#6801: firefox-40.0
-------------------------+-----------------------
Reporter: bdubbs@… | Owner: fo
Type: enhancement | Status: assigned
Priority: high | Milestone: 7.8
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by fo):

* owner: blfs-book@… => fo
* priority: normal => high
* status: new => assigned
New description:

[https://ftp.mozilla.org/pub/firefox/releases/40.0/source/firefox-40.0.source.tar.bz2]

[https://ftp.mozilla.org/pub/firefox/releases/40.0/MD5SUMS]

md5sum: 62b9e6a4a46874a0be523fe41d3176e2

Although I've not seen any CVE, just the change:

◦ Added '''protection against unwanted software downloads'''

deserves to include this version as a '''Security''' release.

Bruce will probably be interested:

◦ New rules view tooltip in the Inspector to '''tweak CSS Filter
values'''

[https://www.mozilla.org/en-US/firefox/40.0/releasenotes/]

Not found. Giving, instead the beta release notes.

[https://www.mozilla.org/en-US/firefox/40.0beta/releasenotes/]

{{{
Firefox Beta Notes
Version 40.0beta, first offered to Beta channel users on July 3, 2015

What’s New

• New

◦ Support for Windows 10
◦ Added protection against unwanted software downloads
◦ User can receive suggested tiles in the new tab page based on
categories Firefox matches to browsing history (en-US only).
◦ Hello allows adding a link to conversations to provide context on
what the conversation will be about
◦ New style for add-on manager based on the in-content preferences
style
◦ Improved scrolling, graphics, and video playback performance with
off main thread compositing (GNU/Linux only)
◦ Graphic blocklist mechanism improved: Firefox version ranges can be
specified, limiting the number of devices blocked

• Changed

◦ Add-on extensions that are not signed by Mozilla will display a
warning
◦ NPAPI Plug-in performance improved via asynchronous initialization
◦ Smoother animation and scrolling with hardware vsync (Windows only)
◦ JPEG images use less memory when scaled and can be painted faster
◦ Sub-resources can no longer request HTTP authentication, thus
protecting users from inadvertently disclosing login data

• HTML5

◦ IndexedDB transactions are now non-durable by default
◦ Implemented AudioBufferSourceNode.detune to modulate playback rate
in cents, a logarithmic unit of measure used for musical intervals

• Developer

◦ Improved Performance tools in the developer tools: Waterfall view,
Call Tree view and a Flame Chart view
◦ New rules view tooltip in the Inspector to tweak CSS Filter values
◦ Console API messages from SharedWorker and ServiceWorker are now
displayed in web console
◦ New page ruler highlighting tool that displays lightweight
horizontal and vertical rules on a page
◦ Inspector now searches across all content frames in a page

• Fixed

◦ Kannada text does not display properly in built-in pdf viewer
}}}

--

Comment:

Starting late today. Was fixing a problem in a very important VM.

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6801#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch

#6801: firefox-40.0
-------------------------+---------------------
Reporter: bdubbs@… | Owner: fo
Type: enhancement | Status: closed
Priority: high | Milestone: 7.8
Component: BOOK | Version: SVN
Severity: normal | Resolution: fixed
Keywords: |
-------------------------+---------------------
New description:

[https://ftp.mozilla.org/pub/firefox/releases/40.0/source/firefox-40.0.source.tar.bz2]

[https://ftp.mozilla.org/pub/firefox/releases/40.0/MD5SUMS]

md5sum: 62b9e6a4a46874a0be523fe41d3176e2

Bruce will probably be interested:

◦ New rules view tooltip in the Inspector to '''tweak CSS Filter
values'''

[https://www.mozilla.org/en-US/security/known-
vulnerabilities/firefox/#firefox40.0]

== • Security Advisories for Firefox ==

Sorted by ''Impact key'' level, not original time stamp order.

{{{
Fixed in Firefox 40

• Critical
◦ 2015-89 Buffer overflows on Libvpx when decoding WebM video
◦ 2015-83 Overflow issues in libstagefright
◦ 2015-81 Use-after-free in MediaStream playback
◦ 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

• High
◦ 2015-92 Use-after-free in XMLHttpRequest with shared workers
◦ 2015-90 Vulnerabilities found through code inspection
◦ 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
◦ 2015-85 Out-of-bounds write with Updater and malicious MAR file
◦ 2015-84 Arbitrary file overwriting through Mozilla Maintenance
Service with hard links
◦ 2015-82 Redefinition of non-configurable JavaScript object
properties
◦ 2015-80 Out-of-bounds read with malformed MP3 file

• Moderate
◦ 2015-91 Mozilla Content Security Policy allows for asterisk
wildcards in violation of CSP specification
◦ 2015-87 Crash when using shared memory in JavaScript

• Low
◦ 2015-86 Feed protocol with POST bypasses mixed content protections
}}}

[https://www.mozilla.org/en-US/firefox/40.0/releasenotes/]

== • Release Notes ==

{{{
Firefox Notes
Version 40.0, first offered to Release channel users on August 11, 2015

What’s New

• New

◦ Support for Windows 10
◦ Added protection against unwanted software downloads
◦ User can receive suggested tiles in the new tab page based on
categories Firefox matches to browsing history (en-US only).
◦ Hello allows adding a link to conversations to provide context on
what the conversation will be about
◦ New style for add-on manager based on the in-content preferences
style
◦ Improved scrolling, graphics, and video playback performance with
off main thread compositing (GNU/Linux only)
◦ Graphic blocklist mechanism improved: Firefox version ranges can be
specified, limiting the number of devices blocked

• Changed

◦ Add-on extensions that are not signed by Mozilla will display a
warning
◦ NPAPI Plug-in performance improved via asynchronous initialization
◦ Smoother animation and scrolling with hardware vsync (Windows only)
◦ JPEG images use less memory when scaled and can be painted faster
◦ Sub-resources can no longer request HTTP authentication, thus
protecting users from inadvertently disclosing login data

• HTML5

◦ IndexedDB transactions are now non-durable by default
◦ Implemented AudioBufferSourceNode.detune to modulate playback rate
in cents, a logarithmic unit of measure used for musical intervals

• Developer

◦ Improved Performance tools in the developer tools: Waterfall view,
Call Tree view and a Flame Chart view
◦ New rules view tooltip in the Inspector to tweak CSS Filter values
◦ Console API messages from SharedWorker and ServiceWorker are now
displayed in web console
◦ New page ruler highlighting tool that displays lightweight
horizontal and vertical rules on a page
◦ Inspector now searches across all content frames in a page

• Fixed

◦ Kannada text does not display properly in built-in pdf viewer
}}}

--

Comment (by fo):

I have modified the ''Description'', now that all info is available for
40.0, including '''Security Advisories for Firefox'''.

Motivated also by the thread on -dev about crashes, which I will rply
better today.

Starting late the once again: today, problem was ''my internet provider
was down''.

The ''release notes'' are the same for beta.

Apologies, because I forgot the '''Security Advisories for Firefox''',
yesterday.

Thanks to Ken, for reminding me.

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6801#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch