Firefox 40: New features and critical security updates

Mozilla released Firefox 40. The update includes four critical, seven high and two moderate security updates.

The new release now issues a warning if you visit a page known to contain deceptive software that can make undesirable changes to your computer.

Mozilla is taking steps to ensure that using add-ons is a safe and secure experience. In future releases of Firefox, any third-party add-on that has not been certified will be disabled by default. Today, you will start seeing warnings next to unsigned add-ons in Firefox, but no add-ons will be automatically disabled. These warnings will inform you about add-ons that have not been certified by Mozilla and we’re working with add-on developers to help them meet our standards and make add-ons safer for you.

Fixed in Firefox 40:

• MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
• MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
• MFSA 2015-90 Vulnerabilities found through code inspection
• MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
• MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
• MFSA 2015-87 Crash when using shared memory in JavaScript
• MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
• MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
• MFSA 2015-83 Overflow issues in libstagefright
• MFSA 2015-82 Redefinition of non-configurable JavaScript object properties
• MFSA 2015-81 Use-after-free in MediaStream playback
• MFSA 2015-80 Out-of-bounds read with malformed MP3 file
• MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)