- Added a preference network.stricttransportsecurity.enabled to enable or disable the use of HSTS (HTTP Strict Transport Security), allowing users to choose between privacy and security in this matter. (hidden pref)
- Fixed CVE-2014-1589 by whitelisting XBL bindings that may be applied to untrusted content.
Important: extension developers should read this related thread.
- Fixed CVE-2014-1593.
- Mac: fixed CVE-2014-1595.
- Fixed CVE-2014-8639 by adjusting cookie handling through proxies.
- Fixed CVE-2014-8636.
- Fixed several memory safety hazards that do not have CVE numbers.
Minimum system Requirements (Windows):
- Windows Vista/Windows 7/Windows 8/Server 2008 or later
- A processor with SSE2 support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space