Firefox 84.0.2 fixes a critical vulnerability

Recently the release of a vCorrective version of Firefox branch 84, where Firefox 84.0.2 a patch that resolves a critical vulnerability (CVE-2020-16044).

Of the data that was released, it is only mentioned that said vulnerability could lead to the execution of malicious code when processing a specially designed COOKIE-ECHO block in the Stream Control Transmission Protocol (SCTP) package.

The vulnerability is due to access to an already freed memory area (use-after-free) in the COOKIE-ECHO driver.

At the moment only that information has been released and as such the details of the vulnerability have not yet been revealed.

A malicious peer could have modified a COOKIE-ECHO fragment in an SCTP packet in a way that potentially resulted in post-release use. We assume that with enough effort it could have been exploited to execute arbitrary code.

It is important to take into account that this vulnerability affects the browser in a general way regardless of the platform on which it is installed and that is why the browser developers call for users to update as soon as possible.

Moreover, it is also mentioned that lThe next changes include the appearance in Firefox 85 of the button «Delete all logins» in the Lockwise password manager menu to delete all saved passwords at once.

Firefox 86 will disable the Backspace key handler outside the context of input forms by default.

The backspace handler removal was proposed 7 years ago and is motivated by the fact that the backspace key is actively used when typing forms, but out of focus on the input form it is rendered as a transition to the previous page, which which can lead to loss of typed text due to inadvertent movement on another page.

Although it is also mentioned that the browser.backspace_action option was added to about: config to reverse the previous behavior.

Finally, if you are interested in knowing more about it About this corrective version of the browser, you can check the details In the following link.

Besides that we must not forget that the next important stable version of the browser is scheduled for be released on January 26, 2021.

How to install or update the new version of Firefox on Linux?

Firefox users who have not disabled automatic updates will receive the update automatically. Those who don't want to wait for that to happen can select Menu> Help> About Firefox after the official launch to initiate a manual update of the web browser.

The screen that opens displays the currently installed version of the web browser and runs a check for updates, provided the functionality is enabled.

Another option to update, is yes you are a user of Ubuntu, Linux Mint or some other derivative of Ubuntu, You can install or update to this new version with the help of the browser's PPA.

This can be added to the system by opening a terminal and executing the following command in it:

sudo add-apt-repository ppa:ubuntu-mozilla-security/ppa -y 
sudo apt-get update
sudo apt install firefox

In the case of Arch Linux users and derivatives, just run in a terminal:

sudo pacman -Syu

Or to install with:

sudo pacman -S firefox

Finally for those who prefer to use Snap packages, They will be able to install the new version as soon as it is released in the Snap repositories.

But they can get the package directly from Mozilla's FTP. With the help of a terminal by typing the following command:

wget https://ftp.mozilla.org/pub/firefox/releases/84.0.2/snap/firefox-84.0.2.snap

And to install the package we just type:

sudo snap install firefox-84.0.2.snap

Finally, you can get the browser with the latest installation method that was added "Flatpak". To do this, they must have support for this type of package.

Installation is done by typing:

flatpak install flathub org.mozilla.firefox

For, all other Linux distributions can download the binary packages from the following link.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.