Firefox ESR 128.6: The Bug-Squashing Spree of 2025!

Firefox ESR 128.6 fixes security vulnerabilities that include WebChannel API’s confused deputy attack, use-after-free crashes, ALPN validation failures, compartment mismatches in JSON parsing, and memory corruption during text segmentation. Each could lead to moderate chaos, like a digital slapstick skit, but now everything’s patched up.

1P
Published: January 7, 2025 5:13 pmAdded: January 7, 2025 at 9:39 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Firefox ESR 128.6 is here to save the day, or at least prevent your computer from turning into a hot mess of vulnerabilities! Seems like Mozilla’s New Year’s resolution is to patch things up—literally. From confused deputies to memory that’s more forgetful than your grandpa, this update is patching up those pesky moderate-level security gaps. Rest easy, your browsing experience just got a little less “exciting.”

Key Points:

  • Firefox ESR 128.6 addresses five moderate security vulnerabilities.
  • WebChannel API can no longer play confused deputy with your privileges.
  • Use-after-free bug in text line-breaking fixed to prevent crashes.
  • Alt-Svc ALPN now properly validates certificates during redirections.
  • Memory corruption issues in JavaScript text segmentation have been resolved.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?