Firefox 42.0

Firefox v.42.0 was offered to release channel users on November 3, 2015. [2]


Fixed in Firefox 42.0 [3]
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-130 JavaScript garbage collection crash with Java applet
2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-126 Crash when accessing HTML tables with accessibility tools on OS X
2015-125 XSS attack through intents on Firefox for Android
2015-124 Android intents can be used on Firefox for Android to open privileged files
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-121 Disabling scripts in Add-on SDK panels has no effect
2015-120 Reading sensitive profile files through local HTML file on Android
2015-119 Firefox for Android addressbar can be removed after fullscreen mode
2015-118 CSP bypass due to permissive Reader mode whitelist
2015-117 Information disclosure through NTLM authentication
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

* Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites

Vulnerability ratings: 3 Critical, 6 High, 7 Moderate, 2 Low
Evaluation: test and update when possible

[1] Firefox features [Mozilla]
[2] Mozilla Firefox 42.0 Release Notes (2015-Nov-03) [Mozilla]
[3] Security Advisories for Firefox [Mozilla]
This entry was posted in firefox, patch, security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.