ClickCease Firefox 126 Released with Various Security Fixes

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Firefox 126 Released with Various Security Fixes

by Rohan Timalsina

June 3, 2024 - TuxCare expert team

Firefox 126 was released on May 14, 2024, introducing various new features and improvements. This update also fixed 16 security vulnerabilities that posed risks such as arbitrary code execution and clickjacking.

One of the key highlights of Firefox 126 is support for zstd (Zstandard) compression for web content. This can potentially lead to faster loading times for websites. Additionally, users with M3 Macs running macOS will benefit from AV1 hardware decode acceleration. This can improve playback performance for videos encoded in the AV1 format.

 

Vulnerabilities Addressed in Firefox 126

 

CVE-2024-4764

Discovered by Jan-Ivar Bruaroey, this vulnerability involves improper memory management when audio input is connected with multiple consumers. Exploiting this could result in a denial of service or arbitrary code execution.

 

CVE-2024-4367

Thomas Rinsma identified that a type check was missing when handling fonts in PDF.js. This flaw could be exploited to execute arbitrary JavaScript code in the PDF.js context.

 

CVE-2024-4770

Irvan Kurniawan discovered an issue with how certain font styles are handled when saving a page to PDF. This vulnerability could potentially cause a crash when saving a web page as a PDF if the page uses certain font styles.

 

Furthermore, several vulnerabilities were identified that could allow an attacker to exploit specially crafted websites, leading to denial of service, sensitive information disclosure across domains, or arbitrary code execution. These issues are tracked under various CVEs:
CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, and CVE-2024-4778.

 

Ubuntu and Debian Firefox Security Updates

 

The Ubuntu and Debian security team have made Firefox 126 updates available in their respective releases, including Ubuntu 20.04 LTS, Debian 11, and Debian 12.

To upgrade Firefox on Ubuntu or Debian, you can use the following commands:

For Ubuntu:

$ sudo apt update
$ sudo apt upgrade firefox

For Debian:

$ sudo apt update
$ sudo apt upgrade firefox-esr

 

Conclusion

 

Given the critical nature of the vulnerabilities addressed in Firefox 126, it is strongly recommended that users their Firefox packages immediately. This update not only fixes the aforementioned security issues but also enhances overall browser stability and performance.

The above vulnerabilities also affect Thunderbird versions before 115.11. So, updating them to the latest version is also crucial. Thunderbird package updates are already available in Ubuntu and Debian.

Source: Mozilla Foundation Security Advisory

Summary
Firefox 126 Released with Various Security Fixes
Article Name
Firefox 126 Released with Various Security Fixes
Description
Discover the security vulnerabilities addressed in the latest Firefox 126 release. Upgrade Firefox now for enhanced security and performance.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!