Tuesday, August 11, 2015

Mozilla Firefox Version 40 Released With Critical Security Updates

Mozilla sent Firefox Version 40.0 to the release channel.  The update includes four (4) critical, seven (7) high and two (2)moderate security updates.

Firefox ESR version has been updated to 38.2.0.

Fixed in Firefox 40

  • MFSA 2015-92 -- Use-after-free in XMLHttpRequest with shared workers
  • MFSA 2015-91 -- Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
  • MFSA 2015-90 -- Vulnerabilities found through code inspection
  • MFSA 2015-89 -- Buffer overflows on Libvpx when decoding WebM video
  • MFSA 2015-88 -- Heap overflow in gdk-pixbuf when scaling bitmap images
  • MFSA 2015-87 -- Crash when using shared memory in JavaScript
  • MFSA 2015-85 -- Out-of-bounds write with Updater and malicious MAR file
  • MFSA 2015-84 -- Arbitrary file overwriting through Mozilla Maintenance Service with hard links
  • MFSA 2015-83 -- Overflow issues in libstagefright
  • MFSA 2015-82 -- Redefinition of non-configurable JavaScript object properties
  • MFSA 2015-81 -- Use-after-free in MediaStream playback
  • MFSA 2015-80 -- Out-of-bounds read with malformed MP3 file
  • MFSA 2015-79 -- Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

What’s New

  • Support for Windows 10--Added protection against unwanted software downloads
  • Suggested Tiles show sites of interest, based on categories from your recent browsing history
  • Hello allows adding a link to conversations to provide context on what the conversation will be about
  • New style for add-on manager based on the in-content preferences style
  • Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)
  • Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked
  • Changed
  • Add-on extensions that are not signed by Mozilla will display a warning
  • Smoother animation and scrolling with hardware vsync (Windows only)
  • JPEG images use less memory when scaled and can be painted faster
  • Sub-resources can no longer request HTTP authentication, thus protecting users from inadvertently disclosing login data
  • NPAPI Plug-in performance improved via asynchronous initialization
  • HTML5
  • IndexedDB transactions are now non-durable by default
  • Implemented AudioBufferSourceNode.detune to modulate playback rate in cents, a logarithmic unit of measure used for musical intervals
  • Developer
  • Improved Performance tools in the developer tools: Waterfall view, Call Tree view and a Flame Chart view
  • Console API messages from SharedWorker and ServiceWorker are now displayed in web console
  • Inspector now searches across all content frames in a page
  • New rules view tooltip in the Inspector to tweak CSS Filter values
  • New page ruler highlighting tool that displays lightweight horizontal and vertical rules on a page
  • Fixed
  • Kannada text does not display properly in built-in pdf viewer

Known Issues

• If Firefox is restarted from an add-on install notification, on-going private browsing downloads might be canceled without warning (1185294)


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: