Tuesday, December 15, 2015

Firefox Version 43.0 Released with Critical Security Updates


Firefox
Mozilla sent Firefox Version 43.0 to the release channel.  The update includes four (4) critical, seven (7) high, three (3) moderate and two (2) low security updates.

Version 38.5.0 was released for Firefox ESR.

Fixed in Firefox 43

  • 2015-149 Cross-site reading attack through data and view-source URIs
  • 2015-148 Privilege scalation vulnerabilities in WebExtension APIs
  • 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
  • 2015-146 Integer overflow in MP4 playback in 64-bit versions
  • 2015-145 Underflow through code inspection
  • 2015-144 Buffer overflows found through code inspection
  • 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
  • 2015-142 DOS due to malformed frames in HTTP/2
  • 2015-141 Hash in data URI is incorrectly parsed
  • 2015-140 Cross-origin information leak through web workers error events
  • 2015-139 Integer overflow allocating extremely large textures
  • 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
  • 2015-137 Firefox allows for control characters to be set in cookies
  • 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
  • 2015-135 Crash with JavaScript variable assignment with unboxed objects
  • 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)


What’s New

  • New -- Private Browsing with Tracking Protection offers choice of blocking additional trackers
  • New -- Firefox 64-bit for Windows is now available via the Firefox download page
  • New -- Improved API support for m4v video playback
  • New -- Users can choose search suggestions from the Awesome Bar
  • New -- On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater
  • New
    -- Firefox Health Report has switched to use the same data collection mechanism as telemetry
  • Fixed -- Various security fixes
  • Fixed -- Eyedropper tool does not work as expected when page is zoomed

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...













No comments: