[German]Mozilla Mozilla developers have released versions 99.0 and 91.8.0esr of the Firefox browser on April 5, 2022. This is a new development branch of Firefox 99, with the update fixing vulnerabilities according to the Security Advisory. Thanks to 1ST1 for the tip.
According to the release notes, the following new features will be rolled out with the April 5, 2022 update.
- You can now turn on speech output in ReaderMode using the keyboard shortcut "n".
- In the PDF Viewer, support for searching – with or without diacritical marks – has been enhanced.
- The Linux sandbox has been strengthened: processes exposed to Web content no longer have access to the X Window System (X11).
- Firefox now supports automatic filling and recording of credit cards in Germany and France.
Several bug fixes and new policies have been implemented in the latest version of Firefox. For more information, see the Firefox for Enterprise 99 Release Notes. According to this security advisory, several vulnerabilities rated as high and moderate have been fixed.
- CVE-2022-1097: Use-after-free in NSSToken objects
- CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
- CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
- CVE-2022-28284: Script could be executed via svg's use element
- CVE-2022-28283: Missing security checks for fetching sourceMapURL
- CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
- CVE-2022-28286: iframe contents could be rendered outside the border
- CVE-2022-24713: Denial of Service via complex regular expressions
- CVE-2022-28287: Text Selection could crash Firefox
- CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
- CVE-2022-28288: Memory safety bugs fixed in Firefox 99
An update of Firefox 91.8.0esr with one year of long-term support has also been provided with the same fix to eliminate the above vulnerabilities.
The new Firefox and ESR variants can be downloaded from this website for various platforms (the variant is to be selected from the list boxes displayed).
Cookies helps to fund this blog: Cookie settings