Firefox 72.0.1 and 68.4.1esr, and Tor 9.0.4 released

Posted on 2020-01-09 by guenni

Mozilla[German]Mozilla's developers had just (January 7, 2020) released version 72 (and 68.4.0 ESR) of the Firefox browser, and they had to make some improvements. Since January 8, 2020 Firefox 72.0.1 and 68.4.1esr are available. There is also the Tor Browser 9.0.3.

Advertising

Security update for Firefox

I had already mentioned in my German article Firefox 72 und 68.4.0esr verfügbar that the browsers get a security update. But at that time the update was not yet distributed automatically and there was no change log. In the meantime I am offered the automatic update in Firefox 72. In the release notes of Firefox 72.0.1 and 68.4.1esr the following Security fixes are listed:

72.0.1 and Firefox ESR 68.4.1
Announced: January 8, 2020
Impact: critical
Products: Firefox, Firefox ESR
Fixed in: Firefox 72.0.1, Firefox ESR 68.4.1

#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Impact critical
Description: Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. (Bug 1607443)

Tor-Browser 9.0.3

German blog reader Ralf Lindemann pointed out in this comment, that the Tor Browser has been updated to version 9.0.3. Again, during my test the new version was offered via Auto-Update as part of an update search.

The Tor Browser 9.0.3 was released on January 7, 2020 and does not yet contain the latest fix of ESR 68.4.1, but is still based on Firefox 68.4.0 – which has the vulnerabilties mentioned above. The release notes for Tor 9.0.3 list the following changes:

* All Platforms
   * Update Firefox to 68.4.0esr
   * Bump NoScript to 11.0.11
   * Translations update
   * Update OpenPGP keyring
   * Bug 32606: Set up default bridge at Georgetown University
   * Bug 32659: Remove IPv6 address of default bridge
   * Bug 32547: Add new default bridge at UMN
   * Bug 31855: Remove End of Year Fundraising Campaign from about:tor
* Windows + OS X + Linux
   * Bump Tor to 0.4.2.5
   * Update Tor Launcher to 0.2.20.5
     * Bug 32636: Clean up locales shipped with Tor Launcher
* Android
   * Bug 32405: Crash immediately after bootstrap on Android
* Build System
   * Linux
     * Bug 32676: Create a tarball with all Linux x86_64 language packs

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in browser, Security, Software, Update. Bookmark the permalink.

One Response to Firefox 72.0.1 and 68.4.1esr, and Tor 9.0.4 released

Leave a Reply

Your email address will not be published. Required fields are marked *