Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical security fixes.
This latest release enhances privacy, developer tools, and enterprise functionality while introducing several new features and updates. Here’s everything you need to know!
One of the most exciting additions is the new Bounce Tracking Protection, available in Firefox’s Enhanced Tracking Protection (ETP) under “Strict” mode. This advanced anti-tracking feature:
The Tab Overview menu now allows users to seamlessly open a sidebar to view tabs from other devices. This makes managing your browsing sessions across multiple devices easier than ever.
The “Picture-in-Picture: auto-open on tab switch” feature from Firefox Labs has been fine-tuned. It now works more reliably across a wider range of websites, automatically opening relevant videos while ignoring unrelated ones
Windows users will now benefit from GPU-accelerated Canvas2D, enabled by default. This enhancement delivers a noticeable boost in graphics performance for web applications and rendering tasks.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.
As part of this release, Mozilla has addressed various security vulnerabilities, ensuring a safer browsing experience for all users.
| CVE ID | Description | Reporter | Impact | Affected Platforms | References |
|---|---|---|---|---|---|
| CVE-2024-11691 | Out-of-bounds write in Apple GPU drivers via WebGL causing memory corruption on Apple M series devices. | Dohyun Lee, Youngho Choi, Geumhwan Cho | High | Apple M series devices | Bug 1924184, Bug 1914707 |
| CVE-2024-11700 | Potential tapjacking exploit for intent confirmation on Android. | Shaheen Fazim | Moderate | Android | Bug 1836921 |
| CVE-2024-11692 | Select list elements could appear over another site, enabling potential spoofing. | Shaheen Fazim | Moderate | All platforms | Bug 1909535 |
| CVE-2024-11701 | Misleading address bar state during navigation interruption, enabling spoofing attacks. | Daniel Holbert | Moderate | All platforms | Bug 1914797 |
| CVE-2024-11702 | Inadequate clipboard protection in private browsing mode on Android. | Umar Farooq | Moderate | Android | Bug 1918884 |
| CVE-2024-11693 | Download protections bypassed for .library-ms files on Windows. | Marco Bonardo | Moderate | Windows | Bug 1921458 |
| CVE-2024-11694 | CSP bypass and XSS exposure via web compatibility shims in Enhanced Tracking Protection Strict mode. | Masato Kinugawa | Moderate | All platforms | Bug 1924167 |
| CVE-2024-11695 | URL bar spoofing via manipulated Punycode and whitespace characters. | Renwa Hiwa | Moderate | All platforms | Bug 1925496 |
| CVE-2024-11703 | Saved passwords accessed without device PIN authentication on Android. | Multiple Reporters | Moderate | Android | Bug 1928779 |
| CVE-2024-11696 | Unhandled exception in add-on signature verification allowed bypass of signature validation for add-ons. | Rob Wu | Moderate | All platforms | Bug 1929600 |
| CVE-2024-11697 | Improper keypress handling in executable file confirmation dialog. | Umar Farooq | Low | All platforms | Bug 1842187 |
| CVE-2024-11704 | Potential double-free vulnerability in PKCS#7 decryption handling. | Ronald Crane | Low | All platforms | Bug 1899402 |
| CVE-2024-11698 | Fullscreen lock-up when modal dialog interrupts transition on macOS. | Kang Ali | Low | macOS | Bug 1916152 |
| CVE-2024-11705 | Null pointer dereference in NSC_DeriveKey causing segmentation fault. | Coffeys | Low | All platforms | Bug 1921768 |
| CVE-2024-11706 | Null pointer dereference in PKCS#12 utility handling malformed input files. | Marc Schoenefeld | Low | All platforms | Bug 1923767 |
| CVE-2024-11708 | Data race in PlaybackParams structure due to missing synchronization primitives. | Serban Stanca | Low | All platforms | Bug 1922912 |
| CVE-2024-11699 | Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5. | Andrew McCreight, Akmat Suleimanov | High | All platforms | Bug 1929600 |
Cookie Expiration Adjustments: When server time is available, Firefox now adjusts the “expire” attribute value of cookies based on the difference between server and local time. Cookies that remain valid on the server will no longer be mistakenly considered expired if the user’s system time is set in the future.
For enterprise users, policy updates and bug fixes specific to organizational environments are detailed in the Firefox for Enterprise 133 Release Notes.
New Tools for Developers: Firefox 133.0 introduces several enhancements to make life easier for developers working on web applications. Highlights include:
Firefox introduces several notable enhancements to improve functionality and developer flexibility. The Fetch API Keepalive Option now allows HTTP requests to continue running even after navigating away from or closing a page, making it ideal for tasks such as saving user data during page unloads.
Developers can also leverage the Permissions API in Worker Context, enabling access to permissions within worker scripts for more versatile and robust application design.
Additionally, Firefox now supports the beforetoggle and toggle events for dialogs, aligning dialog behavior with that of popovers during opening and closing transitions.
Further advancements include new methods added to Uint8Array for Base64 and hexadecimal encoding and decoding, part of a Stage 3 TC39 proposal that significantly enhances data handling capabilities.
Lastly, the WebCodecs API now supports image decoding directly from both main and worker threads, offering developers faster and more efficient image processing solutions.
Firefox 133.0 delivers meaningful privacy enhancements, developer-friendly updates, and critical bug fixes. With a strong focus on user safety and performance, this release reinforces Firefox’s commitment to providing a top-tier browsing experience.
Users can install the new update via the following links or a direct Firefox download page.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found exploiting…
Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and…
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which…
SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users…
CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond,…
A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…