Tuesday, March 08, 2016

Mozilla Firefox Version 45.0 Released with Critical Security Updates

Mozilla sent Firefox Version 45.0 to the release channel.  The update includes eight (8) critical security updates, seven (7) high, six (6) moderate and one (1) low security updates.

Firefox ESR was updated to version 38.7.0.

The next scheduled release is April 19, 2016.

Fixed in Firefox 45

  •     2016-37 Font vulnerabilities in the Graphite 2 library
  •     2016-36 Use-after-free during processing of DER encoded keys in NSS
  •     2016-35 Buffer overflow during ASN.1 decoding in NSS
  •     2016-34 Out-of-bounds read in HTML parser following a failed allocation
  •     2016-33 Use-after-free in GetStaticInstance in WebRTC
  •     2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
  •     2016-31 Memory corruption with malicious NPAPI plugin
  •     2016-30 Buffer overflow in Brotli decompression
  •     2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
  •     2016-28 Addressbar spoofing though history navigation and Location protocol property
  •     2016-27 Use-after-free during XML transformations
  •     2016-26 Memory corruption when modifying a file being read by FileReader
  •     2016-25 Use-after-free when using multiple WebRTC data channels
  •     2016-24 Use-after-free in SetBody
  •     2016-23 Use-after-free in HTML5 string parser
  •     2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
  •     2016-21 Displayed page address can be overridden
  •     2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
  •     2016-19 Linux video memory DOS with Intel drivers
  •     2016-18 CSP reports fail to strip location information for embedded iframe pages
  •     2016-17 Local file overwriting and potential privilege escalation through CSP reports
  •     2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)


  • Instant browser tab sharing through Hello
  • Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
  • Synced Tabs button in button bar
  • Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
  • Guarani [gn] locale added


  • URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
  • Various security fixes




  • On-screen keyboard support was temporarily turned off for Windows 8 and Windows 8.1


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: