Firefox 82 Is Released With Four High-Impact Security Fixes
Mozilla Firefox 82 is faster on websites using flex CSS layout, there's a new picture-in-picture button that you may or may not find annoying enough to disable and there's four high-impact and two medium-impact security fixes. There's no performance improvement in synthetic benchmarks.
written by 윤채경 (Yoon Chae-kyung). published 2020-10-21 - last edited 2020-10-21
Mozilla Firefox 82 displaying a website using
display: flex; CSS layout.
The latest version of the only viable web browser left that's not just a wrapper for Chromium and its Blink rendering engine is, according to the Mozilla Corporation who makes the Firefox web browser product, 20% faster on websites that use flexbox-based layouts. A lot of sites do since it's so convenient.
Mozilla is also claiming that restoring browser sessions is "17% quicker".
Mozilla's supposed improvements in Firefox 82 do not appear to translate into any notible performance-improvement in synthetic benchmarks. WebGL performance has not improved, Firefox is still far behind all the Chromium-based web browsers:
The "performance improvements" in Firefox 82 do not translate to a higher score in the Basemark Web benchmark:
Mozilla Firefox's score in the WebXprt 3 benchmark, the only benchmark where Firefox comes out on top, has not improved since Firefox 81 was released a mere month ago:
The benchmarks don't really dispute that Firefox has made web pages using
display: flex; faster, they probably have. A minor and very specific improvement like that wouldn't show up in these particular benchmarks.
New Picture-in-Picture Nag Button
The picture-in-picture feature has been re-vamped in Firefox 82. It has a "new look" so it's "easier for you to find and use the feature". And it's easier to "find" and see, a big button appears if you hoover the mouse over any video.
The first obvious question you may ask regarding this new very prominent picture-in-picture button "feature" is probably: So how do I disable that big annoying text all over videos playing in Firefox?. Disabling it is possible and quite easy once you know how: Type
about:config into the navigation bar and search for
media.videocontrols.picture-in-picture.video-toggle.enabled and set it to
false and there will be no more nagging about going to picture-in-picture mode in Firefox.
The other new features in Firefox 82 are for Windows and macOS users only. There's a new picture-in-picture short-cut on macOS (⌥ Option+⌘ Command+⇧ Shift+Right-bracket) and DirectComposition for hardware video decoding on Windows. The Mozilla Corporations is also claiming that opening a new window is 10% faster on Windows.
Oh, there is one more feature mentioned in the release-notes: "You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar" if you haven't turned that blatant propaganda promotional tool off by setting
false in the
about:config settings manager for some reason.
The Security Fixes
There are four "high" impact security fixes and two "moderate" fixed in Firefox 82. The "high" impact ones are:
- CVE-2020-15969: Use-after-free in usersctp
- CVE-2020-15254: Undefined behavior in bounded channel of crossbeam rust crate
- CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
- CVE-2020-15684: Memory safety bugs fixed in Firefox 82
The last two refer to a list of six and four individual memory safety bugs. The "medium" impoact vulnerabilities are:
- CVE-2020-15680: Presence of external protocol handlers could be determined through image tags
- CVE-2020-15681: Multiple WASM threads may have overwritten each others' stub table entries
One lets an attacker find out if you have an extension with support for a protocol Mozilla doesn't and the second could be used to cause a potentially exploitable crash. That sounds like something that would be considered "high" impact but Mozilla doesn't seem to agree.
You can download the latest Firefox version from mozilla.org/en-US/firefox/all/ if you don't want to wait until your distribution makes it available. We recommend against it as Linux distributions tend to turn ship Firefox with a custom preferences profile (usually in
/usr/lib64/firefox/browser/defaults/preferences/) with settings that are preferable to those Mozilla ship. Most distributions don't disable the "normandy" back-door the Mozilla Corporation has built into Mozilla Firefox so you will have to make sure to do that yourself by setting