A correction release of Firefox 91.0.1 is available, offering several fixes:
- Fixed a vulnerability (CVE-2021-29991) that could allow an HTTP header splitting attack. The problem is caused by the incorrect acceptance of the newline character in HTTP/3 headers, which allows you to specify a header that will be interpreted as two different headers.
- Fixed an issue with resizing buttons in the tab bar that occurred when loading some sites that use unicode math symbol codes in their titles.
- We fixed an issue that caused tabs from windows opened in private mode to appear in normal windows when viewing recommendations in the address bar.
Additionally, Firefox 92, scheduled for September 7, is expected to activate WebRender by default for all Linux, Windows, macOS, and Android users, with no exceptions. In the next release of Firefox 93, the options to disable WebRender (gfx.webrender.force-legacy-layers and MOZ_WEBRENDER=0) will be deprecated and the engine will become mandatory. WebRender is written in Rust and allows you to achieve a significant increase in rendering speed and reduce CPU load by offloading page content rendering operations to the GPU side, which are implemented through GPU-executed shaders. For systems with older video cards or problematic graphics drivers, WebRender will use software rasterization mode (gfx.webrender.software=true).
Source: opennet.ru