2020
11.03
Firefox – version 74 with security improvements

Mozilla has released version 74.0 of Firefox for Windows, Linux and macOS. The biggest change that the developers made to the popular web browser is also the least surprising: TLS versions 1.0 and 1.1, which are considered unsafe, will no longer be supported in the future. There are also minor updates to ensure more security and privacy when surfing. Firefox 74.0 also has security fixes on board: Among other things, they should close five critical gaps.

When surfing websites that do not support at least version 1.2 of the Transport Layer Security (TLS) encryption protocol, users will receive an error message in the future. The developers announced the cancellation of support for the outdated protocol versions in October 2018 for March 2020. The competition has also had the same plans for a long time. Google wants to ban TLS 1.0 and 1.1 from its forthcoming Chrome 81. Microsoft has announced the same move for its Internet Explorer and Edge browsers somewhat vaguely “for the first half of 2020”. Both Firefox and Chrome have been showing warning messages for weakly encrypted connections for a long time.

Via the add-ons manager (about: addons), users should be able to easily uninstall extensions that were previously installed by external applications. In addition, installations “past the user” should no longer be possible in the future for security reasons. The Firefox 74.0 release notes also contain other minor security-specific changes. Among other things, users will be offered the anti-tracking add-on “Facebook Container” after installing the new browser version. A technique called “mDNS ICE” is said to improve privacy for voice and video calls by obscuring one’s own IP address with a random ID in certain scenarios.

As usual, the Mozilla developers listed the security fixes in a separate security advisory. Five closed gaps with the risk rating “High” (CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6814, CVE-2020-6815) could have been misused by attackers under certain conditions to execute arbitrary code remotely or to provoke “potentially exploitable crashes”. There are also six fixed gaps with “Moderate” – and one with “Low” classification.

back