Waterfox 40.1.0 is now available to download with important security updates and website compatability fixes. Waterfox Charity Search will also be shutting down.

What’s new in Waterfox 40.1.0?

Security Patches

Any security vulnerabilities that were fixed that were fixed in v41/v42 and related to v40.

MFSA 2015-96 Miscellaneous memory safety hazards

MFSA 2015-97 Memory leak in mozTCPSocket to servers

MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes

MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video

MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript

MFSA 2015-103 URL spoofing in reader mode

MFSA 2015-104 Use-after-free with shared workers and IndexedDB

MFSA 2015-105 Buffer overflow while decoding WebM video

MFSA 2015-108 Scripted proxies can access inner window

MFSA 2015-109 JavaScript immutable property enforcement can be bypassed

MFSA 2015-110 Dragging and dropping images exposes final URL after redirects

MFSA 2015-111 Errors in the handling of CORS preflight request headers

MFSA 2015-112 Vulnerabilities found through code inspection

MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library

MFSA 2015-114 Information disclosure via the High Resolution Time API

MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

MFSA 2015-117 Information disclosure through NTLM authentication

MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist

MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect

MFSA 2015-123 Buffer overflow during image interactions in canvas

MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X

MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received

MFSA 2015-128 Memory corruption in libjar through zip files

MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped

MFSA 2015-130 JavaScript garbage collection crash with Java applet

MFSA 2015-131 Vulnerabilities found through code inspection

MFSA 2015-132 Mixed content WebSocket policy bypass through workers

MFSA 2015-133 NSS and NSPR memory corruption issues

libjpeg-turbo to 1.4.2 from 1.4.0

libpng to 1.6.18 from 1.6.16

NSPR to 4.10.10 and NSS to 3.19.2.1

Support for WebP (library version 0.4.4) images thanks to this patch. (Animated WebP not supported). Test WebP images out here.

Changed

Encrypted Media Extensions have been removed until properly supported on x64

general.useragent.override. has been brought back!

Fixed

Netflix should now work properly

Issues

Some YouTube videos will take a very long time to start playing due to a CORS bug. This is fixed in Firefox codebase 42+

Shutdown of Waterfox Charity Search

It is with a heavy heart that I am announcing this. Waterfox Search was a really great idea that I hoped would change the web in the same way that DuckDuckGo and StartPage have, while also doing some good in helping out charities. Unfortunately while Waterfox Search had an absolutely soaring start thanks to the amazing Waterfox community, it’s time to shut it down.

I’d really like to thank the Waterfox community for helping me try and launch Storm (the Waterfox Search), you are all truly amazing and I thank you all for trying to help get the search out there!

I’ll be releasing another article with how much was raised for WellChild and show the donation being made as well :-)