![]() ![]() In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. #CVE-2023-32210: Incorrect principal object ordering Reporter Nika Layzell Impact moderate Descriptionĭocuments were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. #CVE-2023-32209: Persistent DoS via favicon image Reporter Sam Ezeh Impact moderate DescriptionĪ maliciously crafted favicon could have led to an out of memory crash. ![]() Service workers could reveal script base URL due to dynamic import(). #CVE-2023-32208: Leak of script base URL in service workers via import() Reporter Anne van Kesteren Impact moderate Description #CVE-2023-32207: Potential permissions request bypass via clickjacking Reporter Hafiizh Impact high DescriptionĪ missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. #CVE-2023-32206: Crash in RLBox Expat driver Reporter Irvan Kurniawan Impact high DescriptionĪn out-of-bound read could have led to a crash in the RLBox Expat driver. These could have led to potential user confusion and spoofing attacks. In multiple cases browser prompts could have been obscured by popups controlled by content. ![]() #CVE-2023-32205: Browser prompts could have been obscured by popups Reporter Alesandro Ortiz Impact high Description YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.Mozilla Foundation Security Advisory 2023-16 Security Vulnerabilities fixed in Firefox 113 Announced Impact high Products Firefox Fixed in YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. Quantserve (Quantcast) sets the mc cookie to anonymously track user behavior on the website.Ī cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. This is a "CookieConsent" cookie set by Google AdSense on the user's device to store consent data to remember if they accepted or rejected the consent banner.Ĭriteo sets this cookie to provide functions across pages. Google AdSense sets the _gads cookie to provide ad delivery or retargeting. These cookies track visitors across websites and collect information to provide customized ads. Other than that, there’s a new locale in Firefox 91, namely Scots (sco) for Scottish users, an improved Total Cookie Protection feature to prevent data leaks, and some performance improvements.Īdvertisement cookies are used to provide visitors with relevant ads and marketing campaigns. However, it should be noted that this feature doesn’t work on all pages.įirefox 91 also improves the HTTPS-First policy for Private Browsing windows to allow them to make all connections to a website secure (HTTPS), as well as to fallback to insecure (HTTP) connections only when a website doesn’t support secure connections.Īlso for Private Browsing windows, the new Firefox release improves the address bar to provide Switch to Tab results. It’s been a little less than a month since Firefox 90 landed with FTP support completely removed, and now Firefox 91 is already here with various improvements and bug fixes, including the simplified printing feature for a clutter-free print preview page (available under More settings > Format > Simplified in the Print Preview dialog). Firefox 91 is now available for download as the new stable version of Mozilla’s popular, free, open-source, and cross-platform web browser for GNU/Linux, Android, macOS, iOS, and Windows. ![]()
0 Comments
Leave a Reply. |