Opened 8 years ago

Closed 8 years ago

#6988 closed enhancement (fixed)


Reported by: Fernando de Oliveira Owned by: ken@…
Priority: high Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by ken@…)


Now 41.0.2, fixes Mozilla Foundation Security Advisory 2015-115

"Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue. CVE-2015-7184"

Following 41.0.1 items NOT changed. In practice, that CVE is still marked as "reserved"

Security Advisories for Firefox

Sorted by Impact key level, not original time stamp order.


Release Notes

Firefox Notes
Version 41.0.1, first offered to Release channel users on September 30, 2015
View notes for:


What’s New


  • Reference: Release notes for Firefox 41.0


  • Fix a startup crash related to Yandex toolbar and Adblock Plus
  • Fix potential hangs with Flash plugins (1185639)
  • Fix a regression in the bookmark creation (1206376)
  • Fix a startup crash with some Intel Media Accelerator 3150 graphic
    cards (1207665)
  • Fix a graphic crash, occurring occasionally on Facebook (1178601)

Change History (6)

comment:1 by ken@…, 8 years ago

Description: modified (diff)
Owner: changed from blfs-book@… to ken@…
Status: newassigned
Summary: firefox-41.0.1firefox-41.0.2

comment:2 by ken@…, 8 years ago

Priority: normalhigh

Changing priority to 'high' since this is now a vulnerability fix.

comment:3 by ken@…, 8 years ago

Fixed at r16533, I do not understand why my -j1 elapsed time was so much less than for 41.0 (on the same machine, both running 7.8).

comment:4 by Fernando de Oliveira, 8 years ago

If what I write in the following is true, just add "using parallelism=N", where N is found below. No need to rebuild, for statistics.

In the past it happened to me, and after a couple of releases, I discovered that it was not honoring mozconfig and automatically setting the flag: MOZ_MAKE_FLAGS.

I find its value with

$ grep 'make -j' firefox-41.0-simulation-2015.09.30-19h08m32s.log
make -j4 -C /tmp/mozilla-release/firefox-build-dir
make -j4 -C /tmp/mozilla-release/firefox-build-dir install

That time, I discovered that no matter what I had in mozconfig, it gave never -j1, then introduced:

MOZ_MAKE_FLAGS='-jN' make -f

MOZ_MAKE_FLAGS='-jN' make -f install INSTALL_SDK=

where N is an integer, 1 ≤ N ≤ threads/cpu.

Or define globally MOZ_MAKE_FLAGS for the build, with export ... unset may work.

If it is the same problem, hopefully, flag is still named MOZ_MAKE_FLAGS and solution above may work.

To be sure, no need for a complete build. Sufficient start the build until four or five lines after making splines.

comment:5 by bdubbs@…, 8 years ago

Ken, Are you holding off closing this ticket for timing issues? I have this:

Laptop, parallelism=8
1133.2 Elapsed Time -  firefox-41.0.2.source
Development system, parallelism=12
972.6 Elapsed Time -  firefox-41.0.2.source

I have some changes I want to make to FF and friends for the new freetype. I also took #6998 so I can do all at the same time. If you want, I can close this when I'm done.

comment:6 by ken@…, 8 years ago

Resolution: fixed
Status: assignedclosed

Didn't realise I'd forgotten to close it! I'm happy with the current SBU.

Interesting that going from 8 to 12 CPUs makes an insignificant difference to the SBU. I know that when I build with -j 4 and it eventually starts to do the linking everything grinds to a halt (in one case, literally - my desktop on a 4GB machine was unusable for a couple of minutes, and the clock didn't get updated during that), but perhaps the current code is not very parallelizable.

Note: See TracTickets for help on using tickets.