Firefox 120 Released With Security Updates: What’s New!
With the begin of Mozilla Firefox 120, 10 vulnerabilities are patched, in conjunction with six ‘Excessive Severity’ concerns and two practical and low severity concerns.
The principle changes in Firefox 120 consist of:
- World Privateness Reduction watch over environment
- Import files from Chromium snap
- Possibility to reproduction link without set tracking
- Portray-in-Portray (PIP) mode now supports corner snapping on Home windows and Linux
- Adds contemporary DevTools purpose
- Imports TLS belief anchors
- Enhancements in non-public dwelling windows and ETP-Strict privacy configuration.
Excessive Severity Flaws Addressed
The vulnerability is CVE-2023-6204; reckoning on the graphics settings and drivers, it was likely to cause an out-of-bounds be taught and leak memory files into pictures created on the canvas element. JSec of Hayyim Security reported this enlighten.
The bug, identified as CVE-2023-6205, allowed for the use of a MessagePort after it had already been freed, doubtlessly main to an exploitable atomize. Yangkang of the 360 ATA Team reported this enlighten.
The CVE-2023-6206 enlighten, shaded go animation while exiting fullscreen, is roughly the dimensions of the anti-clickjacking prolong on permission prompts. This truth could maybe be former to surprise customers by persuading them to click on the set the permission grant button was resulting from look. The problem was reported by Hafiizh.
The flaw tracked as CVE-2023-6207 is a Use-after-free in ReadableByteStreamQueueEntry::Buffer. Yangkang of the 360 ATA Team reported this high-severity enlighten.
CVE-2023-6212 is a memory safety bug fixed in Firefox 120, ESR 115.5, and Thunderbird 115.5.
Live API Assault Simulation Webinar
Within the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface existing how APIs could maybe be hacked. The session will conceal: an exploit of OWASP API High 10 vulnerability, a brute drive account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could maybe bolster security over an API gateway
Firefox 120 has addressed memory safety concerns, which is the flaw identified as CVE-2023-6213. Developers for Mozilla reported both of the bugs with high severity.
“All these bugs showed proof of memory corruption and we presume that with adequate effort these forms of could maybe perchance had been exploited to bustle arbitrary code”, Mozilla stated in its advisory.
Common and Low Severity Complications Addressed
Common Severity Complications: The utilization of Various API would reproduction contents into X11 main alternative (CVE-2023-6208) and Incorrect parsing of relative URLs starting with(CVE-2023-6209).
Low Severity Complications: Mixed-suppose material sources no longer blocked in a javascript: pop-up (CVE-2023-6210) and Clickjacking to load unnerved pages in HTTPS-greatest mode (CVE-2023-6211).
You would download Firefox for Home windows, macOS, or Linux from the Mozilla web set.
Source credit : cybersecuritynews.com