Firefox 111 and its ESR version 102.9 updates fix high-risk vulnerabilities. Getting the update is advisable even without many new functions.
The new Firefox version 111 fix a total of 13 security gaps. In the long-term support version Firefox ESR 102.9, there are six fixed security gaps. New features of Firefox 111 from the release notes can be summarized quickly: Firefox now activates native notifications on Windows. The web browser brings new localizations for the Italian dialects Friulian Silhe (fur) and Sardinian (sc) and offers Firefox Relay users to create relay email masks directly from the Firefox credentials manager. To do this, they must be logged into their Firefox account.
After all, the updated browser offers significant improvements in terms of security. According to their security report, the Mozilla developers classify seven of the closed vulnerabilities as high risk and six as medium risk. In Firefox ESR 102.9 there are at least two vulnerabilities with a high threat rating and four with a medium severity rating.
Two of the high-risk vulnerabilities only affect the Android version of Firefox. Full screen notifications could be hidden by download notifications (CVE-2023-28159), or by long description dialog boxes in general (CVE-2023-25748). Attackers could have misused this for spoofing attacks.
Anyone using the Firefox web browser should check whether the current version is already running and, if necessary, initiate the update. This can be done by clicking on the application menu, which is located behind the symbol with the three horizontal stripes to the right of the address bar, and then continuing with Help - About Firefox. If necessary, this triggers the update process and prompts users to restart their browser.