mood Posted February 6, 2021 Share Posted February 6, 2021 Firefox 85.0.1 fixes a critical security issue and bugs Mozilla released Firefox 85.0.1 Stable and Firefox ESR 78.7.1 to the public on February 5, 2021. The new browser versions are already available and will be installed automatically on most systems thanks to the build-in updating functionality of the browsers. Standalone downloads are provided on the Mozilla website. Select Menu > Help > About Firefox to display the currently installed version of the browser. Firefox 85, the last major release of the browser, was released on January 26, 2021. Firefox 85.0.1 release information Firefox 85.0.1 and Firefox ESR 78.7.1 are security updates first and foremost. Mozilla patched a single security issue in both versions of the browser. The vulnerability, Buffer overflow in depth pitch calculations for compressed textures, has received the severity rating critical, the highest rating available. Mozilla notes that the issue affects Firefox running on Windows machines only, all other supported operating systems are not affected by the issue. Firefox 85.0.1 fixes five non-security related bugs in the browser next to that. Two address crashes of the browser: the first when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs, the second in case of an unexpected Cache API state. Linux users who tried to launch Flatpack or rpm Zoom client from Flatpack in Firefox 85 noticed that they could not do so anymore. The third fix of the new release addresses that issue by fixing external URL scheme handlers when using the Firefox Flatpack. Mozilla engineers implemented a change in Firefox 85.0.1 that prevents access to NTFS special paths when using the browser; Mozilla notes that the access could lead to filesystem corruption. The final fix prevents Firefox from printing an extra sheet of paper at the end of certain documents. The bug reporter on Bugzilla@Mozilla experienced the issue when printing PDF documents with the setting layout.display-list.improve-fragmentation set to enabled. You find the official release notes here. Firefox 85.0.1 fixes several issues that affect specific operating systems only. The security fix affects Windows, one of the crashes only Mac devices with Apple Silicon processors, and the external URL scheme handlers only Linux systems Source: Firefox 85.0.1 fixes a critical security issue and bugs Link to comment Share on other sites More sharing options...
Karlston Posted February 6, 2021 Share Posted February 6, 2021 Mozilla fixes Windows 10 NTFS corruption bug in Firefox Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. Last month, BleepingComputer reported that a bug in Windows 10 and Windows XP allows non-privileged users to mark an NTFS volume as dirty. Once the volume was marked dirty, Windows 10 would display an error dialog that states the drive was corrupted and prompt the user to reboot to fix the problem. For most of the people who tested the bug, rebooting and performing chkdsk would resolve the issue. However, a test by BleepingComputer on a virtual machine caused problems that were not fixed by Chkdsk or Windows 10 startup repair. (Substitute video) Mozilla prevents NTFS bug in Firefox In Firefox 85 and earlier, the NTFS corruption bug could be triggered simply by trying to access the path in the browser's address bar. Windows 10 corruption error after accessing path in Firefox With the release of Firefox 85.0.1, instead of trying to access the path, Firefox will simply ignore the path and not attempt to access it. "Prevent access to NTFS special paths that could lead to filesystem corruption," states that changelog for Firefox 85.0.1. This change can be seen in the Firefox code below that states, "Any use of ':$' is illegal in filenames anyway; while we support some ADS stuff (ie ":Zone.Identifier"), none of them use the ':$' syntax." Code blocking paths containing the :$ string Firefox 85.0.1 also fixes four other bugs and a security vulnerability described in this releases' changelog. Existing Firefox users can upgrade to version 85.0.1 by going into the Firefox Menu and selecting Help -> About Firefox. Firefox will then check for a new update, install it, and then prompt you to relaunch Firefox to complete the installation. This bug can still be abused in Google Chrome and Windows 10 but will hopefully be fixed in next week's Microsoft Patch Tuesday for February 2021. Mozilla fixes Windows 10 NTFS corruption bug in Firefox Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.