Mozilla sent Firefox Version 47.0.0 to the release channel today. The update is a major release and includes two (2) critical, five (5) high, four (4) moderate and two (2) low security updates.
The next scheduled release is August 2, 2016. Firefox ESR will continue to ship point releases on the same day that Firefox ships and can be downloaded from here.
Fixed in Firefox 47
- 2016-62 Network Security Services (NSS) vulnerabilities
- 2016-60 Java applets bypass CSP protections
- 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
- 2016-58 Entering fullscreen and persistent pointerlock without user permission
- 2016-57 Incorrect icon displayed on permissions notifications
- 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
- 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
- 2016-54 Partial same-origin-policy through setting location.host through data URI
- 2016-53 Out-of-bounds write with WebGL shader
- 2016-52 Addressbar spoofing though the SELECT element
- 2016-51 Use-after-free deleting tables from a contenteditable document
- 2016-50 Buffer overflow parsing HTML5 fragments
- 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
- Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
- Enable VP9 video codec for users with fast machines
- Embedded YouTube videos now play with HTML5 video if Flash is not installed.
- View and search open tabs from your smartphone or another computer in a sidebar
- Allow no-cache on back/forward navigations for https resources
- Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
- FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
- The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
- The Firefox click-to-activate plugin whitelist has been removed.
- cuechange events are now available on TextTrack objects
- WebCrypto: PBKDF2 supports SHA-2 hash algorithms
- WebCrypto: RSA-PSS signature support