With the new Firefox version 99.0, Mozilla fixes more than 11 vulnerabilities. Security updates are also available for Firefox ESR and Thunderbird. Plus: New functions.
Mozilla released Firefox 99.0 and Firefox ESR 91.8.0. As in the new Thunderbird 91.8.0, the developers have primarily eliminated security gaps and other bugs. There are minor innovations in read mode, PDF support and credit card data.
The update to Firefox 99 fixes at least 11 security vulnerabilities, of which Mozilla classifies at least three as high risk. Another five vulnerabilities are classified as medium risk. Mozilla only lists vulnerabilities found internally in summary form, without specifying their number. According to Mozilla, some of these could potentially be exploited to inject and execute code. Attacks on Firefox vulnerabilities are currently not known.
▶The latest security updates
What is new is that you can switch on the speech output in the reading view with the “n” key. However, this interferes with the setting “Automatically search in page text when typing” if this is active. The built-in PDF viewer now also supports searching with diacritics (e.g. with umlauts). Auto-completion of credit card data is now also available in Germany. Linux users benefit from a more secure sandbox: processes that process web content can no longer access the X Window System.
The Firefox ESR 91.8.0 update closes at least eight vulnerabilities, at least three of which are considered high risk. These are essentially the same vulnerabilities fixed in Firefox 99. A new version of Tor Browser, based on Firefox ESR 91.8.0, will be released soon.
The new Thunderbird version 91.8.0 eliminates the vulnerabilities that the Firefox ESR mail program inherited. Firefox code is used for HTML processing, among other things. In addition to various bug fixes, Thunderbird migrates Gmail accounts that are still operated with a password to OAuth 2.0 (Open Authorization). From May 30th, Google programs (“less secure apps”) will deny access to Google accounts that only use user names and passwords for authentication.
Mozilla plans to release Firefox 100 and Firefox ESR 91.9 on May 3rd. If you are still using Windows 7, you should ensure that you have installed the 2019 Windows update KB4474419 before installing Firefox 100. With this update, Microsoft is upgrading the support of the hash algorithm SHA-256 (SHA: Secure Hash Algorithm). Firefox from version 100 requires this to check its signed installation packages.