Opened 8 years ago

Closed 8 years ago

#7400 closed enhancement (fixed)

firefox-44.0

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

This relase has security fixes

https://ftp.mozilla.org/pub/firefox/releases/44.0/source/firefox-44.0.source.tar.xz

https://ftp.mozilla.org/pub/firefox/releases/44.0/SHA512SUMS

d7a2d3ee595dbf356795ba8029e298d8a69645e11d9201307008ad3a0d15b586cbc119d2273a83843621024d20cd67c7d490228f1c4c09b467cb5dcbd288a864 source/firefox-44.0.source.tar.xz

https://ftp.mozilla.org/pub/firefox/releases/44.0/SHA512SUMS.asc

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ 

Fixed in Firefox 44

     Critical
   • 2016-10 Unsafe memory manipulation found through code inspection
   • 2016-03 Buffer overflow in WebGL after out of memory allocation
   • 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

     High
   • 2016-09 Addressbar spoofing attacks
   • 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in
     NSS

     Moderate
   • 2016-11 Application Reputation service disabled in Firefox 43
   • 2016-08 Delay following click events in file download dialog too
     short on OS X
   • 2016-06 Missing delay following user click events in protocol
     handler dialog
   • 2016-05 Addressbar spoofing through stored data url shortcuts on
     Firefox for Android
   • 2016-04 Firefox allows for control characters to be set in cookie
     names
   • 2016-02 Out of Memory crash when parsing GIF format images

     Low
   • 2016-12 Lightweight themes on Firefox for Android do not verify a
     secure connection

https://www.mozilla.org/en-US/firefox/44.0/releasenotes/

Release Notes

44.0
Firefox Release

January 26, 2016 Version 44.0, first offered to Release channel users on
January 26, 2016

New

  • Improved warning pages for certificate errors and untrusted
    connections
  • Enable H.264 if system decoder is available
  • Enable WebM/VP9 video support on systems that don't support
    MP4/H.264
  • In the animation-inspector timeline, lightning bolt icon next to
    animations running on the compositor thread
  • Support the brotli compression format via HTTPS content-encoding
  • Screenshot commands allow user choice of pixel ratio in Developer
    Tools

Fixed

  • Windows XP and Vista screensaver doesn't disable when watching
    videos (Bug 1193610)
  • Various security fixes

Changed

  • To support unicode-range descriptor for webfonts, font matching
    under Linux now uses the same font matching code as other platforms
  • Use a SHA-256 signing certificate for Windows builds, to meet new
    signing requirements
  • Firefox has removed support for the RC4 decipher
  • Firefox will no longer trust the Equifax Secure Certificate
    Authority 1024-bit root certificate or the UTN - DATACorp SGC to
    validate secure website certificates
  • Stricter validation of web fonts
  • On-screen keyboard support temporarily turned off for Windows 8 and
    Windows 8.1

Developer

  • Right click on a logged object in the console to store it as a
    global variable on the page
  • Visual tools for Animation:
     ◦ View/Edit CSS animation keyframe rules directly in the inspector
     ◦ Visually modify the cubic-bezier curve that drives the way
       animations progress through time
     ◦ Discover and scrub through all CSS animations and transitions
       playing on the page
     ◦ Learn more: http://devtoolschallenger.com/
  • Visual tools for Layout and Styles:
     ◦ Display rulers along the viewport to verify size and position and
       use the measurement tool to easily detect spacing and alignment
       problems
     ◦ Use CSS filters to preview and create real-time effects like
       drop-shadows, sepia, etc
     ◦ Learn more: http://devtoolschallenger.com/
  • New memory tool for inspecting the memory heap
  • Service Workers API
  • Built-in JSON reader to intuitively view, search, copy and save data
    without extensions
  • Jump to function definitions in the debugger with Cmd-Click
  • WebSocket Debugging API and add-on
  • The rule view now displays styles using their authored text, and
    edits in the rule view are now linked to the style editor

Change History (2)

comment:1 by Fernando de Oliveira, 8 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16860.

Note: See TracTickets for help on using tickets.