain images using canvas
- CVE-2019-9818: Use-after-free in crash generation server
- CVE-2019-9819: Compartment mismatch with fetch API
- CVE-2019-9820: Use-after-free of ChromeEventHandler by
- CVE-2019-9821: Use-after-free in AssertWorkerThread
- CVE-2019-11691: Use-after-free in XMLHttpRequest
- CVE-2019-11692: Use-after-free removing listeners in the event listener manager
- CVE-2019-11693: Buffer overflow in WebGL bufferdata on
- CVE-2019-7317: Use-after-free in png_image_free of libpng library
- CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
- CVE-2019-11695: Custom cursor can render over user interface outside of web content
- CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts
- CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
- CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
- CVE-2019-11700: res: protocol can be used to open known local files
- CVE-2019-11699: Incorrect domain name highlighting during page navigation
- CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
- CVE-2019-9814: Memory safety bugs fixed in Firefox 67
- CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
The current version can also be downloaded directly for Windows, macOS and Linux.
Cookies helps to fund this blog: Cookie settings