In the new Firefox version 126.0, Mozilla developers have fixed several vulnerabilities in the browser. Better data compression should load Facebook pages faster. Even more tracking parameters are blocked when copying web addresses. Updates to Firefox ESR 115.11 and Tor Browser 13.0.1 are also available.
The developers have fixed at least 16 vulnerabilities in Firefox 126.0. Mozilla categorizes two of these vulnerabilities as high risk in its security report . A use-after-free vulnerability (CVE-2024-4764) could come to light and become exploitable if WebRTC is used more intensively (e.g. during video conferences) and a new audio source is added. A missing type check in the built-in PDF viewer PDF.js could open up the possibility of executing arbitrary JavaScript code in this context (CVE-2024-4367).
Some vulnerabilities could allow an attacker to execute injected code. Attacks on Firefox users are not yet known. With the menu item ” Help ” About Firefox, you can initiate an update check and download the update manually if required.
This is new in Firefox 126
Mozilla advertises on the What’s new page that you can edit PDF files in Firefox and in this case means that you can fill out forms. However, this does not refer to real PDF forms that are designed to be filled out on a computer. Rather, it refers to PDFs that only look as if they can be filled in, but which have to be printed out. Such PDFs can also be filled in using Firefox and its rudimentary functions for editing PDF files (and then printed out if required). Of course, this is not really new.
What is actually new, however, is support for the “zstd” data compression method for web content. This compression is used by Facebook, for example. With zstd, data can be compressed more with the same CPU load or processed with less CPU load with the same compression.
The Mozilla developers have further improved the option available since Firefox 120 to remove tracking parameters from a web address (URL) when copying it to the clipboard. The tracking of large web shops can also be filtered out. AV1 videos can now also be played back hardware-accelerated under macOS if an Apple M3 processor (or newer) is used.
Updates for Firefox ESR and Tor Browser
Firefox ESR 115 has been updated to version 115.11.0, in which the developers have closed at least six gaps. An update is also available for the Tor Browser based on Firefox ESR. The new Tor Browser 13.0.15 (for Windows, macOS, Linux and Android) is based on Firefox 115.11. A new version of the mail programme Thunderbird is not yet available.
The Mozilla subsidiary MZLA has also released Thunderbird 115.11.0, which was initially only available as an update for existing users. The developers have fixed at least six vulnerabilities, only one of which is considered high risk. This is CVE-2024-4367, the JavaScript vulnerability in the PDF viewer PDF.js already mentioned in Firefox 126. Other bug fixes are fairly straightforward and more of a cosmetic nature.
Mozilla plans to release Firefox 127 and Firefox ESR 115.12 on June 11, with the next releases to follow at four-week intervals until the end of November (Firefox 133). In the summer, the basis for Firefox ESR will change from Firefox 115 to Firefox 128.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
