Mozilla fixes bugs, improves privacy in latest Firefox release
Mozilla rolled out version 67 of its Firefox browser this week, fixing some security bugs and introducing a host of privacy features.
The latest release fixes two critical security flaws, both affecting memory safety.
Mozilla also fixed 11 high-impact flaws, six moderate ones, and two low-impact ones in the release.
High-impact bugs include CVE 2019-9815 which enables a side channel attack in which one program can steal information from another on a Mac. To fix this, Mozilla uses an Apple option to switch off hyperthreading.
Mozilla also fixed several high-impact bugs that could cause the browser to crash, potentially enabling an attacker to exploit system instability. These included a flaw in the program’s image processor that could allow a malformed PNG image to destabilize it, and other bugs in the browsers event listener manager, and its implementation of XMLHttpRequest (a commonly used feature on Ajax web sites that constantly send data between the server and the browser).
There were also a couple of bugs specific to different operating systems. A bug in WebGL could cause buffer overflows in some Linux graphics drivers. Another bug in the Windows version allows attackers to exploit the browser’s built-in crash reporter and escape the sandbox that it uses to protect the host computer from browser processes.
The latest release also features the fingerprint blocking technology that Naked Security covered in March. This technique, borrowed from the Tor implementation of the Firefox browser, prevents trackers from using information such as your browser’s resolution and colour depth to uniquely identify you across different websites.
You can now also make Firefox check for cryptominers on the websites that it visits. These are pieces of JavaScript embedded in a website’s code that force your computer to mine for cryptocurrency, often without your knowledge. Attackers who compromise a web site with this code can tie up your computing resources in their pursuit of digital currency, normally opting for the anonymity-focused Monero.
In the latest edition of Firefox, you can reach these options by clicking the small ‘i’ icon in the address bar, and then under Content Blocking, clicking on the gear symbol on the right. This will let you select these options individually.
Firefox also added other privacy features including the ability to disable individual browser extensions and save passwords in private browsing mode.
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/QQ4uAb-QUVM/