The new versions 108 of Firefox and 102.6 of Firefox ESR and Thunderbird primarily fix security vulnerabilities plus some small improvements.

The Mozilla Foundation has released version 108 of the Firefox web browser. At the same time, the developers released the browser with long-term support, Firefox ESR, and also an update for the Thunderbird mail program in version 102.6. All software versions fix security gaps.

Firefox updates

The release notes for Firefox 108 hardly provide any interesting innovations for browser users. As in Chrome, the keyboard shortcut Shift + Esc opens a process manager in which the resource consumption of individual browser processes can be identified. Processes for tabs in the background use an efficiency mode on Windows 11 to save resources. Firefox now supports non-English characters when saving and printing PDF forms. It also added support for the WebMIDI API and an experimental control mechanism to contain potentially dangerous functions.

According to their security report, the developers fixed four vulnerabilities with a high degree of severity, three with a medium severity rating and one with a low hazard rating. Among them, an outdated third-party component, the libusrsctp library, opened security vulnerabilities. Under Firefox for Linux, attackers could break out of a compromised process from the browser sandbox and read arbitrary files. Files with long filenames could have their file extensions cut off during drag'n'drop operations and thus receive a different file extension – potentially of a malicious nature, such as .exe.

According to the security report, Firefox ESR 102.6 also fixes four high-risk vulnerabilities. In addition to the mentioned vulnerability on Linux, there are two high-risk vulnerabilities in the WebGL component. Three other vulnerabilities reach medium severity, one of them again in WebGL.

Thunderbird update

The Mozilla Foundation reports the same security gaps for Thunderbird 102.6 as for the ESR Firefox. The release notes highlight some bug fixes. The import of OpenPGP keys failed if a public key with a public sub-key already existed. If users had too many folders open, message index files were erroneously deleted. Additionally, Thunderbird could sometimes format synced vCards incorrectly.

Also, Thunderbird did not delete cookies on disk that were cleared from the Show Cookies dialog. Pausing RSS feed did not work either. The developers are closing the listing with various visual and usability improvements.

Due to the security vulnerabilities fixed with the new versions, it is recommended that Firefox and Thunderbird users apply the available update as soon as possible.