Mozilla Firefox 74 Browser Version released for all platforms including Windows, Linux and Mac and fixes 6 High security Critical Bugs.
Changes in DNS Over HTTPS
When you type a web address or domain name into your address bar (example: www.mozilla.org), your browser sends a request over the Internet to look up the IP address for that website.
Traditionally, this request is sent to servers over a plain text connection. This connection is not encrypted, making it easy for third-parties to see what website you’re about to access.
DNS-over-HTTPS (DoH) works differently. It sends the domain name you typed to a DoH-compatible DNS server using an encrypted HTTPS connection instead of a plain text one. This prevents third-parties from seeing what websites you are trying to access.
The feature is enabled by default for U.S, whereas in other countries need to enable it manually.
How To Enable?
- Just Go to Menu button and select Preferences
- Choose General > Network Settings
- Click Setting > Click on checkbox to Enable DNS Over HTTPS
Another big changes in Firefox 74 browser, it will only support TLS 1.2 or above encrypting HTTPS connections and disabled TLS 1.0 and TLS 1.1.
Following security vulnerabilities fixed in Firefox 74
- CVE-2020-6805: Use-after-free when removing data about origins
Impact- high
Description- When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
- CVE-2020-6808: URL Spoofing via javascript: URL
Impact- moderate
Description- When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document’s URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document.
- CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
Impact- high
Description- Mozilla developers Byron Campen, Jason Kratzer, and Christian Holler reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
- CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74
Impact- high
Description- Mozilla developers Jason Kratzer, Boris Zbarsky, Tyson Smith, and Alexandru Michis reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Here you can direct Download Mozilla Firefox 74 Browser