Mozilla fixes bugs, improves privacy in latest Firefox release
The latest release fixes two critical security flaws, both affecting memory safety.
Mozilla also fixed 11 high-impact flaws, six moderate ones, and two low-impact ones in the release.
High-impact bugs include CVE 2019-9815 which enables a side channel attack in which one program can steal information from another on a Mac. To fix this, Mozilla uses an Apple option to switch off hyperthreading.
Mozilla also fixed several high-impact bugs that could cause the browser to crash, potentially enabling an attacker to exploit system instability. These included a flaw in the program’s image processor that could allow a malformed PNG image to destabilize it, and other bugs in the browsers event listener manager, and its implementation of
XMLHttpRequest (a commonly used feature on Ajax web sites that constantly send data between the server and the browser).
There were also a couple of bugs specific to different operating systems. A bug in WebGL could cause buffer overflows in some Linux graphics drivers. Another bug in the Windows version allows attackers to exploit the browser’s built-in crash reporter and escape the sandbox that it uses to protect the host computer from browser processes.
The latest release also features the fingerprint blocking technology that Naked Security covered in March. This technique, borrowed from the Tor implementation of the Firefox browser, prevents trackers from using information such as your browser’s resolution and colour depth to uniquely identify you across different websites.