Mozilla releases Firefox 76 with new account password protections and security updates

Mozilla releases Firefox 76 with account protections and new security updates

The Mozilla Foundation has released Firefox 76 with new security protections for online account logins and passwords. The update also includes fixes for multiple vulnerabilities.

Mozilla has added a number of good account protection features in the latest release of Firefox 76, such as:

  • Critical alerts via Lockwise password manager when a website is breached.
  • You are prompted to update password (if your account was involved in website breach and same password used in other sites).
  • Automatically generate secure, complex passwords for new accounts used to access multiple websites.
  • Protection from casual snooping on shared computers (requires login to OS to show saved passwords).

As part of Mozilla Foundation Security Advisory 2020-16, Firefox 76 also patched 11 vulnerabilities to include 3 Critical and 3 High severity vulnerabilities.

The Critical severity bugs patched include:

  • CVE-2020-12387: Use-after-free during worker shutdown.
  • CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens (affects Windows systems).
  • CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8.

The High severity bugs patched include:

  • CVE-2020-12389: Sandbox escape with improperly separated process types.
  • CVE-2020-6831: Buffer overflow in SCTP chunk input validation.
  • CVE-2020-12396: Memory safety bugs fixed in Firefox 76.

Mozilla also noted that the memory safety bugs could be exploited to run arbitrary code. The buffer overflow and use-after-free vulnerabilities could also lead to potentially an exploitable system crash.

Finally, 4 Moderate and 1 Low severity vulnerabilities were also addressed in the recent security update.