The Mozilla Foundation has released Firefox 78 that includes security fixes for multiple vulnerabilities, as well as a new ‘Protections Dashboard’ feature.
As part of Mozilla Foundation Security Advisory 2020-24, Firefox 78 patched 13 vulnerabilities, to include 7 High severity vulnerabilities.
The High severity issues patched include:
- CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing
- CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster
- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
- CVE-2020-12418: Information disclosure due to manipulated URL object
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
- CVE-2020-12426: Memory safety bugs fixed in Firefox 78.
Mozilla also noted that the memory safety vulnerability could be exploited to run arbitrary code. The use-after-free vulnerabilities could also lead to potentially an exploitable system crash.
Firefox 78 also added a new Protections Dashboard feature, which includes consolidated reports about tracking protection, data breaches and password management.
You can now track how many breaches you have resolved, straight from the Protections Dashboard. To add, you can also see if any your saved passwords have been exposed to previous data breaches.