Firefox 120 and Thunderbird 115.5.0 available
Malicious code can slip through vulnerabilities in Mozilla's mail client and web browser plus data protection has been improved.
David FischerMozilla extends privacy and security to Firefox and Thunderbird. Malicious code can slip through vulnerabilities in Mozilla's mail client and web browser. Data protection has also been improved.
In the new versions of Firefox, Firefox ESR and Thunderbird, the developers have resolved several security issues. Mozilla rates the impact of successful attacks as high. The web browser has also been given new data protection functions and now rejects cookie banners under certain conditions.
Attackers can attack Firefox and Thunderbird in unspecified ways and, among other things, trigger memory errors (CVE-2023-6204 high, CVE-2023-6205 high). This makes unauthorized access to memory areas possible and malicious code can get onto the system. If this is the case, attackers usually gain full control of computers.
In addition, attackers can use the short black fade animation when switching from full-screen mode to launch a clickjacking attack (CVE-2023-6206 high). In this case, victims could unintentionally click on a window with an extension of rights. On iOS, extracting a security key is conceivable in the context of reader mode.
Mozilla has secured the versions Firefox 120, Firefox for iOS 120, Firefox ESR 115.5 and Thunderbird 115.5.0 against the attacks described.
The new version 120 of Firefox now rejects cookies in private windows on many, but not all, websites. In addition, thanks to Canvas fingerprinting protection and support for Global Privacy Control (GPC), tracking should be prevented even more effectively. In addition, website links are now copied without tracking parameters. By default, the browser now imports TLS certificates from the certificate store of Windows, among others.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.