Waterfox 40.1.0 is now available to download with important security updates and website compatability fixes. Waterfox Charity Search will also be shutting down.

What’s new in Waterfox 40.1.0?

Security Patches

Any security vulnerabilities that were fixed that were fixed in v41/v42 and related to v40.

  • MFSA 2015-96 Miscellaneous memory safety hazards
  • MFSA 2015-97 Memory leak in mozTCPSocket to servers
  • MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
  • MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
  • MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript
  • MFSA 2015-103 URL spoofing in reader mode
  • MFSA 2015-104 Use-after-free with shared workers and IndexedDB
  • MFSA 2015-105 Buffer overflow while decoding WebM video
  • MFSA 2015-108 Scripted proxies can access inner window
  • MFSA 2015-109 JavaScript immutable property enforcement can be bypassed
  • MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
  • MFSA 2015-111 Errors in the handling of CORS preflight request headers
  • MFSA 2015-112 Vulnerabilities found through code inspection
  • MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
  • MFSA 2015-114 Information disclosure via the High Resolution Time API
  • MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
  • MFSA 2015-117 Information disclosure through NTLM authentication
  • MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist
  • MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect
  • MFSA 2015-123 Buffer overflow during image interactions in canvas
  • MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X
  • MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
  • MFSA 2015-128 Memory corruption in libjar through zip files
  • MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
  • MFSA 2015-130 JavaScript garbage collection crash with Java applet
  • MFSA 2015-131 Vulnerabilities found through code inspection
  • MFSA 2015-132 Mixed content WebSocket policy bypass through workers
  • MFSA 2015-133 NSS and NSPR memory corruption issues


  • libjpeg-turbo to 1.4.2 from 1.4.0
  • libpng to 1.6.18 from 1.6.16
  • NSPR to 4.10.10 and NSS to
  • Support for WebP (library version 0.4.4) images thanks to this patch. (Animated WebP not supported). Test WebP images out here.


  • Encrypted Media Extensions have been removed until properly supported on x64
  • general.useragent.override. has been brought back!


  • Netflix should now work properly


  • Some YouTube videos will take a very long time to start playing due to a CORS bug. This is fixed in Firefox codebase 42+

It is with a heavy heart that I am announcing this. Waterfox Search was a really great idea that I hoped would change the web in the same way that DuckDuckGo and StartPage have, while also doing some good in helping out charities. Unfortunately while Waterfox Search had an absolutely soaring start thanks to the amazing Waterfox community, it’s time to shut it down.

I’d really like to thank the Waterfox community for helping me try and launch Storm (the Waterfox Search), you are all truly amazing and I thank you all for trying to help get the search out there!

I’ll be releasing another article with how much was raised for WellChild and show the donation being made as well :-)