Cyber Security News

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical security fixes.

This latest release enhances privacy, developer tools, and enterprise functionality while introducing several new features and updates. Here’s everything you need to know!

One of the most exciting additions is the new Bounce Tracking Protection, available in Firefox’s Enhanced Tracking Protection (ETP) under “Strict” mode. This advanced anti-tracking feature:

  • Detects bounce trackers based on their redirect behavior.
  • Periodically purges cookies and site data from these trackers, preventing tracking and ensuring user privacy.

The Tab Overview menu now allows users to seamlessly open a sidebar to view tabs from other devices. This makes managing your browsing sessions across multiple devices easier than ever.

(Screenshot of the Tab Overview menu showing this entry is included in the release notes.)

The “Picture-in-Picture: auto-open on tab switch” feature from Firefox Labs has been fine-tuned. It now works more reliably across a wider range of websites, automatically opening relevant videos while ignoring unrelated ones

Windows users will now benefit from GPU-accelerated Canvas2D, enabled by default. This enhancement delivers a noticeable boost in graphics performance for web applications and rendering tasks.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

Firefox 133.0 Security Updates

As part of this release, Mozilla has addressed various security vulnerabilities, ensuring a safer browsing experience for all users.

CVE IDDescriptionReporterImpactAffected PlatformsReferences
CVE-2024-11691Out-of-bounds write in Apple GPU drivers via WebGL causing memory corruption on Apple M series devices.Dohyun Lee, Youngho Choi, Geumhwan ChoHighApple M series devicesBug 1924184, Bug 1914707
CVE-2024-11700Potential tapjacking exploit for intent confirmation on Android.Shaheen FazimModerateAndroidBug 1836921
CVE-2024-11692Select list elements could appear over another site, enabling potential spoofing.Shaheen FazimModerateAll platformsBug 1909535
CVE-2024-11701Misleading address bar state during navigation interruption, enabling spoofing attacks.Daniel HolbertModerateAll platformsBug 1914797
CVE-2024-11702Inadequate clipboard protection in private browsing mode on Android.Umar FarooqModerateAndroidBug 1918884
CVE-2024-11693Download protections bypassed for .library-ms files on Windows.Marco BonardoModerateWindowsBug 1921458
CVE-2024-11694CSP bypass and XSS exposure via web compatibility shims in Enhanced Tracking Protection Strict mode.Masato KinugawaModerateAll platformsBug 1924167
CVE-2024-11695URL bar spoofing via manipulated Punycode and whitespace characters.Renwa HiwaModerateAll platformsBug 1925496
CVE-2024-11703Saved passwords accessed without device PIN authentication on Android.Multiple ReportersModerateAndroidBug 1928779
CVE-2024-11696Unhandled exception in add-on signature verification allowed bypass of signature validation for add-ons.Rob WuModerateAll platformsBug 1929600
CVE-2024-11697Improper keypress handling in executable file confirmation dialog.Umar FarooqLowAll platformsBug 1842187
CVE-2024-11704Potential double-free vulnerability in PKCS#7 decryption handling.Ronald CraneLowAll platformsBug 1899402
CVE-2024-11698Fullscreen lock-up when modal dialog interrupts transition on macOS.Kang AliLowmacOSBug 1916152
CVE-2024-11705Null pointer dereference in NSC_DeriveKey causing segmentation fault.CoffeysLowAll platformsBug 1921768
CVE-2024-11706Null pointer dereference in PKCS#12 utility handling malformed input files.Marc SchoenefeldLowAll platformsBug 1923767
CVE-2024-11708Data race in PlaybackParams structure due to missing synchronization primitives.Serban StancaLowAll platformsBug 1922912
CVE-2024-11699Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5.Andrew McCreight, Akmat SuleimanovHighAll platformsBug 1929600

Cookie Expiration Adjustments: When server time is available, Firefox now adjusts the “expire” attribute value of cookies based on the difference between server and local time. Cookies that remain valid on the server will no longer be mistakenly considered expired if the user’s system time is set in the future.

Enterprise Updates

For enterprise users, policy updates and bug fixes specific to organizational environments are detailed in the Firefox for Enterprise 133 Release Notes.

New Tools for Developers: Firefox 133.0 introduces several enhancements to make life easier for developers working on web applications. Highlights include:

Firefox introduces several notable enhancements to improve functionality and developer flexibility. The Fetch API Keepalive Option now allows HTTP requests to continue running even after navigating away from or closing a page, making it ideal for tasks such as saving user data during page unloads.

Developers can also leverage the Permissions API in Worker Context, enabling access to permissions within worker scripts for more versatile and robust application design.

Additionally, Firefox now supports the beforetoggle and toggle events for dialogs, aligning dialog behavior with that of popovers during opening and closing transitions.

Further advancements include new methods added to Uint8Array for Base64 and hexadecimal encoding and decoding, part of a Stage 3 TC39 proposal that significantly enhances data handling capabilities.

Lastly, the WebCodecs API now supports image decoding directly from both main and worker threads, offering developers faster and more efficient image processing solutions.

Firefox 133.0 delivers meaningful privacy enhancements, developer-friendly updates, and critical bug fixes. With a strong focus on user safety and performance, this release reinforces Firefox’s commitment to providing a top-tier browsing experience.

Users can install the new update via the following links or a direct Firefox download page.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

15 hours ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

15 hours ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

15 hours ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

15 hours ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

2 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

2 days ago