Thursday, July 02, 2015

Firefox Version 39.0 Released with Critical Security Updates

Mozilla sent Version 39.0 to the release channel.  The update includes four (4) critical, two (2) high, six (6) moderate and one (1) low security update. 

Firefox ESR version has been updated to 31.8.

Fixed in Firefox 39

  • 2015-71 -- NSS incorrectly permits skipping of ServerKeyExchange
  • 2015-70 -- NSS accepts export-length DHE keys with regular DHE cipher suites
  • 2015-69 -- Privilege escalation in PDF.js
  • 2015-68 -- OS X crash reports may contain entered key press information
  • 2015-67 -- Key pinning is ignored when overridable errors are encountered
  • 2015-66 -- Vulnerabilities found through code inspection
  • 2015-65 -- Use-after-free in workers while using XMLHttpRequest
  • 2015-64 -- ECDSA signature validation fails to handle some signatures correctly
  • 2015-63 -- Use-after-free in Content Policy due to microtask execution error
  • 2015-62 -- Out-of-bound read while computing an oscillator rendering range in Web Audio
  • 2015-61 -- Type confusion in Indexed Database Manager
  • 2015-60 -- Local files or privileged URLs in pages can be opened into new tabs
  • 2015-59 -- Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

What’s New

  • New -- Share Hello URLs with social networks
  • New -- Project Silk: Smoother animation and scrolling (Mac OS X)
  • New -- Support for 'switch' role in ARIA 1.1 (web accessibility)
  • New -- SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
  • New -- Support for new Unicode 8.0 skin tone emoji
  • Changed -- Removed support for insecure SSLv3 for network communications
  • Changed -- Disable use of RC4 except for temporarily whitelisted hosts
  • Changed -- The malware detection service for downloads now covers common Mac file types (Bug 1138721)
  • Changed -- Performance of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
  • HTML5 -- List-style-type now accepts a string value
  • HTML5 -- Enable the Fetch API for network requests from dedicated, shared and service workers
  • HTML5 -- Cascading of CSS transitions and animations now matches the current spec
  • HTML5 -- Implement allowing anticipation of a future connection without revealing any information
  • HTML5 -- Added support for CSS Scroll Snap Points
  • Fixed -- Improve performance for IPv6 fallback to IPv4
  • Fixed -- Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
  • Fixed -- The Security state indicator on a page now correctly ignores loads caused by previous pages
  • Fixed -- Fixed an issue where a Hello conversation window would sometimes fail to open
  • Fixed -- A regression that could lead to Flash not displaying has been fixed
  • Fixed -- Update to NSS 3.19.2

Known Issues

No known issues are reported.


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: