Tuesday, February 24, 2015

Mozilla Firefox Version 36.0 Released With Security Updates

Mozilla sent Firefox Version 36.0 to the release channel, with Firefox ESR updated to 31.5. The update includes eight (8) security updates, of which three (3) are identified as critical, two (2) high, two (2) moderate and one (1) low.

A security feature finally incorporated in version 36.0 is full HTTP/2 support.  Additional information this change is available in the Mozilla Security Blog, Phase 2: Phasing out Certificates with 1024-bit RSA Keys | Mozilla Security Blog.

Fixed in Firefox 36

  • 2015-18 Double-free when using non-default memory allocators with a zero-length XHR
  • 2015-17 Buffer overflow in libstagefright during MP4 video playback
  • 2015-16 Use-after-free in IndexedDB
  • 2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
  • 2015-14 Malicious WebGL content crash when writing strings
  • 2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
  • 2015-12 Invoking Mozilla updater will load locally stored DLL files
  • 2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

What’s New

  • New Pinned tiles on the new tab page can be synced
  • New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
  • New Locale added: Uzbek (uz)
  • Changed -remote option removed
  • Changed No longer accept insecure RC4 ciphers whenever possible
  • Changed Phasing out Certificates with 1024-bit RSA Keys
  • Changed Shut down hangs will now show the crash reporter before exiting the program
  • Changed Add-on Compatibility
  • HTML5 Support for the ECMAScript 6 Symbol data type added
  • HTML5 unicode-range CSS descriptor implemented
  • HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
  • HTML5 object-fit and object-position implemented.
    Defines how and where the content of a replaced element is displayed
  • HTML5 isolation CSS property implemented.
    Create a new stacking context to isolate groups of boxes to control which blend together
  • HTML5 CSS3 will-change property implemented.
    Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
  • HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
    The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
  • HTML5 Improved ES6 generators for better performance
  • Developer Eval sources now appear in the Debugger
    Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
  • Developer DOM Promises inspection
  • Developer Inspector: More paste options in markup view
  • Fixed CSS gradients work on premultiplied colors
  • Fixed Fix some unexpected logout from Facebook or Google after restart
  • Fixed Various security fixes

Known Issues

  • unresolved Style Editor: Extra white space appearing above the editor for a sourcemapped scss file (1128747)


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


Remember - "A day without laughter is a day wasted." May the wind sing to you and the sun rise in your heart...

No comments: