| 11 | [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0] |
| 12 | |
| 13 | == • Security Advisories for Firefox == |
| 14 | |
| 15 | Sorted by ''Impact key'' level, not original time stamp order. |
| 16 | |
| 17 | {{{ |
| 18 | Fixed in Firefox 40 |
| 19 | |
| 20 | • Critical |
| 21 | ◦ 2015-89 Buffer overflows on Libvpx when decoding WebM video |
| 22 | ◦ 2015-83 Overflow issues in libstagefright |
| 23 | ◦ 2015-81 Use-after-free in MediaStream playback |
| 24 | ◦ 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) |
| 25 | |
| 26 | • High |
| 27 | ◦ 2015-92 Use-after-free in XMLHttpRequest with shared workers |
| 28 | ◦ 2015-90 Vulnerabilities found through code inspection |
| 29 | ◦ 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images |
| 30 | ◦ 2015-85 Out-of-bounds write with Updater and malicious MAR file |
| 31 | ◦ 2015-84 Arbitrary file overwriting through Mozilla Maintenance |
| 32 | Service with hard links |
| 33 | ◦ 2015-82 Redefinition of non-configurable JavaScript object |
| 34 | properties |
| 35 | ◦ 2015-80 Out-of-bounds read with malformed MP3 file |
| 36 | |
| 37 | • Moderate |
| 38 | ◦ 2015-91 Mozilla Content Security Policy allows for asterisk |
| 39 | wildcards in violation of CSP specification |
| 40 | ◦ 2015-87 Crash when using shared memory in JavaScript |
| 41 | |
| 42 | • Low |
| 43 | ◦ 2015-86 Feed protocol with POST bypasses mixed content protections |
| 44 | }}} |
| 45 | |