Security Advisories for Firefox 40.0
Firefox 40.0 is unsupported. Please upgrade to the latest version.
Impact key
- Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
# Fixed in Firefox 40.0.3
- 2015-95 Add-on notification bypass through data URLs
- 2015-94 Use-after-free when resizing canvas element during restyling
# Fixed in Firefox 40
- 2015-92 Use-after-free in XMLHttpRequest with shared workers
- 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
- 2015-90 Vulnerabilities found through code inspection
- 2015-89 Buffer overflows on Libvpx when decoding WebM video
- 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
- 2015-87 Crash when using shared memory in JavaScript
- 2015-86 Feed protocol with POST bypasses mixed content protections
- 2015-85 Out-of-bounds write with Updater and malicious MAR file
- 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
- 2015-83 Overflow issues in libstagefright
- 2015-82 Redefinition of non-configurable JavaScript object properties
- 2015-81 Use-after-free in MediaStream playback
- 2015-80 Out-of-bounds read with malformed MP3 file
- 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)