Mozilla fixes bugs, improves privacy in latest Firefox release

Mozilla rolled out version 67 of its Firefox browser this week, fixing some and introducing a host of privacy features.

The latest fixes two critical security flaws, both affecting memory safety.

Mozilla also fixed 11 high-impact flaws, six moderate ones, and two low-impact ones in the release.

High-impact bugs include CVE 2019-9815 which enables a side channel attack in which one program can steal information from another on a Mac. To fix this, Mozilla uses an Apple option to switch off hyperthreading.

Mozilla also fixed several high-impact bugs that could cause the browser to crash, potentially enabling an attacker to exploit system instability. These included a flaw in the program’s image processor that could allow a malformed PNG image to destabilize it, and other bugs in the browsers event listener manager, and its implementation of XMLHttpRequest (a commonly used feature on Ajax web sites that constantly send data between the server and the browser).

There were also a couple of bugs specific to different operating systems. A bug in WebGL could cause buffer overflows in some Linux graphics drivers. Another bug in the Windows version allows attackers to exploit the browser’s built-in crash reporter and escape the sandbox that it uses to protect the host computer from browser processes.

The latest release also features the fingerprint blocking technology that Naked Security covered in March. This technique, borrowed from the Tor implementation of the Firefox browser, prevents trackers from using information such as your browser’s resolution and colour depth to uniquely identify you across different websites.

Also Read:  Cryptic tweet by Raja Koduri points at Intel Xe June 2020 release

You can now also make Firefox check for cryptominers on the websites that it visits. These are pieces of JavaScript embedded in a website’s code that force your computer to mine for cryptocurrency, often without your knowledge. Attackers who compromise a web site with this code can tie up your computing resources in their pursuit of digital currency, normally opting for the anonymity-focused Monero.

You might also like More from author

Comments are closed.