Firefox 82 Is Released With Four High-Impact Security Fixes

From LinuxReviews
Jump to navigationJump to search

Mozilla Firefox 82 is faster on websites using flex CSS layout, there's a new picture-in-picture button that you may or may not find annoying enough to disable and there's four high-impact and two medium-impact security fixes. There's no performance improvement in synthetic benchmarks.

written by 윤채경 (Yoon Chae-kyung)  2020-10-21 - last edited 2020-10-21. © CC BY

Firefox 82 displaying flex layout.jpg
Mozilla Firefox 82 displaying a website using display: flex; CSS layout.

The latest version of the only viable web browser left that's not just a wrapper for Chromium and its Blink rendering engine is, according to the Mozilla Corporation who makes the Firefox web browser product, 20% faster on websites that use flexbox-based layouts. A lot of sites do since it's so convenient.

Mozilla is also claiming that restoring browser sessions is "17% quicker".


Mozilla's supposed improvements in Firefox 82 do not appear to translate into any notible performance-improvement in synthetic benchmarks. WebGL performance has not improved, Firefox is still far behind all the Chromium-based web browsers:

Mozilla Firefox 82 vs Other Web Browsers - Unity WebGL 2018.jpg

The "performance improvements" in Firefox 82 do not translate to a higher score in the Basemark Web benchmark:

Mozilla Firefox 82 vs Other Web Browsers - Basemark 3.jpg

Mozilla Firefox's score in the WebXprt 3 benchmark, the only benchmark where Firefox comes out on top, has not improved since Firefox 81 was released a mere month ago:

Mozilla Firefox 82 vs Other Web Browsers - WebXprt 3.jpg

The benchmarks don't really dispute that Firefox has made web pages using display: flex; faster, they probably have. A minor and very specific improvement like that wouldn't show up in these particular benchmarks.

New Picture-in-Picture Nag Button

The picture-in-picture feature has been re-vamped in Firefox 82. It has a "new look" so it's "easier for you to find and use the feature". And it's easier to "find" and see, a big Watch in Picture-in-Picture button appears if you hoover the mouse over any video.

Firefox 82 Picture-in-picture-button.jpg
New picture-in-picture button in Firefox 82.

The first obvious question you may ask regarding this new very prominent picture-in-picture button "feature" is probably: So how do I disable that big annoying text all over videos playing in Firefox?. Disabling it is possible and quite easy once you know how: Type about:config into the navigation bar and search for and set it to false and there will be no more nagging about going to picture-in-picture mode in Firefox.

The other new features in Firefox 82 are for Windows and macOS users only. There's a new picture-in-picture short-cut on macOS (⌥ Option+⌘ Command+⇧ Shift+Right-bracket) and DirectComposition for hardware video decoding on Windows. The Mozilla Corporations is also claiming that opening a new window is 10% faster on Windows.

Oh, there is one more feature mentioned in the release-notes: "You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar" if you haven't turned that blatant propaganda promotional tool off by setting extensions.pocket.enabled to false in the about:config settings manager for some reason.

The Security Fixes

There are four "high" impact security fixes and two "moderate" fixed in Firefox 82. The "high" impact ones are:

  • CVE-2020-15969: Use-after-free in usersctp
  • CVE-2020-15254: Undefined behavior in bounded channel of crossbeam rust crate
  • CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
  • CVE-2020-15684: Memory safety bugs fixed in Firefox 82

The last two refer to a list of six and four individual memory safety bugs. The "medium" impoact vulnerabilities are:

  • CVE-2020-15680: Presence of external protocol handlers could be determined through image tags
  • CVE-2020-15681: Multiple WASM threads may have overwritten each others' stub table entries

One lets an attacker find out if you have an extension with support for a protocol Mozilla doesn't and the second could be used to cause a potentially exploitable crash. That sounds like something that would be considered "high" impact but Mozilla doesn't seem to agree.

You can download the latest Firefox version from if you don't want to wait until your distribution makes it available. We recommend against it as Linux distributions tend to turn ship Firefox with a custom preferences profile (usually in /usr/lib64/firefox/browser/defaults/preferences/) with settings that are preferable to those Mozilla ship. Most distributions don't disable the "normandy" back-door the Mozilla Corporation has built into Mozilla Firefox so you will have to make sure to do that yourself by setting app.normandy.enabled to false in about:config.

(2 votes)

Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.