firefox-43.0

[Fernando de Oliveira]

​https://ftp.mozilla.org/pub/firefox/releases/43.0/source/firefox-43.0.source.tar.xz

​https://ftp.mozilla.org/pub/firefox/releases/43.0/SHA512SUMS

3ca37428d1b02ba2609ec526e86ab96563b403a03efde8439cbb4acdb282b5970ccb6a14266483c839389d59e07f6b0297314890ee04a669ba2d4b10bc4cb738 source/firefox-43.0.source.tar.xz

​https://ftp.mozilla.org/pub/firefox/releases/43.0/SHA512SUMS.asc

​https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43.0

Vulnerabilities Fixed in Firefox 42

  Critical
  • 2015-133 NSS and NSPR memory corruption issues
  • 2015-131 Vulnerabilities found through code inspection
  • 2015-117 Information disclosure through NTLM authentication

  High
  • 2015-130 JavaScript garbage collection crash with Java applet
  • 2015-128 Memory corruption in libjar through zip files
  • 2015-127 CORS preflight is bypassed when non-standard Content-Type
    headers are received
  • 2015-125 XSS attack through intents on Firefox for Android
  • 2015-123 Buffer overflow during image interactions in canvas
  • 2015-122 Trailing whitespace in IP address hostnames can bypass
    same-origin policy

  Moderate
  • 2015-132 Mixed content WebSocket policy bypass through workers
  • 2015-126 Crash when accessing HTML tables with accessibility tools
    on OS X
  • 2015-124 Android intents can be used on Firefox for Android to open
    privileged files
  • 2015-121 Disabling scripts in Add-on SDK panels has no effect
  • 2015-120 Reading sensitive profile files through local HTML file on
    Android
  • 2015-119 Firefox for Android addressbar can be removed after
    fullscreen mode
  • 2015-118 CSP bypass due to permissive Reader mode whitelist

  Low
  • 2015-129 Certain escaped characters in host of Location-header are
    being treated as non-escaped
  • 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

​https://www.mozilla.org/en-US/firefox/43.0/releasenotes/

Release Notes

Following what is still for beta.

Firefox Beta Notes
Version 43.0beta, first offered to Beta channel users on November 3, 2015
View notes for:

    Desktop

What’s New

    New

    • Improved API support for m4v video playback
    • Users can opt-in to receive search suggestions from the Awesome
      Bar
    • On-screen keyboard displayed on selecting input field on devices
      running Windows 8 or greater
    • WebRTC streaming on multiple monitors
    • Improved Big5 support for Hong Kong supplementary characters on
      Windows XP
    • User selectable second block list for Private Browsing's Tracking
      Protection
    • GTK3 integration (GNU/Linux only)

    Developer

    • Markup view shows indicators for pseudo-classes locked for
      elements
    • Bind F1 key to open the settings when the toolbox is focused
    • New 'Use in Console' context menu item in Inspector to store
      selected element in a temporary variable
    • Search button next to overridden CSS properties to find similar
      properties in the rules view
    • Ability to filter styles from their property names in the rules
      view
    • Stack traces are now shown for exceptions inside the console
    • Added ability to display server-side logs in the console
    • Ability to choose resolution for the GCLI screenshot command
    • Subresource integrity allows developers to make their sites more
      secure
    • Network requests in Console now link to Network panel instead of
      opening in a popup
    • Unprefixed 'hyphens' property is now supported
    • WebIDE now has a sidebar-based UI
    • The 'transform-origin' property is now supported on SVG elements
    • Animation inspector now displays animations in a timeline

    Fixed

    • Eyedropper tool does not work as expected when page is zoomed

[Fernando de Oliveira]

I am stopping for today. Sorry, did not expect ticket #7252 would take so long.

Giving back to the book, but if any is still unassigned, will take it (them) again, tomorrow.

[Fernando de Oliveira]

Fixed at r16738.