Overhaul releases available Firefox 85.0.1 and Firefox ESR 78.7.1 , which removed Critical vulnerability that could lead to code execution on the system when opening a specially designed content. The problem is caused by a buffer overflow in the Angle library with the OpenGL ES implementation being developed by the Chromium project and performs a layer function for translating OpenGL ES calls to OpenGL, Direct3D 9/11, Desktop GL and Vulkan. Due to incorrect calculation of the size of the depth parameters for compressed textures, conditions arise for accessing an area outside the allocated buffer. Details of the issue have not yet been disclosed .
Non-security fixes in Firefox 85.0.1 are noted:
- Access to special NTFS paths is denied, manipulations with which can lead to file system corruption.
- Resolved crash when authenticating to sites using SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) on macOS devices with new CPUs ARM chips M1.
- Removed printing an additional blank page at the end of some documents.
- Resolved a crash caused by manipulating the Cache API.
- Improved external URL schema handlers work when launching Firefox from flatpak.
Optionally, enable for 1/4 users of Firefox nightly builds of Fission mode with the implementation of the modernized multi-process architecture for tighter page isolation. When Fission is activated, pages of different sites are always allocated in the memory of different processes, each of which uses its own isolated sandbox. At the same time, the division into processes is carried out not by tabs, but by domains, which allows you to additionally isolate the content of external scripts and iframes. You can enable Fission mode manually on the about: preferences # experimental page or through the “fission.autostart = true” variable in about: config.