Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Firefox 76 Brings Security Patches, Breached Password Alerts

Mozilla this week released Firefox 76 to the stable channel with an updated password manager, alerts for breached passwords, and patches for 11 vulnerabilities.

Starting with the new release, the browser aims to help users better keep their accounts secure and easily generate strong passwords, courtesy of the new Firefox Lockwise password manager.

Mozilla this week released Firefox 76 to the stable channel with an updated password manager, alerts for breached passwords, and patches for 11 vulnerabilities.

Starting with the new release, the browser aims to help users better keep their accounts secure and easily generate strong passwords, courtesy of the new Firefox Lockwise password manager.

On shared devices, the feature keeps passwords secure by prompting users for their account password before making saved logins available to them. Furthermore, the credentials are made available for five minutes only, Mozilla says.

The Lockwise dashboard, the browser maker explains, is powered by Firefox Monitor, which alerts users when their credentials were part of a data breach.

Firefox alerts users when one of the passwords they use is identical with a password that has been compromised, but also when the username and password were part of a breach (additional details about the breach are also included).

“Don’t worry, Firefox doesn’t know your actual passwords. This new feature automatically checks your encrypted list of passwords against the breached website information, helping you to stay on top of your online accounts that may have been compromised,” Mozilla explains.

The organization also points out that users can now leverage Firefox Lockwise to generate passwords of a minimum of 12 random letters, numbers and symbols.

Furthermore, Mozilla has made Firefox Lockwise available for iOS and Android as well, allowing users to access their passwords while on the go and easily sync their logins.

Advertisement. Scroll to continue reading.

Firefox 76 also arrived with patches for 11 vulnerabilities, including three assessed with a critical severity rating.

The first of the critical bugs is a use-after-free during worker shutdown (CVE-2020-12387), which could lead to an exploitable crash, the second is a sandbox escape (CVE-2020-12388) that impacts Windows only, while the third (CVE-2020-12395) refers to memory safety bugs in both Firefox 75 and Firefox ESR 68.7.

The new browser release also patches three high severity issues (CVE-2020-12389 – sandbox escape; CVE-2020-6831 – buffer overflow; and CVE-2020-12396 – memory safety bugs), four moderate risk bugs (CVE-2020-12390 – incorrect serialization; CVE-2020-12391 – Content-Security-Policy bypass; CVE-2020-12392 – arbitrary local file access; CVE-2020-12393 – potential command injection), and one low severity issue (CVE-2020-12394 – URL spoofing in location bar when unfocussed).

This week, Google too released an update for its Chrome browser, to address a total of three vulnerabilities, including two reported by external researchers. Both of these bugs are high severity issues: CVE-2020-6831 – a stack buffer overflow in SCTP, and CVE-2020-6464 – type confusion in Blink.

Related: Mozilla Offers Bigger Rewards for Firefox Vulnerabilities

Related: Framework Isolates Libraries in Firefox to Improve Security

Related: GitHub Shares Details on Six Chrome Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.