Release notes:
Fixes/changes:
- Code cleanup: Removed the (otherwise unused) visual event tracer code.
- Code cleanup: Removed reflow performance tracing code (telemetry).
- Fixed a key JavaScript bug where defining properties on an object would wipe the object.
This seems to be a common issue with "modern" libraries that use "define" instead of "change" and expecting the other properties on the object to be retained, resulting in "x is undefined" or "can't redefine non-configurable property" errors all over the place if the object is wiped. (e.g.: airbnb.com and mega.nz, to name a few reported sites)
This aligns the behavior with ES6's "Validate and apply property descriptor" pseudo-function. - Updated the SQLite library to 3.8.11.1.
- Added support for the element.matches() Web API function.
- Added support for BASE tag parsing in source view. Previously, when viewing the source of a document, clickable links would be incorrect if a base path was specified in the document with this tag.
- Fixed an issue with running timers after the computer would have been put to sleep with the browser opened.
- Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD
- Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492)
- Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488)
- Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
- Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487)
- Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482)
- Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483)