Firefox 76 delivers new password security features and security fixes
Mozilla has released Firefox 76, which comes with critical security fixes and new features related to Firefox Lockwise, the browser’s password manager/generator that’s also available as a standalone app for iOS and Android.
New Firefox password security features
Just in time for this year’s World Password Day, Mozilla has released new Firefox Lockwise features.
Starting with Firefox 76, users will be able to check whether any of the passwords they use are vulnerable (e.g., identical to a password that has been breached) and they will be alerted when their login and password is involved in a breach:
Unfortunately, the Website Breach warning will not be shown when you visit the login page of the breached site, but only if you go to the menu button located on the far right of the browser’s toolbar and select “Logins and Passwords”, i.e., if you “enter” Firefox Lockwise.
Another new feature is one that makes it possible to share a device with others (e.g., family or roommates) without them being able to see your passwords or you theirs.
“When you try to view or copy a password from your ‘Logins and Passwords’ page, you will be prompted for your device’s account password before proceeding. Once the password is added, your credentials will be available to view and copy for up to five minutes,” Mozilla explained. This is one more reason for having a separate device account for each user.
Security fixes
Firefox 76 contains fixes for two critical flaws:
- CVE-2020-12387, a use-after-free vulnerability arising from a race condition when running shutdown code for web worker (a JavaScript script executed from an HTML page that runs in the background), which could result in a potentially exploitable crash, and
- CVE-2020-12388, a sandbox escape flaw that only affects Firefox on Windows operating systems.
Also deemed critical are a bunch of memory safety bugs that have been fixed both in Firefox 76 and Firefox ESR 68.7.
Two high-risk security holes that have also been plugged – a sandbox escape that, again, only affects Firefox on Windows operating systems, and a buffer overflow that could lead to memory corruption and a potentially exploitable crash.
For more details about the vulnerabilities go here.