Firefox 76.0 released critical security patches — update now — Naked Security

Pinterest LinkedIn Tumblr

Firefox has just released its latest version, which will be available from Tuesday 4 to Tuesday 4 and contains many bug fixes, including three that have been marked as critical.

Version 76.0 also comes with fanfares for the new features added to the Firefox password manager, and the Coronavirus pandemic is now an unknown reason to praise these features:

There is no doubt that in recent weeks you have signed up for new online services, such as streaming movies and shows, exporting orders or delivering products to your home. All of these new accounts require unique and secure passwords that can now be easily generated, managed and protected with Lockwise Firefox.

Lockwise is a combined Firefox password manager for mobile phones and browsers that now warns you about what he thinks has been compromised.

According to Mozilla, Firefox will automatically warn you if it thinks one of the websites you have an account on is affected by a data breach.

It is therefore not surprising that this warning is called a site violation warning and is activated when you changed your password for the last time on the site before the violation took place:

Firefox 76.0 released critical security patches — update now — Naked Security

The vulnerable password warning will also be released for the first time, which none of us should need, but many of us would probably still be able to handle it:

Firefox 76.0 released critical security patches — update now — Naked Security

This will tell you whether your other passwords match the password you used on the site, which most likely violated the data.

Ideally, we want the warning to appear every time you start your browser if two passwords are the same, so that you are regularly and strongly encouraged to change them both into something new, complicated and unique.

But Firefox is a bit softer, probably the best place to start.

(We’ll assume that if you have a password that you use for many accounts, it’s because you think they’re going to stop, so you’re probably using a short, obvious password – but you don’t have to choose a trivial one if your password manager can easily generate and remember complex passwords).

Of course, if you already have a password manager that satisfies you, or if you have an incredible amount of storage space for c0MPlic4ted sTR!nZ OV unu5$l t3KSt, then of course you won’t be interested in these new features, but you still need an updated version to fix their security.

As mentioned above, three out of eleven safety patches with CVE numbers are considered critical:

  • CELLAR-2020-12387: Unnecessary use during a work stoppage. This is a potentially dangerous accident, suggesting that a sufficiently skilled fraudster could use this error to implement malicious software.
  • CELLAR-2020-12388: Leave the sandbox with badly guarded passes. Escape from the sandbox means that the content of unauthorized websites can be bypassed from the security check, allowing the browser to store data from different websites and suspicious websites cannot communicate with trusted parts of your computer, such as the data stored on your hard drive.
  • CELLAR-2020-12395: Fixed a memory error in Firefox 76 and Firefox ESR 68.8. This is a common Firefox vulnerability trap and includes eight different vulnerabilities found in Mozillan’s routine checks and tests.

Note that the second vulnerability mentioned above is specific to Firefox on Windows, although you should not use it as a reason to delay the update if you have a Mac or Linux/Unix computer.

There’s a separate entry, CVE-2020-12395, highlighted high rather than critical, which relates to the five bugs found in Firefox 75, but not in the 68.7 Extended Support Release (ESR), which reminds us that new features sometimes cause new bugs.

The Tor-browser, based on Firefox ESR, will also get an update, a somewhat confusing change from 9.0.9 to 9.0.10.

(If you are a Tor user, you can check which versions of Firefox your current Tor is based on in the About Tor Browser dialog).

What should I do?

As usual: Go to Help > About Firefox (or about the Tor browser) to see if you know.

Otherwise, the update will be requested and you will be prompted to perform the update – a restart of Firefox will automatically apply the update and restart the new version.

If you are using Linux or xBSD with a version of Firefox provided by your distribution, you should check the update servers of your distribution to find and get all available Firefox fixes.

Newest Podcast Bare Securityfirefox 32-bit,firefoxexe,mozilla firefox free download,firefox what's new,firefox for vista,download fox