Firefox 84.0.2 update with vulnerability fix

Published a patch release for Firefox 84.0.2 that fixes Critical Vulnerability (CVE-2020-16044) that could lead to malicious code execution when handled on purpose a formalized COOKIE-ECHO block in an SCTP (Stream Control Transmission Protocol) packet. The vulnerability is caused by access to an already freed memory area (use-after-free) in the COOKIE-ECHO handler. The details of the vulnerability are not disclosed .

Of the upcoming changes, we can note appearance in Firefox 85 in the password manager menu Lockwise “Remove All Logins” button to remove all saved passwords at once. Firefox 86 will disable the Backspace key handler outside of the context of input forms by default. The removal of the Backspace handler was suggested 7 years ago and is motivated by the fact that the Backspace key is actively used when typing in forms, but out of focus on the input form is treated as going to the previous page, which can lead to the loss of typed text due to unintentional movement to another page. Added browser.backspace_action option to about: config to revert old behavior.

/Release. View in full here.