The latest versions of Firefox 126 and Thunderbird 115.11 address security vulnerabilities and introduce improved features.
The Mozilla Foundation has released version 126 of its Firefox web browser, the Extended Support Release (ESR) version 115.11, and Thunderbird email client version 115.11. These updates include significant security fixes as well as new and improved functionalities.
According to the release notes, Firefox developers have enhanced the “Copy Link Without Website Tracking” option, which can now remove parameters from nested URLs. The browser now supports over 300 tracking parameters from various sources, such as shopping sites. Firefox has also integrated zstd as a compression algorithm, offering an alternative to Brotli and gzip. zstd achieves either the same compression rates with lower CPU usage or higher compression rates with the same CPU load. Additionally, Mac users with Apple Silicon M3 will benefit from AV1 hardware acceleration for decoding.
Firefox: Security Fixes
For those who prioritize privacy, it is advisable to switch the default search engine to something like DuckDuckGo. Developers have started collecting telemetry data on about 20 search categories, such as “Sports,” “Business,” and “Travel.” This data collection is anonymized and uses OHTTP to remove potentially identifiable IP addresses. The collected data will not be shared with third parties.
The new version also addresses several security vulnerabilities. One notable issue involved multiple active WebRTC threads that could simultaneously request a newly connected audio device, leading to a use-after-free vulnerability. This issue, identified as CVE-2024-4764, poses a high risk according to developers. Another vulnerability, CVE-2024-4367, involves a lack of type checking in PDF.js fonts, which could allow arbitrary JavaScript code execution. Additionally, nine medium-severity vulnerabilities and five low-risk issues in older Firefox versions are listed in the Firefox 126 security bulletin.
Updates in Thunderbird and Firefox ESR 115.11
The critical font type-checking vulnerability in PDF.js also affects Firefox ESR and Thunderbird 115.11. Both versions’ security bulletins list the same vulnerabilities. Five other medium-severity security issues have been addressed in these updates.
The release notes for Thunderbird 115.11 are brief. One notable fix involves the resizable divider between the task list and task description, which previously did not behave as expected. Another issue corrected the size of rows for calendar event participants.
Version Verification
To check if you have the updated versions with security fixes, open the version dialog through the browser menu, accessible by clicking the three horizontal lines icon to the right of the address bar. Navigate to “Help” and then “About Firefox” or “About Thunderbird” to see the current version information.
