Tuesday, November 03, 2015

Mozilla Firefox Version 42.0 Released with Numerous Security Updates

Mozilla sent Firefox Version 42.0 to the release channel.  The update includes three (3) critical, five (5) high, seven (7) moderate and two (2) low security updates.

Version 38.4.0 was released for Firefox ESR.

Fixed in Firefox 42

  • 2015-133 NSS and NSPR memory corruption issues
  • 2015-132 Mixed content WebSocket policy bypass through workers
  • 2015-131 Vulnerabilities found through code inspection
  • 2015-130 JavaScript garbage collection crash with Java applet
  • 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
  • 2015-128 Memory corruption in libjar through zip files
  • 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
  • 2015-126Crash when accessing HTML tables with accessibility tools on OS X
  • 2015-125 XSS attack through intents on Firefox for Android
  • 2015-124 Android intents can be used on Firefox for Android to open privileged files
  • 2015-123 Buffer overflow during image interactions in canvas
  • 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
  • 2015-121 Disabling scripts in Add-on SDK panels has no effect
  • 2015-120 Reading sensitive profile files through local HTML file on Android
  • 2015-119 Firefox for Android addressbar can be removed after fullscreen mode
  • 2015-118 CSP bypass due to permissive Reader mode whitelist
  • 2015-117 Information disclosure through NTLM authentication
  • 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

What’s New

  • New -- Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
  • New -- Control Center that contains site security and privacy controls
  • New -- Indicator added to tabs that play audio with one-click muting
  • New -- WebRTC improvements:
    • IPV6 support
    • Preferences for controlling ICE candidate generation and IP exposure
    • Hooks for extensions to allow/deny createOffer/Answer
    • Improved ability for applications to monitor and control which devices are used in getUserMedia
  • New -- Login Manager improvements:
    • Improved heuristics to save usernames and passwords
    • Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
    • Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
  • Changed -- Improved performance on interactive websites that trigger a lot of restyles
  • HTML5 -- Implemented ES6 Reflect
  • HTML5 -- Support ImageBitmap and createImageBitmap()
  • HTML5 -- Media Source Extension for HTML5 video available for all sites
  • Fixed Various security fixes

Known Issues

  • unresolved -- URLs containing a Unicode-format Internationalized Domain Name (IDN) are not redirected properly, leading to a Server Not Found error.


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: