New Security Updates Introduced to Firefox 120: A Sneak Peek

Mozilla Firefox has rolled out version 120, addressing a total of 10 vulnerabilities, including six categorized as 'High Severity,' along with two moderate and low severity issues.

Key Highlights of Changes to Firefox 120

  • The update introduces a Global Privacy Control setting.
  • Users now have the option to import data from Chromium Snap.
  • A new feature allows users to copy links without including site tracking information.
  • The Picture-in-Picture mode on Windows and Linux now supports corner snapping.
  • The release includes the addition of a new feature in the Developer Tools.
  • TLS trust anchors can now be imported.
  • Improvements have been made in private windows and the ETP-Strict privacy configuration.

High Severity Flaws Addressed

There were several high-severity issues that were reported upon testing and are now fixed. They are:


This vulnerability allowed for an out-of-bounds read and memory data leakage into images created on the canvas element. Reported by JSec of Hayyim Security.


The bug permitted the use of a MessagePort after it had been freed, potentially leading to an exploitable crash. Reported by Yangkang of the 360 ATA Team.


This issue involved a black fade animation during exit from fullscreen, potentially leading to clickjacking. Reported by Hafiizh.


A Use-after-free in ReadableByteStreamQueueEntry::Buffer was fixed. Reported by Yangkang of the 360 ATA Team.


A memory safety bug was fixed in Firefox 120, ESR 115.5, and Thunderbird 115.5.


Firefox 120 has addressed memory safety issues, which is the flaw identified as CVE-2023-6213. Developers for Mozilla reported both of the bugs with high severity. 

In addition, memory safety issues were addressed, and developers at Mozilla reported evidence of memory corruption. There's a presumption that with sufficient effort, some of these could have been exploited to run arbitrary code.

Moderate and Low Severity Issues 

Moderate Severity Issues that were addressed include:


Using the Selection API would copy contents into X11 primary selection.


Incorrect parsing of relative URLs starting with.

Low Severity Issues Addressed


Mixed-content resources are no longer unblocked in a javascript: pop-up.


Clickjacking to load insecure pages in HTTPS-only mode.

For those interested, Firefox 120 is available for download on the Mozilla website, compatible with Windows, macOS, and Linux.