Mozilla releases Firefox 90 with new version of SmartBlock and 9 security fixes

Mozilla releases Firefox 90 with new version of SmartBlock and 9 security fixes

The Mozilla Foundation has released Firefox 90 that includes a new version of SmartBlock and security fixes for nine vulnerabilities, five rated High severity.

An attacker could exploit the vulnerabilities to take control of impacted systems.

The latest Firefox 90 includes a number of bug fixes, security patches and a new version of SmartBlock, an advanced tracker blocking mechanism built into Firefox Private Browsing and Strict Mode.

“SmartBlock 2.0 combines a great web browsing experience with robust privacy protection, by ensuring that you can still use third-party Facebook login buttons to sign in to websites, while providing strong defenses against cross-site tracking,” Mozilla wrote in a blog post.

As part of Mozilla Foundation Security Advisory 2021-28, Firefox 90 also includes fixes for the following five High severity vulnerabilities:

  1. CVE-2021-29970: Use-after-free in accessibility features of a document.
  2. CVE-2021-29971: Granted permissions only compared host; omitting scheme and port on Android.
  3. CVE-2021-30547: Out of bounds write in ANGLE.
  4. CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12.
  5. CVE-2021-29977: Memory safety bugs fixed in Firefox 90.

Mozilla warned that CVE-2021-29976 and CVE-2021-29977 could be exploited to run arbitrary code. To add, CVE-2021-29971 only affects Firefox for Android.

Mozilla also fixed four Moderate risk bugs in the latest Firefox 90 release.

Finally, Mozilla published new security update Firefox ESR 78.12 with three high severity vulnerability fixes.

Related Articles