I know I’m a little early on this one.
Downloaded FF 95.0, (for windows!) from Mozilla, which is being currently rolled out. Does anyone have an idea of why mozilla hasn’t patched the xs-leaks in new firefox 95.0? Event though it is the windows version I expected the vulnerabilities to be fixed. The article leads me to believe mozilla is informed:
Because it’s a class of attacks that was published recently and would require significant work and underlying changes in the browser architecture (e.g. introducing first-party isolation) to fix, and this would also impact on how web applications work and therefore break who knows what for who knows who.
That is, it’s not a single security vulnerability that can be patched by changing a line of code.