#6801 closed enhancement (fixed)
firefox-40.0
| Reported by: | Owned by: | Fernando de Oliveira | |
|---|---|---|---|
| Priority: | high | Milestone: | 7.8 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
https://ftp.mozilla.org/pub/firefox/releases/40.0/source/firefox-40.0.source.tar.bz2
https://ftp.mozilla.org/pub/firefox/releases/40.0/MD5SUMS
md5sum: 62b9e6a4a46874a0be523fe41d3176e2
Bruce will probably be interested:
◦ New rules view tooltip in the Inspector to tweak CSS Filter values
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0
• Security Advisories for Firefox
Sorted by Impact key level, not original time stamp order.
Fixed in Firefox 40
• Critical
◦ 2015-89 Buffer overflows on Libvpx when decoding WebM video
◦ 2015-83 Overflow issues in libstagefright
◦ 2015-81 Use-after-free in MediaStream playback
◦ 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
• High
◦ 2015-92 Use-after-free in XMLHttpRequest with shared workers
◦ 2015-90 Vulnerabilities found through code inspection
◦ 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
◦ 2015-85 Out-of-bounds write with Updater and malicious MAR file
◦ 2015-84 Arbitrary file overwriting through Mozilla Maintenance
Service with hard links
◦ 2015-82 Redefinition of non-configurable JavaScript object
properties
◦ 2015-80 Out-of-bounds read with malformed MP3 file
• Moderate
◦ 2015-91 Mozilla Content Security Policy allows for asterisk
wildcards in violation of CSP specification
◦ 2015-87 Crash when using shared memory in JavaScript
• Low
◦ 2015-86 Feed protocol with POST bypasses mixed content protections
https://www.mozilla.org/en-US/firefox/40.0/releasenotes/
• Release Notes
Firefox Notes
Version 40.0, first offered to Release channel users on August 11, 2015
What’s New
• New
◦ Support for Windows 10
◦ Added protection against unwanted software downloads
◦ User can receive suggested tiles in the new tab page based on
categories Firefox matches to browsing history (en-US only).
◦ Hello allows adding a link to conversations to provide context on
what the conversation will be about
◦ New style for add-on manager based on the in-content preferences
style
◦ Improved scrolling, graphics, and video playback performance with
off main thread compositing (GNU/Linux only)
◦ Graphic blocklist mechanism improved: Firefox version ranges can be
specified, limiting the number of devices blocked
• Changed
◦ Add-on extensions that are not signed by Mozilla will display a
warning
◦ NPAPI Plug-in performance improved via asynchronous initialization
◦ Smoother animation and scrolling with hardware vsync (Windows only)
◦ JPEG images use less memory when scaled and can be painted faster
◦ Sub-resources can no longer request HTTP authentication, thus
protecting users from inadvertently disclosing login data
• HTML5
◦ IndexedDB transactions are now non-durable by default
◦ Implemented AudioBufferSourceNode.detune to modulate playback rate
in cents, a logarithmic unit of measure used for musical intervals
• Developer
◦ Improved Performance tools in the developer tools: Waterfall view,
Call Tree view and a Flame Chart view
◦ New rules view tooltip in the Inspector to tweak CSS Filter values
◦ Console API messages from SharedWorker and ServiceWorker are now
displayed in web console
◦ New page ruler highlighting tool that displays lightweight
horizontal and vertical rules on a page
◦ Inspector now searches across all content frames in a page
• Fixed
◦ Kannada text does not display properly in built-in pdf viewer
Change History (3)
comment:1 by , 9 years ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
| Priority: | normal → high |
| Status: | new → assigned |
comment:2 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
- Update to firefox-40.0.
- Update to gnutls-3.4.4.1.
- Update to openssh-7.0p1 and ssh-askpass-7.0p1.
- SoundTouch-1.9.0: typo and add short description.
- GTK+-2.24.28: reformat commands to decrease width. I'm
doing this systematically, due to discussions about (B)LFS format changes and reading (B)LFS in new small screen devices. Now, 80 is maximum, but 60 is a better target, when possible.
Fixed at r16341.
comment:3 by , 9 years ago
| Description: | modified (diff) |
|---|
I have modified the Description, now that all info is available for 40.0, including Security Advisories for Firefox.
Motivated also by the thread on -dev about crashes, which I will rply better today.
Starting late the once again: today, problem was my internet provider was down.
The release notes are the same for beta.
Apologies, because I forgot the Security Advisories for Firefox, yesterday.
Thanks to Ken, for reminding me.
Starting late today. Was fixing a problem in a very important VM.