Web browsers are our window to the world, the Internet where all the current cybersecurity risks come from. Hence, all browser vendors are hard at work with fine-tuning their products in order to win the trust of users. Mozilla is trying to recover from their recent Add-on fiasco with the fixed Firefox 66.0.4, and hot on its hills is the new version fresh from the pipeline, Firefox 67. The biggest bug fix included with version 67 addresses the critical remote code execution flaw, as reported by the US-CERT (United States Computer Readiness Team.) Mozilla also bundled a fix for the critical security bug as reported by CVE-2019-9800, for both version 67 and the latest Firefox Extended Support Release channel, version 66.
“Mozilla developers and community members Christian Holler, Andrei Ciure, Julien Cristau, Jan de Mooij, Jan Varga, Marcia Knous, André Bargull, and Philipp reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code,” explained the Mozilla Firefox Update Bulletin.
Firefox users are strongly recommended upgrading to version 67, default installations have the maintenance module installed by default which will take care of automatic update if the user does not choose to do it manually. Mozilla is seen focusing more on security, as the Firefox browser is redefining itself as the defender of privacy and security through an open source browser development initiative. All the while the once popular browser is trying to match Google Chrome’s speed and responsiveness since the release of Firefox Quantum (version 57) last year.
Data theft protection involving bookmarks is also bundled with Firefox 57 and its counterpart ESR version. “If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user’s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site,” as reported by Firefox tester Abdulrahman Alqabandi.
For those who are paranoid about cryptojacking malware infection by just visiting infected websites, Firefox 67 includes an enhancement that automatically filter-out known cryptocurrency scripting. The browser also hardens the digital fingerprints produced by the use of the browser, isolating a website from obtaining user information from aggregate sources such as mouse behavior, OS version, geolocation, screen resolution and other metadata available from browsers.