Firefox 57 had a critical flaw that could be triggered when the browser makes a WebRTC connection using “touch tone” signals common in old landline handsets.
Firefox 58 gives you faster performance but you’ll want to update anyway to fix a handful of critical flaws.
The latest version of the Firefox browser builds on the recent overhaul known as Firefox Quantum, or version 57 of Mozilla’s browser. Last week Firefox developers flagged speed improvements from the new WebAssembly and compiler improvements in Firefox 58.
Mozilla is also promoting a refreshed Tracking Protection feature. It arrived two years ago in Private Mode but Firefox 57 allowed users to enable the privacy feature at all times. Mozilla says tests show that enabling it all the time actually speeds up page loads. It’s also available on Firefox for iOS and Android.
Given the relative decline of PCs, Firefox’s future still depends heavily on increased adoption on mobile platforms. Mozilla has tweaked Firefox on Android’s bookmarking feature to make it easier to view, organize and create new folders, and move bookmarks into different folders.
For Progressive Web Apps (PWA), Firefox on Android now displays a house-shaped button in the address bar when users visit a site that is PWA. Adding the app to the home screen can be done by tapping the house button. Mozilla has posted a short demo on YouTube of the ‘Add to Home Screen’ feature on YouTube. The home screen icons have a small Firefox badge in the bottom right corner. Once opened, each PWA opens as a separate entry in the app switcher.
And following on from Mozilla’s Firefox recent fixes for two variants of the widespread Meltdown and Spectre flaws, Firefox 58 addressed a further 32 vulnerabilities, consisting of four critical, 13 high, 13 moderate, and three low severity bugs.
One of the critical bugs can surface during a WebRTC connection to systems that use DTMF or Dual-Tone Multi-Frequency signals. DTMF signals were used in “touch tone” phones to have different tones represent buttons on a keypad. In the context of WebRTC, computers can use DTMF when sending a command to a teleconferencing system. The bug results in a potentially exploitable crash.
Mozilla developers also found a group of memory safety bugs in Firefox 57 that appeared to be a memory corruption issue that could, with some effort, be exploit to run arbitrary code.
The Firefox ESR 52.6 release contains fixes for 11 of the bugs fixed in Firefox 58, including the critical WebRTC flaw and critical memory safety bugs.