A maintenance release of Firefox 148.0.2 is now available, addressing 5 vulnerabilities. Four of these vulnerabilities are related to memory issues, such as buffer overflows and accessing already freed memory areas. One of the buffer overflows specifically affects the audio and video playback code in the Android version, potentially allowing attackers to execute code by visiting specially designed pages. There is also a non-memory issue in the CSS parsing code that could bypass Same-origin restrictions.
Non-security fixes in this release include:
- Fixed an issue with incorrect redirection to the address bar when entering a search query on new page tabs.
- Fixed a bug that prevented changing formatting in certain web text editors, such as bold or italics.
- Fixed a problem where YouTube videos would start playing automatically even when autoplay was blocked, triggered by holding down the Ctrl key after loading the video page.
- Fixed an alignment issue with elements using absolute positioning that were not centered upon loading.
- Fixed a bug that displayed empty tab switch recommendations for pages without a “title” tag.
- Fixed a bug causing video quality degradation on Windows systems with NVIDIA GPUs when Video Super Resolution was enabled.
Additional Firefox-related events include:
- Mozilla decided to continue supporting the ESR branch of Firefox 115 until the
/Reports, release notes, official announcements.