파이어폭스 134.0 보안 업데이트
오늘은 모질라 재단에서 제공을 하는 파이어폭스 134.0 보안 업데이트에 대해 알아보겠습니다.
Firefox는 이제 Linux에서 터치패드 누르기 동작을 지원
Windows에서 HEVC 비디오 콘텐츠의 하드웨어 가속 재생이 지원
Ecosia의 가용성은 오스트리아, 벨기에, 이탈리아, 네덜란드, 스페인, 스웨덴 및 스위스와 함께 독일 지역의 모든 언어로 확장
새로워진 새 탭 레이아웃이 미국과 캐나다의 사용자에게 출시되고 있으며 위치가 변경된 로고와 날씨 위젯을 통해 웹 검색,바로 가기, 추천 스토리를 상단에 우선시할 수 있습니다.
이번 업데이트로 인해서 추천 스토리 카드 UI 변경 사항이 포함되어 있으며 더 큰 화면을 사용하는 사용자는 최대 4개의 열을 볼 수 있어 공간 활용도가 높아집니다.
보안 업데이트 내용
CVE-2025-0244:Address bar spoofing using an invalid protocol scheme on Firefox for Android
Description:When redirecting to an invalid protocol scheme, an attacker could spoof the address bar.
Note: This issue only affected Android operating systems. Other operating systems are unaffected.
CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
Description:Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed.
CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on Firefox for Android
Description:When using an invalid protocol scheme, an attacker could spoof the address bar.
Note: This issue only affected Android operating systems. Other operating systems are unaffected.
Note: This issue is a different issue from CVE-2025-0244.
CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
Description:The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks.
CVE-2025-0238: Use-after-free when breaking lines in text
Description:Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash.
CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
Description:When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site.
CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module
Description:Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free.
CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation
Description:When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash.
CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6
Description:Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
Description:Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134
Description:Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
파이어폭스 브라우저를 사용하시는 분들은 해당 보안 업데이트를 하시는 것을 추천 드립니다.