LANDESK Patch News Bulletin: Mozilla has Released Firefox Version 42.0 for Windows 04-NOV-2015

Version 1

    LANDESK Security and Patch News     

     

    Headlines

    ·       (November 4, 2015) Mozilla has released Firefox version 42.0 for Windows. The following issues are fixed in Firefox 42
    2015-133 NSS and NSPR memory corruption issues
    2015-132 Mixed content WebSocket policy bypass through workers
    2015-131 Vulnerabilities found through code inspection
    2015-130 JavaScript garbage collection crash with Java applet
    2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
    2015-128 Memory corruption in libjar through zip files
    2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
    2015-126 Crash when accessing HTML tables with accessibility tools on OS X
    2015-125 XSS attack through intents on Firefox for Android
    2015-124 Android intents can be used on Firefox for Android to open privileged files
    2015-123 Buffer overflow during image interactions in canvas
    2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
    2015-121 Disabling scripts in Add-on SDK panels has no effect
    2015-120 Reading sensitive profile files through local HTML file on Android
    2015-119 Firefox for Android addressbar can be removed after fullscreen mode
    2015-118 CSP bypass due to permissive Reader mode whitelist
    2015-117 Information disclosure through NTLM authentication
    2015-116 Miscellaneous memory safety hazards
    Please visit the following page for more details:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html  
      

     

    New Vulnerabilities     

    ·          Vulnerability ID – FIREFOXv42.0_ENU  

     

    Changed Vulnerabilities     

    ·       Vulnerability ID – FIREFOXv41.0.2_ENU
    (Added the replacement information.) 
      

     

    New Patch Downloads     

      ·     Firefox_Setup_42.0_ENU.exe  

     

    Where to Send Feedback           

    At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.    

      

    Best regards,  

    LANDESK Product Support  

      

    Copyright © 2015 LANDESK Software.  All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.    

      

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.LANDESK.com