The Mozilla Foundation has released Firefox 90 that includes a new version of SmartBlock and security fixes for nine vulnerabilities, five rated High severity.
An attacker could exploit the vulnerabilities to take control of impacted systems.
The latest Firefox 90 includes a number of bug fixes, security patches and a new version of SmartBlock, an advanced tracker blocking mechanism built into Firefox Private Browsing and Strict Mode.
“SmartBlock 2.0 combines a great web browsing experience with robust privacy protection, by ensuring that you can still use third-party Facebook login buttons to sign in to websites, while providing strong defenses against cross-site tracking,” Mozilla wrote in a blog post.
As part of Mozilla Foundation Security Advisory 2021-28, Firefox 90 also includes fixes for the following five High severity vulnerabilities:
- CVE-2021-29970: Use-after-free in accessibility features of a document.
- CVE-2021-29971: Granted permissions only compared host; omitting scheme and port on Android.
- CVE-2021-30547: Out of bounds write in ANGLE.
- CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12.
- CVE-2021-29977: Memory safety bugs fixed in Firefox 90.
Mozilla warned that CVE-2021-29976 and CVE-2021-29977 could be exploited to run arbitrary code. To add, CVE-2021-29971 only affects Firefox for Android.
Mozilla also fixed four Moderate risk bugs in the latest Firefox 90 release.
Finally, Mozilla published new security update Firefox ESR 78.12 with three high severity vulnerability fixes.
- Mozilla releases Firefox 89 with new privacy protections and nine security fixes
- Mozilla releases Firefox 88 with new protection against privacy leaks on the web
- Firefox 87 adds SmartBlock for Private Browsing
- Firefox 86 adds ‘Total Cookie Protection’ along with fixes for 5 High risk vulnerabilities
- Mozilla releases Firefox 85, fixes for 5 High risk vulnerabilities