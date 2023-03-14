The new Firefox version 111 has a total of 13 closed security gaps. In the long-term support version Firefox ESR 102.9 there are still six sealed security gaps. Do the new versions also deliver significant new functions? No, that’s vinegar.

The few new features of Firefox 111 from the release notes can be summarized quickly: Firefox now activates native notifications on Windows. The web browser brings new localizations for the Italian dialects Friulian Silhe (fur) and Sardinian (sc) and offers Firefox Relay users to create relay email masks directly from the Firefox credentials manager. To do this, they must be logged into their Firefox account.

Firefox: patched security leaks

After all, the updated browser offers significant improvements in terms of security. From the closed vulnerabilities step the Mozilla developers according to their security advisory seven as high risk and six as medium risk. At the Firefox ESR 102.9 there are at least two vulnerabilities with a high threat rating and four with a medium severity rating.

Two of the high-risk vulnerabilities only affect the Android version of Firefox. Full screen notifications could be hidden by download notifications (CVE-2023-28159), or by long description dialog boxes in general (CVE-2023-25748). Attackers could have misused this for spoofing attacks.

Firefox: version check

Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the icon with the three horizontal stripes to the right of the address bar, and then continuing with “Help” – “About Firefox”. If necessary, this triggers the update process and prompts users to restart their browser.

The Firefox version dialog shows the currently used version and, if necessary, initiates the browser update. He also points out that a browser restart is necessary. (Image: Dirk Knop / heise online)

Users of other operating systems such as Linux usually have to call up the native software management. This should then provide the update.

The Firefox browser versions 110 and ESR 102.8 from mid-February already provided core security updates. At that time there were 19 and 14 vulnerabilities that the developers fixed.



(dmk)

