Firefox 120 Unleashes Security Upgrades and New Features!

Mozilla has released Firefox 120, addressing a total of 10 vulnerabilities, with six classified as 'High Severity,' and two each as 'Moderate' and 'Low' severity. The key features in this update include:

1. Global Privacy Control Setting: The addition of a global privacy control setting enhances user privacy.
2. Import Data from Chromium Snap: Users now have the option to import data from Chromium snap.
3. Copy Link Without Site Tracking: A new option allows users to copy links without including site tracking information.
4. Picture-in-Picture (PIP) Mode Improvements: PIP mode now supports corner snapping on Windows and Linux, providing a more seamless user experience.
5. New DevTools Feature: The update introduces a new feature in the Developer Tools suite, enhancing the debugging capabilities for developers.
6. TLS Trust Anchors Import: The ability to import TLS trust anchors has been added.
7. Private Windows and ETP-Strict Privacy Configuration Improvements: Various enhancements have been made to private windows and the ETP-Strict privacy configuration.
8. High Severity Flaws Addressed:

• CVE-2023-6204: Fixed an out-of-bounds read vulnerability that could leak memory data into canvas element images, depending on graphics settings and drivers. Reported by JSec of Hayyim Security.
• CVE-2023-6205: Addressed a bug allowing the use of a MessagePort after it had been freed, potentially leading to an exploitable crash. Reported by Yangkang of the 360 ATA Team.
• CVE-2023-6206: Resolved a black fade animation issue during fullscreen exit, potentially leading to surprise consumer interactions. Reported by Hafiizh.
• CVE-2023-6207: Fixed a Use-after-free vulnerability in ReadableByteStreamQueueEntry::Buffer. Reported by Yangkang of the 360 ATA Team.
• CVE-2023-6212: Addressed a memory safety bug in Firefox 120, ESR 115.5, and Thunderbird 115.5.
• CVE-2023-6213: Resolved memory safety issues, with evidence of potential memory corruption that could lead to arbitrary code execution.

Empowering Cybersecurity Journeys: Indian Cyber Security Solutions Courses

Discover the world of cybersecurity with Indian Cyber Security Solutions! Our tailored courses, suitable for all levels, provide hands-on training and insights from industry experts. Whether you're a seasoned professional or an enthusiast, acquire the skills needed to navigate the ever-changing cyber landscape. Enroll now and become a guardian of digital security. Your future in cybersecurity begins with Indian Cyber Security Solutions!

Moderate and Low Severity Issues Addressed:

Moderate Severity Issues:

• CVE-2023-6208: Fixed an issue where using the Selection API would copy contents into X11 primary selection.
• CVE-2023-6209: Addressed incorrect parsing of relative URLs.

Low Severity Issues:

• CVE-2023-6210: Resolved the problem of mixed-content resources not being blocked in a javascript: pop-up.
• CVE-2023-6211: Fixed a clickjacking vulnerability that could load insecure pages in HTTPS-only mode.

To enhance security, users are encouraged to download Firefox 120 for Windows, macOS, or Linux from the Mozilla website.