With the new browser version Firefox 103, Mozilla eliminates at least eight vulnerabilities. The cookie protection “Total Cookie Protection” is now active by default.
Mozilla has released Firefox 103.0 as well as Firefox ESR 102.1 and Firefox ESR 91.12.0. The developers mainly fixed security gaps and other bugs. Buttons in the toolbar can now be operated with the keyboard. By default, cookies are isolated in separate containers.
The update to Firefox 103 fixes at least eight security vulnerabilities, of which Mozilla identifies at least two internally discovered vulnerabilities as high risk. Four vulnerabilities are classified as medium risk, two as low risk. Mozilla only lists vulnerabilities found internally in summary form, without specifying their number. According to Mozilla, some of these could potentially be exploited to inject and execute code. Attacks on Firefox vulnerabilities are currently not known.
In Firefox for Android only, the browser may hang on a very long URL. After a crash, session recovery tries to restore the state before the crash – the browser would then immediately hang again. This can lead to a permanent DoS (Denial of Service) in an endless loop.
What’s new in Firefox 103
To further improve privacy protection and make cross-site tracking more difficult, Mozilla introduced a feature called “Total Cookie Protection” more than a year ago. Cookies are thus isolated in an encapsulated container per website. A website cannot access the cookies of another website. Until now, full cookie protection was only activated with strict data protection settings and in private windows. Now he is constantly active independently.
▶The latest security updates
The toolbar including the address and search field can be operated with the keyboard from Firefox 103. To do this, first switch with [Strg]+L to the address field. With the [Tab]button, you can now navigate to the search field and the other symbols to the right. With [Umschalt]-[Tab] move the focus to the left. Use the Enter key or the space bar to activate the selected button. This allows you to access installed extensions even without a mouse.
Version 102.1.0 of the new Firefox ESR 102.x generation released in June received its first security update. In it, the developers have plugged at least four gaps that Mozilla also closed in Firefox 103. Internally detected memory corruption could be exploited to execute injected code.
The Firefox ESR 91.12.0 update only closes two vulnerabilities, both of which are considered medium risk. They are among the vulnerabilities that Mozilla also fixed in Firefox 103. The updated Tor Browser 11.5.1 for Windows, macOS and Linux, based on Firefox ESR 91.12.0, is also already available.
In August, Mozilla will provide the latest release of the old ESR branch with Firefox 91.13. Until then, you should at least prepare the switch to Firefox ESR 102 in your organization. On September 20th, this generation change will take place automatically.
Mozilla plans to release Firefox 104 and Firefox ESR 91.13 and 102.2 on August 23, with Firefox 105 and Firefox ESR 102.3 to follow on September 20.