Opened 10 years ago

Closed 10 years ago

#6491 closed enhancement (fixed)

firefox-38.0

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.8
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Fernando de Oliveira)

ftp://ftp.mozilla.org/pub/firefox/releases/38.0/source/firefox-38.0.source.tar.bz2

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 

SECURITY FIXES
    2015-58 Mozilla Windows updater can be run outside of application
    directory
    2015-57 Privilege escalation through IPC channel messages
    2015-56 Untrusted site hosting trusted page can intercept webchannel
    responses
    2015-55 Buffer overflow and out-of-bounds read while parsing MP4
    video metadata
    2015-54 Buffer overflow when parsing compressed XML
    2015-53 Use-after-free due to Media Decoder Thread creation during
    shutdown
    2015-52 Sensitive URL encoded information written to Android logcat
    2015-51 Use-after-free during text processing with vertical text
    enabled
    2015-50 Out-of-bounds read and write in asm.js validation
    2015-49 Referrer policy ignored when links opened by middle-click and
    context menu
    2015-48 Buffer overflow with SVG content and CSS
    2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
    2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ 

Version 38.0, first offered to Release channel users on May 12, 2015

NEW
    New tab-based preferences

    Ruby annotation support

    Base for the next ESR release.

CHANGED
    autocomplete=off is no longer supported for username/password fields

    URL parser avoids doing percent encoding when setting the Fragment
    part of the URL, and percent decoding when getting the Fragment in
    line with the URL spec

    RegExp.prototype.source now returns "(?:)" instead of the empty
    string for empty regular expressions

    Improved page load times via speculative connection warmup

HTML5
    WebSocket now available in Web Workers

    BroadcastChannel API implemented

    Implemented srcset attribute and <picture> element for responsive
    images

    Implemented DOM3 Events KeyboardEvent.code

    Mac OS X: Implemented a subset of the Media Source Extensions (MSE)
    API to allow native HTML5 playback on YouTube

    Implemented Encrypted Media Extensions (EME) API to support encrypted
    HTML5 video/audio playback (Windows Vista or later only)

    Automatically download Adobe Primetime Content Decryption Module
    (CDM) for DRM playback through EME (Windows Vista or later only)

Developer
    Optimized-out variables are now visible in Debugger UI

    XMLHttpRequest logs in the web console are now visually labelled and
    can be filtered separately from regular network requests

    WebRTC now has multistream and renegotiation support

    copy command added to console

Change History (2)

comment:1 by Fernando de Oliveira, 10 years ago

Description: modified (diff)
Owner: changed from blfs-book@… to Fernando de Oliveira
Priority: normalhigh
Status: newassigned

comment:2 by Fernando de Oliveira, 10 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r15957.

Note: See TracTickets for help on using tickets.