The Mozilla Foundation has released a security update for Firefox 134.0, introducing new features and addressing several vulnerabilities, particularly affecting Android users. Key improvements include support for touchpad gestures on Linux, hardware-accelerated playback for HEVC video on Windows, and an updated new tab layout for users in the US and Canada. Affected: Firefox, Firefox for Android, Firefox Focus
Keypoints :
- Firefox 134.0 includes a security update addressing multiple vulnerabilities.
- New features include touchpad gesture support on Linux and hardware-accelerated HEVC video playback on Windows.
- Updated new tab layout is being rolled out for users in the US and Canada.
- Ecosia’s availability has expanded to several European countries and languages.
- Security updates include fixes for address bar spoofing and memory safety bugs.
MITRE Techniques :
- MITRE Technique: Address Bar Spoofing (CVE-2025-0244) – An attacker could spoof the address bar when redirecting to an invalid protocol scheme on Firefox for Android.
- MITRE Technique: Lock Screen Setting Bypass (CVE-2025-0245) – A user opt-in setting in Firefox Focus for Android could be bypassed under certain circumstances.
- MITRE Technique: Confused Deputy Attack (CVE-2025-0237) – The WebChannel API did not check the sending principal, potentially leading to privilege escalation.
- MITRE Technique: Use-After-Free (CVE-2025-0238) – An attacker could cause a use-after-free condition leading to a potentially exploitable crash.
- MITRE Technique: Memory Corruption (CVE-2025-0241) – Memory corruption could occur when segmenting specially crafted text.
Full Research: https://wezard4u.tistory.com/429379