Mozilla releases Firefox 77 with new DevTool improvements, security updates

Mozilla releases Firefox 77 with new DevTool improvements

The Mozilla Foundation has released Firefox 77 with new DevTool improvements and web platform updates. The update also includes fixes for multiple vulnerabilities.

Mozilla has added a number of new DevTools features in the latest release of Firefox 77, such as:

  • “Faster, leaner” JavaScript debugging.
  • JavaScript and CSS Source Maps (to improve performance).
  • Step JavaScript in the selected stack frame.
  • Overflow settings for Network and Debugger.
  • Pause on property read and write.
  • Improved Network data preview.

In addition, Firefox added new platform features, to include String#replaceAll and improvements to IndexedDB cursor requests.

Users can also view and manage web certificates more easily on the new “about:certificate” page.

As part of Mozilla Foundation Security Advisory 2020-20, Firefox 77 also patched 8 vulnerabilities to include 5 High severity vulnerabilities.

The High severity bugs patched include:

  1. CVE-2020-12399: Timing attack on DSA signatures in NSS library
  2. CVE-2020-12405: Use-after-free in SharedWorkerService
  3. CVE-2020-12406: JavaScript type confusion with NativeTypes
  4. CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  5. CVE-2020-12411: Memory safety bugs fixed in Firefox 77.

Mozilla also noted that the memory safety bugs could be exploited to run arbitrary code. The use-after-free vulnerability could also lead to potentially an exploitable system crash.

Finally, attackers could exploit the DSA signature vulnerability CVE-2020-12399 to eventually leak private keys.

Related Articles