The Firefox 112 update fixes 22 security vulnerabilities overall. There are also some functional improvements. Firefox ESR and Thunderbird are now available in version 102.10, which also fix security gaps.

Firefox 112 with improved features

Firefox 112 brings some improvements mentioned in the release notes. For example, the developers added that right-clicking on a password form field can now reveal the password. The shortcut Ctrl+Shift+T can now not only restore recently closed tabs, but also reopen the last session when there are no more closed tabs in the current session.

The middle-click, usually with the mouse wheel, on an entry in the tab list of the tab bar now closes the corresponding tab. Software-decoded videos on Intel GPUs are now displayed via an overlay - this should improve the quality of the scaling and reduce the GPU load. The developers have equipped the Enhanced Tracking Protection (ETP) with other known tracking parameters, which it removes when URLs are called.

The Mozilla programmers also mention the change that the U2F JavaScript API is now disabled by default. However, the U2F protocol can still be used using the WebAuthn API. However, the settings parameter security.webauth.u2f allows the API to be reactivated if required.

22 security vulnerabilities in the updated version of the Firefox web browser have been fixed. Of these, ten are classified as high-risk, eight are classified as medium-risk and another four are classified as low-risk. Some are limited to certain operating systems: Under Android, for example, a full-screen notification could be disguised in various ways and thus irritated users or presented with fake content (CVE-2023-29534, risk high). There were two other ways to do this on all supported operating systems (CVE-2023-29533, high).

Firefox Extended Stable Release and Thunderbird

The new Firefox ESR 102.10 fixes seven vulnerabilities with a high risk rating, five with a medium threat rating, and one with a low risk rating. Thunderbird now chooses encryption with S/MIME for new messages if this has been configured and OpenPGP is not set up. According to the security advisory, the version fixes eight high-risk vulnerabilities, six medium-risk and one low-level vulnerabilities.

Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.