Opened 9 years ago
Closed 9 years ago
#6491 closed enhancement (fixed)
firefox-38.0
| Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
|---|---|---|---|
| Priority: | high | Milestone: | 7.8 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
ftp://ftp.mozilla.org/pub/firefox/releases/38.0/source/firefox-38.0.source.tar.bz2
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38
SECURITY FIXES
2015-58 Mozilla Windows updater can be run outside of application
directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel
responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4
video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during
shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text
enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and
context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
Version 38.0, first offered to Release channel users on May 12, 2015
NEW
New tab-based preferences
Ruby annotation support
Base for the next ESR release.
CHANGED
autocomplete=off is no longer supported for username/password fields
URL parser avoids doing percent encoding when setting the Fragment
part of the URL, and percent decoding when getting the Fragment in
line with the URL spec
RegExp.prototype.source now returns "(?:)" instead of the empty
string for empty regular expressions
Improved page load times via speculative connection warmup
HTML5
WebSocket now available in Web Workers
BroadcastChannel API implemented
Implemented srcset attribute and <picture> element for responsive
images
Implemented DOM3 Events KeyboardEvent.code
Mac OS X: Implemented a subset of the Media Source Extensions (MSE)
API to allow native HTML5 playback on YouTube
Implemented Encrypted Media Extensions (EME) API to support encrypted
HTML5 video/audio playback (Windows Vista or later only)
Automatically download Adobe Primetime Content Decryption Module
(CDM) for DRM playback through EME (Windows Vista or later only)
Developer
Optimized-out variables are now visible in Debugger UI
XMLHttpRequest logs in the web console are now visually labelled and
can be filtered separately from regular network requests
WebRTC now has multistream and renegotiation support
copy command added to console
Change History (2)
comment:1 by , 9 years ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
| Priority: | normal → high |
| Status: | new → assigned |
comment:2 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r15957.