This week, Mozilla announced the release of Firefox 102 in the stable channel, which includes fixes for 19 vulnerabilities, including four critical flaws.
The most recent release from Mozilla fixes CVE-2022-34470, a high-severity use-after-free flaw in nsSHistory that was brought on while switching between XML documents and might result in a crash that could be exploited.
When coupled with additional weaknesses, use-after-free vulnerabilities have the potential to compromise the entire system by allowing arbitrary code execution, data corruption, or denial of service. These flaws can be used by malicious websites to get beyond the sandbox of a browser.
The most recent version of Firefox also fixes Linux-specific bug CVE-2022-34479, which allowed malicious websites to produce popup windows that could be enlarged in a way that covered the address bar with online content, perhaps opening the door for spoofing attacks.
By reducing query parameter monitoring when using the internet in Enhanced Tracking Protection (ETP) stringent mode, Firefox 102 further enhances user privacy.
Firefox avoids cross-site tracking by restricting cookies to the websites that created them thanks to ETP. With the help of the new feature, Firefox can now prevent particular tracking elements from being used by websites to go beyond the privacy safeguards set up by browsers.
In order to improve process isolation, Firefox 102 also performs audio decoding in a separate process with stronger sandboxing.