The new versions of Firefox, as in most browsers, arrive on a certain date. Thus, on March 10 we were all waiting for the launch of the Mozilla browser v74.0 and everything happened as planned. What is not scheduled is the release of minor updates, those that fix some bugs without adding new features. Firefox 74.0.1 It was launched yesterday Friday without making too much noise, something it did not do in terms of number of changes either.
The new version of Firefox has been released for security reasons. Personally, I found out from reading the security report USN-4317-1 that Canonical has published a few moments ago. In this report, they are collected two priority vulnerabilities high which Mozilla has deemed serious enough to motivate the release of an update. And it is that, according to the company famous for developing the fox browser, corrected bugs can produce a critical impact.
Firefox 74.0.1 fixes two serious security flaws, according to Mozilla
Fixed bugs are CVE-2020-6819 and CVE-2020-6820, both with the same description in the Canonical report but with the following descriptions in the Mozilla website:
- CVE-2020-6819: Under certain conditions, when the nsDocShell destructor runs, a race condition can cause a use after release.
- CVE-2020-6820: Under certain conditions, when handling ReadableStream, a race condition can cause post-release use.
Probably, the reason for the launch and that they did not wait for the next major version of the browser was that, in both cases, they knew that vulnerabilities were being exploited. Mozilla, which has shown on different occasions to be very committed to the safety of its users, has not wanted to wait any longer and we already have the new version available on its official website. On the other hand, it is also available in the official Ubuntu repositories and all its official flavors.