Mozilla released v72.0 of its web browser last Tuesday, but Canonical was taking its time uploading the new version to the official repositories. For a few hours, we already have Firefox 72.0.1 available, skipping v72.0 probably because a day after its release I arrive a new installment that fixed a security flaw that Mozilla deemed critical. In addition, Canonical has published a new security report that lists other vulnerabilities that have already been fixed.
The published safety report is the USN-4234-1 and pick up a total of 8 vulnerabilities that have been fixed in the last two versions of Firefox. The CVE-2019-17026 it was the one that was fixed in Firefox 72.0.1, which Mozilla has labeled "critical", but at the time of this writing we cannot know how Canonical treats it because their website is down.
7 + 1 vulnerabilities fixed in Firefox 72.0.1
Without being able to access the official Canonical website we cannot know how they deal with the bugs fixed in Firefox 72.0 and 72.0.1, but in the security fix page de v72.0 details a total of 11 security flaws. Among them we have 5 high priority, 5 moderate priority and one low priority. All the bugs are already corrected in the version that is currently in the official Ubuntu repositories and all its official flavors, so protecting ourselves is as simple as opening our Software Center or the app designed for it, updating to the new packages and restart the browser.
Firefox 72 was launched last Tuesday and came with notable new features such as the Picture-in-Picture enabled by default on Linux and macOS. Another really interesting novelty is that now the notifications no longer bother and, instead of showing a pop-up window that does not disappear until we tell it if we admit them or not, the "bubble" of the URL vibrates, which is much less annoying. So update as it's worth it.