Apr 15, 2021 2021.4.15. Add DuckDuckGo Smarter Encryption update channel. Bloom filter for rulesets. Firefox Fenix option page updates for Android users. Move to Python 3 from Python 3.6. Fix undefined type access. Fix empty default types. Firefox Developer Edition. Get the Firefox browser built just for developers. Check out the home for web developer resources. Firefox Reality. Explore the web with the Firefox browser for virtual reality. Donate your voice so the future of the web can hear everyone. Mar 23, 2021 April 19, 2021; Firefox 87 trims HTTP Referrers by default to protect user privacy March 22, 2021; Firefox 85 Cracks Down on Supercookies January 26, 2021; Firefox 79 includes protections against redirect tracking August 4, 2020; Multi-Account Containers Add-on Sync Feature February 6, 2020.

The last time I tested and compared Microsoft Edge, Google Chrome, and Mozilla Firefox was in October 2020 and now I am testing again in January 2021. Also, at the end of the article, I have shown all the tested results. Type Name Size Last Modified; Dir. Dir: mar-tools/ File: Firefox Installer.en-US.exe: 315K: 21-Apr-2021 12:05: File: firefox-89.0a1.en-US.langpack.xpi: 483K: 19-Apr.

Today, with the launch of Firefox 87, we are excited to introduce SmartBlock, a new intelligent tracker blocking mechanism for Firefox Private Browsing and Strict Mode. SmartBlock ensures that strong privacy protections in Firefox are accompanied by a great web browsing experience.

Privacy is hard

At Mozilla, we believe that privacy is a fundamental right and that everyone deserves to have their privacy protected while they browse the web. Since 2015, as part of the effort to provide a strong privacy option, Firefox has included the built-in Content Blocking feature that operates in Private Browsing windows and Strict Tracking Protection Mode. This feature automatically blocks third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. By blocking these tracking components, Firefox Private Browsing windows prevent them from watching you as you browse.

In building these extra-strong privacy protections in Private Browsing windows and Strict Mode, we have been confronted with a fundamental problem: introducing a policy that outright blocks trackers on the web inevitably risks blocking components that are essential for some websites to function properly. This can result in images not appearing, features not working, poor performance, or even the entire page not loading at all.

New Feature: SmartBlock

To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy.

SmartBlock does this by providing local stand-ins for blocked third-party tracking scripts. These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact.

The SmartBlock stand-ins are bundled with Firefox: no actual third-party content from the trackers are loaded at all, so there is no chance for them to track you this way. And, of course, the stand-ins themselves do not contain any code that would support tracking functionality.

In Firefox 87, SmartBlock will silently stand in for a number of common scripts classified as trackers on the Disconnect Tracking Protection List. Here’s an example of a performance improvement:

An example of SmartBlock in action. Previously (left), the website tiny.cloud had poor loading performance in Private Browsing windows in Firefox because of an incompatibility with strong Tracking Protection. With SmartBlock (right), the website loads properly again, while you are still fully protected from trackers found on the page.

We believe the SmartBlock approach provides the best of both worlds: strong protection of your privacy with a great browsing experience as well.

These new protections in Firefox 87 are just the start! Stay tuned for more SmartBlock innovations in upcoming versions of Firefox.

The team

This work was carried out in a collaboration between the Firefox webcompat and anti-tracking teams, including Thomas Wisniewski, Paul Zühlcke and Dimi Lee with support from many Mozillians including Johann Hofmann, Rob Wu, Wennie Leung, Mikal Lewis, Tim Huang, Ethan Tseng, Selena Deckelmann, Prangya Basu, Arturo Marmol, Tanvi Vyas, Karl Dubost, Oana Arbuzov, Sergiu Logigan, Cipriani Ciocan, Mike Taylor, Arthur Edelstein, and Steven Englehardt.

We also want to acknowledge the NoScript and uBlock Origin teams for helping to pioneer this approach.

MS-ISAC ADVISORY NUMBER:

DATE(S) ISSUED:

OVERVIEW:

Multiple vulnerabilities have been discovered in Mozilla Firefox/Firefox ESR/Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser that is used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

• Mozilla Firefox versions prior to 87.0
• Mozilla Firefox ESR versions prior to 78.9
• Mozilla Thunderbird versions prior to 78.7

RISK:

Government:

• Large and medium government entities: HIGH
• Small government entities: MEDIUM

Businesses:

• Large and medium business entities: HIGH
• Small business entities: MEDIUM

Home Users:

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Mozilla Firefox/Firefox ESR/Thunderbird, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

• Internal network hosts probing vulnerability exist when slipstream techniques and malicious webpage are combined. (CVE-2021-23961)
• A memory corruption and out of bounds write vulnerability exist when WebGL framebuffer is not initialized early enough. (CVE-2021-23994)
• An arbitrary code execution vulnerability exist when Responsive Design Mode is enabled. (CVE-2021-23995)
• Content outside webpage viewport vulnerability exist when 3D CSS and Javascript are combined. (CVE-2021-23996)
• Arbitrary code execution vulnerability exist when using font cache. (CVE-2021-23997)
• A spoofing vulnerability exist when an HTTP page could have inherited a secure lock icon from an HTTPS page. (CVE-2021-23998)
• A privilege-escalation vulnerability exist when a Blob url is loaded through some unusual user interaction or by privileged user. (CVE-2021-23999)
• An information disclosure vulnerability exist when requestPointerLock() is applied to the incorrect tab. (CVE-2021-24000)
• Session history manipulation vulnerability exist when infrastructure is not restricted to testing-only configurations. (CVE-2021-24001)
• A command-execution vulnerability exist when clicked on a FTP url containing encoded newline characters (%0A and %0D). (CVE-2021-24002)
• HTML injection vulnerability exist with no Content Security Policy (CVE-2021-29944)
• A denial-of-service vulnerability exist when WebAssembly JIT miscalculates the size of a return type. (CVE-2021-29945)
• A security-bypass vulnerability exist when it bypasses port blocking restrictions when used in the Alt-Svc header. (CVE-2021-29946)
• Memory corruption vulnerability (CVE-2021-29947)
• A race condition vulnerability exist when reading from disk while verifying signatures (CVE-2021-29948)

Successful exploitation of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

• Apply appropriate patches provided by Mozilla to vulnerable systems immediately after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
• Apply the Principle of Least Privilege to all systems and services

Firefox 2021 Review

REFERENCES:

Mozilla Firefox Download

Telecharger Mozilla Firefox 2021 Gratuit