MOZILLA HAS RELEASED the latest edition of Firefox, version 39, squishing four major bugs and adding the new features first seen in recent beta versions.
Firefox Share has been added to Firefox Hello, allowing users to start chatting from a weblink. Firefox Share is the browser's built in sharing platform which already supports Facebook, LinkedIn, Tumbler and even Google+, without leaving the browser.
Firefox Hello, meanwhile, is the much publicised implementation of the WebRTC standard, which allows users to start video chats without additional software.
SSLv3 has been deactivated, which we know is an unfixable nightmare and has been removed from Chrome already. RC4 now works only where it has been whitelisted, and OS X and Linux gain SafeBrowsing malware detection.
Mac OS users will notice the benefits of Project Silk improvements to animation and scrolling, while those with accessibility requirements will bask in the arrival of ARIA 1.1, which makes it all a bit easier to read, plus the malware detection engine will now work on common Mac file types too. There are also new 'skin tone' emojis in Unicode 8.0 (how diverse! how multicultural!).
The four critical bugs fixed are:
2015-66, which found three uses for uninitialised memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows.
2015-65 fixes two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with shared or dedicated workers.
2015-63 patches a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash.
2015-59 covers "several memory safety bugs".
It's especially worth noting that three out of these four critical fixes were found by members of the community.
Firefox made the reluctant and controversial decision in May to add support for DRM and sponsored tiles. The company explained at the time that, while it was loathe to make the changes, they were necessary to keep up with the competition. µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites