Firefox 2021

admin



Today, with the launch of Firefox 87, we are excited to introduce SmartBlock, a new intelligent tracker blocking mechanism for Firefox Private Browsing and Strict Mode. SmartBlock ensures that strong privacy protections in Firefox are accompanied by a great web browsing experience.

Privacy is hard

Firefox ended support for Adobe Flash in Firefox at the end of 2020, as announced back in 2017. Adobe and other browsers also ended support for Flash at the end of 2020. Firefox version 84 was the final version to support Flash. Firefox version 85 (released on January 26, 2021) shipped without Flash support, improving our performance and security. Mozilla Firefox Latest Version 2021 - Free Download and Review. 9.8 Outstanding! Version: 72.0.2. PortableApps.com is proud to announce the release of Mozilla Firefox® Developer Edition, Portable 88b1. It's the developer's edition of the Mozilla Firefox web browser bundled with a PortableApps.com Launcher as a portable app, so you can do web development on the go.

At Mozilla, we believe that privacy is a fundamental right and that everyone deserves to have their privacy protected while they browse the web. Since 2015, as part of the effort to provide a strong privacy option, Firefox has included the built-in Content Blocking feature that operates in Private Browsing windows and Strict Tracking Protection Mode. This feature automatically blocks third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. By blocking these tracking components, Firefox Private Browsing windows prevent them from watching you as you browse.

Firefox 2021 free

In building these extra-strong privacy protections in Private Browsing windows and Strict Mode, we have been confronted with a fundamental problem: introducing a policy that outright blocks trackers on the web inevitably risks blocking components that are essential for some websites to function properly. This can result in images not appearing, features not working, poor performance, or even the entire page not loading at all.

New Feature: SmartBlock

To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy.

SmartBlock does this by providing local stand-ins for blocked third-party tracking scripts. These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact.

The SmartBlock stand-ins are bundled with Firefox: no actual third-party content from the trackers are loaded at all, so there is no chance for them to track you this way. And, of course, the stand-ins themselves do not contain any code that would support tracking functionality.

In Firefox 87, SmartBlock will silently stand in for a number of common scripts classified as trackers on the Disconnect Tracking Protection List. Here’s an example of a performance improvement:

Firefox

An example of SmartBlock in action. Previously (left), the website tiny.cloud had poor loading performance in Private Browsing windows in Firefox because of an incompatibility with strong Tracking Protection. With SmartBlock (right), the website loads properly again, while you are still fully protected from trackers found on the page.

We believe the SmartBlock approach provides the best of both worlds: strong protection of your privacy with a great browsing experience as well.

These new protections in Firefox 87 are just the start! Stay tuned for more SmartBlock innovations in upcoming versions of Firefox.

The team

This work was carried out in a collaboration between the Firefox webcompat and anti-tracking teams, including Thomas Wisniewski, Paul Zühlcke and Dimi Lee with support from many Mozillians including Johann Hofmann, Rob Wu, Wennie Leung, Mikal Lewis, Tim Huang, Ethan Tseng, Selena Deckelmann, Prangya Basu, Arturo Marmol, Tanvi Vyas, Karl Dubost, Oana Arbuzov, Sergiu Logigan, Cipriani Ciocan, Mike Taylor, Arthur Edelstein, and Steven Englehardt.

We also want to acknowledge the NoScript and uBlock Origin teams for helping to pioneer this approach.

MS-ISAC ADVISORY NUMBER:

2021-051

DATE(S) ISSUED:

04/20/2021

Firefox Mozilla Free Download Latest Version

OVERVIEW:

Multiple vulnerabilities have been discovered in Mozilla Firefox/Firefox ESR/Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser that is used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Mozilla Firefox versions prior to 87.0
  • Mozilla Firefox ESR versions prior to 78.9
  • Mozilla Thunderbird versions prior to 78.7

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Firefox 2021 Models

Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

Descargar Firefox 2021

Multiple vulnerabilities have been discovered in Mozilla Firefox/Firefox ESR/Thunderbird, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • Internal network hosts probing vulnerability exist when slipstream techniques and malicious webpage are combined. (CVE-2021-23961)
  • A memory corruption and out of bounds write vulnerability exist when WebGL framebuffer is not initialized early enough. (CVE-2021-23994)
  • An arbitrary code execution vulnerability exist when Responsive Design Mode is enabled. (CVE-2021-23995)
  • Content outside webpage viewport vulnerability exist when 3D CSS and Javascript are combined. (CVE-2021-23996)
  • Arbitrary code execution vulnerability exist when using font cache. (CVE-2021-23997)
  • A spoofing vulnerability exist when an HTTP page could have inherited a secure lock icon from an HTTPS page. (CVE-2021-23998)
  • A privilege-escalation vulnerability exist when a Blob url is loaded through some unusual user interaction or by privileged user. (CVE-2021-23999)
  • An information disclosure vulnerability exist when requestPointerLock() is applied to the incorrect tab. (CVE-2021-24000)
  • Session history manipulation vulnerability exist when infrastructure is not restricted to testing-only configurations. (CVE-2021-24001)
  • A command-execution vulnerability exist when clicked on a FTP url containing encoded newline characters (%0A and %0D). (CVE-2021-24002)
  • HTML injection vulnerability exist with no Content Security Policy (CVE-2021-29944)
  • A denial-of-service vulnerability exist when WebAssembly JIT miscalculates the size of a return type. (CVE-2021-29945)
  • A security-bypass vulnerability exist when it bypasses port blocking restrictions when used in the Alt-Svc header. (CVE-2021-29946)
  • Memory corruption vulnerability (CVE-2021-29947)
  • A race condition vulnerability exist when reading from disk while verifying signatures (CVE-2021-29948)

Successful exploitation of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Mozilla to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services

REFERENCES:

Mozilla:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23994https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23995https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23996https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23997https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23998https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23999https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24000https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24001https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29944https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29947https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29948

Information Hub : Advisories

Blog post23 Apr 2021
Mozilla
Media mention23 Apr 2021

Mozilla Firefox 2021

Media mention21 Apr 2021

Chrome Vs Firefox 2021

Blog post21 Apr 2021
Copyright © 2021