The Mozilla Foundation has released Firefox 77 with new DevTool improvements and web platform updates. The update also includes fixes for multiple vulnerabilities.
Mozilla has added a number of new DevTools features in the latest release of Firefox 77, such as:
- “Faster, leaner” JavaScript debugging.
- JavaScript and CSS Source Maps (to improve performance).
- Step JavaScript in the selected stack frame.
- Overflow settings for Network and Debugger.
- Pause on property read and write.
- Improved Network data preview.
In addition, Firefox added new platform features, to include String#replaceAll and improvements to IndexedDB cursor requests.
Users can also view and manage web certificates more easily on the new “about:certificate” page.
As part of Mozilla Foundation Security Advisory 2020-20, Firefox 77 also patched 8 vulnerabilities to include 5 High severity vulnerabilities.
The High severity bugs patched include:
- CVE-2020-12399: Timing attack on DSA signatures in NSS library
- CVE-2020-12405: Use-after-free in SharedWorkerService
- CVE-2020-12406: JavaScript type confusion with NativeTypes
- CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
- CVE-2020-12411: Memory safety bugs fixed in Firefox 77.
Mozilla also noted that the memory safety bugs could be exploited to run arbitrary code. The use-after-free vulnerability could also lead to potentially an exploitable system crash.
Finally, attackers could exploit the DSA signature vulnerability CVE-2020-12399 to eventually leak private keys.