Mozilla released Firefox 60.0.2, the second point release of the Firefox 60 “Quantum” web browser series.
The version has an updated Network Security Services (NSS) component.
Releasing three weeks after Firefox 60.0.1, this version updates the NSS component, a set of libraries for supporting cross-platform development of security-enabled server and client apps, to version 3.36.4 from 3.36.1 used in the previous release.
NSS 3.36.4 comes with a fix for a crash related to authentication tokens like WebAuthn or PK11 on Apple’s macOS platform, and a fix for an SSL_RX_MALFORMED_SERVER_HELLO error that might occur on some systems when attempting to connect to a server that was recently upgraded to Transport Layer Security (TLS) version 1.3.
Another change in the browser is for a critical security vulnerability reported by Ivan Fratric of Google Project Zero. It’s a heap buffer overflow affecting the Skia library, which could lead to a potentially exploitable crash. The issue occurred when rasterizing paths with a maliciously crafted SVG file and with anti-aliasing disabled.
Firefox 60.0.2 also boosts font rendering on Mac OS X 10.11 and earlier systems when using third-party font managers and adds the missing nodes in the Inspector panel found in the developer tools.