Tuesday, August 02, 2016

Mozilla Firefox Version 48.0 Released with Security Updates

FirefoxMozilla sent Firefox Version 48.0.0 to the release channel today.  The update is a major release and includes three (3) critical, seven (7) high, eleven (11) moderate and two (2) low security updates.

The next scheduled release is September 13, 2016.

Firefox ESR will continue to ship point releases on the same day that Firefox ships and can be downloaded from here and has been updated to Version 45.3.0.

Fixed in Firefox 48

  • 2016-84 Information disclosure through Resource Timing API during page navigation
  • 2016-83 Spoofing attack through text injection into internal error pages
  • 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
  • 2016-81 Information disclosure and local file manipulation through drag and drop
  • 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
  • 2016-79 Use-after-free when applying SVG effects
  • 2016-78 Type confusion in display transformation
  • 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
  • 2016-76 Scripts on marquee tag can execute in sandboxed iframes
  • 2016-75 Integer overflow in WebSockets during data buffering
  • 2016-74 Form input type change from password to text can store plain text password in session restore file
  • 2016-73 Use-after-free in service workers with nested sync events
  • 2016-72 Use-after-free in DTLS during WebRTC session shutdown
  • 2016-71 Crash in incremental garbage collection in JavaScript
  • 2016-70 Use-after-free when using alt key and toplevel menus /li>
  • 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
  • 2016-68 Out-of-bounds read during XML parsing in Expat library
  • 2016-67 Stack underflow during 2D graphics rendering
  • 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
  • 2016-65 Cairo rendering crash due to memory allocation issue with FFMpeg 0.10
  • 2016-64 Buffer overflow rendering SVG with bidirectional content
  • 2016-63 Favicon network connection can persist when page is closed
  • 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)


  • Roar for moar protection against harmful downloads! We've got your back.  Thanks to Google’s expansion of their Safe Browsing service, Firefox 48 now extends our existing protection to include two additional kinds of downloads: potentially unwanted software and uncommon downloads.
  • Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.
  • Add-ons that have not been verified and signed by Mozilla will not load
  • GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast
  • WebRTC embetterments:
    • Delay-agnostic AEC enabled
    • Full duplex for GNU/Linux enabled
    • ICE Restart & Update is supported
    • Cloning of MediaStream and MediaStreamTrack is now supported
  • Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know
  • Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode
  • The media parser has been redeveloped using the Rust programming language


  • So long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade!
  • After version 48, SSE2 CPU extensions are going to be required on Windows
  • Au revoir to Windows Remote Access Service modem Autodial


  • Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice!
  • Improved step debugging on last line of functions

Known Issues

    • On some websites using an important number of cookies, under certain conditions, this can cause the user to be logged out (1264192)


    To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


      Remember - "A day without laughter is a day wasted." May the wind sing to you and the sun rise in your heart...

      No comments: