Mozilla releases Firefox 38 with critical security updates

This week Mozilla released an updated version of its open-source web browser, Firefox 38, following quickly behind the March release of Firefox 37. The new browser incorporates thirteen security updates, five of which are considered “critical,” as well as other updates that include patched flaws and new capabilities.

According to Mozilla's advisory, critical updates such as the “Miscellaneous memory safety hazards” update, which patches the CVE-2015-2708 and CVE-2015-2709 security vulnerabilities, and buffer overflow issues, CVE-2015-2710 and CVE-2015-2716, will mitigate exploitable crash issues and other potential threats.

Though when released, Firefox 37 marked the use of opportunistic encryption (OE) for the first time within the browser, the encryption feature was soon removed due to possible security risks. Whether Firefox 38 will re-enable opportunistic encryption remains to be seen, with Mozilla declining to comment at this time.