The Mozilla Foundation has released Firefox 76 with new security protections for online account logins and passwords. The update also includes fixes for multiple vulnerabilities.
Mozilla has added a number of good account protection features in the latest release of Firefox 76, such as:
- Critical alerts via Lockwise password manager when a website is breached.
- You are prompted to update password (if your account was involved in website breach and same password used in other sites).
- Automatically generate secure, complex passwords for new accounts used to access multiple websites.
- Protection from casual snooping on shared computers (requires login to OS to show saved passwords).
As part of Mozilla Foundation Security Advisory 2020-16, Firefox 76 also patched 11 vulnerabilities to include 3 Critical and 3 High severity vulnerabilities.
The Critical severity bugs patched include:
- CVE-2020-12387: Use-after-free during worker shutdown.
- CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens (affects Windows systems).
- CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8.
The High severity bugs patched include:
- CVE-2020-12389: Sandbox escape with improperly separated process types.
- CVE-2020-6831: Buffer overflow in SCTP chunk input validation.
- CVE-2020-12396: Memory safety bugs fixed in Firefox 76.
Mozilla also noted that the memory safety bugs could be exploited to run arbitrary code. The buffer overflow and use-after-free vulnerabilities could also lead to potentially an exploitable system crash.
Finally, 4 Moderate and 1 Low severity vulnerabilities were also addressed in the recent security update.