Mozilla sent Firefox Version 26.0 to the release channel. At the time of this posting, no security fixes for this version have been listed in the Security Advisories page. However, the default for Java plug-ins to "click to play" is a welcome change as is script-generated password fields.
Update: The security updates have now been posted. Version 26.0 includes five (5) critical, three (3) high, three (3) moderate, and three (3) low security updates.
Fixed in Firefox 26
- MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
- MFSA 2013-116 JPEG information leak
- MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
- MFSA 2013-114 Use-after-free in synthetic mouse movement
- MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
- MFSA 2013-112 Linux clipboard information disclosure though selection paste
- MFSA 2013-111 Segmentation violation when replacing ordered list elements
- MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
- MFSA 2013-109 Use-after-free during Table Editing
- MFSA 2013-108 Use-after-free in event listeners
- MFSA 2013-107 Sandbox restrictions not applied to nested object elements
- MFSA 2013-106 Character encoding cross-origin XSS attack
- MFSA 2013-105 Application Installation doorhanger persists on navigation
- MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
What’s New
- NEW -- All Java plug-ins are defaulted to 'click to play'
- NEW -- Password manager now supports script-generated password fields
- NEW -- Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
- NEW -- Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
- CHANGED -- Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
- CHANGED -- CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec
Known Issues
- Unresolved -- Moving Firefox to background while playing a flash video in full screen mode and bring it back to view will freeze the app (see 809055)
Update
To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu.If you do not use the English language version, Fully Localized Versions are available for download.
No comments:
Post a Comment