Skip to main content

Firefox 132 patches some security flaws, adds support for 4K playback, and blocks third-party cookies.

Firefox launched long ago on November 9, 2004, which means we’re just over one week out from the browser’s 20th anniversary. Who knew that a spiritual successor to Netscape Navigator would last this long?

With Firefox 132 being released yesterday, it’s close enough to count as a celebration — and the update fittingly brings some good news with it, including improved privacy with blocked third-party cookies, plus some other cool features worth updating for.

Mozilla plans to release Firefox 133 on November 26, 2024.

What’s new in Firefox 132?

Firefox 132 is now ready for 4K video playback from major streaming services, but this feature is currently in a rollout phase. Through support for Microsoft PlayReady, Firefox will be able to play encrypted media at a baseline of 1080p with 4K support on top.

Initially only on selected websites, this feature should spread to more sites over time — and another big benefit of it is that you’ll experience less battery drain and better performance while streaming video.

This update also sees improvements to data protection. If you’ve enabled “strict mode” in Firefox’s Settings > Privacy & security > Improved protection against activity tracking, then Firefox 132 will now block all third-party cookies. The maximum lifetime of cookies is now limited to 400 days. If you use the “Copy link without website tracking” feature, Firefox can now filter out more tracking parameters, too.

If you use Firefox on more than one device, you can now synchronize bookmarks, open tabs, and passwords between devices. If the new sidebar for synchronized tabs is activated, you can close tabs on other devices via the context menu. However, if required, you must first activate this new sidebar via about:config. There, change the flag labeled sidebar.revamp to true by double-clicking on it.

A brief history of Mozilla Firefox

Marc Andreessen, one of the developers of the NCSA Mosaic browser, founded Netscape in 1994. With Netscape Navigator, the company supplied the world’s most widely used browser in the mid-1990s (market share over 80 percent). But after Microsoft ended the so-called browser war with widespread adoption of Internet Explorer, AOL took over the losing browser company.

In 1998, Netscape published the source code of its browser and allowed the newly founded Mozilla Foundation to manage further development. Mozilla eventually released Firefox 1.0 on November 9, 2004, and we’re about to hit that 20-year mark in about 10 days as of this writing.

Security flaws fixed in Firefox 132

Mozilla’s security report for Firefox 132 shows 11 vulnerabilities have been fixed in the update, with two of them classified as “high” risk.

One of those high-risk flaws is CVE-2024-10459, a use-after-free vulnerability in the layout component when accessibility is enabled. With it, an attacker can provoke a crash and possibly execute injected code. The other high-risk flaw is CVE-2024-10458, which allows authorizations to be transferred from a secure site to an insecure site.

Other internally discovered vulnerabilities can potentially be exploited to execute arbitrary code, but they’re only categorized as moderate risk.

Firefox ESR, Tor Browser, and Thunderbird

In addition to releasing Firefox 132, Mozilla has also updated its long-term versions, with 10 security vulnerabilities patched in Firefox ESR 128.4.0 and three patched in Firefox ESR 115.17.0. (Firefox ESR 115 will continue to be supported until March 2025.)

The updated Tor Browser 14.0.1 is based on Firefox ESR 128.4.0, but Tor’s developers state that they have also ported the security improvements from Firefox 132. An update for Tor Browser 13.5 to 13.5.9 is also available if you’re on Windows 7 or 8.1 or macOS 10.13 or 10.14.

Thunderbird 128.4.0esr fixes 10 vulnerabilities and a few bugs. In contrast to Firefox, Thunderbird no longer supports older operating system versions, as version 115.16.2 is the end of the line for Thunderbird 115. Thunderbird 132 (without “esr”) is only available for testing purposes.