Changes between Version 1 and Version 3 of Ticket #6801


Ignore:
Timestamp:
08/13/2015 02:04:13 PM (9 years ago)
Author:
Fernando de Oliveira
Comment:

I have modified the Description, now that all info is available for 40.0, including Security Advisories for Firefox.

Motivated also by the thread on -dev about crashes, which I will rply better today.

Starting late the once again: today, problem was my internet provider was down.

The release notes are the same for beta.

Apologies, because I forgot the Security Advisories for Firefox, yesterday.

Thanks to Ken, for reminding me.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #6801

    • Property Status assignedclosed
    • Property Resolutionfixed

  • Ticket #6801 – Description

    v1 v3  
    55md5sum: 62b9e6a4a46874a0be523fe41d3176e2
    66
    7 Although I've not seen any CVE, just the change:
    8 
    9   ◦ Added '''protection against unwanted software downloads'''
    10 
    11 deserves to include this version as a '''Security''' release.
    12 
    137Bruce will probably be interested:
    148
    159  ◦ New rules view tooltip in the Inspector to '''tweak CSS Filter values'''
    1610
     11[https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0]
     12
     13== • Security Advisories for Firefox ==
     14
     15Sorted by ''Impact key'' level, not original time stamp order.
     16
     17{{{
     18Fixed in Firefox 40
     19
     20• Critical
     21   ◦ 2015-89 Buffer overflows on Libvpx when decoding WebM video
     22   ◦ 2015-83 Overflow issues in libstagefright
     23   ◦ 2015-81 Use-after-free in MediaStream playback
     24   ◦ 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
     25
     26• High
     27   ◦ 2015-92 Use-after-free in XMLHttpRequest with shared workers
     28   ◦ 2015-90 Vulnerabilities found through code inspection
     29   ◦ 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
     30   ◦ 2015-85 Out-of-bounds write with Updater and malicious MAR file
     31   ◦ 2015-84 Arbitrary file overwriting through Mozilla Maintenance
     32     Service with hard links
     33   ◦ 2015-82 Redefinition of non-configurable JavaScript object
     34     properties
     35   ◦ 2015-80 Out-of-bounds read with malformed MP3 file
     36
     37• Moderate
     38   ◦ 2015-91 Mozilla Content Security Policy allows for asterisk
     39     wildcards in violation of CSP specification
     40   ◦ 2015-87 Crash when using shared memory in JavaScript
     41
     42• Low
     43   ◦ 2015-86 Feed protocol with POST bypasses mixed content protections
     44}}}
     45
    1746[https://www.mozilla.org/en-US/firefox/40.0/releasenotes/]
    1847
    19 Not found. Giving, instead the beta release notes.
    20 
    21 [https://www.mozilla.org/en-US/firefox/40.0beta/releasenotes/]
     48== • Release Notes ==
    2249
    2350{{{
    24 Firefox Beta Notes
    25 Version 40.0beta, first offered to Beta channel users on July 3, 2015
     51Firefox Notes
     52Version 40.0, first offered to Release channel users on August 11, 2015
    2653
    2754What’s New