![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.188 / (download) - annotate - [select for diffs], Thu Nov 9 00:04:43 2023 UTC (5 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
HEAD
Changes since 1.187: +2 -2
lines
Diff to previous 1.187 (colored) to selected 1.16 (colored)
firefox: clean some pkglint
Revision 1.187 / (download) - annotate - [select for diffs], Fri Nov 3 10:20:03 2023 UTC (5 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.186: +1 -2
lines
Diff to previous 1.186 (colored) to selected 1.16 (colored)
firefox: Update 119.0
* Enable WebGL with information by Paul Ripke. Thank you.
Changelog:
119.0
New
* Gradually rolling out in Fx119, Firefox View includes more content. You can
now see all open tabs, from all windows. If you sync open tabs, you??ll see
all tabs from other devices. Browsing history is now listed and you can
sort by date or by site. As before, recently closed tabs are also listed on
Firefox View.
To access Firefox View, select the file folder icon at the top left of your
tab strip.
screenshot of Firefox View displaying open tabs and tabs from other devices
* Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by
adding images and alt text, in addition to text and drawings.
screenshot of a photo of a red fox being added to a PDF. The alt text tool
is open to the left of the photo, ready for a description to be added.
* Recently closed tabs now persist between sessions that don't have automatic
session restore enabled. Manually restoring a previous session will
continue to reopen any previously open tabs or windows.
* If you're migrating your data from Chrome, Firefox now offers the ability
to import some of your extensions as well.
* As part of Total Cookie Protection, Firefox now supports the partitioning
of Blob URLs, this mitigates a potential tracking vector that third-party
agents could use to track an individual.
* The visibility of fonts to websites has been restricted to system fonts and
language pack fonts in Enhanced Tracking Protection strict mode to mitigate
font fingerprinting.
* The Storage Access API web standard was updated to improve security while
mitigating website breakages and further enabling the phase out of
third-party cookies in Firefox.
* Encrypted Client Hello (ECH) is now available to Firefox users, delivering
a more private browsing experience. ECH extends the encryption used in TLS
connections to cover more of the handshake and better protect sensitive
fields. Read more about the launch of ECH on Mozilla Distilled.
* Media sniffing is no longer applied to files served as type application/
octet-stream, this allows these files to be downloaded instead of
attempting playback.
* On Windows, the mouse pointer will disappear while typing if the relevant
Windows mouse properties system setting is enabled.
* Firefox is now available in the Santali (sat) language.
Fixed
* Fixed an issue causing unexpected jumps in scroll position on Facebook.
* Various security fixes.
Developer
* Developer Information
* Several enhancements have been made to the Inactive CSS styles feature.
This feature assists in identifying CSS properties that have no effect on
an element. Pseudo-elements such as ::first-letter, ::cue, and
::placeholder are now fully supported.
* The JSON viewer is particularly useful for debugging REST APIs, as it
displays formatted JSON responses. Now, if the JSON is invalid or broken,
it automatically switches to a raw data view, improving the user
experience.
Web Platform
* ARIA reflection for simple attributes and default Accessibility Semantics
for Custom Elements are now supported. Note this includes boolean, enum,
number, and string attributes, but not attributes that reference other
elements.
* credentialless is now supported in Cross-Origin-Embedder-Policy.
* The CSS attr() function now supports a fallback parameter, for example attr
(foobar, "Default value").
* Grouping of items in an array (and iterables) is now easier by using the
methods Object.groupBy or Map.groupBy.
Security fixes:
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5722: Cross-Origin size and header leakage
#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
could have led to a crash.
#CVE-2023-5729: Fullscreen notification dialog could have been obscured by
WebAuthn prompts
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
Thunderbird 115.4.1
#CVE-2023-5731: Memory safety bugs fixed in Firefox 119
Revision 1.186 / (download) - annotate - [select for diffs], Sun Oct 15 07:40:10 2023 UTC (6 months ago) by ryoon
Branch: MAIN
Changes since 1.185: +2 -1
lines
Diff to previous 1.185 (colored) to selected 1.16 (colored)
firefox: Update to 118.0.2
Changelog:
118.0.2
Fixed
* Fixed games not loading on betsoft.com (bug 1856145)
* Fixed printing issues for some SVG images (bug 1853727)
* Fixed CORS XHR with authentication no longer working (bug 1855650)
* Fixed h264 WebRTC video not working in some contexts (bug 1855636)
* Fixed Firefox Translations not working on some pages (bugs 1841656 -
1855307)
* Stability fixes (bugs 1851991 - 1799326 - 1856637)
118.0.1
Fixed
* Security fix.
Mozilla Foundation Security Advisory 2023-44
#CVE-2023-5217: Heap buffer overflow in libvpx
118.0
New
* Automated translation of web content is now available to Firefox users!
Unlike cloud-based alternatives, translation is done locally in Firefox, so
that the text being translated does not leave your machine. Many thanks to
the various partners of the EU R&D Bergamot project.
* Web Audio in Firefox now uses the FDLIBM math library on all systems to
improve anonymity with Fingerprint Protection.
* The visibility of fonts to websites has been restricted to system fonts and
language pack fonts to mitigate font fingerprinting in Private Browsing
windows.
* Video Effects and background blur are now available to Firefox users on
Google Meet! (Note: These effects have also been released retroactively to
support Firefox versions back to Firefox 115.)
* Firefox Suggest users (US-only at this time) will now be able to see
browser add-on suggestions right in the address bar based on their
keywords.
Fixed
* Various security fixes.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 118 Release Notes.
Web Platform
* 10 new CSS math functions are now supported: round, mod, rem, pow, sqrt,
hypot, log, exp, abs, sign.
* OpaqueResponseBlocking is now enabled by default.
* The <search> element is now supported. The <search> element is a group
element that serves to contain all the elements used in a search or
filtering operation.
Mozilla Foundation Security Advisory 2023-41
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
#CVE-2023-5169: Out-of-bounds write in PathOps
#CVE-2023-5170: Memory leak from a privileged process
#CVE-2023-5171: Use-after-free in Ion Compiler
#CVE-2023-5172: Memory Corruption in Ion Hints
#CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services
#CVE-2023-5174: Double-free in process spawning on Windows
#CVE-2023-5175: Use-after-free of ImageBitmap during process shutdown
#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and
Thunderbird 115.3
Revision 1.185 / (download) - annotate - [select for diffs], Sat Sep 9 20:23:14 2023 UTC (7 months, 1 week ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3
Changes since 1.184: +2 -2
lines
Diff to previous 1.184 (colored) to selected 1.16 (colored)
firefox: vaapitest is installed unconditionally At least with wayland option disabled everywhere vaapitest seems installed anyway for 117.0.
Revision 1.184 / (download) - annotate - [select for diffs], Fri Aug 11 14:00:03 2023 UTC (8 months, 1 week ago) by tnn
Branch: MAIN
Changes since 1.183: +2 -1
lines
Diff to previous 1.183 (colored) to selected 1.16 (colored)
firefox: fix PLIST issue on aarch64
Revision 1.183 / (download) - annotate - [select for diffs], Sat Jun 24 16:03:58 2023 UTC (9 months, 3 weeks ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.182: +2 -2
lines
Diff to previous 1.182 (colored) to selected 1.16 (colored)
Fix PLIST with PKG_OPTIONS -wayland
Revision 1.182 / (download) - annotate - [select for diffs], Wed Jun 14 16:22:18 2023 UTC (10 months ago) by ryoon
Branch: MAIN
Changes since 1.181: +3 -1
lines
Diff to previous 1.181 (colored) to selected 1.16 (colored)
firefox: Update to 114.0.1
* mprotect support for firefox and firefox-bin is insufficient now.
Changelog:
114.0.1
Fixed
* Fix a startup crash (bug 1837201).
114.0
New
* Added UI to manage the DNS over HTTPS exception list.
* Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu
is accessible by adding the Bookmarks menu button to the toolbar.
* Restrict searches to your local browsing history by selecting Search
history from the History, Library or Application menu buttons.
* Mac users can now capture video from their cameras in all supported native
resolutions. This enables resolutions higher than 1280x720.
* It is now possible to reorder the extensions listed in the extensions
panel.
* Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn
authenticators over USB. Some advanced features, such as fully passwordless
logins, require a PIN to be set on the authenticator.
* Pocket Recommended content can now be seen in France, Italy, and Spain.
Fixed
* Various security fixes.
Changed
* DNS over HTTPS settings are now part of the Privacy & Security section of
the Settings page and allow the user to choose from all the supported
modes.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 114 Release Notes.
Developer
* Developer Information
* The Copy as cURL feature, available in the Network panel, has been
enhanced. It now supports the --compressed argument.
* The Accessibility Inspector has been improved to accurately recognize all
the ARIA roles like banner, main, navigation, and contentinfo, etc. This
enhancement is particularly beneficial for web developers working with ARIA
roles to improve web accessibility.
* Firefox now provides support for the CSS Cascading Level 4 supports()
syntax for @import rules. This allows for the importation of other
stylesheets based on support-dependency. In addition, the Inspector panel
now accurately displays the conditions at the top of the imported rule.
developer tools screenshot of the new @import syntax rule
Web Platform
* DOM: Added support for ES Modules on DedicatedWorker and SharedWorker
* WebTransport is now enabled by default and will be going to release with
114. As the original Explainer notes, it enables multiple use-cases that
are hard or impossible to handle without it, especially for Gaming and live
streaming. It covers cases that are problematic for alternative mechanisms,
such as WebSockets.
Built on top of HTTP3 (HTTP2 support will be coming later). The current
implementation in Firefox is passing 505 out of 565 Web-Platform Tests.
* CSS: The infinity and NaN constants are now supported inside the calc()
function.
Security fixes
#CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
#CVE-2023-34415: Site-isolation bypass on sites that allow open redirects to
data: urls
#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
#CVE-2023-34417: Memory safety bugs fixed in Firefox 114
Revision 1.181 / (download) - annotate - [select for diffs], Sat Oct 8 21:18:55 2022 UTC (18 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.180: +1 -2
lines
Diff to previous 1.180 (colored) to selected 1.16 (colored)
firefox: Update to 105.0.3
* Add --enable-new-pass-manager.
* Disable sysutils/dbus dependency for non-Linux platforms by default.
Changelog:
105.0.3:
Fixed
* Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
software installed (bug 1794064)
105.0.2:
Fixed
* Fixed poor contrast on various menu items with certain themes on Linux
systems (bug 1792063)
* Fixed the scrollbar appearing on the wrong side of select elements in
right-to-left locales (bug 1791219)
* Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug
1786259)
* Fixed a bug causing some dynamic appearance changes to not appear when
expected (bug 1786521)
* Fixed a bug causing theme styling to not be properly applied to sidebars
for some add-ons in Private Browsing Mode (bug 1787543)
105.0.1:
Fixed
* Reverted focus behavior for new windows back to the content area
instead of the address bar (bug 1784692)
105.0:
New
* Added an option to print only the current page from the print preview
dialog.
* Firefox now supports partitioned service workers in third-party contexts.
You can register service workers in a third-party iframe and it will be
partitioned under the top-level domain.
* Swipe to navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) on Windows is now enabled.
* Firefox is now compliant with the User Timing L3 specification, which adds
additional optional arguments to the performance.mark and
performance.measure methods to provide custom start times, end times,
duration, and attached details.
* Searching in large lists for individual items is now 2x faster. This
performance enhancement replaces array.includes and array.indexOf with an
optimized SIMD version.
Fixed
* Stability on Windows is significantly improved as Firefox handles
low-memory situations much better.
* Touchpad scrolling on macOS was made more accessible by reducing unintended
diagonal scrolling opposite of the intended scroll axis.
* Firefox is less likely to run out of memory on Linux and performs more
efficiently for the rest of the system when memory runs low.
* Various security fixes.
Web Platform
* Support for the Offscreen Canvas DOM API with full context and font
support. The OffscreenCanvas API provides a canvas that can be rendered
off-screen in both Window and Web Worker contexts.
Security fixes:
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host
and __Secure prefix
#CVE-2022-40961: Stack-buffer overflow when initializing Graphics
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
Revision 1.180 / (download) - annotate - [select for diffs], Tue Mar 1 13:35:33 2022 UTC (2 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.179: +2 -2
lines
Diff to previous 1.179 (colored) to selected 1.16 (colored)
firefox: Update to 97.0.1
* Remove removed or changed configure options.
Changelog:
97.0.1:
Fixed
* Fixed an issue where TikTok videos would fail to load when selected from a
user's profile page (bug 1750973)
* Fixed an issue which led to Picture-in-Picture mode being unable to be
toggled on Hulu (bug 1753401)
* Works around problems with WebRoot SecureAnywhere antivirus rendering
Firefox unusable in some situations (bug 1752466)
* Fixed an issue causing users to see the Restore Session screen unexpectedly
when starting Firefox (bug 1749996)
97.0:
New
* On February 8, we expired the 18 colorway themes that shipped along with
Firefox 94. This signals the end of a special, limited-time feature set.
However, you can hold onto your favorite colorway, as long as you??re using
it on the expiration date. In other words, if a colorway is ??enabled?? in
the add-ons manager, that colorway is yours forever.
* Beginning February 15, we are releasing 6 brand-new colorways in a special
partner collaboration. U.S.-based fans of the film can visit
truecolors.firefox.com to activate official Turning Red-inspired Colorways,
available exclusively in Firefox for desktop through April 30, 2022.
Firefox users who visit the ??True Colors?? campaign landing page will be
able to modify how their web browser looks, with colors and moods inspired
by some of the main characters in the film. To enjoy the new Colorways, you
??ll need to make sure you upgrade to the latest Firefox 97 version. This
collection will be available in the add-ons manager, within the Colorways
section. Read more about colorway updates here.
* Firefox now supports and displays the new style of scrollbars on Windows
11.
Fixed
* On macOS, we??ve made improvements to system font loading which makes
opening and switching to new tabs faster in certain situations.
* Various security fixes
Changed
* Support for directly generating PostScript for printing on Linux has been
removed. Printing to PostScript printers still remains a supported option,
however.
Security fixes:
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation during
update
#CVE-2022-22755: XSL could have allowed JavaScript execution after a tab was
closed
#CVE-2022-22756: Drag and dropping an image could have resulted in the dropped
object being an executable
#CVE-2022-22757: Remote Agent did not prevent local websites from connecting
#CVE-2022-22758: tel: links could have sent USSD codes to the dialer on Firefox
for Android
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between script
and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22762: JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
#CVE-2022-0511: Memory safety bugs fixed in Firefox 97
Revision 1.179 / (download) - annotate - [select for diffs], Thu Nov 11 16:48:04 2021 UTC (2 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.178: +2 -1
lines
Diff to previous 1.178 (colored) to selected 1.16 (colored)
firefox: Update to 94.0.1
Changelog:
94.0.1
Fixed
* Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)
94.0
New
* Colorways animated screenshot
With 94, you'll find a selection of six fun seasonal Colorways (available
for a limited time only). Now you can find a color to suit (or lift) your
every mood.
Fun fact: Did you know we have more daily users with color themes than dark
or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to
customize their color theme. And that was just on the first day! We decided
to introduce these new Colorways to give our users more to love.
* Firefox macOS now uses Apple's low power mode for fullscreen video on sites
such as YouTube and Twitch. This meaningfully extends battery life in long
viewing sessions. Now your kids can find out what the fox says on a loop
without you ever missing a beat'
* With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
* On Windows, there will now be fewer interruptions because Firefox won't
prompt you for updates. Instead, a background agent will download and
install updates even if Firefox is closed.
* And on Linux, we've improved WebGL performance and reduced power
consumption for many users.
* To better protect all Firefox users against side-channel attacks such as
Spectre, we're introducing Site Isolation. It will be rolled out to
Firefox 94 users over the next few weeks. We've got your
back...errr...side!
* We're rolling out the Firefox Multi-Account Containers extension with
Mozilla VPN integration. This lets you use a different server location for
each container.
* Firefox no longer warns you by default when you exit the browser or close a
window using a menu, button, or three-key command. This should cut back on
unwelcome notifications which is always nice--however, if you prefer a bit
of notice, you'll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox Settings. No worries!
(More details)
* And now, Firefox supports the new Snap Layouts menus when running on
Windows 11.
Fixed
* We've reduced the overhead of using performance.mark() and
performance.measure() APIs with a large set of performance entries.
* Plus, we've modified paint suppression during load to greatly improve
warmload performance in Site Isolation mode.
* You'll also notice a small reduction in Javascript memory usage.
* With this release, you'll notice faster Javascript property enumeration as
well.
* We've also implemented better scheduling of garbage collection which has
improved some pageload benchmarks.
* This release also sees reduced CPU usage during socket polling for HTTPS
connections.
* Additionally, you'll notice faster storage initialization.
* We've also improved cold startup by reducing main thread I/O.
* Plus, closing devtools now reclaims more memory than ever before.
* And we've improved pageload (especially with Site Isolation mode) by
setting a higher priority for loading and displaying images.
* Various security fixes
Enterprise
* Enterprise users now have more control over Firefox deployments with the
availability of our MSIX package on Windows platforms.
* You'll also notice various bug fixes and new policies have been
implemented in this latest version of Firefox. See more details in the
Firefox for Enterprise 94 Release Notes.
Security fixes:
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user
data
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context
menu was triggered by a user
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary
domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
#MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to
see authentication tokens
#MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Revision 1.178 / (download) - annotate - [select for diffs], Thu Sep 16 16:46:24 2021 UTC (2 years, 7 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Changes since 1.177: +9 -2
lines
Diff to previous 1.177 (colored) to selected 1.16 (colored)
firefox: Install scalable icon sizes, bump PKGREVISION
Revision 1.177 / (download) - annotate - [select for diffs], Fri Aug 13 14:57:52 2021 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.176: +8 -5775
lines
Diff to previous 1.176 (colored) to selected 1.16 (colored)
firefox: Update to 91.0
* Convert to --enable-chrome-format=omni.
It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.
Changelog:
New
* Building on Total Cookie Protection, we've added a more comprehensive logic
for clearing cookies that prevents hidden data leaks and makes it easy for
users to understand which websites are storing local information. Learn
more
* Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
* The simplify page when printing feature is back! When printing, under More
settings > Format select the Simplified option when available to get a
clutter-free page. Learn more
* HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
all connections to websites secure, and fall back to insecure connections
only when websites do not support it. Learn more
* We've added a new locale: Scots (sco)
* The address bar now provides Switch to Tab results also in Private Browsing
windows.
* Firefox now automatically enables High Contrast Mode when "Increase
Contrast" is checked on MacOS
* Firefox now does catch-up paints for almost all user interactions, enabling
a 10-20% improvement in response time to most user interactions.
Fixed
* Various security fixes
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 91
Release Notes.
Developer
* Developer Information
Web Platform
* The Visual Viewport API is now supported on desktop platforms
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
Revision 1.176 / (download) - annotate - [select for diffs], Tue Jul 13 14:52:22 2021 UTC (2 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.175: +62 -72
lines
Diff to previous 1.175 (colored) to selected 1.16 (colored)
firefox: Update to 90.0
Changelog:
New
* On Windows, updates can now be applied in the background while Firefox is
not running.
* Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
* Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
* Print to PDF now produces working hyperlinks
* Version 2 of Firefox??s SmartBlock feature further improves private
browsing. Third-party Facebook scripts are blocked to prevent you from
being tracked, but are now automatically loaded ??just in time?? if you
decide to ??Log in with Facebook?? on any website.
Fixed
* Various security fixes
Changed
* The "Open Image in New Tab" context menu item now opens images and media in
a background tab by default. Learn more
* Most users without hardware accelerated WebRender will now be using
software WebRender.
* Improved software WebRender performance
* FTP support has been removed
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 90
Release Notes.
Developer
* Developer Information
* Support for Private Fields (TC39 proposal, stage 3) is available in
DevTools. The support includes: object inspection, autocompletion,
expression evaluation, variable tooltips, and pretty printing (bug)
* The Network panel shows a preview of HTTP requests for fonts in the
Response tab (bug)
Network panel font preview screenshot
Web Platform
* Support for Fetch Metadata Request Headers, which allows web applications
to better protect themselves and their users against various cross-origin
threats.
* Added the ability to use client authentication certificates stored in
hardware tokens or in Operating System storage.
Security fixes:
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
#CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
#CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
#CVE-2021-29975: Text message could be overlaid on top of another website
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
#CVE-2021-29977: Memory safety bugs fixed in Firefox 90
Revision 1.175 / (download) - annotate - [select for diffs], Wed Jun 30 15:09:55 2021 UTC (2 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.174: +116 -109
lines
Diff to previous 1.174 (colored) to selected 1.16 (colored)
firefox: Update to 89.0.2
Changelog:
89.0.2
Fixed
* Fix occasional hangs with Software WebRender on Linux (bug 1708224)
89.0.1
Fixed
* Windows: Resolved an issue causing some screen readers to not interact
correctly with Firefox anymore (bug 1714212)
* Updated translations, including full Spanish (Mexico) localization and
other improvements (bug 1714946)
* Fix various font related regressions (bug 1694174)
* Linux: Fix performance and stability regressions with WebRender (bug
1715895, bug 1715902)
* macOS: Fix screen flickering when scrolling a page on an external monitor (
bug 1715452)
* Enterprise: Fix for the DisableDeveloperTools policy not having effect
anymore (bug 1715777)
* Linux: Fix broken scrollbars on some GTK themes (bug 1714103)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas
89.0
New
* Say hello to a fresh new Firefox, designed to get you where you want to go
even faster. We??ve redesigned and modernized the core experience to be
cleaner, more inviting, and easier to use.
Beginning in 89, you??ll notice a number of changes, including:
Simplified browser chrome and toolbar: Less frequently used items removed
to focus on the most important navigation items.
Simplified browser chrome and toolbar screenshot
Clear, streamlined menus: Re-organized and prioritized menu content
according to usage. Updated labels and removed iconography.
Clear, streamlined menus screenshot
Updated prompts: Infobars, panels, and modals have a cleaner design and
clearer language.
Updated prompts screenshot
Inspired tab design: Floating tabs neatly contain information and surface
cues when you need them, like visual indicators for audio controls. The
rounded design of the active tab supports focus and signals the ability to
easily move the tab as needed.
Inspired tab design screenshot
Fewer interruptions: Reduced number of alerts and messages, so you can
browse with fewer distractions.
Cohesive, calmer visuals: Lighter iconography, a refined color palette, and
more consistent styling throughout.
This release also includes enhancements to our privacy offerings:
+ We??ve enhanced the privacy of the Firefox Browser??s Private Browsing
mode with Total Cookie Protection, which confines cookies to the site
where they were created, preventing companies from using cookies to
track your browsing across sites. This feature was originally launched
in Firefox??s ETP Strict mode.
* For macOS users, we're introducing the elastic overscroll effect known from
many other applications. A gentle bouncing animation will indicate that you
reached the end of the page.
In addition, we added support for smart zoom. Double-tap with two fingers
on your trackpad, or with a single finger on your Magic Mouse, to zoom the
content below your cursor into focus.
* Native context menus: Context menus on macOS are now native and support
Dark Mode.
macOS native context menus screenshot
* WebRender is now enabled on Linux with the NVIDIA binary driver and on all
desktop environments
#
Fixed
* Colors in Firefox on macOS will no longer be saturated on wide gamut
displays, untagged images are properly treated as sRGB, and colors in
images tagged as sRGB will now match CSS colors.
* In full screen mode on macOS, moving your mouse to the top of the screen
will no longer hide your tabs behind the system menu bar.
* Also in full screen mode on macOS, it is now possible to hide the browser
toolbars for a fully immersive full screen experience. This brings macOS in
line with Windows and Linux.
* Various stability and security fixes.
#
Changed
* Introducing a non-native implementation of web form controls, which
delivers a new modern design and some improvements to page load
performance. Watch for layout bugs in web pages that make assumptions about
the dimensions or styling of form controls.
* The screenshots feature is available in the right-click context menu. You
can also add a screenshots shortcut to your toolbar. Learn more.
Security fixes:
#CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain
spoofing
#CVE-2021-29960: Filenames printed from private browsing mode incorrectly
retained in preferences
#CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling
#CVE-2021-29963: Shared cookies for search suggestions in private browsing mode
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29959: Devices could be re-enabled without additional permission
prompt
#CVE-2021-29962: No rate-limiting for popups on Firefox for Android
#CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
#CVE-2021-29966: Memory safety bugs fixed in Firefox 89
Revision 1.174 / (download) - annotate - [select for diffs], Sat May 22 14:00:05 2021 UTC (2 years, 10 months ago) by rin
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.173: +3 -3
lines
Diff to previous 1.173 (colored) to selected 1.16 (colored)
firefox: Sort PLIST. No functional changes.
Revision 1.173 / (download) - annotate - [select for diffs], Sat May 22 13:49:16 2021 UTC (2 years, 10 months ago) by rin
Branch: MAIN
Changes since 1.172: +4 -3
lines
Diff to previous 1.172 (colored) to selected 1.16 (colored)
firefox: Fix PLIST for debug option.
Revision 1.172 / (download) - annotate - [select for diffs], Mon Apr 19 13:50:07 2021 UTC (3 years ago) by ryoon
Branch: MAIN
Changes since 1.171: +67 -101
lines
Diff to previous 1.171 (colored) to selected 1.16 (colored)
firefox: Update to 88.0
Changelog:
New
* PDF forms now support JavaScript embedded in PDF files. Some PDF forms use
JavaScript for validation and other interactive features.
* Print updates: Margin units are now localized.
* Smooth pinch-zooming using a touchpad is now supported on Linux
* To protect against cross-site privacy leaks, Firefox now isolates
window.name data to the website that created it. Learn more
Fixed
* Screen readers no longer incorrectly read content that websites have
visually hidden, as in the case of articles in the Google Help panel.
* Various security fixes.
Changed
* Firefox will not prompt for access to your microphone or camera if you've
already granted access to the same device on the same site in the same tab
within the past 50 seconds. This new grace period reduces the number of
times you're prompted to grant device access.
* The "Take a Screenshot" feature was removed from the Page Actions menu in
the url bar. To take a screenshot, right-click to open the context menu.
You can also add a screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize...
* FTP support has been disabled, and its full removal is planned for an
upcoming release. Addressing this security risk reduces the likelihood of
an attack while also removing support for a non-encrypted protocol.
Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23996: Content rendered outside of webpage viewport
#CVE-2021-23997: Use-after-free when freeing fonts from cache
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24000: requestPointerLock() could be applied to a tab different from
the visible tab
#CVE-2021-24001: Testing code could have enabled session history manipulations
by a compromised content process
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
null-reads
#CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader
View
#CVE-2021-29946: Port blocking could be bypassed
#CVE-2021-29947: Memory safety bugs fixed in Firefox 88
Revision 1.171 / (download) - annotate - [select for diffs], Tue Mar 30 16:39:06 2021 UTC (3 years ago) by ryoon
Branch: MAIN
Changes since 1.170: +101 -114
lines
Diff to previous 1.170 (colored) to selected 1.16 (colored)
firefox: Update to 87.0
Changelog:
New
* You'll encounter less website breakage in Private Browsing and Strict
Enhanced Tracking Protection with SmartBlock, which provides stand-in
scripts so that websites load properly.
* To further protect your privacy, our new default HTTP Referrer policy will
trim path and query string information from referrer headers to prevent
sites from accidentally leaking sensitive user data.
* The "Highlight All" feature on Find in Page now displays tick marks
alongside your scrollbar that correspond to the location of matches found
on that page.
* We're proud to announce full support for macOS built-in screen reader,
VoiceOver.
* We've added a new locale: Silesian (szl)
Fixed
* We've fixed several significant accessibility issues:
+ Video controls now have visible focus styling and video and audio
controls are now keyboard navigable. (Bug 1681007)
+ HTML <meter> is now spoken by screen readers. (Bug 1460378)
+ Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537
)
+ Firefox will now fire a name/description change event when
aria-labelledby/describedby content changes. (Bug 493683)
* Various security fixes.
Changed
* To prevent user data loss when filling out forms, we've disabled the
Backspace key as a navigation shortcut for the back navigation button. To
re-enable the Backspace keyboard shortcut, you can change the about:config
preference browser.backspace_action to 0. You can also use the recommended
Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
Firefox keyboard shortcuts
* We've removed items from the Library menu that weren't used often or have
other access points in the browser: Synced tabs, Recent highlights, and
Pocket list.
* We've simplified the Help menu by reducing redundant items, such as those
that point to Firefox support pages that can also be accessed via the Get
Help item.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
87 Release Notes.
Developer
* Developer Information
* We've greatly simplified the Web Developer menu. Go to Application Menu >
Web Developer > Web Developer Tools to access Inspector, Web Console,
Debugger, Network Style Error, Performance, Storage Inspector,
Accessibility, and Application
* Developers can now use the Page Inspector to simulate prefers-color-scheme
media queries, without having to change the operating system to light or
dark mode.
* Developers can now use the Page Inspector to toggle the :target
pseudo-class for the currently selected element in addition to the
pseudo-classes that were previously supported: :hover, :active and :focus,
:focus-within, :focus-visible, and :visited.
* There is a number of Page Inspector improvements and bug fixes related to
inactive CSS rules:
+ The table-layout property is now marked as inactive for non-table
elements.
+ The scroll-padding properties (shorthand and longhand) are now marked
as inactive for non-scrollable elements.
+ The text-overflow property was previously incorrectly marked as
inactive for some overflow values.
Securiy fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory
corruption
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23985: Devtools remote debugging feature could have been enabled
without indication to the user
#CVE-2021-23986: A malicious extension could have performed credential-less
same origin policy violations
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
Revision 1.170 / (download) - annotate - [select for diffs], Tue Feb 23 17:02:04 2021 UTC (3 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.169: +81 -51
lines
Diff to previous 1.169 (colored) to selected 1.16 (colored)
firefox: Update to 86.0
Changelog:
New
* Firefox now supports simultaneously watching multiple videos in
Picture-in-Picture.
* Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total
Cookie Protection, every website gets its own "cookie jar," preventing
cookies from being used to track you from site to site.
* We've improved our Print functionality with a cleaner design and better
integration with your computer's printer settings.
* For Firefox users in Canada, credit card management and auto-fill are now
enabled.
* Notable performance and stability improvements are achieved by moving
canvas drawing and WebGL drawing to the GPU process.
Fixed
* Reader mode now works with local HTML pages.
* Using screen reader quick navigation to move to editable text controls no
longer incorrectly reaches non-editable cells in some grids such as on
messenger.com.
* The Orca screen reader's mouse review feature now works correctly after
switching tabs in Firefox.
* Screen readers no longer report column headers incorrectly in tables
containing cells spanning multiple columns.
* Links in Reader View now have more color contrast.
* Various security fixes.
Changed
* On Linux and Android, the protection to mitigate the stack clash attack has
been activated.
* From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing
WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from
now on as the minimum version.
* Consolidated all video decoding in the new RDD process which results in a
more secure Firefox.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
86 Release Notes.
Developer
* Developer Information
* CSS image-set() function in CSS is now enabled, allowing for responsive
images in CSS.
* Inactive CSS tool is now showing a warning when margin or padding is set on
internal table elements.
Inactive CSS screenshot
* Developer Tools Toolbox is now showing a number of errors on the current
page. This is a quick way to surface information to a developer that
something is wrong with their page. Clicking on the red exclamation icon
navigates the user to the Console panel.
Develeoper tools: screenshot of number of errors
Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23970: Multithreaded WASM triggered assertions validating separation
of script domains
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
#CVE-2021-23971: A website's Referrer-Policy could have been be overridden,
potentially resulting in the full URL being sent as a Referrer
#CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox
for Android
#CVE-2021-23977: Malicious application could read sensitive data from Firefox
for Android's application directories
#CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is
cached
#CVE-2021-23975: about:memory Measure function caused an incorrect pointer
operation
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
#CVE-2021-23979: Memory safety bugs fixed in Firefox 86
Revision 1.169 / (download) - annotate - [select for diffs], Tue Jan 26 15:02:55 2021 UTC (3 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.168: +47 -34
lines
Diff to previous 1.168 (colored) to selected 1.16 (colored)
firefox: Update to 85.0
Changelog:
New
* Firefox now protects you from supercookies, a type of tracker that can stay
hidden in your browser and track you online, even after you clear cookies.
By isolating supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
* It??s easier than ever to save and access your bookmarks. Firefox now
remembers your preferred location for saved bookmarks, displays the
bookmarks toolbar by default on new tabs, and gives you easy access to all
of your bookmarks via a toolbar folder.
* The password manager now allows you to remove all of your saved logins with
one click, as opposed to having to delete each login individually.
Fixed
* Various security fixes.
Changed
* Firefox no longer supports Adobe Flash. There is no setting available to
re-enable Flash support.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
85 Release Notes.
Developer
* Developer Information
* CSS: We have added support for the :focus-visible pseudo class.
* It's possible to prettify JS expressions in Console source code Editor
(available in multiline mode) using a new toolbar button.
Console Editor Pretty Print Expression Screenshot
Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
JavaScript switch statements
#CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
#CVE-2021-23956: File picker dialog could have been used to disclose a complete
directory
#CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the
intent URL scheme
#CVE-2021-23958: Screen sharing permission leaked across tabs
#CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
variables during GC
#CVE-2021-23961: More internal network hosts could have been probed by a
malicious webpage
#CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</
code>
#CVE-2021-23963: Permission prompt inaccessible after asking for additional
permissions
#CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
#CVE-2021-23965: Memory safety bugs fixed in Firefox 85
Revision 1.168 / (download) - annotate - [select for diffs], Fri Jan 1 12:52:16 2021 UTC (3 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.167: +2 -1
lines
Diff to previous 1.167 (colored) to selected 1.16 (colored)
firefox: Update to 84.0.1
Changelog:
Fixed
* Fixed problems loading secure websites and crashes for users with certain
third-party PKCS11 modules and smartcards installed (bug 1682881).
* Fixed slower than expected performance and flickering on Canvas elements
for some Windows users (bug 1683116).
* Fixed a bug causing some Unity JS games to not load on Apple Silicon
devices due to improper detection of the OS version (bug 1680516).
* Fixed crashes caused by various third-party antivirus software.
Revision 1.167 / (download) - annotate - [select for diffs], Thu Dec 17 09:53:15 2020 UTC (3 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.166: +91 -151
lines
Diff to previous 1.166 (colored) to selected 1.16 (colored)
firefox: Update to 84.0
Changelog:
New
* Native support for macOS devices built with Apple Silicon CPUs brings
dramatic performance improvements over the non-native build that was
shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps
are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest Firefox.
* WebRender rolls out to MacOS Big Sur, Windows devices with Intel Gen 6
GPUs, and Intel laptops running Windows 7 and 8. Additionally we'll ship an
accelerated rendering pipeline for Linux/GNOME/X11 users for the first
time, ever!
* Firefox now uses more modern techniques for allocating shared memory on
Linux, improving performance and increasing compatibility with Docker.
* Firefox 84 is the final release to support Adobe Flash.
Fixed
* Various security fixes
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory
to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26972: Use-After-Free in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26975: Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
#CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
#CVE-2020-26978: Internal network hosts could have been probed by a malicious
webpage
#CVE-2020-26979: When entering an address in the address or search bars, a
website could have redirected the user before they were navigated to the
intended url
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Revision 1.166 / (download) - annotate - [select for diffs], Tue Nov 17 16:11:06 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.165: +84 -53
lines
Diff to previous 1.165 (colored) to selected 1.16 (colored)
firefox: Update to 83.0
Changelog:
Version 83.0, first offered to Release channel users on November 17, 2020
New
* Firefox keeps getting faster as a result of significant updates to
SpiderMonkey, our JavaScript engine, you will now experience improved page
load performance by up to 15%, page responsiveness by up to 12%, and
reduced memory usage by up to 8%. We have replaced part of the JavaScript
engine that helps to compile and display websites for you, improving
security and maintainability of the engine at the same time.
* Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures
that every connection Firefox makes to the web is secure and alerts you
when a secure connection is not available. You can enable it in Firefox
Preferences.
* Pinch zooming will now be supported for our users with Windows touchscreen
devices and touchpads on Mac devices. Firefox users may now use pinch to
zoom on touch-capable devices to zoom in and out of webpages.
* Picture-in-Picture now supports keyboard shortcuts for fast forwarding and
rewinding videos: use the arrow keys to move forward and back 15 seconds,
along with volume controls. For a list of supported commands see Support
Mozilla
* When you are presenting your screen on a video conference in Firefox, you
will see our improved user interface that makes it clearer which devices or
displays are being shared.
* We've improved functionality and design for a number of Firefox search
features:
+ Selecting a search engine at the bottom of the search panel now enters
search mode for that engine, allowing you to see suggestions (if
available) for your search terms. The old behavior (immediately
performing a search) is available with a shift-click.
+ When Firefox autocompletes the URL of one of your search engines, you
can now search with that engine directly in the address bar by
selecting the shortcut in the address bar results.
+ We've added buttons at the bottom of the search panel to allow you to
search your bookmarks, open tabs, and history.
* Firefox supports AcroForm, which will allow you to fill in, print, and save
supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in India on the English build of Firefox will now see Pocket
recommendations in their new tab featuring some of the best stories on the
web. If you don't see them, you can turn on Pocket articles in your new
tab by following these steps.
* For the recently released Apple devices built with Apple Silicon CPUs, you
can use Firefox 83 and future releases without any change. This release
(83) will support emulation under Apple's Rosetta 2 that ships with macOS
Big Sur. We are working toward Firefox being natively-compiled for these
CPUs in a future release.
* This is a major release for WebRender as we roll out to more Firefox users
on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
* This release also includes a number of accessibility fixes:
+ Screen reader features which report paragraphs now correctly report
paragraphs instead of lines in Google Docs
+ When reading by word using a screen reader, words are now correctly
reported when there is punctuation nearby
+ The arrow keys now work correctly after tabbing in the
picture-in-picture window
* For users on macOS restoring a session with minimized windows, Firefox now
uses much less power and you should see much longer battery life.
* Various security fixes
Security fixes:
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
#CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26957: OneCRL was not working in Firefox for Android
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26962: Cross-origin iframes supported login autofill
#CVE-2020-26963: History and Location interfaces could have been used to hang the browser
#CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
#CVE-2020-26969: Memory safety bugs fixed in Firefox 83
Revision 1.163.2.1 / (download) - annotate - [select for diffs], Thu Oct 29 12:18:54 2020 UTC (3 years, 5 months ago) by spz
Branch: pkgsrc-2020Q3
Changes since 1.163: +398 -333
lines
Diff to previous 1.163 (colored) next main 1.164 (colored) to selected 1.16 (colored)
Pullup ticket #6356 - requested by maya
www/firefox: security update
www/firefox-l10n: security update
Revisions pulled up:
- www/firefox-l10n/Makefile 1.186-1.191
- www/firefox-l10n/PLIST 1.67
- www/firefox-l10n/distinfo 1.168-1.173
- www/firefox/Makefile 1.448-1.453
- www/firefox/PLIST 1.164-1.165
- www/firefox/distinfo 1.411-1.418
- www/firefox/mozilla-common.mk 1.181-1.182
- www/firefox/patches/patch-build_moz.configure_rust.configure 1.7
- www/firefox/patches/patch-config_makefiles_rust.mk 1.5
- www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp 1.1
- www/firefox/patches/patch-js_src_jsfriendapi.h 1.3
- www/firefox/patches/patch-race_recurse.mk 1.1
- www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
- www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:30:01 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
pkgsrc/www/firefox/patches: patch-config_makefiles_rust.mk
patch-js_src_jsfriendapi.h
Removed Files:
pkgsrc/www/firefox/patches:
patch-third__party_rust_getrandom_src_lib.rs
patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
Log Message:
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you donãàÑÕ see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
FirefoxãàÑÔ new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* WeãàÑ×e fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files youãàÑ×e downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
To generate a diff of this commit:
cvs rdiff -u -r1.447 -r1.448 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.163 -r1.164 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.410 -r1.411 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.4 -r1.5 \
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:31:02 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
firefox-l10n: Update to 81.0
* Add ur locale.
* Sync with www/firefox-81.0.
To generate a diff of this commit:
cvs rdiff -u -r1.185 -r1.186 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.167 -r1.168 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 29 23:20:23 UTC 2020
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
firefox: 81.0 requires nss >= 3.56
To generate a diff of this commit:
cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/firefox/mozilla-common.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:44:16 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
firefox: Update to 81.0.1
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
To generate a diff of this commit:
cvs rdiff -u -r1.448 -r1.449 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.411 -r1.412 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:45:25 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox-l10n: Update to 81.0.1
* Sync with www/firefox-81.0.1.
To generate a diff of this commit:
cvs rdiff -u -r1.186 -r1.187 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 12 23:45:35 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 81.0.2
Release notes not available yet.
To generate a diff of this commit:
cvs rdiff -u -r1.449 -r1.450 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.412 -r1.413 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 20 20:15:30 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox-l10n: Makefile distinfo
pkgsrc/www/firefox/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.450 -r1.451 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.164 -r1.165 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.413 -r1.414 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.181 -r1.182 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.170 -r1.171 pkgsrc/www/firefox-l10n/distinfo
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Fri Oct 23 12:37:14 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
Log Message:
firefox: NetBSD/aarch64 build fix
To generate a diff of this commit:
cvs rdiff -u -r1.414 -r1.415 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 26 21:20:59 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-race_recurse.mk
Log Message:
firefox: backport upstream patch to fix a build race. This appears as
libmozgtk.so missing as well as the symbols it contains.
This affects pkgsrc-stable as well.
To generate a diff of this commit:
cvs rdiff -u -r1.415 -r1.416 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox/patches/patch-race_recurse.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 27 16:59:00 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: update to 82.0.1
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
To generate a diff of this commit:
cvs rdiff -u -r1.451 -r1.452 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.416 -r1.417 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 28 15:34:41 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 82.0.2
Fixed duplication of WebSocket messages in certain cases (bug 1673340)
To generate a diff of this commit:
cvs rdiff -u -r1.452 -r1.453 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.417 -r1.418 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.190 -r1.191 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/firefox-l10n/distinfo
Revision 1.165 / (download) - annotate - [select for diffs], Tue Oct 20 20:15:29 2020 UTC (3 years, 5 months ago) by maya
Branch: MAIN
Changes since 1.164: +266 -259
lines
Diff to previous 1.164 (colored) to selected 1.16 (colored)
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
Revision 1.164 / (download) - annotate - [select for diffs], Mon Sep 28 13:30:01 2020 UTC (3 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.163: +143 -85
lines
Diff to previous 1.163 (colored) to selected 1.16 (colored)
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you donãàÑÕ see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
FirefoxãàÑÔ new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* WeãàÑ×e fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files youãàÑ×e downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
Revision 1.163 / (download) - annotate - [select for diffs], Tue Aug 25 14:35:24 2020 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.162: +449 -428
lines
Diff to previous 1.162 (colored) to selected 1.16 (colored)
firefox: Update to 80.0
Changelog:
New
Firefox can now be set as the default system PDF viewer.
The name reported by accessibility tools for items in multi-tiered
tree controls no longer incorrectly includes information from
items at deeper levels, providing users with the correct level
of content when using a screen reader.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed including
a frequently encountered crash when using the JAWS screen
reader.
Firefox Developer Tools received significant fixes allowing
screen reader users to benefit from some of the tools that were
previously inaccessible.
SVG title and desc elements (labels and descriptions) are now
correctly exposed to assistive technology products such as
screen readers.
Changed
For users with reduced motion settings, we've reduced a number
of animations such as tab loading to reduce motion for users
with migraines and epilepsy.
The new add-ons blocklist has been enabled to improve performance
and scalability.
Enterprise
A number of bug fixes and new policies have been implemented
in the latest version of Firefox. You can see more details in
the Firefox for Enterprise 80 Release Notes.
Today's release is the final scheduled for Firefox 68 ESR
(68.12) unless there is a critical security issue found prior
to the release of Firefox ESR 78.3 on September 22, 2020. Users
of Firefox 68 ESR will be automatically upgraded to the Firefox
78 ESR series with the release of 78.3.
Developer
We've shipped an experimental sidebar panel in the inspector
to Firefox Developer Edition that helps developers more quickly
identify potential browser compatibility problems based on MDN
data.
In the Network Monitor request list, a turtle icon is shown
for "slow" requests that exceed a threshold for the waiting
time.
Firefox now supports RTX and Transport-cc for improved call
quality in poor network conditions and better bandwidth
estimation. These features also provide better compatibility
with many websites using WebRTC.
Security fixes:
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
#CVE-2020-15664: Attacker-induced prompt for extension installation
#CVE-2020-12401: Timing-attack on ECDSA signature generation
#CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
#CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
#CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
#CVE-2020-15666: MediaError message property leaks cross-origin response status
#CVE-2020-15667: Heap overflow when processing an update file
#CVE-2020-15668: Data Race when reading certificate information
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
Revision 1.162 / (download) - annotate - [select for diffs], Fri Jul 31 01:26:43 2020 UTC (3 years, 8 months ago) by maya
Branch: MAIN
Changes since 1.161: +87 -70
lines
Diff to previous 1.161 (colored) to selected 1.16 (colored)
firefox: update to 79.0
New
WeãàÑ×e rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.
Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you donãàÑÕ see them, you can turn on Pocket articles in your new tab by following these steps.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.
Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.
Enterprise
A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.
Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.
Developer
Developer Information
Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the DebuggerãàÑÔ call stack, but also for stack traces in Console errors and Network initiators.
Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.
JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.
Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.
Inspecting accessibility properties from the browser context menu is now available to all users by default.
Revision 1.161 / (download) - annotate - [select for diffs], Wed Jul 1 13:01:01 2020 UTC (3 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.160: +64 -22
lines
Diff to previous 1.160 (colored) to selected 1.16 (colored)
firefox: Update to 78.0
* Some dependency changes.
* Wayland and webcam may not work.
Changelog: New
The Protections Dashboard includes consolidated reports about
tracking protection, data breaches, and password management.
New features let you:
Track how many breaches youãàÑ×e resolved right from the
dashboard
See if any of your saved passwords may have been exposed
in a data breach
To view your dashboard, type about:protections into the address
bar, or select ãà×±rotections Dashboardãàfrom the main menu.
Because we know people try to fix problems by reinstalling
Firefox when a simple refresh is more likely to solve the issue,
weãàÑ×e added a Refresh button to the Uninstaller.
With this release, your screen saver will no longer interrupt
WebRTC calls on Firefox, making conference and video calling
in Firefox better.
WeãàÑ×e rolled out WebRender to Windows users with Intel GPUs,
bringing improved graphics performance to an even larger
audience.
Firefox 78 is also our Extended Support Release (ESR), where
the changes made over the course of the previous 10 releases
will now roll out to our ESR users. Some of the highlights are:
Kiosk mode
Client certificates
Service Worker and Push APIs are now enabled
The Block Autoplay feature is enabled
Picture-in-picture support
View and manage web certificates in about:certificate
Pocket recommendations, featuring some of the best stories on
the web, will now appear on the Firefox new tab for 100% of
our users in the UK. If you donãàÑÕ see them, you can turn on
Pocket articles in your new tab, follow these steps.
Fixed
Various security fixes.
We fixed bugs in the search results quality composition and
improved search result texts based on recommendations by our
partners.
Changed
The minimal system requirements on Linux have been updated.
Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14
or newer versions.
As part of our ongoing effort to deprecate obsolete cryptography,
we have disabled all remaining DHE-based TLS ciphersuites by
default.
To mitigate web compatibility issues from disabling DHE-based
TLS ciphersuites, Firefox 78 enables two more AES-GCM
SHA2-based ciphersuites.
We have disabled TLS 1.0 and TLS 1.1 to improve your website
connections. Sites that don't support TLS version 1.2 will now
show an error page.
The context menu (accessed by right clicking on a tab) lets
you undo multiple tab closings with a single click and places
Close Tabs to the Right and Close Other Tabs in a submenu.
A number of accessibility improvements have been made with this
release.
When using the JAWS screen reader, pressing the down arrow
in an HTML input control with a datalist no longer incorrectly
moves the cursor to the next element after the input control.
Screen readers no longer severely lag or freeze when focusing
the microphone/camera/screen sharing indicator.
Large tables with thousands of rows now load much faster
for screen reader users.
Text input controls with custom styling now correctly show
the focus outline when appropriate.
Screen readers no longer sometimes incorrectly switch to
document browsing mode unexpectedly when the user enters
the main Developer Tools window.
We reduced a number of animations such as tab hover, search
bar expansion, and others to reduce motion for users with
migraines and epilepsy.
Enterprise
Enable support for client certificates stored on macOS and
Windows by setting the experimental preference
security.osclientcerts.autoload to true.
New policies allow you to configure application handlers,
disable picture in picture, and require a master password,
which will be renamed to ãàÏÑrimary passwordãàin future releases.
More details in the Firefox for Enterprise 78 release notes
Security fixes:
Not available yet.
Revision 1.160 / (download) - annotate - [select for diffs], Wed Jun 3 09:00:24 2020 UTC (3 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.159: +187 -112
lines
Diff to previous 1.159 (colored) to selected 1.16 (colored)
firefox: Update to 77.0
Changelog:
New
Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you donãàÑÕ see them, you can turn on Pocket articles in your new tab, follow these steps.
WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440).
You can view and manage web certificates more easily on the new about:certificate page.
Fixed
Various security fixes.
A number of features have been fixed to improve Firefox accessibility.
The applications list in Firefox Options is now accessible to screen reader users.
Some live regions previously didn't report updated text with the JAWS screen reader. This issue has been fixed.
Date/time inputs are now no longer missing labels for users of accessibility tools.
Changed
The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page
Security fixes:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript type confusion with NativeTypes
#CVE-2020-12407: WebRender leaking GPU memory when using border-image CSS directive
#CVE-2020-12408: URL spoofing when using IP addresses
#CVE-2020-12409: URL spoofing with unicode characters
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
#CVE-2020-12411: Memory safety bugs fixed in Firefox 77
Revision 1.159 / (download) - annotate - [select for diffs], Wed May 6 01:00:08 2020 UTC (3 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.158: +133 -155
lines
Diff to previous 1.158 (colored) to selected 1.16 (colored)
firefox: Update to 76.0
Changelog:
New
With todayãàÑÔ release, Firefox strengthens protections for your
online account logins and passwords, with innovative approaches
to managing your accounts during this critical time:
Firefox displays critical alerts in the Lockwise password
manager when a website is breached;
If one of your accounts is involved in a website breach
and you've used the same password on other websites, you
will now be prompted to update your password. A key icon
identifies which accounts use that vulnerable password.
Automatically generate secure, complex passwords for new
accounts across more of the web that are easily saved right
in the browser;
You have been able to access and see your saved passwords
under Logins and Passwords easily under the main menu. If
your device happens to be shared among your family or
roommates, the latest update helps to prevent casual snooping
over your shoulder. If you donãàÑÕ have a master password
set up for Firefox, Windows and macOS now requires a login
to your operating system account before showing your saved
passwords.
Picture-in-Picture allows you to multitask, the small video
window following along no matter what you are doing on your
computer, across different applications and even workspaces.
Now, when you are ready to focus on the video, a double click
can take the small window into full screen. Double click again
to reduce the size again.
Firefox now supports Audio Worklets that will allow more complex
audio processing like VR and gaming on the web; and is being
adopted by some of your favorite software programs.
With this change, you can now join Zoom calls on Firefox
without the need for any additional downloads.
WebRender continues its roll out to more Firefox for Windows
users, now available by default on modern Intel laptops with
a small screen (<= 1920x1200) for improved graphics rendering.
Fixed
Various security fixes
Changed
Two updates to the address bar improve its usability and
visibility:
The shadow around the address bar field is reduced in width
when a new tab is opened;
The bookmarks toolbar has expanded slightly in size to
improve its surface area for touchscreens.
Security fixes:
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
#CVE-2020-12389: Sandbox escape with improperly separated process types
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12390: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
#CVE-2020-12391: Content-Security-Policy bypass using object elements
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12394: URL spoofing in location bar when unfocussed
#CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
#CVE-2020-12396: Memory safety bugs fixed in Firefox 76
Revision 1.158 / (download) - annotate - [select for diffs], Thu Apr 9 14:01:26 2020 UTC (4 years ago) by ryoon
Branch: MAIN
Changes since 1.157: +82 -58
lines
Diff to previous 1.157 (colored) to selected 1.16 (colored)
firefox: Update to 75.0
Changelog:
New
With today's release, a number of improvements will help you
search smarter, faster. Type less and find more with Firefox's
revamped address bar:
Focused, clean search experience that's optimized for
smaller laptop screens
Top sites now appear when you select the address
Improved readability of search suggestions with a focus on
new search terms
Suggestions include solutions to common Firefox issues
On Linux, the behavior when clicking on the Address Bar
and the Search Bar now matches other desktop platforms: a
single click selects all without primary selection, a double
click selects a word, and a triple click selects all with
primary selection
Firefox will locally cache all trusted Web PKI Certificate
Authority certificates known to Mozilla. This will improve
HTTPS compatibility with misconfigured web servers and improve
security.
Firefox is now available in Flatpak, an easier way to install
and use Firefox on Linux.
Direct Composition is being integrated for our users on Windows
to help improve performance and enable our ongoing work to ship
WebRender on Windows 10 laptops with Intel graphics cards.
Fixed
Various security fixes
Enterprise
Experimental support for using client certificates from the OS
certificate store can be enabled on macOS by setting the
preference security.osclientcerts.autoload to true.
Enterprise policies may be used to exclude domains from being
resolved via TRR (Trusted Recursive Resolver) using DNS over
HTTPS.
Developer
Developer Information
Save bandwidth and reduce browser memory by using the loading
attribute on the <img> element. The default "eager" value loads
images immediately, and the "lazy" value delays loading until
the image is within range of the viewport.
Instant evaluation for Console expressions lets developers
identify and fix errors more rapidly than before. As long as
expressions typed into the Web Console are side-effect free,
their results will be previewed while you type.
Security fixes:
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6823: Malicious Extension could obtain auth codes from OAuth login flows
#CVE-2020-6824: Generated passwords may be identical on the same site between separate private browsing sessions
#CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
#CVE-2020-6826: Memory safety bugs fixed in Firefox 75
Revision 1.157 / (download) - annotate - [select for diffs], Fri Mar 27 00:24:20 2020 UTC (4 years ago) by gutteridge
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.156: +2 -1
lines
Diff to previous 1.156 (colored) to selected 1.16 (colored)
firefox: fix 74.0 debug build packaging
Revision 1.156 / (download) - annotate - [select for diffs], Sat Mar 14 04:49:16 2020 UTC (4 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.155: +58 -131
lines
Diff to previous 1.155 (colored) to selected 1.16 (colored)
firefox: Update to 74.0
* Follow HOMEPAGE redirect
Changelog:
New
Your login management has improved with the ability to reverse
alpha sort (Name Z-A) in Lockwise, which you can access under
Logins and Passwords.
Firefox now makes importing your bookmarks and history from
the new Microsoft Edge browser on Windows and Mac simple.
Add-ons installed by external applications can now be removed
using the Add-ons Manager (about:addons). Going forward, only
users can install add-ons; they cannot be installed by an
application.
Facebook Container prevents Facebook from tracking you around
the web - Facebook logins, likes, and comments are automatically
blocked on non-Facebook sites. But when we need an exception,
you can now create one by adding custom sites to the Facebook
Container.
Firefox now provides better privacy for your web voice and
video calls through support for mDNS ICE by cloaking your
computerãàÑÔ IP address with a random ID in certain WebRTC
scenarios.
Fixed
Various security fixes.
We have fixed issues involving pinned tabs such as being lost.
You should also no longer see them reorder themselves.
Security fixes:
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6808: URL Spoofing via javascript: URL
#CVE-2020-6809: Web Extensions with the all-urls permission could access local files
#CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
#CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
#CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74
Revision 1.155 / (download) - annotate - [select for diffs], Wed Feb 26 20:55:43 2020 UTC (4 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.154: +3 -3
lines
Diff to previous 1.154 (colored) to selected 1.16 (colored)
firefox: fix PLIST on linux. A bunch of files that are mysteriously not on linux, and a bunch of files that are mysteriously OS-specific (probably missing "else"). And a sandboxing library.
Revision 1.154 / (download) - annotate - [select for diffs], Wed Feb 12 16:36:50 2020 UTC (4 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.153: +89 -106
lines
Diff to previous 1.153 (colored) to selected 1.16 (colored)
firefox: Update to 73.0
Changelog:
New
Today's Firefox release includes two features that help users
view and read website content more easily, quickly. Like all
accessibility improvements, these features improve browsing
for everyone.
Firefox has offered a page zoom feature for more than a
decade that allows users to set the zoom level on a per-site
basis. For users who need to zoom most websites, having to
adjust zoom for each new site can be an annoyance. To
address this, we have implemented a new global default zoom
level setting. This option is available in about:preferences
under "Language and Appearance" and can be scaled up or
down from 100% as needed and sets the default zoom level
for all sites. Per-site zoom is still available to make
adjustments to individual sites as needed.
Many users with low vision rely on Windows' High Contrast
Mode to make websites more readable. Traditionally, to
increase the readability of text, Firefox has disabled
background images when High Contrast Mode is enabled. With
today's release of Firefox 73, we introduce a "readability
backplate" solution which places a block of background
color between the text and background image. Now, websites
in High Contrast Mode are more readable without disabling
background images.
Fixed
Various security fixes.
Improved audio quality when playing back audio at a faster or
slower speed.
Firefox will now only prompt you to save logins if a field in
a login form was modified.
Changed
WebRender will roll out to laptops with Nvidia graphics cards
with drivers newer than 432.00, and screen sizes smaller than
1920x1200
Security fixes:
#CVE-2020-6796: Missing bounds check on shared memory read in the parent process
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
#CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
#CVE-2020-6801: Memory safety bugs fixed in Firefox 73
Revision 1.153 / (download) - annotate - [select for diffs], Sat Jan 11 20:38:32 2020 UTC (4 years, 3 months ago) by gutteridge
Branch: MAIN
Changes since 1.152: +2 -2
lines
Diff to previous 1.152 (colored) to selected 1.16 (colored)
firefox: update PLIST.debug for 72.0.1 One file name changed amongst the extra files generated when the full debugging option is set.
Revision 1.152 / (download) - annotate - [select for diffs], Thu Jan 9 15:06:28 2020 UTC (4 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.151: +243 -170
lines
Diff to previous 1.151 (colored) to selected 1.16 (colored)
firefox: Update to 72.0.1
Changelog:
72.0.1
Security fixes:
#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
72.0
New
FirefoxãàÑÔ Enhanced Tracking Protection marks a major new
milestone in our battle against cross-site tracking: we now
block fingerprinting scripts by default for all users, taking
a new bold step in the fight for our usersãàprivacy.
Firefox replaces annoying notification request pop-ups with a
more delightful experience, by default for all users. The
pop-ups no longer interrupt your browsing, in its place, a
speech bubble will appear in the address bar when you interact
with the site.
Picture-in-picture video is now also available in Firefox for
Mac and Linux: Select the blue icon from the right edge of a
video to pop open a floating window so you can keep watching
while working in other tabs or apps. Learn how the feature
works.
Security fixes:
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
#CVE-2019-17019: Python files could be inadvertently executed upon opening a download
#CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent
#CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
#CVE-2019-17025: Memory safety bugs fixed in Firefox 72
Revision 1.151 / (download) - annotate - [select for diffs], Mon Jan 6 07:53:53 2020 UTC (4 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.150: +2 -2
lines
Diff to previous 1.150 (colored) to selected 1.16 (colored)
firefox: Fix pasto, remove 68 suffix
Revision 1.150 / (download) - annotate - [select for diffs], Sun Jan 5 17:55:22 2020 UTC (4 years, 3 months ago) by nia
Branch: MAIN
Changes since 1.149: +2 -1
lines
Diff to previous 1.149 (colored) to selected 1.16 (colored)
*: Enable Wayland where supported in GTK and Firefox. Bump PKGREVISIONs
Revision 1.149 / (download) - annotate - [select for diffs], Tue Dec 3 14:21:20 2019 UTC (4 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.148: +122 -117
lines
Diff to previous 1.148 (colored) to selected 1.16 (colored)
Update to 71.0
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
Revision 1.148 / (download) - annotate - [select for diffs], Sat Nov 2 19:45:46 2019 UTC (4 years, 5 months ago) by gutteridge
Branch: MAIN
Changes since 1.147: +2 -1
lines
Diff to previous 1.147 (colored) to selected 1.16 (colored)
firefox: update PLIST to include new file when DEBUG is enabled
Revision 1.147 / (download) - annotate - [select for diffs], Mon Oct 28 13:03:27 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.146: +481 -265
lines
Diff to previous 1.146 (colored) to selected 1.16 (colored)
Update to 70.0
* Offline build is incomplete. However I cannot finish the fix.
Changelog:
New
More privacy protections from Enhanced Tracking Protection:
Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.
More security protections from Firefox Lockwise, our digital identity and password management tool:
Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsersãà
Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
Complex password generation, to help you create and save strong passwords for new online accounts.
Improvements to core engine components, for better browsing on more sites
A faster Javascript Baseline Interpreter to handle the modern webÑÔ
large codebases and improve page load performance by as much as 8
percent.
WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
Compositor improvements in Firefox for macOS that reduce power
consumption, speed up page load by as much as 22 percent, and reduce
resource use for video by up to 37 percent.
More browser features to help you get the most out of Firefox products and services
A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
When a website uses your geolocation, an indicator is shown in the
address bar.
Fixed
Various security fixes
Changed
Built-in Firefox pages now follow the system dark mode preference
Aliased theme properties have been removed, which may affect some themes
Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
Improved privacy and security indicators
A new crossed-out lock icon will indicate sites delivered via
insecure HTTP
The formerly green lock icon is now grey
The Extended Validation (EV) indicator has been moved to the identity
popup that appears when clicking the lock icon
Security fixes:
#CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11765: Incorrect permissions could be granted to a website
#CVE-2019-17000: CSP bypass using object tag with data: URI
#CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
#CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Revision 1.146 / (download) - annotate - [select for diffs], Fri Oct 4 12:43:20 2019 UTC (4 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.145: +19 -1
lines
Diff to previous 1.145 (colored) to selected 1.16 (colored)
Update to 69.0.2
Changelog:
Fixed
Fixed a crash when editing files on Office 365 websites (bug 1579858)
Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)
Revision 1.145 / (download) - annotate - [select for diffs], Sat Sep 21 07:25:50 2019 UTC (4 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.144: +2 -1
lines
Diff to previous 1.144 (colored) to selected 1.16 (colored)
Update to 69.0.1
Changelog:
Fixed
Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
Fixed missing stacks in the Developer Tools Performance section (bug 1578354)
Security and stability fixes
irefox 69.0.1
Security fixes:
#CVE-2019-11754: Pointer Lock is enabled with no user notification
Revision 1.144 / (download) - annotate - [select for diffs], Sat Sep 7 03:41:42 2019 UTC (4 years, 7 months ago) by gutteridge
Branch: MAIN
Changes since 1.143: +2 -2
lines
Diff to previous 1.143 (colored) to selected 1.16 (colored)
firefox: fix build when webrtc option is not enabled PeerConnectionIdp.jsm is installed universally, not just when webrtc is an enabled option.
Revision 1.143 / (download) - annotate - [select for diffs], Fri Sep 6 03:00:23 2019 UTC (4 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.142: +166 -548
lines
Diff to previous 1.142 (colored) to selected 1.16 (colored)
Update to 69.0
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new ãàׯew Tabãàpage experience that connects you to the best of PocketãàÑÔ content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, youãàÑÍl see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Revision 1.142 / (download) - annotate - [select for diffs], Fri Aug 16 14:04:18 2019 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.141: +21 -15
lines
Diff to previous 1.141 (colored) to selected 1.16 (colored)
Update to 68.0.2
Changelog:
Fixed
Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Security fixes
#CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry
Revision 1.141 / (download) - annotate - [select for diffs], Thu Jul 11 11:32:40 2019 UTC (4 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.140: +887 -630
lines
Diff to previous 1.140 (colored) to selected 1.16 (colored)
Update to 68.0
Changelog:
New
Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
Improved extension security and discovery:
New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommendedãàbadges for these extensions also appear on AMO. More extensions will be added over time.
Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.
WebRender will roll out to Windows 10 users with AMD graphics cards.
Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.
Fixed
Various security fixes
Local files can no longer access other files in the same directory.
Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
Revision 1.140 / (download) - annotate - [select for diffs], Mon May 27 05:57:40 2019 UTC (4 years, 10 months ago) by gutteridge
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.139: +10 -1
lines
Diff to previous 1.139 (colored) to selected 1.16 (colored)
firefox: amend PLIST to reflect option "debug" Fix packaging when the "debug" option is enabled, which generates nine extra files.
Revision 1.139 / (download) - annotate - [select for diffs], Wed May 22 13:32:51 2019 UTC (4 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.138: +334 -275
lines
Diff to previous 1.138 (colored) to selected 1.16 (colored)
Update to 67.0
Changelog:
New
Firefox 67 demonstrates improved performance thanks to a number of changes such as:
Lowering priority of setTimeout during page load
Delayed component initialization until after start up
Painting sooner during page load but less often
Suspending unused tabs
Learn more about our approach to performance in 67 in the Mozilla blog.
Users can block known cryptominers and fingerprinters in the Custom settings of their Content Blocking preferences.
Keyboard accessibility has improved in the latest version of Firefox. Toolbar and toolbar overflow menu are both fully keyboard accessible: keyboard users can now access add-ons, the downloads panel, the overflow, Page actions and Firefox menus, and much more.
Private Browsing sees both usability and security improvements:
Save passwords in private browsing mode
Choose which extensions to exclude from private tabs
A myriad of new features help make Firefox easier to use:
WeãàÑ×e added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
Tabs can now be pinned from the Page Actions menu in the address bar
Firefox will highlight useful features (like Pin Tabs) when users are most likely to benefit from them.
Easier access to your list of saved logins from the main menu and login autocomplete. Learn about all the ways you can manage your passwords in Firefox.
The Import Data from Another Browser feature is now also available from the File menu
Users will be able to run different Firefox installs side by side by default so that you can run the beta and release versions simultaneously
Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues
Firefox is upgrading to the newer, higher performance, AV1 decoder known as ãàÏÅav1dãà
WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards
MozillaãàÑÔ highest performing JavaScript compiler now supports ARM64 Windows devices.
Enable FIDO U2F API, and permit registrations for Google Accounts
Some users will see experiments with an improved Pocket experience in Firefox Home with different layouts and more topical content.
Fixed
Various security fixes
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-9821: Use-after-free in AssertWorkerThread
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11695: Custom cursor can render over user interface outside of web content
#CVE-2019-11t .JNLP files are not recognized as executable files for download prompts
#CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to andsulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.
#CVE-2019-11700: res: protocol can be used to open known local files
#CVE-2019-11699: Incorrect domain name highlighting during page navigation
#CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
#CVE-2019-9814: Memory safety bugs fixed in Firefox 67
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
Revision 1.138 / (download) - annotate - [select for diffs], Tue Mar 19 16:11:27 2019 UTC (5 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.137: +143 -76
lines
Diff to previous 1.137 (colored) to selected 1.16 (colored)
Update to 66.0
Changelog:
New
Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.
Improved search experience:
Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu
Easier search via a redesigned new tab in Private Windows
Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page
Improved performance and better user experience for extensions:
Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster
A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts
Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software
Added basic support for macOS Touch Bar
Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content
Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1]
Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication
Fixed
The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10
Linux users: Resolved an issue that caused Firefox to freeze when downloading files
Various security fixes
Changed
System title bar is hidden by default to match Gnome guideline for Linux users
Developer
DevTools Inspector is now fully usable when the Debugger is paused
Lowered priority of setTimeout and setInterval during page load to improve overall page load performance
Fixed: <button> element is no longer special cased in event dispatch, per latest specifications
Security fixes:
Not available yet.
Revision 1.137 / (download) - annotate - [select for diffs], Tue Feb 26 12:14:12 2019 UTC (5 years, 1 month ago) by rin
Branch: MAIN
Changes since 1.136: +3 -3
lines
Diff to previous 1.136 (colored) to selected 1.16 (colored)
Add support for NetBSD/aarch64 and arm. This includes patches for third_party/rust/libc 2.43, which requires hack to overwrite checksum fields in .cargo-checksum.json. These will become unnecessary if libc >= 2.45 is imported. For aarch64, - python locks up randomly when "make configure"; see lib/54017: http://gnats.netbsd.org/54017 - nodejs randomly(?) crashes sometimes. However, if you are luckly enough ;-), you will have a working binary. Bump revision.
Revision 1.136 / (download) - annotate - [select for diffs], Tue Jan 29 16:28:22 2019 UTC (5 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.135: +165 -177
lines
Diff to previous 1.135 (colored) to selected 1.16 (colored)
Updatet to 65.0
Changelog:
New
Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small ãà×Êãàicon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.
A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.
Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.
A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about MozillaãàÑÔ contribution to this new open standard.
Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.
Fixed
Various security fixes.
Changed
Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.
Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).
Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.
Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.
Security fixes:
Not available yet.
Revision 1.135 / (download) - annotate - [select for diffs], Fri Dec 14 10:21:27 2018 UTC (5 years, 4 months ago) by prlw1
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.134: +2 -1
lines
Diff to previous 1.134 (colored) to selected 1.16 (colored)
Fix build with webrtc option. http://mail-index.netbsd.org/pkgsrc-users/2018/11/10/msg027658.html
Revision 1.134 / (download) - annotate - [select for diffs], Wed Dec 12 14:08:50 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.133: +386 -438
lines
Diff to previous 1.133 (colored) to selected 1.16 (colored)
Update to 64.0
Changelog:
New
Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)
Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily
Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power
Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)
More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu
Added option to remove add-ons using the context menu on their toolbar buttons
New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments
Fixed
Various security fixes
Changed
RSS feed preview and live bookmarks are available only via add-ons
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.
about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com
The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of [apple]-enter
Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Revision 1.133 / (download) - annotate - [select for diffs], Sun Nov 4 00:38:44 2018 UTC (5 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.132: +916 -565
lines
Diff to previous 1.132 (colored) to selected 1.16 (colored)
Update to 63.0.1
* Minimize pkgsrc specific patches.
* A build system written in Rust lang does not find a C++ header files
from pkgsrc (non-base) GCC, this version is not buildable on NetBSD 7.
I will investigate this problem again.
Changelog:
63.0.1
Fixed
Snippets are not loaded due to missing element (bug 1503047)
Print preview always shows 30% scale when it is actually Shrink To Fit
(bug 1501952)
Dialog displayed when closing multiple windows shows unreplaced %1$S
placeholder in Japanese and potentially other locales (bug 1500823)
63.0
New
Performance and visual improvements for Windows users
Performance improvements for macOS users
Added content blocking, a collection of Firefox settings that offer
users greater control over technology that can track them around the
web. In 63, users can opt to block third-party tracking cookies or
block all trackers and create exceptions for trusted sites that don't
work correctly with content blocking enabled.
WebExtensions now run in their own process on Linux
Firefox now warns about having multiple windows and tabs open
when quitting from the main menu. The Save and Quit feature has been
removed. You can restore your session by ticking the box for Restore
previous session in the General->Startup options or by using Restore
Previous Session in the main menu.
Firefox now recognizes the operating system accessibility setting for
reducing animation
Added search shortcuts for Top Sites: Amazon and Google appear as Top
Sites tiles on the Firefox Home (New Tab) page. When selected these
tiles will change focus to the address bar to initiate a search.
Currently in US only.
Fixed
Resolved an issue that prevented the address bar from autofilling
bookmarked URLs in certain cases
Various security fixes
Changed
In the Library, the Open in Sidebar feature for individual bookmarks
was removed
The option to Never check for updates was removed from about:preferences.
You can use the DisableAppUpdate enterprise policy as a substitute.
The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and
cycles through tabs in recently used order. This new default behavior
is activated only in new profiles and can be changed in preferences.
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
#CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
#CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
#CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
#CVE-2018-12399: Spoofing of protocol registration notification bar
#CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
#CVE-2018-12401: DOS attack through special resource URI parsing
#CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
#CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
#CVE-2018-12388: Memory safety bugs fixed in Firefox 63
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Revision 1.132 / (download) - annotate - [select for diffs], Thu Sep 6 03:30:51 2018 UTC (5 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.131: +6 -4
lines
Diff to previous 1.131 (colored) to selected 1.16 (colored)
Restore conditional PLIST Noticed by Marc Baudoin.
Revision 1.131 / (download) - annotate - [select for diffs], Wed Sep 5 15:29:58 2018 UTC (5 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.130: +661 -161
lines
Diff to previous 1.130 (colored) to selected 1.16 (colored)
Update to 62.0
Changelog:
New
Firefox Home (the default New Tab) now allows users to display up to
4 rows of top sites, Pocket stories, and highlights
"Reopen in Container" tab menu option appears for users with Containers
that lets them choose to reopen a tab in a different container
In advance of removing all trust for Symantec-issued certificates in
Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
Added FreeBSD support for WebAuthn
Improved graphics rendering for Windows users without accelerated hardware
using Parallel-Off-Main-Thread Painting
Support for CSS Shapes, allowing for richer web page layouts. This goes
hand in hand with a brand new Shape Path Editor in the CSS inspector.
CSS Variable Fonts (OpenType Font Variations) support, which makes it
possible to create beautiful typography with a single font file
Updates for enterprise environments:
AutoConfig is sandboxed to the documented API by default. You
can disable the sandbox by setting the preference
general.config.sandbox_enabled to false. Our long term plan is to
remove the ability to turn off the sandboxing. If you need to
continue to use more complex AutoConfig scripts, you will need to use
Firefox Extended Support Release (ESR).
Added Canadian English (en-CA) locale
Changed
Removed the description field for bookmarks. Users who have stored
descriptions using the field may wish to export these descriptions
as html or json files, as they will be removed in a future release.
Dark theme is automatically enabled in macOS 10.14 dark mode
Changed the default setting to Enforce (3) for the
security.pki.name_matching_mode preference
Adobe Flash applets now run in a more secure mode using process
sandboxing on macOS. Learn how this may affect features here.
Users disconnecting from Sync are now offered the option to wipe
their Firefox profile data (including bookmarks, passwords, history,
cookies, and site data) from their desktop computer
Changed how WebRTC handles screen sharing: When screen-sharing a window,
the window will be brought to front
Developer
Three-pane Inspector in Developer Tools separates the rules into its own
panel
Revision 1.130 / (download) - annotate - [select for diffs], Sat Aug 11 18:45:16 2018 UTC (5 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.129: +1 -5
lines
Diff to previous 1.129 (colored) to selected 1.16 (colored)
Update to 61.0.2
Changelog:
New
Adds support for automatically restoring your Firefox session
after Windows restarts. Currently, this feature is not enabled
by default for most users, but will be gradually enabled over
the coming weeks.
Fixed
Improved website rendering with the Retained Display List
feature enabled (Bug 1474402)
Fixed broken DevTools panels with certain extensions installed
(Bug 1474379)
Fixed a crash for users with some accessibility tools enabled
(Bug 1474007)
Revision 1.129 / (download) - annotate - [select for diffs], Thu Jun 28 13:52:37 2018 UTC (5 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.128: +383 -376
lines
Diff to previous 1.128 (colored) to selected 1.16 (colored)
Update to 61.0
Changelog:
New
Enhanced performance:
Faster page rendering with Quantum CSS improvements and the new
retained display list feature
Faster switching between tabs on Windows and Linux
WebExtensions now run in their own process on MacOS
Convenient access to more search engines: You can now add search engines
to the address bar "Search with" tool from the page action menu when on
a webpage that provides an OpenSearch plugin
Share links from Firefox for MacOS more easily: You can now share the URL
of an active tab from the page actions menu in the address bar
Improved security:
On-by-default support for the latest draft of the TLS 1.3 specification
Access to FTP subresources inside http(s) pages has been blocked
A more consistent user experience: Improvements for dark theme support
across the entire Firefox user interface
More customization for tab management: added support to allow WebExtensions
to hide tabs
Improved bookmark syncing
Fixed
Various security fixes
Changed
The settings for customizing your homepage and new tab page in Firefox
have been added to a new Preferences section that can be accessed from
Firefox at about:preferences#home. The settings can also be accessed via
the gear icon on the New Tab page.
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12358: Same-origin bypass using service worker and redirection
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
#CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View
#CVE-2018-5186: Memory safety bugs fixed in Firefox 61
#CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Revision 1.128 / (download) - annotate - [select for diffs], Thu May 10 20:01:53 2018 UTC (5 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.127: +150 -132
lines
Diff to previous 1.127 (colored) to selected 1.16 (colored)
Update to 60.0
* Remove untested patches including NetBSD/earm support
Changelog:
New
Added a policy engine that allows customized Firefox deployments in
enterprise environments, using Windows Group Policy or a cross-platform
JSON file
Enhancements to New Tab / Firefox Home
Responsive layout that shows more content for users with wide-screen
displays
Highlights section includes web sites saved to Pocket
More options to reorder sections and content on the page
Pocket Sponsored Stories will appear for a percentage of users in
the US. Read about our privacy-conscious approach to sponsored content
Redesigned Cookies and Site Storage section in Preferences for greater
clarity and control of first- and third-party cookies
Applied Quantum CSS to render browser UI
Added support for Web Authentication API, which allows USB tokens for
website authentication
Enhanced camera privacy indicators: Firefox now turns off your camera
and the camera's light when you disable video recording, and turns
the camera and light on when you resume recording
Added an option for Linux users to show or hide page titles in a bar
at the top of the browser. You'll find the Title Bar option in the
Customize panel available from the main browser menu.
Improved WebRTC audio performance and playback for Linux users
Locale added: Occitan (oc)
Fixed
Various security fixes
Changed
#CVE-2018-5154: Use-after-free with SVG animations and clip paths
#CVE-2018-5155: Use-after-free with SVG animations and text paths
#CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
#CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
#CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
#CVE-2018-5160: Uninitialized memory use by WebRTC encoder
#CVE-2018-5152: WebExtensions information leak through webRequest API
#CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
#CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
#CVE-2018-5164: CSP not applied to all multipart content sent with
multipart/x-mixed-replace
#CVE-2018-5166: WebExtension host permission bypass through filterReponseData
#CVE-2018-5167: Improper linkification of chrome: and javascript: content
in web console and JavaScript debugger
#CVE-2018-5168: Lightweight themes can be installed without user interaction
#CVE-2018-5169: Dragging and dropping link text onto home button can set home
page to include chrome pages
#CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks
page or PDF viewer
#CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
#CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
#CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in
their policies
#CVE-2018-5176: JSON Viewer script injection
#CVE-2018-5177: Buffer overflow in XSLT during number formatting
#CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in
32-bit Firefox
#CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
#CVE-2018-5181: Local file can be displayed in noopener tab through drag and
drop of hyperlink
#CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped
on addressbar
#CVE-2018-5151: Memory safety bugs fixed in Firefox 60
#CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
Revision 1.125.2.2 / (download) - annotate - [select for diffs], Thu Mar 22 06:56:21 2018 UTC (6 years, 1 month ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.125.2.1: +91 -79
lines
Diff to previous 1.125.2.1 (colored) to branchpoint 1.125 (colored) next main 1.126 (colored) to selected 1.16 (colored)
Pullup ticket #5728 - requested by maya
devel/nspr: dependency update
devel/nss: dependency update
www/firefox-l10n: dependent update
www/firefox: security update
Revisions pulled up:
- devel/nspr/Makefile 1.94-1.95
- devel/nspr/distinfo 1.48-1.49
- devel/nspr/patches/patch-az deleted
- devel/nspr/patches/patch-nspr_pr_include_md___pth.h 1.1
- devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c 1.1
- devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h deleted
- devel/nss/Makefile 1.146,1.148
- devel/nss/PLIST 1.24
- devel/nss/distinfo 1.81,1.83
- devel/nss/patches/patch-nss_lib_freebl_config.mk deleted
- devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h deleted
- www/firefox-l10n/Makefile 1.121-1.123
- www/firefox-l10n/distinfo 1.111-1.113
- www/firefox/Makefile 1.320-1.321,1.324
- www/firefox/PLIST 1.127
- www/firefox/distinfo 1.307-1.309
- www/firefox/mozilla-common.mk 1.105-1.106
- www/firefox/patches/patch-aa 1.56
- www/firefox/patches/patch-build_gyp.mozbuild 1.8
- www/firefox/patches/patch-build_moz.configure_keyfiles.configure 1.5
- www/firefox/patches/patch-build_moz.configure_memory.configure deleted
- www/firefox/patches/patch-config_baseconfig.mk deleted
- www/firefox/patches/patch-config_external_moz.build 1.17
- www/firefox/patches/patch-dom_media_moz.build 1.9
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.8
- www/firefox/patches/patch-gfx_skia_moz.build 1.15
- www/firefox/patches/patch-gfx_thebes_moz.build 1.9
- www/firefox/patches/patch-media_libcubeb_gtest_moz.build 1.2
- www/firefox/patches/patch-media_libtheora_moz.build 1.8
- www/firefox/patches/patch-media_libvorbis_moz.build 1.4
- www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc 1.1
- www/firefox/patches/patch-modules_libpref_init_all.js 1.7
- www/firefox/patches/patch-modules_pdfium_update.sh 1.2
- www/firefox/patches/patch-netwerk_dns_moz.build 1.8
- www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c deleted
- www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c deleted
- www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs deleted
- www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json 1.1
- www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs 1.1
- www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h deleted
- www/firefox/patches/patch-toolkit_moz.configure 1.10
- www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp deleted
- www/firefox/patches/patch-xpcom_build_BinaryPath.h 1.3-1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:21:43 UTC 2018
Modified Files:
pkgsrc/devel/nspr: Makefile distinfo
Added Files:
pkgsrc/devel/nspr/patches: patch-nspr_pr_include_md___pth.h
patch-nspr_pr_src_pthreads_ptthread.c
Removed Files:
pkgsrc/devel/nspr/patches: patch-az patch-nsprpub_pr_include_md__pth.h
Log Message:
Update to 4.18
Changelog:
NSPR 4.18 contains the following changes:
- removed HP-UX DCE threads support
- improvements for the Windows implementation of PR_SetCurrentThreadName
- fixes for the Windows implementation of TCP Fast Open
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/devel/nspr/distinfo
cvs rdiff -u -r1.4 -r0 pkgsrc/devel/nspr/patches/patch-az
cvs rdiff -u -r0 -r1.1 \
pkgsrc/devel/nspr/patches/patch-nspr_pr_include_md___pth.h \
pkgsrc/devel/nspr/patches/patch-nspr_pr_src_pthreads_ptthread.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/devel/nspr/patches/patch-nsprpub_pr_include_md__pth.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:06:18 UTC 2018
Modified Files:
pkgsrc/devel/nspr: Makefile distinfo
Log Message:
Update to 4.29
Changelog:
NSPR 4.19 contains the following changes:
- changed order of shutdown cleanup to avoid a crash on Mac OSX
- build compatibility with Android NDK r16 and glibc 2.26
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/nspr/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/nspr/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:23:52 UTC 2018
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Removed Files:
pkgsrc/devel/nss/patches: patch-nss_lib_freebl_config.mk
patch-nss_lib_freebl_verified_kremlib.h
Log Message:
Update to 3.35
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.80 -r1.81 pkgsrc/devel/nss/distinfo
cvs rdiff -u -r1.2 -r0 \
pkgsrc/devel/nss/patches/patch-nss_lib_freebl_config.mk
cvs rdiff -u -r1.1 -r0 \
pkgsrc/devel/nss/patches/patch-nss_lib_freebl_verified_kremlib.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:07:15 UTC 2018
Modified Files:
pkgsrc/devel/nss: Makefile PLIST distinfo
Log Message:
Update to 3.36
* Require devel/nspr-4.19
Changelog:
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.
Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
HACL* implementation.
- Experimental APIs for TLS session cache handling.
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/nss/PLIST
cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 31 14:02:18 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h
Log Message:
Update to 58.0.1
* Fix build under netbsd-7, PR pkg/52956
Changelog:
Fix Mozilla Foundation Security Advisory 2018-05:
Arbitrary code execution through unsanitized browser UI
When using certain non-default security policies on Windows (for
example with Windows Defender Exploit Protection or Webroot security
products), Firefox 58.0 would fail to load pages (bug 1433065).
To generate a diff of this commit:
cvs rdiff -u -r1.319 -r1.320 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.306 -r1.307 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Feb 10 07:02:47 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-xpcom_build_BinaryPath.h
Log Message:
Update to 58.0.2
* Fix segfault on netbsd-7
Changelog:
Fix
Avoid a signature validation issue during update on macOS
Blocklisted graphics drivers related to off main thread painting crashes
Tab crash during printing
Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
(OWA) webmail
To generate a diff of this commit:
cvs rdiff -u -r1.320 -r1.321 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.307 -r1.308 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.104 -r1.105 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-xpcom_build_BinaryPath.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 00:59:03 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-build_gyp.mozbuild
patch-config_external_moz.build patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_thebes_moz.build patch-media_libcubeb_gtest_moz.build
patch-media_libtheora_moz.build patch-media_libvorbis_moz.build
patch-modules_pdfium_update.sh patch-netwerk_dns_moz.build
patch-toolkit_moz.configure
Added Files:
pkgsrc/www/firefox/patches:
patch-build_moz.configure_keyfiles.configure
patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc
patch-modules_libpref_init_all.js
patch-third__party_rust_simd_.cargo-checksum.json
patch-third__party_rust_simd_src_x86_avx2.rs
Removed Files:
pkgsrc/www/firefox/patches: patch-build_moz.configure_memory.configure
patch-config_baseconfig.mk
patch-netwerk_srtp_src_crypto_hash_hmac.c
patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c
patch-servo_components_style_properties_helpers_animated__properties.mako.rs
patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h
patch-toolkit_xre_nsEmbedFunctions.cpp
Log Message:
Update to 59.0.1
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
To generate a diff of this commit:
cvs rdiff -u -r1.323 -r1.324 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.126 -r1.127 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.308 -r1.309 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/firefox/patches/patch-aa
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-build_gyp.mozbuild \
pkgsrc/www/firefox/patches/patch-gfx_skia_generate__mozbuild.py \
pkgsrc/www/firefox/patches/patch-media_libtheora_moz.build \
pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build
cvs rdiff -u -r0 -r1.5 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure
cvs rdiff -u -r1.2 -r0 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_memory.configure \
pkgsrc/www/firefox/patches/patch-toolkit_crashreporter_google-breakpad_src_third_party_curl_curlbuild.h
cvs rdiff -u -r1.10 -r0 pkgsrc/www/firefox/patches/patch-config_baseconfig.mk
cvs rdiff -u -r1.16 -r1.17 \
pkgsrc/www/firefox/patches/patch-config_external_moz.build
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox/patches/patch-dom_media_moz.build \
pkgsrc/www/firefox/patches/patch-gfx_thebes_moz.build
cvs rdiff -u -r1.14 -r1.15 \
pkgsrc/www/firefox/patches/patch-gfx_skia_moz.build
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-media_libcubeb_gtest_moz.build \
pkgsrc/www/firefox/patches/patch-modules_pdfium_update.sh
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-media_libvorbis_moz.build
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-media_webrtc_trunk_webrtc_modules_audio__device_linux_audio__device__alsa__linux.cc \
pkgsrc/www/firefox/patches/patch-third__party_rust_simd_.cargo-checksum.json \
pkgsrc/www/firefox/patches/patch-third__party_rust_simd_src_x86_avx2.rs
cvs rdiff -u -r0 -r1.7 \
pkgsrc/www/firefox/patches/patch-modules_libpref_init_all.js
cvs rdiff -u -r1.4 -r0 \
pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_hash_hmac.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-netwerk_srtp_src_crypto_kernel_crypto__kernel.c
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs
cvs rdiff -u -r1.9 -r1.10 \
pkgsrc/www/firefox/patches/patch-toolkit_moz.configure
cvs rdiff -u -r1.7 -r0 \
pkgsrc/www/firefox/patches/patch-toolkit_xre_nsEmbedFunctions.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 31 14:03:25 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 58.0.1
* Sync with www/firefox-58.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.110 -r1.111 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Feb 10 07:05:20 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 58.0.2
* Sync with www/firefox-58.0.2
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Mar 17 01:00:20 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 59.0.1
* Sync with www/firefox-59.0.1
To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/firefox-l10n/distinfo
Revision 1.127 / (download) - annotate - [select for diffs], Sat Mar 17 00:59:02 2018 UTC (6 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.126: +90 -78
lines
Diff to previous 1.126 (colored) to selected 1.16 (colored)
Update to 59.0.1
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
Revision 1.125.2.1 / (download) - annotate - [select for diffs], Fri Mar 9 07:17:29 2018 UTC (6 years, 1 month ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.125: +557 -267
lines
Diff to previous 1.125 (colored) to selected 1.16 (colored)
Pullup ticket #5695 - requested by he and maya
www/firefox: security update
www/firefox-l10n: dependent update
NOTE: firefox-58 needs rust and rust in pkgsrc-2017Q4 needs /proc
Revisions pulled up:
- www/firefox-l10n/Makefile 1.117-1.120
- www/firefox-l10n/PLIST 1.58-1.59
- www/firefox-l10n/distinfo 1.108-1.110
- www/firefox/Makefile 1.316-1.318
- www/firefox/PLIST 1.126
- www/firefox/distinfo 1.304-1.306
- www/firefox/mozilla-common.mk 1.103-1.104
- www/firefox/patches/patch-aa 1.55
- www/firefox/patches/patch-build_moz.configure_keyfiles.configure deleted
- www/firefox/patches/patch-config_Makefile.in deleted
- www/firefox/patches/patch-config_system-headers deleted
- www/firefox/patches/patch-config_system-headers.mozbuild 1.1
- www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp 1.1
- www/firefox/patches/patch-dom_media_moz.build 1.8
- www/firefox/patches/patch-intl_unicharutil_util_moz.build 1.7
- www/firefox/patches/patch-ipc_chromium_src_base_process__util.h deleted
- www/firefox/patches/patch-ipc_glue_MessageChannel.cpp 1.1
- www/firefox/patches/patch-js_src_build_moz.build 1.2
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.26
- www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp deleted
- www/firefox/patches/patch-netwerk_dns_moz.build 1.7
- www/firefox/patches/patch-servo_components_gfx_font.rs deleted
- www/firefox/patches/patch-servo_components_net__traits_response.rs deleted
- www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs deleted
- www/firefox/patches/patch-servo_components_net_fetch_methods.rs deleted
- www/firefox/patches/patch-servo_components_net_websocket__loader.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_blob.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_document.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_element.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_macros.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_websocket.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_window.rs deleted
- www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs deleted
- www/firefox/patches/patch-servo_components_selectors_attr.rs deleted
- www/firefox/patches/patch-servo_components_selectors_parser.rs deleted
- www/firefox/patches/patch-servo_components_style__traits_viewport.rs deleted
- www/firefox/patches/patch-servo_components_style_attr.rs deleted
- www/firefox/patches/patch-servo_components_style_counter__style_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_custom__properties.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs deleted
- www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs 1.1
- www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs deleted
- www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs deleted
- www/firefox/patches/patch-servo_components_style_str.rs deleted
- www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs deleted
- www/firefox/patches/patch-servo_components_style_values_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_align.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_angle.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_calc.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_grid.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_length.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_mod.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_text.rs deleted
- www/firefox/patches/patch-servo_components_style_values_specified_time.rs deleted
- www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py 1.3
- www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h 1.4
- www/firefox/patches/patch-toolkit_moz.configure 1.9
- www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk 1.1
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 1 07:02:17 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
Update to 57.0.3
Changelog:
Fixed
* Fix a crash reporting issue that inadvertently sends background tab
crash reports to Mozilla without user opt-in (bug 1427111)
To generate a diff of this commit:
cvs rdiff -u -r1.315 -r1.316 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.303 -r1.304 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 1 07:03:33 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 57.0.3
* Sync with www/firefox-57.0.3
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.107 -r1.108 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 8 09:37:57 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile distinfo mozilla-common.mk
Added Files:
pkgsrc/www/firefox/patches: patch-servo_components_gfx_font.rs
patch-servo_components_net__traits_response.rs
patch-servo_components_net_fetch_cors__cache.rs
patch-servo_components_net_fetch_methods.rs
patch-servo_components_net_websocket__loader.rs
patch-servo_components_script_dom_bindings_str.rs
patch-servo_components_script_dom_blob.rs
patch-servo_components_script_dom_cssstyledeclaration.rs
patch-servo_components_script_dom_document.rs
patch-servo_components_script_dom_element.rs
patch-servo_components_script_dom_htmlelement.rs
patch-servo_components_script_dom_htmllinkelement.rs
patch-servo_components_script_dom_htmlmetaelement.rs
patch-servo_components_script_dom_htmlscriptelement.rs
patch-servo_components_script_dom_macros.rs
patch-servo_components_script_dom_namednodemap.rs
patch-servo_components_script_dom_serviceworkercontainer.rs
patch-servo_components_script_dom_servoparser_async__html.rs
patch-servo_components_script_dom_websocket.rs
patch-servo_components_script_dom_window.rs
patch-servo_components_script_dom_xmlhttprequest.rs
patch-servo_components_selectors_attr.rs
patch-servo_components_selectors_parser.rs
patch-servo_components_style__traits_viewport.rs
patch-servo_components_style_attr.rs
patch-servo_components_style_counter__style_mod.rs
patch-servo_components_style_custom__properties.rs
patch-servo_components_style_gecko__string__cache_mod.rs
patch-servo_components_style_gecko_generated_pseudo__element__definition.rs
patch-servo_components_style_gecko_pseudo__element__definition.mako.rs
patch-servo_components_style_properties_longhand_font.mako.rs
patch-servo_components_style_properties_longhand_pointing.mako.rs
patch-servo_components_style_servo_selector__parser.rs
patch-servo_components_style_str.rs
patch-servo_components_style_stylesheets_viewport__rule.rs
patch-servo_components_style_values_mod.rs
patch-servo_components_style_values_specified_align.rs
patch-servo_components_style_values_specified_angle.rs
patch-servo_components_style_values_specified_calc.rs
patch-servo_components_style_values_specified_grid.rs
patch-servo_components_style_values_specified_length.rs
patch-servo_components_style_values_specified_mod.rs
patch-servo_components_style_values_specified_percentage.rs
patch-servo_components_style_values_specified_text.rs
patch-servo_components_style_values_specified_time.rs
Log Message:
Update to 57.0.4
* Use lang/rust-1.23.0
Changelog:
Speculative execution side-channel attack ("Spectre")
Announced
January 4, 2018
Reporter
Jann Horn (Google Project Zero); Microsoft Vunerability Research
Impact
High
Products
Firefox
Fixed in
Firefox 57.0.4
Description
Jann Horn of Google Project Zero Security reported that speculative
execution performed by modern CPUs could leak information through
a timing side-channel attack. Microsoft Vulnerability Research extended
this attack to browser JavaScript engines and demonstrated that code on
a malicious web page could read data from other web sites (violating
the same-origin policy) or private data from the browser itself.
Since this new class of attacks involves measuring precise time intervals,
as a partial, short-term, mitigation we are disabling or reducing
the precision of several time sources in Firefox. The precision of
performance.now() has been reduced from 5us to 20us, and
the SharedArrayBuffer feature has been disabled because it can be
used to construct a high-resolution timer.
SharedArrayBuffer is already disabled in Firefox 52 ESR.
To generate a diff of this commit:
cvs rdiff -u -r1.316 -r1.317 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.304 -r1.305 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.102 -r1.103 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jan 21 01:29:28 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
Update to 57.0.4
* Sync with www/firefox-57.0.4
To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.108 -r1.109 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:52:08 UTC 2018
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-dom_media_moz.build
patch-intl_unicharutil_util_moz.build patch-js_src_build_moz.build
patch-media_libcubeb_src_cubeb__alsa.c patch-netwerk_dns_moz.build
patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h
patch-toolkit_moz.configure
Added Files:
pkgsrc/www/firefox/patches: patch-config_system-headers.mozbuild
patch-dom_media_flac_FlacDecoder.cpp
patch-ipc_glue_MessageChannel.cpp
patch-servo_components_style_properties_helpers_animated__properties.mako.rs
patch-third__party_python_futures_concurrent_futures_process.py
patch-toolkit_mozapps_installer_packager.mk
Removed Files:
pkgsrc/www/firefox/patches:
patch-build_moz.configure_keyfiles.configure
patch-config_Makefile.in patch-config_system-headers
patch-ipc_chromium_src_base_process__util.h
patch-media_libsoundtouch_src_cpu__detect__x86.cpp
patch-servo_components_gfx_font.rs
patch-servo_components_net__traits_response.rs
patch-servo_components_net_fetch_cors__cache.rs
patch-servo_components_net_fetch_methods.rs
patch-servo_components_net_websocket__loader.rs
patch-servo_components_script_dom_bindings_str.rs
patch-servo_components_script_dom_blob.rs
patch-servo_components_script_dom_cssstyledeclaration.rs
patch-servo_components_script_dom_document.rs
patch-servo_components_script_dom_element.rs
patch-servo_components_script_dom_htmlelement.rs
patch-servo_components_script_dom_htmllinkelement.rs
patch-servo_components_script_dom_htmlmetaelement.rs
patch-servo_components_script_dom_htmlscriptelement.rs
patch-servo_components_script_dom_macros.rs
patch-servo_components_script_dom_namednodemap.rs
patch-servo_components_script_dom_serviceworkercontainer.rs
patch-servo_components_script_dom_servoparser_async__html.rs
patch-servo_components_script_dom_websocket.rs
patch-servo_components_script_dom_window.rs
patch-servo_components_script_dom_xmlhttprequest.rs
patch-servo_components_selectors_attr.rs
patch-servo_components_selectors_parser.rs
patch-servo_components_style__traits_viewport.rs
patch-servo_components_style_attr.rs
patch-servo_components_style_counter__style_mod.rs
patch-servo_components_style_custom__properties.rs
patch-servo_components_style_gecko__string__cache_mod.rs
patch-servo_components_style_gecko_generated_pseudo__element__definition.rs
patch-servo_components_style_gecko_pseudo__element__definition.mako.rs
patch-servo_components_style_properties_longhand_font.mako.rs
patch-servo_components_style_properties_longhand_pointing.mako.rs
patch-servo_components_style_servo_selector__parser.rs
patch-servo_components_style_str.rs
patch-servo_components_style_stylesheets_viewport__rule.rs
patch-servo_components_style_values_mod.rs
patch-servo_components_style_values_specified_align.rs
patch-servo_components_style_values_specified_angle.rs
patch-servo_components_style_values_specified_calc.rs
patch-servo_components_style_values_specified_grid.rs
patch-servo_components_style_values_specified_length.rs
patch-servo_components_style_values_specified_mod.rs
patch-servo_components_style_values_specified_percentage.rs
patch-servo_components_style_values_specified_text.rs
patch-servo_components_style_values_specified_time.rs
patch-xpcom_reflect_xptcall_md_unix_Makefile.in
Log Message:
Update to 58.0
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
To generate a diff of this commit:
cvs rdiff -u -r1.317 -r1.318 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.305 -r1.306 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.103 -r1.104 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/firefox/patches/patch-aa
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_keyfiles.configure \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_cssstyledeclaration.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_document.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_servoparser_async__html.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_xmlhttprequest.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_parser.rs \
pkgsrc/www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_Makefile.in
cvs rdiff -u -r1.11 -r0 pkgsrc/www/firefox/patches/patch-config_Makefile.in
cvs rdiff -u -r1.25 -r0 \
pkgsrc/www/firefox/patches/patch-config_system-headers
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-config_system-headers.mozbuild \
pkgsrc/www/firefox/patches/patch-dom_media_flac_FlacDecoder.cpp \
pkgsrc/www/firefox/patches/patch-ipc_glue_MessageChannel.cpp \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_helpers_animated__properties.mako.rs \
pkgsrc/www/firefox/patches/patch-toolkit_mozapps_installer_packager.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox/patches/patch-dom_media_moz.build
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-intl_unicharutil_util_moz.build \
pkgsrc/www/firefox/patches/patch-netwerk_dns_moz.build
cvs rdiff -u -r1.6 -r0 \
pkgsrc/www/firefox/patches/patch-ipc_chromium_src_base_process__util.h
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox/patches/patch-js_src_build_moz.build
cvs rdiff -u -r1.25 -r1.26 \
pkgsrc/www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c
cvs rdiff -u -r1.5 -r0 \
pkgsrc/www/firefox/patches/patch-media_libsoundtouch_src_cpu__detect__x86.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-servo_components_gfx_font.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net__traits_response.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_cors__cache.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_fetch_methods.rs \
pkgsrc/www/firefox/patches/patch-servo_components_net_websocket__loader.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_bindings_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_blob.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_element.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmllinkelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlmetaelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_htmlscriptelement.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_macros.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_namednodemap.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_serviceworkercontainer.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_websocket.rs \
pkgsrc/www/firefox/patches/patch-servo_components_script_dom_window.rs \
pkgsrc/www/firefox/patches/patch-servo_components_selectors_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style__traits_viewport.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_attr.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_counter__style_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_custom__properties.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko__string__cache_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_generated_pseudo__element__definition.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_gecko_pseudo__element__definition.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_font.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_properties_longhand_pointing.mako.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_servo_selector__parser.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_str.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_stylesheets_viewport__rule.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_align.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_angle.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_calc.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_grid.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_length.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_mod.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_percentage.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_text.rs \
pkgsrc/www/firefox/patches/patch-servo_components_style_values_specified_time.rs
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/firefox/patches/patch-third__party_python_futures_concurrent_futures_process.py
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/www/firefox/patches/patch-toolkit_components_protobuf_src_google_protobuf_stubs_atomicops.h
cvs rdiff -u -r1.8 -r1.9 \
pkgsrc/www/firefox/patches/patch-toolkit_moz.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 24 16:54:05 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
Update to 58.0
* Sync with www/firefox-58.0
* Add ne-NP locale
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.109 -r1.110 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jan 29 15:22:54 UTC 2018
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST
Log Message:
Previous revison does not work. Install xpi files instead. Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/firefox-l10n/PLIST
Revision 1.126 / (download) - annotate - [select for diffs], Wed Jan 24 16:52:08 2018 UTC (6 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.125: +557 -267
lines
Diff to previous 1.125 (colored) to selected 1.16 (colored)
Update to 58.0
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
Revision 1.125 / (download) - annotate - [select for diffs], Thu Nov 16 01:04:38 2017 UTC (6 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.124: +231 -501
lines
Diff to previous 1.124 (colored) to selected 1.16 (colored)
Update to 57.0
Changelog: New
A completely new browsing engine, designed to take full advantage
of the processing power in modern devices
A redesigned interface with a clean, modern appearance, consistent
visual elements, and optimizations for touch screens
A unified address and search bar. New installs will see this
unified bar. Learn how to add the stand-alone search bar to
the toolbar
A revamped new tab page that includes top visited sites, recently
visited pages, and recommendations from Pocket (in the US,
Canada, and Germany)
An updated product tour to orient new and returning Firefox
users
AMD VP9 hardware video decoder support for improved video
playback with lower power consumption
An expanded section in preferences to manage all website
permissions
Fixed
Various security fixes
Changed
Firefox now exclusively supports extensions built using the
WebExtension API, and unsupported legacy extensions will no
longer work. Learn more about our efforts to improve the
performance and security of extensions
The browser's autoscroll feature, as well as scrolling by
keyboard input and touch-dragging of scrollbars, now use
asynchronous scrolling. These scrolling methods are now similar
to other input methods like mousewheel, and provide a smoother
scrolling experience
The content process now has a stricter security sandbox that
blocks filesystem reading and writing on Linux, similar to the
protections for Windows and macOS that shipped in Firefox 56
Middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
Removed the toolbar Share button. If you relied on this feature,
you can install the Share Backported extension instead.
Some older versions of the ATOK IME, including ATOK 2006, 2008,
2009 and 2010, can cause crashes and are therefore disabled on
the Windows 64-bit version of Firefox Quantum. To fix those
incompatibility issues, please use a newer version of ATOK or
one of other IMEs.
The default font for Japanese text is now Meiryo
Security fixes:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still in
use. This results in a potentially exploitable crash during these
operations.
References
Bug 1406750 Bug 1412252
#CVE-2017-7830: Cross-origin URL information leak through Resource
Timing API
Reporter
Jun Kokatsu
Impact
high
Description
The Resource Timing API incorrectly revealed navigations in
cross-origin iframes. This is a same-origin policy violation and
could allow for data theft of URLs loaded by users.
References
Bug 1408990
#CVE-2017-7831: Information disclosure of exposed properties on
JavaScript proxy objects
Reporter
Oriol Brufau
Impact
moderate
Description
A vulnerability where the security wrapper does not deny access to
some exposed properties using the deprecated exposedProps mechanism
on proxy objects. These properties should be explicitly unavailable
to proxy objects.
References
Bug 1392026
#CVE-2017-7832: Domain spoofing through use of dotless 'i' character
followed by accent markers
Reporter
Jonathan Kew
Impact
moderate
Description
The combined, single character, version of the letter 'i' with any
of the potential accents in unicode, such as acute or grave, can
be spoofed in the addressbar by the dotless version of 'i' followed
by the same accent as a second character with most font sets. This
allows for domain spoofing attacks because these combined domain
names do not display as punycode.
References
Bug 1408782
#CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker
characters
Reporter
Rayyan Bijoora
Impact
moderate
Description
Some Arabic and Indic vowel marker characters can be combined with
Latin characters in a domain name to eclipse the non-Latin character
with some font sets on the addressbar. The non-Latin character will
not be visible to most viewers. This allows for domain spoofing
attacks because these combined domain names do not display as
punycode.
References
Bug 1370497
#CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
Reporter
Jordi Chancel
Impact
moderate
Description
A data: URL loaded in a new tab did not inherit the Content Security
Policy (CSP) of the original page, allowing for bypasses of the
policy including the execution of JavaScript. In prior versions
when data: documents also inherited the context of the original
page this would allow for potential cross-site scripting (XSS)
attacks.
References
Bug 1358009
#CVE-2017-7835: Mixed content blocking incorrectly applies with
redirects
Reporter
Ben Kelly
Impact
moderate
Description
Mixed content blocking of insecure (HTTP) sub-resources in a secure
(HTTPS) document was not correctly applied for resources that
redirect from HTTPS to HTTP, allowing content that should be blocked,
such as scripts, to be loaded on a page.
References
Bug 1402363
#CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and
OS X
Reporter
Ezra Caltum
Impact
moderate
Description
The "pingsender" executable used by the Firefox Health Report
dynamically loads a system copy of libcurl, which an attacker could
replace. This allows for privilege escalation as the replaced
libcurl code will run with Firefox's privileges. Note: This attack
requires an attacker have local system access and only affects OS
X and Linux. Windows systems are not affected.
References
Bug 1401339
#CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies
Reporter
Jun Kokatsu
Impact
moderate
Description
SVG loaded through <img> tags can use <meta> tags within the SVG
data to set cookies for that page.
References
Bug 1325923
#CVE-2017-7838: Failure of individual decoding of labels in
international domain names triggers punycode display of entire IDN
Reporter
Corey Bonnell
Impact
low
Description
Punycode format text will be displayed for entire qualified
international domain names in some instances when a sub-domain
triggers the punycode display instead of the primary domain being
displayed in native script and the sub-domain only displaying as
punycode. This could be used for limited spoofing attacks due to
user confusion.
References
Bug 1399540
#CVE-2017-7839: Control characters before javascript: URLs defeats
self-XSS prevention mechanism
Reporter
Eric Lawrence
Impact
low
Description
Control characters prepended before javascript: URLs pasted in the
addressbar can cause the leading characters to be ignored and the
pasted JavaScript to be executed instead of being blocked. This
could be used in social engineering and self-cross-site-scripting
(self-XSS) attacks where users are convinced to copy and paste text
into the addressbar.
References
Bug 1402896
#CVE-2017-7840: Exported bookmarks do not strip script elements
from user-supplied tags
Reporter
Hanno Bock
Impact
low
Description
JavaScript can be injected into an exported bookmarks file by
placing JavaScript code into user-supplied tags in saved bookmarks.
If the resulting exported HTML file is later opened in a browser
this JavaScript will be executed. This could be used in social
engineering and self-cross-scripting (self-XSS) attacks if users
were convinced to add malicious tags to bookmarks, export them,
and then open the resulting file.
References
Bug 1366420
#CVE-2017-7842: Referrer Policy is not always respected for <link>
elements
Reporter
Jun Kokatsu
Impact
low
Description
If a document's Referrer Policy attribute is set to "no-referrer"
sometimes two network requests are made for <link> elements
instead of one. One of these requests includes the referrer instead
of respecting the set policy to not include a referrer on requests.
References
Bug 1397064
#CVE-2017-7827: Memory safety bugs fixed in Firefox 57
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Boris Zbarsky, Carsten Book,
Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer,
Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith,
and Ting-Yu Chou reported memory safety bugs present in Firefox 56.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to run
arbitrary code.
References
Memory safety bugs fixed in Firefox 57
#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox
ESR 52.5
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob
Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and
Ryan VanderMeulen reported memory safety bugs present in Firefox
56 and Firefox ESR 52.4. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort that some
of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Revision 1.124 / (download) - annotate - [select for diffs], Tue Oct 17 03:39:04 2017 UTC (6 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.123: +2 -1
lines
Diff to previous 1.123 (colored) to selected 1.16 (colored)
Fix webrtc build on recent NetBSD current From rjs@. Thank you. WebRTC connection works. However video capture does not work.
Revision 1.123 / (download) - annotate - [select for diffs], Sat Sep 30 05:34:11 2017 UTC (6 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.122: +274 -77
lines
Diff to previous 1.122 (colored) to selected 1.16 (colored)
Update to 56.0
New
Launched Firefox Screenshots, a feature that lets users take, save, and share screenshots without leaving the browser
Added support for address form autofill (en-US only)
Updated Preferences
Added search tool so users can find a specific setting quickly
Reorganized preferences so users can more easily scan settings
Rewrote descriptions so users can better understand choices and how they affect browsing
Revised data collection choices so they align with updated Privacy Notice and data collection strategy
Media opened in a background tab will not play until the tab is selected
Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account
Changed
Replaced character encoding converters with a new Encoding Standard-compliant implementation written in Rust
Added hardware acceleration for AES-GCM
Updated the Safe Browsing protocol to version 4
Reduced update download file size by approximately 20 percent
Improved security for verifying update downloads
Developer
Added Layout Panel to CSS Grid DevTools
Revision 1.122 / (download) - annotate - [select for diffs], Sat Sep 2 03:47:46 2017 UTC (6 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.121: +10 -1
lines
Diff to previous 1.121 (colored) to selected 1.16 (colored)
Update to 55.0.3
Changelog:
Fixed
Fix an issue with addons when using a path containing non-ascii characters (bug 1389160)
Fix file uploads to some websites, including YouTube (bug 1383518)
Revision 1.121 / (download) - annotate - [select for diffs], Thu Aug 10 14:46:15 2017 UTC (6 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.120: +353 -299
lines
Diff to previous 1.120 (colored) to selected 1.16 (colored)
Update to 55.0
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose MarÃa Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a pageÑÔ content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos lvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Revision 1.120 / (download) - annotate - [select for diffs], Wed Jun 14 11:28:44 2017 UTC (6 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.119: +227 -151
lines
Diff to previous 1.119 (colored) to selected 1.16 (colored)
Update to 54.0
* If your 54.0 is unstable, please disable e10s with
browser.tabs.remote.autostart.2=false (this works at least for me)
Changelog:
New
Simplified the download button and download status panel
Added support for multiple content processes (e10s-multi)
Added Burmese (my) locale
Fixed
Various security fixes
Changed
Moved the mobile bookmarks folder to the main bookmarks menu for easier access
Security fixes:
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7778: Vulnerabilities in the Graphite 2 library
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7759: Android intent URLs can cause navigation to local file system
#CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
#CVE-2017-7762: Addressbar spoofing in Reader mode
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
#CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
#CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
#CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
#CVE-2017-5471: Memory safety bugs fixed in Firefox 54
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
Revision 1.119 / (download) - annotate - [select for diffs], Thu Apr 27 01:49:47 2017 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.118: +124 -142
lines
Diff to previous 1.118 (colored) to selected 1.16 (colored)
Update to 53.0
Changelog:
New
Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
Lightweight themes are now applied in private browsing windows
Reader Mode now displays estimated reading time for the page
Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer
Fixed
Various security fixes
Changed
Updated the design of site permission requests to make them harder to miss and easier to understand
Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
Updates for Mac OS X are smaller in size compared to updates for Firefox 52
New visual design for audio and video controls
Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2017-5437: Vulnerabilities in Libevent library
#CVE-2017-5454: Sandbox escape allowing file system read access through file picker
#CVE-2017-5455: Sandbox escape through internal feed reader APIs
#CVE-2017-5456: Sandbox escape allowing local file system access
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
#CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
#CVE-2017-5451: Addressbar spoofing with onblur event
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
#CVE-2017-5467: Memory corruption when drawing Skia content
#CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
#CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
#CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
#CVE-2017-5468: Incorrect ownership model for Private Browsing information
#CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
Revision 1.118 / (download) - annotate - [select for diffs], Thu Mar 30 19:11:14 2017 UTC (7 years ago) by ryoon
Branch: MAIN
Changes since 1.117: +3 -1
lines
Diff to previous 1.117 (colored) to selected 1.16 (colored)
Update to 52.0.2
Changelog:
Fixed:
Use Nirmala UI as fallback font for additional Indic languages (Bug 1342787)
Fix loading tab icons on session restore (Bug 1338009)
Fix a crash on startup on Linux (Bug 1345413)
Fix new installs erroneously not prompting to change the default browser setting (Bug 1343938)
Revision 1.117 / (download) - annotate - [select for diffs], Tue Mar 7 20:45:43 2017 UTC (7 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.116: +186 -115
lines
Diff to previous 1.116 (colored) to selected 1.16 (colored)
Update to 52.0
* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032
Changelog:
New
Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS.
Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
Enhanced Sync to allow users to send and open tabs from one device to another.
Fixed
Various security fixes
Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
* have chained dead keys
* input two or more characters with a non-printable key or a dead key sequence
* input a character even when a dead key sequence failed to compose a character
Changed
Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
Removed Battery Status API to reduce fingerprinting of users by trackers
Improved experience for downloads:
* Notification in the toolbar when a download fails
* Quick access to five most recent downloads rather than three
* Larger buttons for canceling and restarting downloads
Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1
Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
When not using Direct2D on Windows, Skia is used for content rendering
Developer
Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design
Redesigned Responsive Design Mode to include device selection, network throttling, and more
Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain
unresolved
Google Hangouts temporarily won't work
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5415: Addressbar spoofing through blob URL
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Firefox 52
#CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
Revision 1.116 / (download) - annotate - [select for diffs], Sat Feb 11 12:12:02 2017 UTC (7 years, 2 months ago) by abs
Branch: MAIN
Changes since 1.115: +3 -1
lines
Diff to previous 1.115 (colored) to selected 1.16 (colored)
Add gtk3 (cairo-gtk3) option for firefox. Default build is unchanged with gtk2 (cairo-gtk2)
Revision 1.115 / (download) - annotate - [select for diffs], Wed Jan 25 13:24:51 2017 UTC (7 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.114: +115 -100
lines
Diff to previous 1.114 (colored) to selected 1.16 (colored)
Update to 51.0
Changelog:
New
Users can view passwords in the save password prompt before saving them
Added a zoom button in the URL bar:
Displays percent above or below 100 percent when a user has changed the page zoom setting from the default
Lets users return to the default setting by clicking on the button
Improved video performance for users without GPU acceleration for less CPU usage and a better full screen experience
Firefox will save passwords even in forms that do not have ãà×Ôubmitãàevents
Added support for FLAC (Free Lossless Audio Codec) playback
Added support for WebGL 2, with advanced graphics rendering features like transform feedback, improved texturing capabilities, and a new sophisticated shading language
A warning is displayed when a login page does not have a secure connection
Added Georgian (ka) and Kabyle (kab) locales
An even faster E10s! Tab Switching is better!
Improved reliability of browser data sync
Remove Belarusian (be) locale
Fixed
Various security fixes
Changed
Use 2D graphics library (Skia) for content rendering on Linux
Re-enabled E10s support for Russian (ru) locale
Updated to NSS 3.28.1
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5379: Use-after-free in Web Animations
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
#CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
#CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
#CVE-2017-5391: Content about: pages can load privileged about: pages
#CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
#CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
#CVE-2017-5395: Android location bar spoofing during scrolling
#CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
#CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
#CVE-2017-5374: Memory safety bugs fixed in Firefox 51
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
Revision 1.114 / (download) - annotate - [select for diffs], Sun Dec 18 01:31:00 2016 UTC (7 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.113: +2 -1
lines
Diff to previous 1.113 (colored) to selected 1.16 (colored)
Update to 50.1.0 Changelog: #CVE-2016-9894: Buffer overflow in SkiaGL #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements #CVE-2016-9895: CSP bypass using marquee tag #CVE-2016-9896: Use-after-free with WebVR #CVE-2016-9897: Memory corruption in libGLES #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs #CVE-2016-9904: Cross-origin information leak in shared atoms #CVE-2016-9901: Data from Pocket server improperly sanitized before execution #CVE-2016-9902: Pocket extension does not validate the origin of events #CVE-2016-9903: XSS injection vulnerability in add-ons SDK #CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 #CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
Revision 1.113 / (download) - annotate - [select for diffs], Tue Dec 6 08:14:22 2016 UTC (7 years, 4 months ago) by martin
Branch: MAIN
Changes since 1.112: +3 -3
lines
Diff to previous 1.112 (colored) to selected 1.16 (colored)
Mark libmozavcodec.so and libmozavutil.so as x86-only
Revision 1.112 / (download) - annotate - [select for diffs], Sat Dec 3 09:58:25 2016 UTC (7 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.111: +137 -130
lines
Diff to previous 1.111 (colored) to selected 1.16 (colored)
Update to 50.0.2
* Change default audio support to ALSA.
You can use OSS or pulseaudio via ALSA plugin package.
Changelog:
50.0.2:
Fixed in Firefox 50.0.2
#CVE-2016-9079: Use-after-free in SVG Animation
50.0.1:
Fixed
*Firefox crashes with 3rd party Chinese IME when using IME text
Security vulnerabilities fixed in Firefox 50.0.1:
#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
50.0:
New
*Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
*Improved performance for SDK extensions or extensions using the SDK module loader
*Added download protection for a large number of executable file types on Windows, Mac and Linux
*Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
*Added Guarani (gn) locale
*Added option to Find in page that allows users to limit search to whole words only
*Updates to keyboard shortcuts
*Set a preference to have Ctrl+Tab cycle through tabs in recently used order
*View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
Fixed
*Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
*Various security fixes
*Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
Changed
*The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates
*Blocked versions of libavcodec older than 54.35.1
*Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
Developer
*Changes for web developers
Security vulnerabilities fixed in Firefox 50:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5292: URL parsing causes crash
#CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
#CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
#CVE-2016-9068: heap-use-after-free in nsRefreshDriver
#CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
#CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
#CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
#CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
#CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
#CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
#CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
#CVE-2016-9070: Sidebar bookmark can have reference to chrome window
#CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
#CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
#CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
#CVE-2016-5289: Memory safety bugs fixed in Firefox 50
#CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
Revision 1.111 / (download) - annotate - [select for diffs], Fri Oct 28 17:47:21 2016 UTC (7 years, 5 months ago) by riastradh
Branch: MAIN
Changes since 1.110: +2 -1
lines
Diff to previous 1.110 (colored) to selected 1.16 (colored)
Add a debug-only file.
Revision 1.110 / (download) - annotate - [select for diffs], Tue Sep 20 20:01:41 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.109: +142 -260
lines
Diff to previous 1.109 (colored) to selected 1.16 (colored)
Update to 49.0
Changelog:
New
Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. ItãàÑÔ one more way Firefox is supporting LetãàÑÔ Encrypt and helping users transition to a more secure web.
Added features to Reader Mode that make it easier on the eyes and the ears
Controls that allow users to adjust the width and line spacing of text
Narrate, which reads the content of a page out loud
Improved video performance for users on systems that support SSSE3 without hardware acceleration
Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed
Enhancements for Mac users
Improved performance on OS X systems without hardware acceleration
Improved appearance of anti-aliased OS X fonts
Improvements in about:memory reports for tracking font memory usage
Improve performance on Windows systems without hardware acceleration
Fixed
Fixed an issue that prevented users from updating Firefox for Mac unless they originally installed Firefox. Now, those users as well as any user with administrative credentials can update Firefox.
Various security fixes
Changed
Ended Firefox for Mac support for OS X 10.6, 10.7, and 10.8.
Ended Firefox for Windows support for SSE processors
Removed Firefox Hello
Re-enabled the default for Graphite2 font shaping
Developer
Added a Cause column to the Network Monitor to show what caused each network request
Introduced web speech synthesis API
Fixed in Firefox 49
2016-85 Security vulnerabilities fixed in Firefox 49
CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]
Reporter: Atte Kettunen
Description: A content security policy (CSP) containing a referrer directive with no values can cause a non-exploitable crash. [1289085]
CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]
Reporter: Atte Kettunen
Description: An out-of-bounds write of a boolean value during text conversion with some unicode characters. [1291016]
CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]
Reporter: Abhishek Arya
Description: An out-of-bounds read during the processing of text runs in some pages using display:contents. [1288946]
CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
Reporter: Abhishek Arya
Description: A bad cast when processing layout with input elements can result in a potentially exploitable crash. [1297934]
CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]
Reporter: Nils
Description: A potentially exploitable crash in accessibility [1280387]
CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
Reporter: Nils
Description: A use-after-free vulnerability triggered by setting a aria-owns attribute [1287721]
CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
Reporter: Nils
Description: A use-after-free issue in web animations during restyling. [1282076]
CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
Reporter: Nils
Description: A user-after-free vulnerability with web animations when destroying a timeline [1291665]
CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]
Reporter: Nils
Description: A buffer overflow when working with empty filters during canvas rendering [1287316]
CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
Reporter: Nils
Description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images [1294677]
CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]
Reporter: Rafael Gieschke
Description: The full path to local files is available to scripts when local files are drag and dropped into Firefox [1249522]
CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
Reporter: Mei Wang
Description: Use-after-free vulnerability when changing text direction [1289970]
CVE-2016-5281 - use-after-free in DOMSVGLength [high]
Reporter: Brian Carpenter
Description: Use-after-free vulnerability when manipulating SVG format content through script [1284690]
CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]
Reporter: Richard Newman
Description: Favicons can be loaded through non-whitelisted protocols, such as jar: [932335]
CVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]
Reporter: Gavin Sharp
Description: A timing attack vulnerability using iframes to potentially reveal private data using document resizes and link colors [928187]
CVE-2016-5284 - Add-on update site certificate pin expiration [high]
Reporter: Ryan Duff
Description: Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. [1303127]
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]
Reporter: Mozilla developers
Description: Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs present in Firefox 48. Some of these bugs showed evidence of memory corruption under certain circumstances could potentially exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49]
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]
Reporter: Mozilla developers
Description: Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4]
Revision 1.109 / (download) - annotate - [select for diffs], Sat Aug 20 11:17:32 2016 UTC (7 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.108: +6 -0
lines
Diff to previous 1.108 (colored) to selected 1.16 (colored)
Update to 48.0.1
* Remove dbus-glib dependency and add dbus option (from Robert Swindells)
* Fix potential build failure in skia (from Robert Swindells)
Changelog:
Fixed
Fix an audio regression impacting some major websites (bug 1295296)
Fix a top crash in the JavaScript engine (Bug 1290469)
Fix a startup crash issue caused by Websense (Bug 1291738)
Fix a different behavior with e10s / non-e10s on <select> and mouse events (Bug 1291078)
Fix a top crash caused by plugin issues (Bug 1264530)
Fix an unsigned add-ons issue on Windows
Fix a shutdown issue (Bug 1276920)
Fix a crash in WebRTC
Revision 1.108 / (download) - annotate - [select for diffs], Sat Aug 6 08:46:59 2016 UTC (7 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.107: +227 -102
lines
Diff to previous 1.107 (colored) to selected 1.16 (colored)
Update to 48.0
* OSS audio support may not work. I will revisit later
Changelog:
New:
Roar for moar protection against harmful downloads! We've got your back
Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.
Add-ons that have not been verified and signed by Mozilla will not load
GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast
WebRTC embetterments:
Delay-agnostic AEC enabled
Full duplex for GNU/Linux enabled
ICE Restart & Update is supported
Cloning of MediaStream and MediaStreamTrack is now supported
Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know
Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode
The media parser has been redeveloped using the Rust programming language
Windows 7 systems without Platform Update can now use D3D11 WARP
Fixed:
Various security fixes
Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice!
Improved step debugging on last line of functions
Changed:
Starting with the Firefox version 49 release, so long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade!
After version 48, SSE2 CPU extensions are going to be required on Windows
Au revoir to Windows Remote Access Service modem Autodial
Developer:
WebExtensions support is now considered as stable
Workers can now use the Web Crypto API
Want to move absolute & fixed positioned elements? (Who doesn't, right?) Now you can with our geometry editor.
The memory tool now has a tree map view for your debugging pleasure. It's a little bit of "boo" and a whole lot of "ya."
We're putting the spotlight on the background. Now you can debug WebExtensions background content scripts and background pages
Content Security Policy (CSP) is now enforced for WebExtensions. (Who's down with CSP?)
Old and busted: Error Console. New hotness: Browser Console for your debugging pleasure.
Add-on development just got easier because you can reload them from about:debugging ãàbecause we're all about debugging.
This theme is hot, hot, hot! Say hi to the Firebug theme for Developer Tools.
Expand network requests from the console panel to view request details in line, so you can see things in context
Fixed in Firefox 48:
2016-84 Information disclosure through Resource Timing API during page navigation
2016-83 Spoofing attack through text injection into internal error pages
2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
2016-81 Information disclosure and local file manipulation through drag and drop
2016-80 Same-origin policy violation using local HTML file and saved shortcut file
2016-79 Use-after-free when applying SVG effects
2016-78 Type confusion in display transformation
2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
2016-76 Scripts on marquee tag can execute in sandboxed iframes
2016-75 Integer overflow in WebSockets during data buffering
2016-74 Form input type change from password to text can store plain text password in session restore file
2016-73 Use-after-free in service workers with nested sync events
2016-72 Use-after-free in DTLS during WebRTC session shutdown
2016-71 Crash in incremental garbage collection in JavaScript
2016-70 Use-after-free when using alt key and toplevel menus
2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
2016-68 Out-of-bounds read during XML parsing in Expat library
2016-67 Stack underflow during 2D graphics rendering
2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
2016-64 Buffer overflow rendering SVG with bidirectional content
2016-63 Favicon network connection can persist when page is closed
2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Revision 1.107 / (download) - annotate - [select for diffs], Thu Jun 16 12:08:21 2016 UTC (7 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.106: +172 -88
lines
Diff to previous 1.106 (colored) to selected 1.16 (colored)
Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for GoogleãàÑÔ Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
Revision 1.104.2.1 / (download) - annotate - [select for diffs], Thu May 19 12:56:30 2016 UTC (7 years, 11 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.104: +240 -134
lines
Diff to previous 1.104 (colored) next main 1.105 (colored) to selected 1.16 (colored)
Pullup ticket #5015 - requested by sevan
www/firefox: security fix
Revisions pulled up:
- www/firefox/Makefile 1.249-1.250
- www/firefox/PLIST 1.105-1.106
- www/firefox/distinfo 1.242-1.243
- www/firefox/mozilla-common.mk 1.73
- www/firefox/patches/patch-aa 1.45
- www/firefox/patches/patch-config_external_moz.build 1.11
- www/firefox/patches/patch-config_system-headers 1.18
- www/firefox/patches/patch-dom_media_gstreamer_GStreamerAllocator.cpp deleted
- www/firefox/patches/patch-dom_media_moz.build 1.3
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.4
- www/firefox/patches/patch-gfx_skia_moz.build 1.11
- www/firefox/patches/patch-gfx_skia_skia_src_core_SkUtilsArm.cpp 1.2
- www/firefox/patches/patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp deleted
- www/firefox/patches/patch-gfx_skia_skia_src_opts_memset.arm.S deleted
- www/firefox/patches/patch-gfx_thebes_moz.build 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb.c 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.14
- www/firefox/patches/patch-media_libcubeb_src_moz.build 1.7
- www/firefox/patches/patch-media_libtheora_moz.build 1.5
- www/firefox/patches/patch-pb deleted
- www/firefox/patches/patch-pc deleted
- www/firefox/patches/patch-toolkit_library_moz.build 1.5
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 13 20:37:33 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
Log Message:
Update to 45.0.2
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 27 16:22:40 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-config_external_moz.build
patch-config_system-headers patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_skia_skia_src_core_SkUtilsArm.cpp
patch-gfx_thebes_moz.build patch-media_libcubeb_src_cubeb.c
patch-media_libcubeb_src_cubeb__alsa.c
patch-media_libcubeb_src_moz.build patch-media_libtheora_moz.build
patch-toolkit_library_moz.build
patch-xpcom_reflect_xptcall_md_unix_moz.build
Removed Files:
pkgsrc/www/firefox/patches:
patch-dom_media_gstreamer_GStreamerAllocator.cpp
patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp
patch-gfx_skia_skia_src_opts_memset.arm.S patch-pb patch-pc
Log Message:
Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Revision 1.106 / (download) - annotate - [select for diffs], Wed Apr 27 16:22:39 2016 UTC (7 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.105: +217 -132
lines
Diff to previous 1.105 (colored) to selected 1.16 (colored)
Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Revision 1.105 / (download) - annotate - [select for diffs], Wed Apr 13 20:37:33 2016 UTC (8 years ago) by ryoon
Branch: MAIN
Changes since 1.104: +23 -2
lines
Diff to previous 1.104 (colored) to selected 1.16 (colored)
Update to 45.0.2
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
Revision 1.104 / (download) - annotate - [select for diffs], Tue Mar 8 21:32:52 2016 UTC (8 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.103: +402 -327
lines
Diff to previous 1.103 (colored) to selected 1.16 (colored)
Update to 45.0
Changelog:
New
Instant browser tab sharing through Hello
Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
Synced Tabs button in button bar
Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
Guarani [gn] locale added
Fixed
URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
Various security fixes
Fixed in Firefox 45
2016-37 Font vulnerabilities in the Graphite 2 library
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-33 Use-after-free in GetStaticInstance in WebRTC
2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
2016-31 Memory corruption with malicious NPAPI plugin
2016-30 Buffer overflow in Brotli decompression
2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-26 Memory corruption when modifying a file being read by FileReader
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-19 Linux video memory DOS with Intel drivers
2016-18 CSP reports fail to strip location information for embedded iframe pages
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Revision 1.103 / (download) - annotate - [select for diffs], Wed Jan 27 00:08:26 2016 UTC (8 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.102: +894 -807
lines
Diff to previous 1.102 (colored) to selected 1.16 (colored)
Update to 44.0
Changelog:
New
Improved warning pages for certificate errors and untrusted connections
Enable H.264 if system decoder is available
Enable WebM/VP9 video support on systems that don't support MP4/H.264
In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread
Support the brotli compression format via HTTPS content-encoding
Screenshot commands allow user choice of pixel ratio in Developer Tools
Fixed
Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610)
Various security fixes
Changed
To support unicode-range descriptor for webfonts, font matching under Linux now uses the same font matching code as other platforms
Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Firefox has removed support for the RC4 decipher
Firefox will no longer trust the Equifax Secure Certificate Authority 1024-bit root certificate or the UTN - DATACorp SGC to validate secure website certificates
Stricter validation of web fonts
On-screen keyboard support temporarily turned off for Windows 8 and Windows 8.1
Developer
Right click on a logged object in the console to store it as a global variable on the page
Visual tools for Animation:
View/Edit CSS animation keyframe rules directly in the inspector
Visually modify the cubic-bezier curve that drives the way animations progress through time
Discover and scrub through all CSS animations and transitions playing on the page
Learn more: http://devtoolschallenger.com/
Visual tools for Layout and Styles:
Display rulers along the viewport to verify size and position and use the measurement tool to easily detect spacing and alignment problems
Use CSS filters to preview and create real-time effects like drop-shadows, sepia, etc
Learn more: http://devtoolschallenger.com/
New memory tool for inspecting the memory heap
Service Workers API
Built-in JSON reader to intuitively view, search, copy and save data without extensions
Jump to function definitions in the debugger with Cmd-Click
WebSocket Debugging API and add-on
The rule view now displays styles using their authored text, and edits in the rule view are now linked to the style editor
Security bugs:
Fixed in Firefox 44
2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
2016-11 Application Reputation service disabled in Firefox 43
2016-10 Unsafe memory manipulation found through code inspection
2016-09 Addressbar spoofing attacks
2016-08 Delay following click events in file download dialog too short on OS X
2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
2016-06 Missing delay following user click events in protocol handler dialog
2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
2016-04 Firefox allows for control characters to be set in cookie names
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-02 Out of Memory crash when parsing GIF format images
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
Revision 1.102 / (download) - annotate - [select for diffs], Wed Dec 16 09:34:55 2015 UTC (8 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.101: +118 -44
lines
Diff to previous 1.101 (colored) to selected 1.16 (colored)
Update to 43.0
Changelog:
New Private Browsing with Tracking Protection offers choice of blocking additional trackers
New Improved API support for m4v video playback
New Firefox 64-bit for Windows is now available via the Firefox download page
New Users can choose search suggestions from the Awesome Bar
New On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater
New Firefox Health Report has switched to use the same data collection mechanism as telemetry
Developer Markup view shows indicators for pseudo-classes locked for elements
Developer Bind F1 key to open the settings when the toolbox is focused
Developer New 'Use in Console' context menu item in Inspector to store selected element in a temporary variable
Developer Search button next to overridden CSS properties to find similar properties in the rules view
Developer Ability to filter styles from their property names in the rules view
Developer Stack traces are now shown for exceptions inside the console
Developer Added ability to display server-side logs in the console
Developer Ability to choose resolution for the GCLI screenshot command
Developer Subresource integrity allows developers to make their sites more secure
Developer Network requests in Console now link to Network panel instead of opening in a popup
Developer Unprefixed 'hyphens' property is now supported
Developer WebIDE now has a sidebar-based UI
Developer The 'transform-origin' property is now supported on SVG elements
Developer Animation inspector now displays animations in a timeline
Developer Single-process mode is no longer supported for NPAPI plugins
Fixed Eyedropper tool does not work as expected when page is zoomed
Fixed Various security fixes
Fixed in Firefox 43
2015-149 Cross-site reading attack through data and view-source URIs
2015-148 Privilege escalation vulnerabilities in WebExtension APIs
2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-144 Buffer overflows found through code inspection
2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
2015-142 DOS due to malformed frames in HTTP/2
2015-141 Hash in data URI is incorrectly parsed
2015-140 Cross-origin information leak through web workers error events
2015-139 Integer overflow allocating extremely large textures
2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
2015-137 Firefox allows for control characters to be set in cookies
2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
2015-135 Crash with JavaScript variable assignment with unboxed objects
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
Revision 1.101 / (download) - annotate - [select for diffs], Tue Nov 3 15:52:57 2015 UTC (8 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.100: +114 -88
lines
Diff to previous 1.100 (colored) to selected 1.16 (colored)
Update to 42.0
Changelog:
New Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
New Control Center that contains site security and privacy controls
New Indicator added to tabs that play audio with one-click muting
New WebRTC improvements:
IPV6 support
Preferences for controlling ICE candidate generation and IP exposure
Hooks for extensions to allow/deny createOffer/Answer
Improved ability for applications to monitor and control which devices are used in getUserMedia
New Login Manager improvements:
Improved heuristics to save usernames and passwords
Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
Changed Improved performance on interactive websites that trigger a lot of restyles
HTML5 Media Source Extension for HTML5 video available for all sites
HTML5 Support ImageBitmap and createImageBitmap()
HTML5 Implemented ES6 Reflect
Developer Ability to save filter presets inside CSS Filter Tooltip
Developer CSS filter presets in the Inspector
Developer Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
Developer Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
Developer Remote website debugging over WiFi (no USB cable or ADB needed)
Developer View HTML source in a tab
Revision 1.100 / (download) - annotate - [select for diffs], Wed Sep 23 06:44:41 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.99: +94 -51
lines
Diff to previous 1.99 (colored) to selected 1.16 (colored)
Update to 41.0
Changelog:
New Enhance IME support on Windows (Vista +) using TSF (Text Services Framework)
New Ability to set a profile picture for your Firefox Account
New Firefox Hello now includes instant messaging
New SVG images can be used as favicons
New Improved box-shadow rendering performance
Changed WebRTC now requires perfect forward secrecy
Changed WARP is disabled on Windows 7
Changed Updates to image decoding process
Changed Support for running animations of 'transform' and 'opacity' on the compositor thread
HTML5 MessageChannel and MessagePort API enabled by default
HTML5 Added support for the transform-origin property on SVG elements
HTML5 CSS Font Loading API enabled by default
HTML5 Navigator.onLine now varies with actual internet connectivity (Windows and Mac OS X only)
HTML5 Copy/Cut Web content from JavaScript to the OS clipboard with document.execCommand("cut"/"copy")
HTML5 Implemented Cache API for querying named caches that are accessible Window, Worker, and ServiceWorker
Developer Removed support for binary XPCOM components in extensions, use addon SDK "system/child_process" pipe mechanism for native binaries instead
Developer Network requests can be exported in HAR format
Developer Quickly add new CSS rule with New Rule button in the Inspector
Developer Screenshot a node or element from markup view with the Screenshot Node context menu item
Developer Copy element CSS rule declarations with the Copy Rule Declaration context menu item in the Inspector
Developer Pseudo-Class panel in the Inspector
Fixed Picture element does not react to resize/viewport changes
Fixed Various security fixes
Security fixes:
Fixed in Firefox 41
2015-114 Information disclosure via the High Resolution Time API
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-109 JavaScript immutable property enforcement can be bypassed
2015-108 Scripted proxies can access inner window
2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-104 Use-after-free with shared workers and IndexedDB
2015-103 URL spoofing in reader mode
2015-102 Crash when using debugger with SavedStacks in JavaScript
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
2015-97 Memory leak in mozTCPSocket to servers
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
Revision 1.99 / (download) - annotate - [select for diffs], Tue Aug 11 23:48:17 2015 UTC (8 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.98: +185 -109
lines
Diff to previous 1.98 (colored) to selected 1.16 (colored)
Update to 40.0
Changelog:
New Support for Windows 10
New Added protection against unwanted software downloads
New User can receive suggested tiles in the new tab page based on categories Firefox matches to browsing history (en-US only).
New Hello allows adding a link to conversations to provide context on what the conversation will be about
New New style for add-on manager based on the in-content preferences style
New Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)
New Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked
Changed Add-on extensions that are not signed by Mozilla will display a warning
Changed NPAPI Plug-in performance improved via asynchronous initialization
Changed Smoother animation and scrolling with hardware vsync (Windows only)
Changed JPEG images use less memory when scaled and can be painted faster
Changed Sub-resources can no longer request HTTP authentication, thus protecting users from inadvertently disclosing login data
HTML5 IndexedDB transactions are now non-durable by default
HTML5 Implemented AudioBufferSourceNode.detune to modulate playback rate in cents, a logarithmic unit of measure used for musical intervals
Developer Improved Performance tools in the developer tools: Waterfall view, Call Tree view and a Flame Chart view
Developer New rules view tooltip in the Inspector to tweak CSS Filter values
Developer Console API messages from SharedWorker and ServiceWorker are now displayed in web console
Developer New page ruler highlighting tool that displays lightweight horizontal and vertical rules on a page
Developer Inspector now searches across all content frames in a page
Fixed Kannada text does not display properly in built-in pdf viewer
Fixed Various security fixes
Known Issues
unresolved If Firefox is restarted from an add-on install notification, on-going private browsing downloads might be canceled without warning (1185294)
Fixed in Firefox 40
2015-92 Use-after-free in XMLHttpRequest with shared workers
2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
2015-90 Vulnerabilities found through code inspection
2015-89 Buffer overflows on Libvpx when decoding WebM video
2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
2015-87 Crash when using shared memory in JavaScript
2015-86 Feed protocol with POST bypasses mixed content protections
2015-85 Out-of-bounds write with Updater and malicious MAR file
2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
2015-83 Overflow issues in libstagefright
2015-82 Redefinition of non-configurable JavaScript object properties
2015-81 Use-after-free in MediaStream playback
2015-80 Out-of-bounds read with malformed MP3 file
2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
Revision 1.98 / (download) - annotate - [select for diffs], Fri Jul 3 10:25:40 2015 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.97: +67 -19
lines
Diff to previous 1.97 (colored) to selected 1.16 (colored)
Update to 39.0
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement <link rel="preconnect">allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Revision 1.97 / (download) - annotate - [select for diffs], Wed Jun 3 03:22:31 2015 UTC (8 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.96: +55 -0
lines
Diff to previous 1.96 (colored) to selected 1.16 (colored)
Update to 38.0.5 Changelog: New: Keep track of articles and videos with Pocket New: Clean formatting for articles and blog posts with Reader View New: Share the active tab or window in a Hello conversation Fixed: A race condition that would cause Firefox to stop painting when switching tabs (bug 1067470) Fixed: Fixed graphics performance when using the built-in VGA driver on Windows 7 (Bug 1165732)
Revision 1.96 / (download) - annotate - [select for diffs], Tue May 12 22:48:54 2015 UTC (8 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.95: +110 -35
lines
Diff to previous 1.95 (colored) to selected 1.16 (colored)
Update to 38.0
Changelog:
New New tab-based preferences
New Ruby annotation support
New Base for the next ESR release.
Changed autocomplete=off is no longer supported for username/password fields
Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec
Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions
Changed Improved page load times via speculative connection warmup
HTML5 WebSocket now available in Web Workers
HTML5 BroadcastChannel API implemented
HTML5 Implemented srcset attribute and <picture> element for responsive images
HTML5 Implemented DOM3 Events KeyboardEvent.code
HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube
HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only)
HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only)
Developer Optimized-out variables are now visible in Debugger UI
Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests
Developer WebRTC now has multistream and renegotiation support
Developer copy command added to console
Fixed Various security fixes
Fixed in Firefox 38
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-56 Untrusted site hosting trusted page can intercept webchannel responses
2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
2015-54 Buffer overflow when parsing compressed XML
2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
2015-52 Sensitive URL encoded information written to Android logcat
2015-51 Use-after-free during text processing with vertical text enabled
2015-50 Out-of-bounds read and write in asm.js validation
2015-49 Referrer policy ignored when links opened by middle-click and context menu
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Revision 1.95 / (download) - annotate - [select for diffs], Thu Apr 16 23:36:24 2015 UTC (9 years ago) by hiramatsu
Branch: MAIN
Changes since 1.94: +1 -2
lines
Diff to previous 1.94 (colored) to selected 1.16 (colored)
Fix PLIST. Because this package does not use gnomevfs, libnkgnomevfs.so is not installed.
Revision 1.94 / (download) - annotate - [select for diffs], Sun Apr 5 12:54:11 2015 UTC (9 years ago) by ryoon
Branch: MAIN
Changes since 1.93: +55 -14
lines
Diff to previous 1.93 (colored) to selected 1.16 (colored)
Update to 37.0
* Bump nspr requirement.
Changelog:
New Heartbeat user rating system - your feedback about Firefox
New Yandex set as default search provider for the Turkish locale
New Bing search now uses HTTPS for secure searching
New Improved protection against site impersonation via OneCRL centralized certificate revocation
New Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc
Changed Disabled insecure TLS version fallback for site security
Changed Extended SSL error reporting for reporting non-certificate errors
Changed TLS False Start optimization now requires a cipher suite using AEAD construction
Changed Improved certificate and TLS communication security by removing support for DSA
Changed Improved performance of WebGL rendering on Windows
HTML5 Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube (Windows only)
HTML5 Added support for CSS display:contents
HTML5 IndexedDB now accessible from worker threads
HTML5 New SDP/JSEP implementation in WebRTC
Developer Debug tabs opened in Chrome Desktop, Chrome for Android, and Safari for iOS
Developer New Inspector animations panel to control element animations
Developer New Security Panel included in Network Panel
Developer Debugger panel support for chrome:// and about:// URIs
Developer Added logging of weak ciphers to the web console
Fixed Various security fixes
Fixed in Firefox 37
2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
2015-41 PRNG weakness allows for DNS poisoning on Android
2015-40 Same-origin bypass through anchor navigation
2015-39 Use-after-free due to type confusion flaws
2015-38 Memory corruption crashes in Off Main Thread Compositing
2015-37 CORS requests should not follow 30x redirections after preflight
2015-36 Incorrect memory management for simple-type arrays in WebRTC
2015-35 Cursor clickjacking with flash and images
2015-34 Out of bounds read in QCMS library
2015-33 resource:// documents can load privileged pages
2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Revision 1.93 / (download) - annotate - [select for diffs], Sat Feb 28 04:30:55 2015 UTC (9 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.92: +44 -15
lines
Diff to previous 1.92 (colored) to selected 1.16 (colored)
Update to 36.0
Changelog:
New Pinned tiles on the new tab page can be synced
New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
New Locale added: Uzbek (uz)
Changed -remote option removed
Changed No longer accept insecure RC4 ciphers whenever possible
Changed Phasing out Certificates with 1024-bit RSA Keys
Changed Shut down hangs will now show the crash reporter before exiting the program
Changed Add-on Compatibility
HTML5 Support for the ECMAScript 6 Symbol data type added
HTML5 unicode-range CSS descriptor implemented
HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
HTML5 object-fit and object-position implemented.
Defines how and where the content of a replaced element is displayed
HTML5 isolation CSS property implemented.
Create a new stacking context to isolate groups of boxes to control which blend together
HTML5 CSS3 will-change property implemented.
Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
HTML5 Improved ES6 generators for better performance
Developer Eval sources now appear in the Debugger
Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
Developer DOM Promises inspection
Developer Inspector: More paste options in markup view
Fixed CSS gradients work on premultiplied colors
Fixed Fix some unexpected logout from Facebook or Google after restart
Fixed Various security fixes
Fixed in Firefox 36
2015-27 Caja Compiler JavaScript sandbox bypass
2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
2015-25 Local files or privileged URLs in pages can be opened into new tabs
2015-24 Reading of local files through manipulation of form autocomplete
2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
2015-22 Crash using DrawTarget in Cairo graphics library
2015-21 Buffer underflow during MP3 playback
2015-20 Buffer overflow during CSS restyling
2015-19 Out-of-bounds read and write while rendering SVG content
2015-18 Double-free when using non-default memory allocators with a zero-length XHR
2015-17 Buffer overflow in libstagefright during MP4 video playback
2015-16 Use-after-free in IndexedDB
2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
2015-14 Malicious WebGL content crash when writing strings
2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Revision 1.92 / (download) - annotate - [select for diffs], Fri Jan 30 07:32:24 2015 UTC (9 years, 2 months ago) by pho
Branch: MAIN
Changes since 1.91: +2 -1
lines
Diff to previous 1.91 (colored) to selected 1.16 (colored)
Fix many issues on Darwin
PLIST:
* lib/firefox/libmozglue.so is built and installed as a shared
library on some platforms including Darwin.
mozilla-common.mk:
* Sandboxing support is only available when the toolkit is
cairo-cocoa.
* It tries to use MacOS X 10.6 SDK by default, which is not always
possible.
patches/patch-build_gyp.mozbuild:
* Don't assume iOS just because the toolkit is not cocoa. Ideally
there should be an AC_SUBST just like 'ARM_ARCH' but nothing
exists currently.
* MacOS X SDK version should be able to configure with ./configure
--enable-macos-target=VER
patches/patch-extensions_spellcheck_hunspell_src_mozHunspell.cpp:
* NS_NewNativeLocalFile() can fail and leave hunDir null, so we must
check if it succeeded. This is not Darwin specific though.
* "%%LOCALBASE%%" in the hunspell path is currently not substituted,
which looks very erroneous to me. But since I don't know why
ryoon@ changed it from "@PREFIX@" to "%%LOCALBASE%%" I leave it as
it is.
patches/patch-ipc_glue_moz.build:
* Don't assume cocoa toolkit just because OS_ARCH is Darwin.
patches/patch-js_src_asmjs_AsmJSSignalHandlers.cpp:
* Increase portability for non-x86 Darwin by not hardwiring
x86_THREAD_STATE.
patches/patch-js_xpconnect_src_xpcprivate.h:
* The declaration has to be C++11 'extern template', otherwise
non-weak symbol collision will occur between libmozjs and
libxul. We can't easily test if the feature is supported by
compiler due to GCC bug #1773:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=1773
patches/patch-memory_mozalloc_VolatileBufferOSX.cpp:
* Try to fallback to valloc(3) if posix_memalign(3) is not
avialble. It has been added since MacOS 10.6.
patches/patch-toolkit_library_moz.build:
* GSTREAMER_LIBS are linked to libxul on Darwin, while they are
dlopen(3)'ed at runtime on other platforms. The problem is that
the toolkit being cocoa isn't relevant at all. It's Darwin that
needs the special handling, not Cocoa.
patches/patch-toolkit_xre_nsAppRunner.cpp:
* MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2)
and had more than one active thread, the kernel returned
ENOTSUP. So we have to either fork(2) or vfork(2) before calling
execve(2) to make sure the caller is single-threaded as otherwise
the application fails to restart itself.
patches/patch-xpcom_base_nsStackWalk.cpp,
patches/patch-xpcom_build_PoisonIOInterposer.h:
* Replace XP_MACOSX with XP_DARWIN as the former is not defined when
the toolkit is not cocoa.
patches/patch-xpcom_glue_standalone_nsXPCOMGlue.cpp:
* Fix inconsistent use of XP_DARWIN and XP_MACOSX:
LEADING_UNDERSCORE should be empty when we are going to load XPCOM
using dlopen(3), not NSAddImage().
Revision 1.91 / (download) - annotate - [select for diffs], Fri Jan 16 22:42:09 2015 UTC (9 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.90: +84 -38
lines
Diff to previous 1.90 (colored) to selected 1.16 (colored)
Update to 35.0
Changelog:
New Firefox Hello with new rooms-based conversations model
New New search UI improved and enabled for more locales
New Access the Firefox Marketplace from the Tools menu and optional toolbar button
New Built-in support for H264 (MP4) on Mac OS X Snow Leopard (10.6) and newer through native APIs
New Use tiled rendering on OS X
New Improved high quality image resizing performance
New Improved handling of dynamic styling changes to increase responsiveness
HTML5 Added support for the CSS Font Loading API
HTML5 Resource Timing API implemented
HTML5 CSS filters enabled by default
HTML5 Changed JavaScript 'let' semantics to conform better to the ES6 specification
Developer Support for inspecting ::before and ::after pseudo elements
Developer Computed view: Nodes matching the hovered selector are now highlighted
Developer Network Monitor: New request/response headers view (more info)
Developer Added support for the EXT_blend_minmax WebGL extension
Fixed Show DOM Properties context menu item in inspector
Fixed Reduced resource usage for scaled images
Fixed PDF.js updated to version 1.0.907
Fixed Non-HTTP(S) XHR now returns correct status code
Fixed Various security fixes
Security fixes:
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-07 Gecko Media Plugin sandbox escape
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Revision 1.90 / (download) - annotate - [select for diffs], Mon Dec 1 18:11:14 2014 UTC (9 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.89: +176 -54
lines
Diff to previous 1.89 (colored) to selected 1.16 (colored)
Update to 34.0.5 Changelog: New Default search engine changed to Yahoo! for North America New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales New Improved search bar (en-US only) New Firefox Hello real-time communication client New Easily switch themes/personas directly in the Customizing mode New Wikipedia search now uses HTTPS for secure searching (en-US only) New Implementation of HTTP/2 (draft14) and ALPN New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows Changed Disabled SSLv3 Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35) Changed Firefox signed by Apple OS X version 2 signature HTML5 ECMAScript 6 WeakSet Implemented HTML5 JavaScript Template Strings Implemented HTML5 CSS3 Font variants and features control (e.g. kerning) implemented HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support HTML5 WebCrypto: wrapKey and unwrapKey implemented HTML5 WebCrypto: Import/export of JWK-formatted keys HTML5 matches() DOM API implemented (formerly mozMatchesSelector()) HTML5 Performance.now() for workers implemented HTML5 WebCrypto: ECDH support Developer WebIDE: Create, edit, and test a new Web application from your browser Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel Developer Improved User Interface of the Profiler Developer console.table function added to web console Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties Fixed Various security fixes 2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer 2014-88 Buffer overflow while parsing media content 2014-87 Use-after-free during HTML5 parsing 2014-86 CSP leaks redirect data via violation reports 2014-85 XMLHttpRequest crashes with some input streams 2014-84 XBL bindings accessible via improper CSS declarations 2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Revision 1.89 / (download) - annotate - [select for diffs], Sat Nov 15 22:04:59 2014 UTC (9 years, 5 months ago) by szptvlfn
Branch: MAIN
Changes since 1.88: +1 -2
lines
Diff to previous 1.88 (colored) to selected 1.16 (colored)
firefox-33.1 has DuckDuckGo as a search option, so remove related patches.
Revision 1.88 / (download) - annotate - [select for diffs], Mon Nov 10 20:55:56 2014 UTC (9 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.87: +5 -1
lines
Diff to previous 1.87 (colored) to selected 1.16 (colored)
Update to 33.1 Changelog: New Forget Button added New Enhanced Tiles New Privacy tour introduced New Adding DuckDuckGo as a search option
Revision 1.87 / (download) - annotate - [select for diffs], Thu Nov 6 13:56:32 2014 UTC (9 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.86: +2 -1
lines
Diff to previous 1.86 (colored) to selected 1.16 (colored)
Bump PKGREVISION * Build libmozjs.so shared library again. Thank you, joerg@.
Revision 1.86 / (download) - annotate - [select for diffs], Wed Oct 29 22:12:35 2014 UTC (9 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.85: +1 -2
lines
Diff to previous 1.85 (colored) to selected 1.16 (colored)
Bump PKGREVISION * Disable libmozjs.so to avoid WRKDIR reference error.
Revision 1.85 / (download) - annotate - [select for diffs], Wed Oct 15 13:07:07 2014 UTC (9 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.84: +154 -12
lines
Diff to previous 1.84 (colored) to selected 1.16 (colored)
Update to 33.0 Changelog: New OpenH264 support (sandboxed) New Improved search experience through the location bar New Slimmer and faster JavaScript strings New Search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages New Windows: OMTC enabled by default New New CSP (Content Security Policy) backend New Support for connecting to HTTP proxy over HTTPS New Improved reliability of the session restoration New Azerbaijani [az] locale added Changed Proprietary window.crypto properties/functions removed Changed JSD (JavaScript Debugger Service) removed in favor of the Debugger interface HTML5 @counter-style rule from CSS3 Counter Styles specification implemented HTML5 DOMMatrix interface implemented Developer Cubic-bezier curves editor Developer Display which elements have listeners attached Developer New sidebar which displays a list of shortcuts to every @media rule in the current stylesheet Developer Paint flashing for browser content repaints Developer Editable @keyframes rules in the Rules section of the Inspector Developer CSS transform highlighter in the style-inspector Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers (237623) Fixed Various security fixes Fixed in Firefox 33 MFSA 2014-82 Accessing cross-origin objects via the Alarms API MFSA 2014-81 Inconsistent video sharing within iframe MFSA 2014-80 Key pinning bypasses MFSA 2014-79 Use-after-free interacting with text directionality MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-77 Out-of-bounds write with WebM video MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Revision 1.84 / (download) - annotate - [select for diffs], Sun Oct 5 01:59:08 2014 UTC (9 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.83: +141 -39
lines
Diff to previous 1.83 (colored) to selected 1.16 (colored)
Update to 32.0.3 Changelog: Fixed 32.0.3: New security fixes can be found here New New HTTP cache provides improved performance including crash recovery New Integration of generational garbage collection New Public key pinning support enabled New View historical use information for logins stored in password manager New Display the number of found items in the find toolbar New Easier back, forward, reload, and bookmarking through the context menu New Lower Sorbian [dsb] locale added Changed Removed and turned off trust bit for some 1024-bit root certificates Changed Performance improvements to Password Manager and Add-on Manager HTML5 drawFocusIfNeeded enabled by default HTML5 ECMAScript 6 built-in method Array#copyWithin implemented HTML5 CSS position:sticky enabled by default HTML5 mix-blend-mode enabled by default HTML5 New Array built-in: Array.from() HTML5 navigator.languages property and languagechange event implemented HTML5 Vibration API updated to latest W3C spec HTML5 CSS box-decoration-break replaces -moz-background-inline-policy HTML5 box-decoration-break enabled by default Developer HiDPI support in Developer Tools UI Developer Inspector button moved to the top left Developer Hidden nodes displayed differently in the markup-view Developer New Web Audio Editor Developer Code completion and inline documentation added to Scratchpad Fixed 32.0.2 - Corrupt installations cause Firefox to crash on update Fixed 32.0.1 - Stability issues for computers with multiple graphics cards Fixed 32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites Fixed 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified Fixed Various security fixes Fixed Mac OS X: cmd-L does not open a new window when no window is available Fixed Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 Security fixes: Fixed in Firefox 32.0.3 MFSA 2014-73 RSA Signature Forgery in NSS Fixed in Firefox 32 MFSA 2014-72 Use-after-free setting text directionality MFSA 2014-71 Profile directory file access through file: protocol MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline MFSA 2014-69 Uninitialized memory use during GIF rendering MFSA 2014-68 Use-after-free during DOM interactions with SVG MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Revision 1.83 / (download) - annotate - [select for diffs], Thu Jul 24 14:57:12 2014 UTC (9 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.82: +272 -22
lines
Diff to previous 1.82 (colored) to selected 1.16 (colored)
Update to 31.0
Changelog:
New
Add the search field to the new tab page
New
Support of Prefer:Safe http header for parental control (learn more)
New
mozilla::pkix as default certificate verifier (learn more)
New
Block malware from downloaded files (learn more)
New
Partial implementation of the OpenType MATH table (section 6.3.6) see documentation about mathematical fonts and the MathML Torture Test for details
New
audio/video .ogg and .pdf files handled by Firefox if no application specified (Windows only)
New
Upper Sorbian [hsb] locale added
Changed
Removal of the CAPS infrastructure for specifying site-specific permissions (via capability.policy.* preferences). Most notably, attempts to use this functionality to grant access to the clipboard will no longer work. The sole exception is the checkloaduri permission, which may still be used as before to allow sites to load file:// URIs.
HTML5
WebVTT implemented and enabled (learn more)
HTML5
CSS3 variables implemented (learn more)
Developer
Developer Tools: Add-on Debugger (learn more)
Developer
Developer Tools: Canvas Debugger (learn more)
Developer
New Array built-in: Array.prototype.fill() (learn more)
Developer
New Object built-in: Object.setPrototypeOf() (learn more)
Developer
CSP 1.1 nonce-source and hash-source enabled by default
Developer
Developer Tools: Eyedropper tool added to the color picker (learn more)
Developer
Developer Tools: Editable Box Model (learn more)
Developer
Developer Tools: Code Editor improvements (learn more)
Developer
Developer Tools: Console stack traces (learn more)
Developer
Developer Tools: Copy as cURL (learn more)
Developer
Developer Tools: Styled console logs (learn more)
Developer
navigator.sendBeacon enabled by default (learn more)
Developer
Dialogs spawned from the onbeforeunload event no longer block access to the rest of the browser
Fixed
Search for partially selected link text from context menu (985824)
Fixed
Various security fixes
Fixed in Firefox 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Revision 1.82 / (download) - annotate - [select for diffs], Wed Jun 11 00:40:59 2014 UTC (9 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.81: +165 -39
lines
Diff to previous 1.81 (colored) to selected 1.16 (colored)
Update to 30.0
* debug build is broken
Changelog:
New
Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars
New
Mac OS X command-E sets find term to selected text
New
Support for GStreamer 1.0
Changed
Disallow calling WebIDL constructors as functions on the web
Developer
With the exception of those bundled inside an extension or ones that are whitelisted, plugins will no longer be activated by default (see blog post)
Developer
Fixes to box-shadow and other visual overflow (see bug 480888)
Developer
Mute and volume available per window when using WebAudio
Developer
background-blend-mode enabled by default
Developer
Use of line-height allowed for <input type="reset|button|submit">
Developer
ES6 array and generator comprehensions implemented (read docs for more details)
Developer
Error stack now contains column number
Developer
Support for alpha option in canvas context options (feature description)
Fixed
Ignore autocomplete="off" when offering to save passwords via the password manager (see 956906)
Fixed
TypedArrays don't support new named properties (see 695438)
Fixed
Various security fixes
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Revision 1.81 / (download) - annotate - [select for diffs], Wed May 28 03:25:25 2014 UTC (9 years, 10 months ago) by pho
Branch: MAIN
Changes since 1.80: +2 -1
lines
Diff to previous 1.80 (colored) to selected 1.16 (colored)
PR pkg/48840: Fix PLIST on Cygwin and Darwin libmozglue is built and installed as a shared library on these platforms.
Revision 1.80 / (download) - annotate - [select for diffs], Mon May 5 20:47:14 2014 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.79: +8 -8
lines
Diff to previous 1.79 (colored) to selected 1.16 (colored)
Fix packaging under OpenBSD * It create .so.1.0 libraries instead of .so * Use bsdtar as tar forcibly under OpenBSD * Fix tremor/vorbis conditional, but it is not used now
Revision 1.79 / (download) - annotate - [select for diffs], Wed Apr 30 15:07:17 2014 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.78: +207 -67
lines
Diff to previous 1.78 (colored) to selected 1.16 (colored)
Update to 29.0
* Restore html5 audio playback under NetBSD
Changelog:
New
Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)
New
A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls
New
Sleek new tabs provide an overall smoother look and fade into the background when not active
New
An interactive onboarding tour to guide users through the new Firefox changes
New
The ability to set up Firefox Sync by creating a Firefox account (learn more)
New
Gamepad API finalized and enabled (learn more)
New
HTTPS used for Yahoo Searches performed in en-US locale
New
Malay [ma] locale added
Changed
Clicking on a W3C Web Notification will switch to the originating tab
Developer
'box-sizing' (dropping the -moz- prefix) implemented (learn more)
Developer
Console object available in Web Workers (learn more)
Developer
Promises enabled by default (learn more)
Developer
SharedWorker enabled by default
Developer
<input type="number"> implemented and enabled
Developer
<input type="color"> implemented and enabled
Developer
Enabled ECMAScript Internationalization API
Developer
Add-on bar has been removed, content moved to navigation bar
Developer
Implemented URLSearchParams from the URL specification (see MDN for details )
Fixed
Various security fixes
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Revision 1.78 / (download) - annotate - [select for diffs], Thu Mar 20 21:02:00 2014 UTC (10 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.77: +50 -25
lines
Diff to previous 1.77 (colored) to selected 1.16 (colored)
Update to 28.0 Changelog: NEW VP9 video decoding implemented NEW Mac OS X: Notification Center support for web notifications NEW Horizontal HTML5 audio/video volume control NEW Support for Opus in WebM CHANGED Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty DEVELOPER Support for MathML 2.0 'mathvariant' attribute DEVELOPER Background thread hang reporting DEVELOPER Support for multi-line flexbox in layout FIXED Various security fixes Fixed in Firefox 28 MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects MFSA 2014-30 Use-after-free in TypeObject MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs MFSA 2014-28 SVG filters information disclosure through feDisplacementMap MFSA 2014-27 Memory corruption in Cairo during PDF font rendering MFSA 2014-26 Information disclosure through polygon rendering in MathML MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape MFSA 2014-24 Android Crash Reporter open to manipulation MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore MFSA 2014-22 WebGL content injection from one domain to rendering in another MFSA 2014-21 Local file access via Open Link in new tab MFSA 2014-20 onbeforeunload and Javascript navigation DOS MFSA 2014-19 Spoofing attack on WebRTC permission prompt MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key MFSA 2014-17 Out of bounds read during WAV file decoding MFSA 2014-16 Files extracted during updates are not always read only MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Revision 1.77 / (download) - annotate - [select for diffs], Sat Feb 8 09:36:00 2014 UTC (10 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.76: +92 -13
lines
Diff to previous 1.76 (colored) to selected 1.16 (colored)
Update to 27.0 Changelog: NEW You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services CHANGED Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default CHANGED Added support for SPDY 3.1 protocol DEVELOPER Ability to reset style sheets using 'all:unset' DEVELOPER You can now choose to deobfuscate javascript in the debugger (see 762761) DEVELOPER Added support for scrolled fieldsets (see 261037) DEVELOPER Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282) DEVELOPER CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672) DEVELOPER Added support for ES6 generators in SpiderMonkey (see blog post) DEVELOPER Implemented support for mathematical function Math.hypot() in ES6 (see 896264) HTML5 Dashed line support on Canvas (see 768067) FIXED Get Azure/Skia content rendering working on Linux (see 740200) FIXED 27.0: Security fixes can be found here Fixed in Firefox 27 MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects MFSA 2014-12 NSS ticket handling issues MFSA 2014-11 Crash when using web workers with asm.js MFSA 2014-10 Firefox default start page UI content invokable by script MFSA 2014-09 Cross-origin information leak through web workers MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy MFSA 2014-06 Profile path leaks to Android system log MFSA 2014-05 Information disclosure with *FromPoint on iframes MFSA 2014-04 Incorrect use of discarded images by RasterImage MFSA 2014-03 UI selection timeout missing on download prompts MFSA 2014-02 Clone protected content with XBL scopes MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
Revision 1.76 / (download) - annotate - [select for diffs], Sun Dec 15 13:54:37 2013 UTC (10 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.75: +107 -17
lines
Diff to previous 1.75 (colored) to selected 1.16 (colored)
Update to 26.0 * Build outside WRKSRC, fix build Changelog: NEW All Java plug-ins are defaulted to 'click to play' NEW Password manager now supports script-generated password fields NEW Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service) NEW Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed CHANGED Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions CHANGED CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec DEVELOPER Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs) DEVELOPER Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible DEVELOPER There is no longer a prompt when websites use appcache DEVELOPER Support for the CSS image orientation property DEVELOPER New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator DEVELOPER IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage FIXED When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619) FIXED Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695) FIXED Improved page load times due to no longer decoding images that aren't visible (847223) FIXED AudioToolbox MP3 backend for OSX (914479) FIXED Various security fixes Fixed in Firefox 26 MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate MFSA 2013-116 JPEG information leak MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets MFSA 2013-114 Use-after-free in synthetic mouse movement MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation MFSA 2013-112 Linux clipboard information disclosure though selection paste MFSA 2013-111 Segmentation violation when replacing ordered list elements MFSA 2013-110 Potential overflow in JavaScript binary search algorithms MFSA 2013-109 Use-after-free during Table Editing MFSA 2013-108 Use-after-free in event listeners MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
Revision 1.75 / (download) - annotate - [select for diffs], Sat Nov 2 22:57:55 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.74: +67 -4566
lines
Diff to previous 1.74 (colored) to selected 1.16 (colored)
Update to 25.0 * Enable pulseaudio by default, OSS support is dropped, and ALSA support on NetBSD does not work properly for me * Enable GStremer support for non-webm and non-theora video support * Create alsa option, and enabled on Linux by default Changelog: NEW Web Audio support NEW The find bar is no longer shared between tabs CHANGED If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information CHANGED Resetting Firefox no longer clears your browsing session DEVELOPER CSS3 background-attachment:local support to control background scrolling DEVELOPER Many new ES6 functions implemented HTML5 iframe document content can now be specified inline FIXED Blank or missing page thumbnails when opening a new tab FIXED Security fixes can be found here Fixed in Firefox 25 MFSA 2013-102 Use-after-free in HTML document templates MFSA 2013-101 Memory corruption in workers MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing MFSA 2013-99 Security bypass of PDF.js checks using iframes MFSA 2013-98 Use-after-free when updating offline cache MFSA 2013-97 Writing to cycle collected object during image decoding MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Revision 1.74 / (download) - annotate - [select for diffs], Sat Sep 21 11:40:57 2013 UTC (10 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.73: +3 -2
lines
Diff to previous 1.73 (colored) to selected 1.16 (colored)
Fix non-official branding build.
Revision 1.73 / (download) - annotate - [select for diffs], Sat Sep 21 10:09:39 2013 UTC (10 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.72: +3 -2
lines
Diff to previous 1.72 (colored) to selected 1.16 (colored)
Try to reintrodece PLIST conditionals related to vorbis.
Revision 1.72 / (download) - annotate - [select for diffs], Sat Sep 21 08:10:56 2013 UTC (10 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored) to selected 1.16 (colored)
The about-wordmark resource changed from .svg to .png
Revision 1.71 / (download) - annotate - [select for diffs], Thu Sep 19 12:37:49 2013 UTC (10 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.70: +181 -81
lines
Diff to previous 1.70 (colored) to selected 1.16 (colored)
Update to 24.0, ESR edition. * Merge some patches via FreeBSD ports. * Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1. * Use system hunspell dictionaries. * DuckDuckGo search window. * Enable system icu support. Changelog: NEW Support for new scrollbar style in Mac OS X 10.7 and newer NEW Implemented Close tabs to the right NEW Social: Ability to tear-off chat windows to view separately by simply dragging them out CHANGED Accessibility related improvements on using pinned tabs (see 577727) CHANGED Removed support for Revocation Lists feature (see 867465) CHANGED Performance improvements on New Tab Page loads (see 791670) DEVELOPER Major SVG rendering improvements around Image tiling and scaling (see 600207 ) DEVELOPER Improved and unified Browser console for enhanced debugging experience, replacing existing Error console DEVELOPER Removed support for sherlock files that are loaded from application or profile directory FIXED Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886) FIXED 24.0: Security fixes can be found here Fixed in Firefox 24 MFSA 2013-92 GC hazard with default compartments and frame chain restoration MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-87 Shared object library loading from writable location MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-84 Same-origin bypass through symbolic links MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption MFSA 2013-81 Use-after-free with select element MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Revision 1.70 / (download) - annotate - [select for diffs], Thu Aug 29 18:48:25 2013 UTC (10 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored) to selected 1.16 (colored)
Conditionalize the last remaining PLIST difference on sparc64
Revision 1.69 / (download) - annotate - [select for diffs], Thu Aug 29 14:14:34 2013 UTC (10 years, 7 months ago) by martin
Branch: MAIN
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored) to selected 1.16 (colored)
Skia does not support GL on big endian machines yet - so adjust PLIST by conditionalizing it.
Revision 1.68 / (download) - annotate - [select for diffs], Wed Aug 7 12:17:54 2013 UTC (10 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.67: +308 -119
lines
Diff to previous 1.67 (colored) to selected 1.16 (colored)
Update to 23.0
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
<input type='file'> rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 <input type="range"> form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed <blink> element
DEVELOPER
New feature in toolbox: Network Monitor
FIXED
Various security fixes
n Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jun 26 11:32:12 2013 UTC (10 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.66: +362 -71
lines
Diff to previous 1.66 (colored) to selected 1.16 (colored)
Update to 22.0
* On NetBSD WebRTC support is disabled, because libxul.so has some errors
in link stage. WebRTC support should be tested on non-NetBSD platforms.
* It seems that OSS sound support is not working properly on NetBSD.
Changelog:
NEW
WebRTC is now enabled by default!
NEW
Windows: Firefox now follows display scaling options to render text larger on high-res displays
NEW
Mac OS X: Download progress in Dock application icon
NEW
HTML5 audio/video playback rate can now be changed
NEW
Social services management implemented in Add-ons Manager
NEW
asm.js optimizations (OdinMonkey) enabled for major performance improvements
CHANGED
Improved WebGL rendering performance through asynchronous canvas updates
CHANGED
Plain text files displayed within Firefox will now word-wrap
CHANGED
For user security, the |Components| object is no longer accessible from web content
CHANGED
Pointer Lock API can now be used outside of fullscreen
DEVELOPER
CSS3 Flexbox implemented and enabled by default
DEVELOPER
New Web Notifications API implemented
DEVELOPER
Added clipboardData API for JavaScript access to a user's clipboard
DEVELOPER
New built-in font inspector
HTML5
New HTML5 <data> and <time> elements
FIXED
Various security fixes
FIXED
Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Revision 1.66 / (download) - annotate - [select for diffs], Fri Jun 21 23:11:42 2013 UTC (10 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.65: +1 -7
lines
Diff to previous 1.65 (colored) to selected 1.16 (colored)
Bump PKGREVISION. * Add NetBSD/sparc64 support from martin@. Almost all functionalities work fine, but https handling. * Enable system jpeg support. This is accidentally disabled.
Revision 1.65 / (download) - annotate - [select for diffs], Thu May 23 13:12:13 2013 UTC (10 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.64: +2 -1
lines
Diff to previous 1.64 (colored) to selected 1.16 (colored)
Bump PKGREVISION. * Remove reference to devel/xulrunner. * Move some common files for firefox/xulrunner-21.0. * Move patches from devel/sulrunner. * Take MAINTAINERship.
Revision 1.64 / (download) - annotate - [select for diffs], Sun May 19 12:31:58 2013 UTC (10 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.63: +3 -1
lines
Diff to previous 1.63 (colored) to selected 1.16 (colored)
Fix gnome option. This is related to PR pkg/47801. But devel/xulrunner is broken now.
Revision 1.63 / (download) - annotate - [select for diffs], Sun May 19 08:50:24 2013 UTC (10 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.62: +6038 -731
lines
Diff to previous 1.62 (colored) to selected 1.16 (colored)
Update to 21.0 * This release of firefox is built with internal xulrunner. Because separated (system) xulrunner has prefs and chrome load problem. * gnome option is broken in libnkmozgnomevfs.so build. Changelog: NEW The Social API now supports multiple providers NEW Enhanced three-state UI for Do Not Track (DNT) NEW Firefox will suggest how to improve your application startup time if needed NEW Preliminary implementation of Firefox Health Report CHANGED Ability to restore removed thumbnails on New Tab Page CHANGED CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298) CHANGED Graphics related performance improvements (bug 809821) CHANGED Removed E4X support from Spidermonkey DEVELOPER Implemented Remote Profiling DEVELOPER Integrated add-on SDK loader and API libraries into Firefox HTML5 Added support for <main> element HTML5 Implemented scoped stylesheets HTML5 Added support for window.crypto.getRandomValues FIXED Some function keys may not work when pressed (833719) FIXED Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627) FIXED 21.0: Security fixes can be found here Fixed in Firefox 21 MFSA 2013-48 Memory corruption found using Address Sanitizer MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-43 File input control has access to full path MFSA 2013-42 Privileged access for content level constructor MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Revision 1.62 / (download) - annotate - [select for diffs], Fri Apr 5 13:30:17 2013 UTC (11 years ago) by ryoon
Branch: MAIN
Changes since 1.61: +82 -77
lines
Diff to previous 1.61 (colored) to selected 1.16 (colored)
Update to 20.0
Changelog:
NEW
Per-window Private Browsing. Learn more.
NEW
New download experience. Learn more.
NEW
Ability to close hanging plugins, without the browser hanging
CHANGED
Continued performance improvements around common browser tasks (page loads, downloads, shutdown, etc.)
DEVELOPER
Continued implementation of draft ECMAScript 6 - clear() and Math.imul
DEVELOPER
New JavaScript Profiler tool
HTML5
getUserMedia implemented for web access to the user's camera and microphone (with user permission)
HTML5
<canvas> now supports blend modes
HTML5
Various <audio> and <video> improvements
FIXED
Details button on Crash Reporter (793972)
FIXED
Unity plugin doesn't display in HiDPI mode (829284)
FIXED
20.0: Security fixes can be found here
Fixed in Firefox 20
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Revision 1.61 / (download) - annotate - [select for diffs], Fri Feb 22 14:54:01 2013 UTC (11 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.60: +25 -4
lines
Diff to previous 1.60 (colored) to selected 1.16 (colored)
Update to 19.0 Sync with xulrunner-19.0.
Revision 1.60 / (download) - annotate - [select for diffs], Thu Jan 10 15:03:25 2013 UTC (11 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.59: +14 -17
lines
Diff to previous 1.59 (colored) to selected 1.16 (colored)
Update to 18.0 Sync with devel/xulrunner 18.0.
Revision 1.59 / (download) - annotate - [select for diffs], Thu Nov 22 07:32:24 2012 UTC (11 years, 4 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.58: +1 -2
lines
Diff to previous 1.58 (colored) to selected 1.16 (colored)
fix lib/firefox/chrome/browser/content/branding/about-background.png
Revision 1.58 / (download) - annotate - [select for diffs], Wed Nov 21 15:26:50 2012 UTC (11 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.57: +53 -16
lines
Diff to previous 1.57 (colored) to selected 1.16 (colored)
Update to 17.0
* Add --enable-pulseaudio configure option (functionality is not tested)
Changelog:
NEW
First revision of the Social API and support for Facebook Messenger
NEW
Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
CHANGED
Updated Awesome Bar experience with larger icons
CHANGED
Mac OS X 10.5 is no longer supported
DEVELOPER
JavaScript Maps and Sets are now iterable
DEVELOPER
SVG FillPaint and StrokePaint implemented
DEVELOPER
Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use
DEVELOPER
New Markup panel in the Page Inspector allows easy editing of the DOM
HTML5
Sandbox attribute for iframes implemented, enabling increased security
FIXED
Over twenty performance improvements, including fixes around the New Tab page
FIXED
Pointer lock doesn't work in web apps (769150)
FIXED
Page scrolling on sites with fixed headers (780345)
Revision 1.57 / (download) - annotate - [select for diffs], Fri Oct 12 18:27:21 2012 UTC (11 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.56: +30 -2
lines
Diff to previous 1.56 (colored) to selected 1.16 (colored)
Update to 16.0.1
Changelog:
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
NEW
Firefox on Mac OS X now has preliminary VoiceOver support turned on by default
NEW
Initial web app support (Windows/Mac/Linux)
NEW
Acholi and Kazakh localizations added
CHANGED
Improvements around JavaScript responsiveness through incremental garbage collection
DEVELOPER
New Developer Toolbar with buttons for quick access to tools, error count for the Web Console, and a new command line for quick keyboard access
DEVELOPER
CSS3 Animations, Transitions, Transforms and Gradients unprefixed in Firefox 16
DEVELOPER
Recently opened files list in Scratchpad implemented
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
FIXED
Debugger breakpoints do not catch on page reload (783393)
FIXED
No longer supporting MD5 as a hash algorithm in digital signatures (650355)
FIXED
Opus support by default (772341)
FIXED
Reverse animation direction has been implemented (655920)
FIXED
Per tab reporting in about:memory (687724)
FIXED
User Agent strings for pre-release Firefox versions now show only major version (728831)
Revision 1.56 / (download) - annotate - [select for diffs], Tue Aug 28 16:39:19 2012 UTC (11 years, 7 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.55: +1 -2
lines
Diff to previous 1.55 (colored) to selected 1.16 (colored)
Fix PLIST for !nobranding
Revision 1.55 / (download) - annotate - [select for diffs], Tue Aug 28 12:42:02 2012 UTC (11 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.54: +92 -5
lines
Diff to previous 1.54 (colored) to selected 1.16 (colored)
Update to 15.0 * Use patches from https://bugzilla.mozilla.org/show_bug.cgi?id=753046 * Fix firefox.sh Changelog: NEW Preliminary native PDF support (Aurora/Beta only) NEW Support for SPDY networking protocol v3 NEW WebGL enhancements, including compressed textures for better performance CHANGED Optimized memory usage for add-ons DEVELOPER JavaScript debugger integrated into developer tools DEVELOPER New layout view added to Inspector DEVELOPER The CSS word-break property has been implemented. DEVELOPER High precision event timer implemented DEVELOPER New responsive design tool allows web developers to switch between desktop and mobile views of sites HTML5 Native support for the Opus audio codec added HTML5 The <source> element now supports the media attribute HTML5 The <audio> and <video> elements now support the played attribute
Revision 1.54 / (download) - annotate - [select for diffs], Fri Jul 20 06:45:35 2012 UTC (11 years, 9 months ago) by abs
Branch: MAIN
Changes since 1.53: +1 -2
lines
Diff to previous 1.53 (colored) to selected 1.16 (colored)
fix PLIST for official-mozilla-branding. Bump PKGREVISION
Revision 1.53 / (download) - annotate - [select for diffs], Wed Jul 18 16:10:07 2012 UTC (11 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.52: +44 -7
lines
Diff to previous 1.52 (colored) to selected 1.16 (colored)
Update to 14.0.1 Changelog: NEW Google searches now utilize HTTPS NEW Full screen support for Mac OS X Lion implemented NEW Plugins can now be configured to only load on click (requires an about:config change) NEW The Awesome Bar now auto-completes typed URLs CHANGED Improved site identity manager, to prevent spoofing of an SSL connection with favicons DEVELOPER Pointer Lock API implemented DEVELOPER New API to prevent your display from sleeping DEVELOPER New text-transform and font-variant CSS improvements for Turkic languages and Greek FIXED Various security fixes FIXED GIF animation can gets stuck when src and image size are changed (743598) FIXED OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup (752149) FIXED CSS :hover regression when an element's class name is set by Javascript (758885
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jun 5 21:33:49 2012 UTC (11 years, 10 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q2
Changes since 1.51: +1 -2
lines
Diff to previous 1.51 (colored) to selected 1.16 (colored)
fix !nobranding PLIST
Revision 1.51 / (download) - annotate - [select for diffs], Tue Jun 5 18:10:38 2012 UTC (11 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.50: +60 -35
lines
Diff to previous 1.50 (colored) to selected 1.16 (colored)
Sync with devel/xulrunner-13.0
Revision 1.50 / (download) - annotate - [select for diffs], Thu Apr 26 13:30:30 2012 UTC (11 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.49: +54 -35
lines
Diff to previous 1.49 (colored) to selected 1.16 (colored)
Update to 12.0 Changelog: * Page Source now has line numbers * Line breaks are now supported in the title attribute * Improvements to "Find in Page" to center search result * URLs pasted into the download manager window are now automatically downloaded * Support for the text-align-last CSS property has been added * Various security fixes * Some TinyMCE-based editors failed to load (739141)
Revision 1.49 / (download) - annotate - [select for diffs], Thu Mar 15 08:31:10 2012 UTC (12 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Changes since 1.48: +35 -3
lines
Diff to previous 1.48 (colored) to selected 1.16 (colored)
Update to 11.0 * Follow devel/xulrunner update.
Revision 1.48 / (download) - annotate - [select for diffs], Sat Mar 10 03:09:42 2012 UTC (12 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.47: +2 -1
lines
Diff to previous 1.47 (colored) to selected 1.16 (colored)
Bump PKGREVISION * Restore --disable-official-branding.
Revision 1.47 / (download) - annotate - [select for diffs], Tue Mar 6 12:35:14 2012 UTC (12 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.46: +59 -6
lines
Diff to previous 1.46 (colored) to selected 1.16 (colored)
Update xulrunner 10.0.2 * Improve sparc64 support. Thank you, martin@ Changelog: * Fix security bugs * Other improvements and bugfixes
Revision 1.46 / (download) - annotate - [select for diffs], Sat Nov 12 12:45:04 2011 UTC (12 years, 5 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.45: +11 -5
lines
Diff to previous 1.45 (colored) to selected 1.16 (colored)
Update to firefox-8.0. XXX Set MAKE_JOBS_SAFE=no for now. Should investigate why it fails without it as it prolongs build time significantly. Upstream changes: Add-ons installed by third party programs are now disabled by default Added a one-time add-on selection dialog to manage previously installed add-ons Added Twitter to the search bar for select locales. Additional locale support will be added in the future Added a preference to load tabs on demand, improving start-up time when windows are restored Improved performance and memory handling when using <audio> and <video> elements Added CORS support for cross-domain textures in WebGL Added support for HTML5 context menus Added support for insertAdjacentHTML Improved CSS hyphen support for many languages Improved WebSocket support Fixed several stability issues Fixed several security issues
Revision 1.45 / (download) - annotate - [select for diffs], Mon Oct 3 12:37:24 2011 UTC (12 years, 6 months ago) by tnn
Branch: MAIN
Changes since 1.44: +7 -5
lines
Diff to previous 1.44 (colored) to selected 1.16 (colored)
Update to firefox-7.0. Release notes: Drastically improved memory handling for certain use cases Added a new rendering backend to speed up Canvas operations on Windows systems Bookmark and password changes now sync almost instantly when using Firefox Sync The 'http://' URL prefix is now hidden by default Added support for text-overflow: ellipsis Added support for the Web Timing specification Enhanced support for MathML The WebSocket protocol has been updated from version 7 to version 8 Added an opt-in system for users to send performance data back to Mozilla to improve future versions of Firefox Fixed several stability issues Fixed several security issues
Revision 1.44 / (download) - annotate - [select for diffs], Thu Aug 18 18:31:10 2011 UTC (12 years, 8 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.43: +16 -3
lines
Diff to previous 1.43 (colored) to selected 1.16 (colored)
Update to Firefox 6.0. Major changes include: The address bar now highlights the domain of the website you're visiting Streamlined the look of the site identity block Added support for the latest draft version of WebSockets with a prefixed API Added support for EventSource / server-sent events Added support for window.matchMedia Added Scratchpad, an interactive JavaScript prototyping environment Added a new Web Developer menu item and moved development-related items into it Improved usability of the Web Console Improved the discoverability of Firefox Sync Reduced browser startup time when using Panorama Fixed several stability issues Fixed several security issues
Revision 1.43 / (download) - annotate - [select for diffs], Mon Jul 11 13:17:40 2011 UTC (12 years, 9 months ago) by tnn
Branch: MAIN
Changes since 1.42: +2 -1
lines
Diff to previous 1.42 (colored) to selected 1.16 (colored)
Fix PLIST when official branding is disabled.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Apr 26 14:18:01 2011 UTC (12 years, 11 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.41: +357 -19
lines
Diff to previous 1.41 (colored) to selected 1.16 (colored)
Update to firefox-4.0. Firefox 4 is based on the Gecko 2.0 Web platform. This release features JavaScript execution speeds up to six times faster than the previous version, new capabilities for Web Developers and Add-on Developers such as hardware accelerated graphics and HTML5 technologies, and a completely revised user interface.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Dec 29 22:38:49 2010 UTC (13 years, 3 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4
Changes since 1.40: +1 -2
lines
Diff to previous 1.40 (colored) to selected 1.16 (colored)
fix installation w/ gnome option enabled
Revision 1.40 / (download) - annotate - [select for diffs], Tue Mar 16 15:57:03 2010 UTC (14 years, 1 month ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.39: +6 -9
lines
Diff to previous 1.39 (colored) to selected 1.16 (colored)
Update to firefox-3.6.2. .2 is not formally released yet, but is release tagged in the scm and I want to get this update in before we freeze the tree. "Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform, which has been under development since early 2009 and contains many improvements for web developers, add-on developers, and users." - Improved JavaScript performance, overall browser responsiveness, and startup time. - The ability for web developers to indicate that scripts should run asynchronously to speed up page load times. - Continued support for downloadable web fonts using the new WOFF font format. - Support for new CSS attributes such as gradients, background sizing, and pointer events. - Support for new DOM and HTML5 specifications including the Drag & Drop API and the File API, which allow for more interactive web pages.
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Wed Oct 28 18:13:24 2009 UTC (14 years, 5 months ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.38: +1 -0
lines
Diff to previous 1.38 (colored) next main 1.39 (colored) to selected 1.16 (colored)
Pullup ticket #2923 - requested by tnn xulrunner: security update firefox: security update Revisions pulled up: - devel/xulrunner/Makefile 1.24-1.25 - devel/xulrunner/PLIST 1.17-1.18 - devel/xulrunner/distinfo 1.13-1.14 - devel/xulrunner/mozilla-common.mk 1.2 - devel/xulrunner/patches/patch-aa 1.2 - devel/xulrunner/patches/patch-aq 1.3 - devel/xulrunner/patches/patch-ay 1.1 - devel/xulrunner/patches/patch-mf 1.2 - devel/xulrunner/patches/patch-mn 1.2 - devel/xulrunner/patches/patch-nb delete - devel/xulrunner/patches/patch-nc delete - devel/xulrunner/patches/patch-pd 1.2 - devel/xulrunner/patches/patch-ra 1.1 - devel/xulrunner/patches/patch-rb 1.1 - devel/xulrunner/patches/patch-rc 1.1 - www/firefox/Makefile 1.60-1.61 - www/firefox/PLIST 1.39 - www/firefox/distinfo delete - www/firefox/patches/patch-aa delete - www/firefox/patches/patch-ao delete - www/firefox/patches/patch-ma delete - www/firefox/patches/patch-mi delete - www/firefox/patches/patch-mk delete - www/firefox/patches/patch-mm delete - www/firefox/patches/patch-ra delete - www/firefox/patches/patch-rb delete - www/firefox/patches/patch-rc delete --- Module Name: pkgsrc Committed By: tnn Date: Sun Oct 11 10:49:57 UTC 2009 Modified Files: pkgsrc/devel/xulrunner: Makefile PLIST distinfo pkgsrc/devel/xulrunner/patches: patch-aa pkgsrc/www/firefox: Makefile Added Files: pkgsrc/devel/xulrunner/patches: patch-ay patch-ra patch-rb patch-rc Removed Files: pkgsrc/www/firefox: distinfo pkgsrc/www/firefox/patches: patch-aa patch-ao patch-ma patch-mi patch-mk patch-mm patch-ra patch-rb patch-rc Log Message: - allow firefox and xulrunner to share some infrastructure - install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin) - bump revision for both packages --- Module Name: pkgsrc Committed By: tnn Date: Wed Oct 28 11:36:36 UTC 2009 Modified Files: pkgsrc/devel/xulrunner: Makefile PLIST distinfo mozilla-common.mk pkgsrc/devel/xulrunner/patches: patch-aq patch-mf patch-mn patch-pd pkgsrc/www/firefox: Makefile PLIST Removed Files: pkgsrc/devel/xulrunner/patches: patch-nb patch-nc Log Message: Security and bugfix update of firefox (to 3.5.4) and xulrunner (to 1.9.1.4) Also fix broken DESTDIR support. Fixes the following security issues: MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection() MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS () MFSA 2009-56 Heap buffer overflow in GIF color map parser MFSA 2009-55 Crash in proxy auto-configuration regexp parsing MFSA 2009-54 Crash with recursive web-worker calls MFSA 2009-53 Local downloaded file tampering MFSA 2009-52 Form history vulnerable to stealing
Revision 1.39 / (download) - annotate - [select for diffs], Wed Oct 28 11:36:36 2009 UTC (14 years, 5 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.38: +2 -1
lines
Diff to previous 1.38 (colored) to selected 1.16 (colored)
Security and bugfix update of firefox (to 3.5.4) and xulrunner (to 1.9.1.4) Also fix broken DESTDIR support. Fixes the following security issues: MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection() MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS() MFSA 2009-56 Heap buffer overflow in GIF color map parser MFSA 2009-55 Crash in proxy auto-configuration regexp parsing MFSA 2009-54 Crash with recursive web-worker calls MFSA 2009-53 Local downloaded file tampering MFSA 2009-52 Form history vulnerable to stealing
Revision 1.38 / (download) - annotate - [select for diffs], Wed Sep 16 19:06:18 2009 UTC (14 years, 7 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.37: +6 -2065
lines
Diff to previous 1.37 (colored) to selected 1.16 (colored)
Build firefox against external runtime components from devel/xulrunner. Bump PKGREVISION.
Revision 1.37 / (download) - annotate - [select for diffs], Sun Aug 30 01:14:49 2009 UTC (14 years, 7 months ago) by markd
Branch: MAIN
Changes since 1.36: +2 -1
lines
Diff to previous 1.36 (colored) to selected 1.16 (colored)
libgnome is also needed for the gnome option to do anything.
Revision 1.36 / (download) - annotate - [select for diffs], Sat Aug 29 11:50:32 2009 UTC (14 years, 7 months ago) by tnn
Branch: MAIN
Changes since 1.35: +3 -1
lines
Diff to previous 1.35 (colored) to selected 1.16 (colored)
PLIST fix for previous
Revision 1.35 / (download) - annotate - [select for diffs], Sun Aug 9 23:05:42 2009 UTC (14 years, 8 months ago) by tnn
Branch: MAIN
Changes since 1.34: +1 -2
lines
Diff to previous 1.34 (colored) to selected 1.16 (colored)
remove stale PLIST entry
Revision 1.34 / (download) - annotate - [select for diffs], Wed Aug 5 02:43:47 2009 UTC (14 years, 8 months ago) by tnn
Branch: MAIN
Changes since 1.33: +2129 -2571
lines
Diff to previous 1.33 (colored) to selected 1.16 (colored)
merge pkgsrc-20090805
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Wed Aug 5 02:37:10 2009 UTC (14 years, 8 months ago) by tnn
Branch: TNF
CVS Tags: pkgsrc-20090805
Changes since 1.1.1.1: +2128 -2373
lines
Diff to previous 1.1.1.1 (colored) to selected 1.16 (colored)
Import firefox-3.5.2 as www/firefox. from pkgsrc-wip. Firefox 3.5 is based on the Gecko 1.9.1 rendering platform. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use. Some of the notable features are: * Support for the HTML5 <video> and <audio> elements * Improved tools for controlling your private data * Better web application performance using the new TraceMonkey JavaScript engine * The ability to share your location with websites using Location Aware Browsing * Support for native JSON, and web worker threads. * Improvements to the Gecko layout engine, including speculative parsing for faster content rendering. * Support for new web technologies such as: downloadable fonts, CSS media queries, new transformations and properties, JavaScript query selectors, HTML5 local storage and offline application storage, <canvas> text, ICC profiles, and SVG transforms.
Revision 1.33, Wed Aug 5 01:27:31 2009 UTC (14 years, 8 months ago) by tnn
Branch: MAIN
Changes since 1.32: +1 -1
lines
FILE REMOVED
Remove firefox 2.x. Firefox 3.5 branch will be imported in this location. (I opted for removing and re-importing instead of a plain update due to extensive patch rototil) We may encounter minor turbulence as dependent packages are sorted out. Thank you for flying pkgsrc-current.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Jun 14 22:00:21 2009 UTC (14 years, 10 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base,
pkgsrc-2009Q2
Changes since 1.31: +1 -160
lines
Diff to previous 1.31 (colored) to selected 1.16 (colored)
Convert @exec/@unexec to @pkgdir or drop it.
Revision 1.29.4.2 / (download) - annotate - [select for diffs], Fri Sep 26 19:52:40 2008 UTC (15 years, 6 months ago) by tron
Branch: pkgsrc-2008Q2
Changes since 1.29.4.1: +2 -1
lines
Diff to previous 1.29.4.1 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored) to selected 1.16 (colored)
Pullup ticket #2534 - requested by ghen
firefox: security update
firefox-bin: security update
firefox-gtk1: security update
www/firefox-bin/Makefile 1.45
www/firefox-bin/distinfo 1.45
www/firefox-gtk1/Makefile 1.20-1.21
www/firefox-gtk1/PLIST 1.16
www/firefox/Makefile 1.47-1.48
www/firefox/Makefile-firefox.common 1.60
www/firefox/PLIST 1.31
www/firefox/distinfo 1.81-1.82
www/firefox/patches/patch-ee 1.1
www/firefox/patches/patch-ef 1.1
www/firefox/patches/patch-eg 1.1
---
Module Name: pkgsrc
Committed By: martin
Date: Mon Aug 11 10:09:21 UTC 2008
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-gtk1: Makefile
Added Files:
pkgsrc/www/firefox/patches: patch-ee patch-ef patch-eg
Log Message:
Add "unicode" processing alignment patch from mozilla's bugzilla to make
firefox work again on archs requiring strict alignement.
Bump pkgrevision.
---
Module Name: pkgsrc
Committed By: ghen
Date: Wed Sep 24 14:34:36 UTC 2008
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox-gtk1: Makefile PLIST
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.17.
(ok during freeze agc@)
Security fixes in this version:
MFSA 2008-45 XBM image uninitialized memory reading
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.1=
7)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag
MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
Revision 1.31 / (download) - annotate - [select for diffs], Wed Sep 24 14:34:36 2008 UTC (15 years, 6 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3
Changes since 1.30: +2 -1
lines
Diff to previous 1.30 (colored) to selected 1.16 (colored)
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.17. (ok during freeze agc@) Security fixes in this version: MFSA 2008-45 XBM image uninitialized memory reading MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-40 Forced mouse drag MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 UTF-8 URL stack buffer overflow For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
Revision 1.29.4.1 / (download) - annotate - [select for diffs], Fri Jul 18 09:13:31 2008 UTC (15 years, 9 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.29: +1 -2
lines
Diff to previous 1.29 (colored) to selected 1.16 (colored)
pullup ticket 2449 requested by ghen firefox, firefox-bin: update for security fixes revisions pulled up: pkgsrc/www/firefox/Makefile-firefox.common 1.59 pkgsrc/www/firefox/PLIST 1.30 pkgsrc/www/firefox/distinfo 1.80 pkgsrc/www/firefox-bin/Makefile 1.44 pkgsrc/www/firefox-bin/distinfo 1.44 Module Name: pkgsrc Committed By: ghen Date: Wed Jul 16 09:52:56 UTC 2008 Modified Files: pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo pkgsrc/www/firefox-bin: Makefile distinfo Log Message: Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.16. Security fixes in this version: MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 Remote code execution by overflowing CSS reference counter For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
Revision 1.30 / (download) - annotate - [select for diffs], Wed Jul 16 09:52:56 2008 UTC (15 years, 9 months ago) by ghen
Branch: MAIN
CVS Tags: cube-native-xorg-base,
cube-native-xorg
Changes since 1.29: +1 -2
lines
Diff to previous 1.29 (colored) to selected 1.16 (colored)
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.16. Security fixes in this version: MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 Remote code execution by overflowing CSS reference counter For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
Revision 1.28.6.1 / (download) - annotate - [select for diffs], Wed Jul 2 13:13:59 2008 UTC (15 years, 9 months ago) by tron
Branch: pkgsrc-2008Q1
Changes since 1.28: +2 -1
lines
Diff to previous 1.28 (colored) next main 1.29 (colored) to selected 1.16 (colored)
Pullup ticket #2441 - requested by ghen
Security update for firefox, firefox-bin and firefox-gtk1
Revisions pulled up:
- www/firefox-bin/Makefile 1.43
- www/firefox-bin/distinfo 1.43
- www/firefox/Makefile-firefox.common 1.58
- www/firefox/PLIST 1.29
- www/firefox/distinfo 1.78
- www/firefox/patches/patch-af 1.6
- www/firefox/patches/patch-ap 1.9
- www/firefox/patches/patch-de 1.2
---
Module Name: pkgsrc
Committed By: ghen
Date: Wed Jul 2 09:03:35 UTC 2008
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox/patches: patch-af patch-ap patch-de
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.15.
Part of patch-af has been fixed upstream.
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
Revision 1.29 / (download) - annotate - [select for diffs], Wed Jul 2 09:03:35 2008 UTC (15 years, 9 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.28: +2 -1
lines
Diff to previous 1.28 (colored) to selected 1.16 (colored)
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.15. Part of patch-af has been fixed upstream. Security fixes in this version: MFSA 2008-33 Crash and remote code execution in block reflow MFSA 2008-32 Remote site run as local file via Windows URL shortcut MFSA 2008-31 Peer-trusted certs can use alt names to spoof MFSA 2008-30 File location URL in directory listings not escaped properly MFSA 2008-29 Faulty .properties file results in uninitialized memory being used MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript() MFSA 2008-24 Chrome script loading from fastload file MFSA 2008-23 Signed JAR tampering MFSA 2008-22 XSS through JavaScript same-origin violation MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15) For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Thu Aug 2 22:42:51 2007 UTC (16 years, 8 months ago) by salo
Branch: pkgsrc-2007Q2
Changes since 1.27: +3 -1
lines
Diff to previous 1.27 (colored) next main 1.28 (colored) to selected 1.16 (colored)
Pullup ticket 2154 - requested by ghen
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.46, 1.47
- pkgsrc/www/firefox/PLIST 1.28
- pkgsrc/www/firefox/distinfo 1.67, 1.68
- pkgsrc/www/firefox/patches/patch-cn 1.5
- pkgsrc/www/firefox-gtk1/PLIST 1.15
- pkgsrc/www/firefox-bin/Makefile 1.30, 1.32
- pkgsrc/www/firefox-bin/distinfo 1.27, 1.29
- pkgsrc/www/firefox15-bin/DESCR 1.3
- pkgsrc/www/firefox15-gtk1/DESCR 1.3
- pkgsrc/www/firefox15/DESCR 1.3
Module Name: pkgsrc
Committed By: xtraeme
Date: Thu Jul 19 18:20:59 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update to 2.0.0.5:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from
Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an
element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
---
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 08:43:51 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk1: PLIST
pkgsrc/www/firefox/patches: patch-cn
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.5.
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet
Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an
element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue Jul 31 10:06:48 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.6.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 08:47:36 UTC 2007
Modified Files:
pkgsrc/www/firefox15: DESCR
pkgsrc/www/firefox15-bin: DESCR
pkgsrc/www/firefox15-gtk1: DESCR
Log Message:
Firefox 1.5.0.x has been EOL'd.
Revision 1.28 / (download) - annotate - [select for diffs], Thu Jul 26 08:43:50 2007 UTC (16 years, 8 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3
Branch point for: pkgsrc-2008Q1
Changes since 1.27: +3 -1
lines
Diff to previous 1.27 (colored) to selected 1.16 (colored)
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.5. Security fixes in this version: MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to wyciwyg:// documents MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer MFSA 2007-22 File type confusion due to %00 in name MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document MFSA 2007-20 Frame spoofing while window is loading MFSA 2007-19 XSS using addEventListener and setTimeout MFSA 2007-18 Crashes with evidence of memory corruption For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/
Revision 1.27 / (download) - annotate - [select for diffs], Thu May 31 07:25:08 2007 UTC (16 years, 10 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base
Branch point for: pkgsrc-2007Q2
Changes since 1.26: +2 -1
lines
Diff to previous 1.26 (colored) to selected 1.16 (colored)
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.4. Security fixes in this version: MFSA 2007-17 XUL Popup Spoofing MFSA 2007-16 XSS using addEventListener MFSA 2007-14 Path Abuse in Cookies MFSA 2007-13 Persistent Autocomplete Denial of Service MFSA 2007-12 Crashes with evidence of memory corruption For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.4/releasenotes/
Revision 1.26 / (download) - annotate - [select for diffs], Sat May 12 13:53:07 2007 UTC (16 years, 11 months ago) by ghen
Branch: MAIN
Changes since 1.25: +149 -25
lines
Diff to previous 1.25 (colored) to selected 1.16 (colored)
Update to Firefox 2.0.0.3 (nb1), from www/firefox2* (see there for history and change notes). Firefox 1.5.0.x will be maintained in www/firefox15*, as discussed on tech-pkg.
Revision 1.25 / (download) - annotate - [select for diffs], Wed Mar 7 21:32:54 2007 UTC (17 years, 1 month ago) by dmcmahill
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.24: +3 -7
lines
Diff to previous 1.24 (colored) to selected 1.16 (colored)
Dynamically generate the part of the PLIST for libfreebl. This is because the exact names of the freebl libraries depends on the platform and they have a habit of changing even on minor releases. This causes these mozilla packages to be broken quite a lot on platforms other than NetBSD/i386. Hopefully this fix will last longer than previous ones. pkgrevision bumps all around.
Revision 1.22.6.1 / (download) - annotate - [select for diffs], Fri Mar 2 20:17:01 2007 UTC (17 years, 1 month ago) by salo
Branch: pkgsrc-2006Q4
Changes since 1.22: +3 -3
lines
Diff to previous 1.22 (colored) next main 1.23 (colored) to selected 1.16 (colored)
Pullup ticket 2036 - requested by ghen security update for firefox Revisions pulled up: - pkgsrc/www/firefox/Makefile-firefox.common 1.41 - pkgsrc/www/firefox/PLIST 1.24 - pkgsrc/www/firefox/distinfo 1.62 - pkgsrc/www/firefox/patches/patch-ap 1.7 - pkgsrc/www/firefox/patches/patch-ax 1.5 - pkgsrc/www/firefox-gtk1/PLIST 1.11 - pkgsrc/www/firefox-bin/Makefile 1.26 - pkgsrc/www/firefox-bin/distinfo 1.23 - pkgsrc/www/firefox2/Makefile-firefox.common 1.5 - pkgsrc/www/firefox2/PLIST 1.4 - pkgsrc/www/firefox2/distinfo 1.8 - pkgsrc/www/firefox2-bin/Makefile 1.5 - pkgsrc/www/firefox2-bin/distinfo 1.3 - pkgsrc/www/firefox2-gtk1/PLIST 1.3 Module Name: pkgsrc Committed By: ghen Date: Sat Feb 24 17:26:43 UTC 2007 Modified Files: pkgsrc/www/firefox2: Makefile-firefox.common PLIST distinfo pkgsrc/www/firefox2-bin: Makefile distinfo pkgsrc/www/firefox2-gtk1: PLIST Log Message: Update firefox2, firefox2-bin and firefox2-gtk1 to 2.0.0.2. Fixed in this version: MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow MFSA 2007-05 XSS and local file access by opening blocked popups MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot MFSA 2007-03 Information disclosure through cache collisions MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/ --- Module Name: pkgsrc Committed By: ghen Date: Sun Feb 25 00:43:24 UTC 2007 Modified Files: pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo pkgsrc/www/firefox-bin: Makefile distinfo pkgsrc/www/firefox-gtk1: PLIST pkgsrc/www/firefox/patches: patch-ap patch-ax Removed Files: pkgsrc/www/firefox/patches: patch-ed Log Message: Update firefox, firefox-bin and firefox-gtk1 to 1.5.0.10. Fixed in this version: Fixed in Firefox 1.5.0.10 MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow MFSA 2007-05 XSS and local file access by opening blocked popups MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot MFSA 2007-03 Information disclosure through cache collisions MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
Revision 1.24 / (download) - annotate - [select for diffs], Sun Feb 25 00:43:23 2007 UTC (17 years, 1 month ago) by ghen
Branch: MAIN
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored) to selected 1.16 (colored)
Update firefox, firefox-bin and firefox-gtk1 to 1.5.0.10. Fixed in this version: Fixed in Firefox 1.5.0.10 MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow MFSA 2007-05 XSS and local file access by opening blocked popups MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot MFSA 2007-03 Information disclosure through cache collisions MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
Revision 1.23 / (download) - annotate - [select for diffs], Sun Feb 4 00:15:49 2007 UTC (17 years, 2 months ago) by dmcmahill
Branch: MAIN
Changes since 1.22: +6 -2
lines
Diff to previous 1.22 (colored) to selected 1.16 (colored)
Get these mozilla clients to work on Solaris-2.9/sparc. There were two issues. The PLIST was incorrect and since the PLIST is used by the "moz-install" script, anything missing from the PLIST is never installed even when building from source. When libfreebl* were not installed it caused the clients to fail to load the security component and fail with "The browser failed to load its security component". The second issue is that many installations of solaris-2.9 include various glib/gtk/gnome libraries in /usr/lib. This causes failures because the pkgsrc ones were used at link time and the /usr/lib ones at run time. Work around this by setting a LD_LIBRARY_PATH that includes the pkgsrc lib directory first. pkgrevision bumps all around.
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jun 7 15:23:21 2006 UTC (17 years, 10 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Branch point for: pkgsrc-2006Q4
Changes since 1.21: +2 -0
lines
Diff to previous 1.21 (colored) to selected 1.16 (colored)
Add some additional headers introduced with ff1504/tb1504/sm102. Not worth bumping PKGREVISION for.
Revision 1.19.2.2 / (download) - annotate - [select for diffs], Thu Feb 9 10:32:29 2006 UTC (18 years, 2 months ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.19.2.1: +2 -1
lines
Diff to previous 1.19.2.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored) to selected 1.16 (colored)
Pullup ticket 1102 - requested by Geert Hendrickx
security update for firefox and thunderbird
Updated via patch from the submitter, includes these changes:
Module Name: pkgsrc
Committed By: joerg
Date: Fri Dec 30 21:35:58 UTC 2005
Modified Files:
pkgsrc/mail/thunderbird/patches: patch-ab patch-ac patch-aq patch-ba
patch-bo patch-bs
Added Files:
pkgsrc/mail/thunderbird/patches: patch-ar patch-da patch-db patch-dc
patch-de patch-df patch-dg patch-dh patch-dj patch-dk patch-dl
patch-dm patch-do patch-ds patch-dt
Log Message:
Add DragonFly build support, partly based on the patches from
www/firefox.
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jan 4 08:55:08 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: distinfo
Log Message:
Also commit distinfo. Reminded by wiz@.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:49:05 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common PLIST
distinfo
pkgsrc/mail/thunderbird-gtk1: Makefile PLIST
pkgsrc/mail/thunderbird/patches: patch-aa patch-ab patch-ac patch-af
patch-ag patch-ai patch-aj patch-al patch-ap patch-aq patch-aw
patch-ax patch-bb patch-bo patch-bq patch-br patch-db patch-de
patch-df
Removed Files:
pkgsrc/mail/thunderbird-gtk1: MESSAGE
pkgsrc/mail/thunderbird/patches: patch-bt patch-bw patch-cc patch-ce
patch-cf
Log Message:
Update to Thunderbird 1.5.
What's new:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Thunderbird may now be half
a megabyte or smaller. Updating extensions has also improved.
* Sort address autocomplete results by how often you send e-mail
to each recipient.
* Spell check as you type.
* Saved Search Folders can now search across multiple accounts.
* Built in phishing detector to help protect users against email scams.
* Podcasting and other RSS Improvements.
* Deleting attachments from messages.
* Integration with server side spam filtering.
* Reply and forward actions for message filters.
* Kerberos Authentication.
* Auto save as draft for mail composition.
* Message aging.
* Filters for Global Inbox.
* Improvements to product usability including redesigned options
interface, and SMTP server management.
* Many security enhancements.
For a more detailed list of changes, see
http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html
Ok with wiz.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:43:59 UTC 2006
Modified Files:
pkgsrc/www/mozilla: Makefile.common
Log Message:
Set CATEGORIES ?=www (instead of =) such that thunderbird (and later
sunbird) can override it. Ok for wiz.
---
odule Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:46:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk1: Makefile PLIST
Added Files:
pkgsrc/www/firefox/patches: patch-dw patch-dx
Removed Files:
pkgsrc/www/firefox/patches: patch-bugzilla-319004
Log Message:
Update to Firefox 1.5.0.1, a bug fix release for Firefox 1.5.
What's new:
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
For a more detailed list changes, see
http://www.squarefree.com/burningedge/releases/1.5.0.1.html
Ok with wiz.
Revision 1.21 / (download) - annotate - [select for diffs], Sun Feb 5 14:46:31 2006 UTC (18 years, 2 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.20: +2 -1
lines
Diff to previous 1.20 (colored) to selected 1.16 (colored)
Update to Firefox 1.5.0.1, a bug fix release for Firefox 1.5. What's new: * Improved stability. * Improved support for Mac OS X. * International Domain Name support for Iceland (.is) is now enabled. * Fixes for several memory leaks. * Several security enhancements. For a more detailed list changes, see http://www.squarefree.com/burningedge/releases/1.5.0.1.html Ok with wiz.
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Thu Dec 29 18:15:50 2005 UTC (18 years, 3 months ago) by seb
Branch: pkgsrc-2005Q4
Changes since 1.19: +9 -1
lines
Diff to previous 1.19 (colored) to selected 1.16 (colored)
Pullup ticket 976 - requested by Julio M. Merino Vidal
fix firefox installation hence unbreak epiphany, yelp and fix meta-pkg/gnome
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.26
- pkgsrc/www/firefox/PLIST 1.20
- pkgsrc/www/epiphany/Makefile 1.44
- pkgsrc/misc/yelp/Makefile 1.38
Module Name: pkgsrc
Committed By: jmmv
Date: Wed Dec 28 18:11:56 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile PLIST
Log Message:
Install the .pc files again, removed during the update to 1.5 (thus breaking
packages needing them, e.g., epiphany). Bump PKGREVISION to 2.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Wed Dec 28 18:12:33 UTC 2005
Modified Files:
pkgsrc/www/epiphany: Makefile
Log Message:
Unbreak this package by requiring a firefox package that provides the .pc
files.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Wed Dec 28 18:19:07 UTC 2005
Modified Files:
pkgsrc/misc/yelp: Makefile
Log Message:
Unbreak this package by requiring a firefox package that provides the .pc
files.
Revision 1.20 / (download) - annotate - [select for diffs], Wed Dec 28 18:11:56 2005 UTC (18 years, 3 months ago) by jmmv
Branch: MAIN
Changes since 1.19: +9 -1
lines
Diff to previous 1.19 (colored) to selected 1.16 (colored)
Install the .pc files again, removed during the update to 1.5 (thus breaking packages needing them, e.g., epiphany). Bump PKGREVISION to 2.
Revision 1.19 / (download) - annotate - [select for diffs], Sat Dec 10 13:47:22 2005 UTC (18 years, 4 months ago) by taya
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.18: +456 -250
lines
Diff to previous 1.18 (colored) to selected 1.16 (colored)
Update firefox & firefox-gtk1 to 1.5 Including fix for long title & history file problem. http://www.mozilla.org/security/history-title.html https://bugzilla.mozilla.org/show_bug.cgi?id=319004 What's New in Firefox 1.5 Firefox 1.5 is the next version of our award-winning Web browser. Here's what's new in Firefox 1.5: * Automated update to streamline product upgrades. Notification of an update is more prominent, and updates to Firefox may now be half a megabyte or smaller. Updating extensions has also improved. * Faster browser navigation with improvements to back and forward button performance. * Drag and drop reordering for browser tabs. * Improvements to popup blocking. * Clear Private Data feature provides an easy way to quickly remove personal data through a menu item or keyboard shortcut. * Answers.com is added to the search engine list. * Improvements to product usability including descriptive error pages, redesigned options menu, RSS discovery, and "Safe Mode" experience. * Better accessibility including support for DHTML accessibility and assistive technologies such as the Window-Eyes 5.5 beta screen reader for Microsoft Windows. Screen readers read aloud all available information in applications and documents or show the information on a Braille display, enabling blind and visually impaired users to use equivalent software functionality as their sighted peers. * Report a broken Web site wizard to report Web sites that are not working in Firefox. * Better support for Mac OS X (10.2 and greater) including profile migration from Safari and Mac Internet Explorer. * New support for Web Standards including SVG, CSS 2 and CSS 3, and JavaScript 1.6. * Many security enhancements. The Burning Edge has more detailed lists of new features and notable bug fixes. http://www.squarefree.com/burningedge/releases/1.5-comprehensive.html
Revision 1.18 / (download) - annotate - [select for diffs], Thu Sep 22 14:14:04 2005 UTC (18 years, 7 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.17: +2 -1
lines
Diff to previous 1.17 (colored) to selected 1.16 (colored)
Update www/firefox and www/firefox-gtk1 to version 1.0.7. Changes from
version 1.0.6 include:
* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being
parsed by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC)
script that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes
Approved by taya.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 17 02:35:19 2005 UTC (18 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.16: +1 -4
lines
Diff to previous 1.16 (colored)
For the native firefox and mozilla packages, move the module/extension registration out of the installation step and into the INSTALL script. Also, remove the registration commands from the PLIST as well. Putting them into the INSTALL script allows for the same commands to be run in the same way, so that there are fewer differences between installing from source and installing from a binary package. Also, this makes these packages pass CHECK_FILES=yes. Bump the PKGREVISION of firefox, firefox-gtk1, mozilla, and mozilla-gtk2. Also, include bsd.pkg.mk from the package Makefiles, not from within Makefile.common. This is a style issue and allows for appending to variables originally defined in Makefile.common from the package Makefile.
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Thu Jul 21 02:49:04 2005 UTC (18 years, 9 months ago) by snj
Branch: pkgsrc-2005Q2
Changes since 1.15: +3 -2
lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
Pullup ticket 613 - requested by Shin'ichiro TAYA
security update for firefox and firefox-gtk1
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.19, 1.20
- pkgsrc/www/firefox/PLIST 1.16
- pkgsrc/www/firefox/distinfo 1.34, 1.35
- pkgsrc/www/firefox-gtk1/PLIST 1.5
- pkgsrc/www/firefox/buildlink3.mk 1.6
- pkgsrc/www/firefox-gtk1/buildlink3.mk 1.5
Module Name: pkgsrc
Committed By: taya
Date: Thu Jul 14 16:38:42 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk1: PLIST
Log Message:
Update firefox & firefox-gtk1 to 1.0.5.
Firefox 1.0.5 is a security update.
Fixed vulnerabilities are:
2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the
browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
----
Module Name: pkgsrc
Committed By: taya
Date: Wed Jul 20 23:33:30 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common buildlink3.mk distinfo
pkgsrc/www/firefox-gtk1: buildlink3.mk
Log Message:
update firefox & firefox-gtk1 to 1.0.6
Firefox 1.0.6 is a stability update. We recommend that users upgrade
to this latest version.
Here's what's new in Firefox 1.0.6:
* Restore API compatibility for extensions and web applications
that did not work in Firefox 1.0.5.
Revision 1.16 / (download) - annotate - [selected], Thu Jul 14 16:38:41 2005 UTC (18 years, 9 months ago) by taya
Branch: MAIN
Changes since 1.15: +3 -2
lines
Diff to previous 1.15 (colored)
Update firefox & firefox-gtk1 to 1.0.5. Firefox 1.0.5 is a security update. Fixed vulnerabilities are: 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-54 Javascript prompt origin spoofing MFSA 2005-53 Standalone applications can run arbitrary code through the browser MFSA 2005-52 Same origin violation: frame calling top.focus() MFSA 2005-51 The return of frame-injection spoofing MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() MFSA 2005-49 Script injection from Firefox sidebar panel using data: MFSA 2005-48 Same-origin violation with InstallTrigger callback MFSA 2005-47 Code execution via "Set as Wallpaper" MFSA 2005-46 XBL scripts ran even when Javascript disabled MFSA 2005-45 Content-generated event vulnerabilities
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Mon May 16 15:07:13 2005 UTC (18 years, 11 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.12: +11 -42
lines
Diff to previous 1.12 (colored) next main 1.13 (colored) to selected 1.16 (colored)
Pullup ticket 504 - requested by Shin'ichiro TAYA
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.15
- pkgsrc/www/firefox/Makefile-firefox.common 1.14, 1.16-1.18
- pkgsrc/www/firefox/PLIST 1.13-1.15
- pkgsrc/www/firefox/buildlink3.mk 1.5
- pkgsrc/www/firefox/distinfo 1.29
- pkgsrc/www/firefox-gtk1/PLIST 1.3-1.4
- pkgsrc/www/firefox-gtk1/buildlink3.mk 1.4
Module Name: pkgsrc
Committed By: taya
Date: Wed Apr 13 13:34:26 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
pkgsrc/www/firefox-gtk1: PLIST
Log Message:
change extensions list as same as Linux official build.
bump PKGREVISION.
fix PR pkg/29595
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 15 12:42:27 UTC 2005
Modified Files:
pkgsrc/www/firefox: PLIST
Log Message:
Add two @exec ${MKDIR} lines for empty directories which have @dirrm
lines, to fix binary packages.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 15 12:44:30 UTC 2005
Modified Files:
pkgsrc/www/firefox-gtk1: PLIST
Log Message:
Add an @exec ${MKDIR} line for an empty directory which has a @dirrm
line, to fix binary packages.
---
Module Name: pkgsrc
Committed By: taya
Date: Sun Apr 24 14:00:12 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common
Log Message:
concatinate extensions with separator ',' and set to MOZILLA_EXTENSIONS,
instead of using ':ts' modifier.
becase make of NetBSD-1.6.x doesn't have it.
suggested by Jeremy C. Reed.
---
Module Name: pkgsrc
Committed By: reed
Date: Mon Apr 25 19:26:10 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common
Log Message:
Make sure build is without gssapi support. (Okayed by maintainer,
taya ... well really he said "I don't object your idea.")
This fixes a build bug when heimdal is detected but not buildlinked.
It is a known mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=245467
I didn't put this in the mozilla/Makefile.common, because didn't test
that yet.
This issue probably only happens when using /usr as the LOCALBASE,
which is not really supported and maybe I am the only one to hit this
with pkgsrc.
Maybe later someone can consider adding a build option for GSSAPI,
but I don't know anything about it in regards to a web browser myself.
---
Module Name: pkgsrc
Committed By: taya
Date: Sat May 14 15:27:10 UTC 2005
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST
buildlink3.mk distinfo
pkgsrc/www/firefox-gtk1: buildlink3.mk
Log Message:
Update firefox & firefox-gtk1 to 1.0.4.
This is a security fix release.
Fixed vulnerabilities are follows:
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
Revision 1.15 / (download) - annotate - [select for diffs], Sat May 14 15:27:10 2005 UTC (18 years, 11 months ago) by taya
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base
Branch point for: pkgsrc-2005Q2
Changes since 1.14: +9 -1
lines
Diff to previous 1.14 (colored) to selected 1.16 (colored)
Update firefox & firefox-gtk1 to 1.0.4. This is a security fix release. Fixed vulnerabilities are follows: MFSA 2005-44 Privilege escalation via non-DOM property overrides MFSA 2005-43 "Wrapped" javascript: urls bypass security checks MFSA 2005-42 Code execution via javascript: IconURL
Revision 1.14 / (download) - annotate - [select for diffs], Fri Apr 15 12:42:27 2005 UTC (19 years ago) by wiz
Branch: MAIN
Changes since 1.13: +3 -1
lines
Diff to previous 1.13 (colored) to selected 1.16 (colored)
Add two @exec ${MKDIR} lines for empty directories which have @dirrm lines,
to fix binary packages.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Apr 13 13:34:26 2005 UTC (19 years ago) by taya
Branch: MAIN
Changes since 1.12: +0 -41
lines
Diff to previous 1.12 (colored) to selected 1.16 (colored)
change extensions list as same as Linux official build. bump PKGREVISION. fix PR pkg/29595
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Wed Mar 9 19:16:39 2005 UTC (19 years, 1 month ago) by salo
Branch: pkgsrc-2004Q4
Changes since 1.11: +11 -1
lines
Diff to previous 1.11 (colored) next main 1.12 (colored) to selected 1.16 (colored)
Pullup ticket 339 - requested by Shin'ichiro TAYA
security fix for firefox
Patch supplied by submitter, equals to:
Module Name: pkgsrc
Committed By: taya
Date: Sun Feb 27 13:20:43 UTC 2005
Log Message:
Update firefox to 1.0.1.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 27 13:20:43 2005 UTC (19 years, 1 month ago) by taya
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.11: +37 -7
lines
Diff to previous 1.11 (colored) to selected 1.16 (colored)
Update firefox to 1.0.1. And switched to use gtk2. Changes from release notes: * Improved stability * International Domain Names are now displayed as punycode. (To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.) * Several security fixes. MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files MFSA 2005-27 Plugins can be used to load privileged content MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab MFSA 2005-25 Image drag and drop executable spoofing MFSA 2005-24 HTTP auth prompt tab spoofing MFSA 2005-23 Download dialog source spoofing MFSA 2005-22 Download dialog spoofing using Content-Disposition header MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts MFSA 2005-19 Autocomplete data leak MFSA 2005-18 Memory overwrite in string library MFSA 2005-17 Install source spoofing with user:pass@host MFSA 2005-16 Spoofing download and security dialogs with overlapping windows MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion MFSA 2005-14 SSL "secure site" indicator spoofing MFSA 2005-13 Window Injection Spoofing
Revision 1.11 / (download) - annotate - [select for diffs], Fri Dec 3 16:45:54 2004 UTC (19 years, 4 months ago) by taya
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base
Branch point for: pkgsrc-2004Q4
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored) to selected 1.16 (colored)
generate extension directory & related stuff at install time. fix PR pkg/28396 bump PKGREVISION
Revision 1.7.2.1 / (download) - annotate - [select for diffs], Tue Nov 30 23:29:15 2004 UTC (19 years, 4 months ago) by salo
Branch: pkgsrc-2004Q3
Changes since 1.7: +11 -8
lines
Diff to previous 1.7 (colored) next main 1.8 (colored) to selected 1.16 (colored)
Pullup ticket 139 - requested by Thomas Klausner
security fixes for mozilla and firefox
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 11:52:09 UTC 2004
Modified Files:
pkgsrc/www/mozilla: distinfo
Log Message:
bring across a patch in Firefox for using thread-safe resolver
library functions on NetBSD >=2.0F.
---
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 11:52:45 UTC 2004
Modified Files:
pkgsrc/www/mozilla/patches: patch-br
Log Message:
bring across a patch in Firefox for using thread-safe resolver
library functions on NetBSD >=2.0F.
---
Module Name: pkgsrc
Committed By: sekiya
Date: Mon Oct 25 13:02:15 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile.common distinfo
pkgsrc/www/mozilla/patches: patch-bt
Log Message:
Force gcc34 and use the right varargs macro for amd64. Mozilla
(and its derivatives) now appears to work properly on amd64.
Patches from Nicholas Joly.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Mon Oct 25 18:06:26 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile Makefile.common PLIST
pkgsrc/www/mozilla-gtk2: Makefile PLIST
pkgsrc/www/mozilla/files: moz-install
Log Message:
Modify mozilla and mozilla-gtk2 to install several additional headers.
More specifically, this lets Mozilla NSS be used by other programs.
Also make the pkgconfig substitutions happen at post-build time, so
that the right rpaths are added to the mozilla-nspr.pc file (which is
filled in during the build).
Bump PKGREVISION to 1 for both packages. Ok'ed by taya@, the
maintainer.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 12 02:11:22 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile distinfo
pkgsrc/www/mozilla-gtk2: Makefile
Added Files:
pkgsrc/www/mozilla/patches: patch-bj
Log Message:
Update mozilla and mozilla-gtk2 to 1.7.3nb2 with a security fix
from mozilla CVS.
---
Module Name: pkgsrc
Committed By: kristerw
Date: Mon Nov 1 18:07:24 UTC 2004
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-bt
Log Message:
Use __va_copy instead of va_copy for NetBSD. This is needed on gcc
3.4 since the build use -ansi that in turn makes gcc 3.4 modify its
predefined symbols in such a way that va_copy is not defined.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Tue Nov 9 20:10:14 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
Update firefox and firefox-gtk2 to 1.0.
This is a bugfix release, to fix the problems reported in Preview
Releases, etc.
---
Module Name: pkgsrc
Committed By: taya
Date: Wed Nov 10 14:38:45 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
Log Message:
- correct path of mirror site
- add some missing files to PLIST
---
Module Name: pkgsrc
Committed By: taya
Date: Wed Nov 10 14:40:24 UTC 2004
Modified Files:
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
add some missing files to PLIST
---
Module Name: pkgsrc
Committed By: taya
Date: Sat Nov 13 07:03:08 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
Log Message:
remove typeahead extension that confilicts with buildin typeahead
component.
fix pkg/28164.
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: taya
Date: Sat Nov 13 08:57:54 UTC 2004
Modified Files:
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
remove typeahead extension
Revision 1.10 / (download) - annotate - [select for diffs], Sat Nov 13 07:03:08 2004 UTC (19 years, 5 months ago) by taya
Branch: MAIN
Changes since 1.9: +1 -5
lines
Diff to previous 1.9 (colored) to selected 1.16 (colored)
remove typeahead extension that confilicts with buildin typeahead component. fix pkg/28164. bump PKGREVISION
Revision 1.9 / (download) - annotate - [select for diffs], Wed Nov 10 14:38:45 2004 UTC (19 years, 5 months ago) by taya
Branch: MAIN
Changes since 1.8: +11 -1
lines
Diff to previous 1.8 (colored) to selected 1.16 (colored)
- correct path of mirror site - add some missing files to PLIST
Revision 1.8 / (download) - annotate - [select for diffs], Tue Nov 9 20:10:14 2004 UTC (19 years, 5 months ago) by xtraeme
Branch: MAIN
Changes since 1.7: +1 -4
lines
Diff to previous 1.7 (colored) to selected 1.16 (colored)
Update firefox and firefox-gtk2 to 1.0. This is a bugfix release, to fix the problems reported in Preview Releases, etc.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Sep 20 08:03:42 2004 UTC (19 years, 7 months ago) by taya
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base
Branch point for: pkgsrc-2004Q3
Changes since 1.6: +37 -34
lines
Diff to previous 1.6 (colored) to selected 1.16 (colored)
Update firefox & firefox-gtk2 to 0.10 (a.k.a. 1.0PR)
from Release Notes:
---
Firefox is a fast, full-featured browser that makes browsing more
efficient than ever before. More information about Firefox is
available.
Firefox Preview Release (henceforth refered to as PR) is a Technology
Preview. While this software works well enough to be relied upon as
your primary browser in most cases, we make no guarantees of its
performance or stability. It is a pre-release product and should not
be relied upon for mission-critical tasks. See the License Agreement
for more information.
These release notes cover what's new, download and installation
instructions, known issues and frequently asked questions for the
Firefox PR release. Please read these notes and the bug filing
instructions before reporting any bugs to Bugzilla.
We want to hear your feedback about Firefox. Please join us in the
Firefox forums, hosted by MozillaZine.
What's New
Here's what's new in this release of Firefox:
* Live Bookmarks
You can now subscribe to and read RSS feeds in your
Bookmarks. When you visit a page that advertises a RSS feed by using a
<link> tag, a RSS icon will appear in the status bar. Click it to view
a list of feeds the page is offering. Click one to subscribe - this
adds a Bookmark Folder that contains all the recent posts from the
feed.
* Improved Find
Find is easier and more powerful now with our new Find
toolbar. The Find toolbar (which shows at the bottom of the browser
window) automatically highlights text in the page as you type and has
a useful highlight feature.
* Managing Annoyances and Protecting Security
You can now open blocked popups, and the Extension install
system now blocks all attempts to install software from sites other
than update.mozilla.org. Users can add other sites to a list that
allows them to offer software, but software is never automatically
installed. In addition to these steps, several other measures have
been taken to prevent phishing attacks and to highlight when a page is
being viewed over a secure connection.
* Better Bookmarks
Numerous improvements to bookmarks including more reliable
presentation of Site icons, and a split pane view in the Bookmarks
window.
* Strong Encryption For Passwords Available
Passwords saved with the Password Manager can now be more easily
encrypted with strong encryption by creating a "Master Password". If
you create a Master Password, you are prompted once per session to
enter the Master Password so that Password Manager can automatically
fill in site logins. A useful feature for people who share computers
with others and want improved security.
* Improved Compatibility for IE users
Undetectable document.all support for site compatibility and
improved compatibility for keyboard accelerators further smooth the
transition for IE users
* Better System Integration for GNOME users
You can now configure Firefox as your Default Browser on GNOME,
and Firefox will adhere to your GNOME settings for edit field key
bindings, etc.
* And a horde of other bug fixes...
See The Burning Edge's Bigger Picture for more details.
-----
Several security holes have been fixed. See the page bellow for
detail.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jun 23 16:47:12 2004 UTC (19 years, 10 months ago) by taya
Branch: MAIN
Changes since 1.5: +85 -77
lines
Diff to previous 1.5 (colored) to selected 1.16 (colored)
Update firefox to 0.9 Here's what's new in this release of Firefox: * New Default Theme An updated Default Theme now presents a uniform appearance across all three platforms - a new crisp, clear look for Windows users. Finetuning for GNOME will follow in future releases. * Comprehensive Data Migration Switching to Firefox has never been easier now that Firefox imports data like Favorites, History, Settings, Cookies and Passwords from Internet Explorer. Firefox can also import from Mozilla 1.x, Netscape 4.x, 6.x and 7.x, and Opera. MacOS X and Linux migrators for browsers like Safari, OmniWeb, Konqueror etc. will arrive in future releases. * Extension/Theme Manager New Extension and Theme Managers provide a convenient way to manage and update your add-ons. SmartUpdate also notifies you of updates to Firefox. * Help A new online help system is available. * Lots of bug fixes and improvements Copy Image, the ability to delete individual items from Autocomplete lists, SMB/SFTP support on GNOME via gnome-vfs, better Bookmarks, Search and many other refinements fine tune the browsing experience. For Linux/GTK2 Users * Look and Feel Updates Ongoing improvements have been made to improve the way Firefox adheres to your GTK2 themes, such as menus. * Talkback for GTK2 Help us nail down crashes by submitting talkback reports with this crash reporting tool.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Jun 19 17:37:37 2004 UTC (19 years, 10 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.4: +1 -9
lines
Diff to previous 1.4 (colored) to selected 1.16 (colored)
Undo my previous commit to install pkgconfig (.pc) files, we should to use CONFLICTS, because they are installing the same files...
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jun 18 22:40:04 2004 UTC (19 years, 10 months ago) by xtraeme
Branch: MAIN
Changes since 1.3: +9 -1
lines
Diff to previous 1.3 (colored) to selected 1.16 (colored)
Install the .pc (pkgconfig) files, which were disabled in PLIST, they are required to build some packages. Bump PKGREVISION.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Mar 10 12:57:01 2004 UTC (20 years, 1 month ago) by taya
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.2: +1 -3
lines
Diff to previous 1.2 (colored) to selected 1.16 (colored)
correct PLIST remove non-exist file & not needed file bump PKGREVISION
Revision 1.2 / (download) - annotate - [select for diffs], Wed Mar 3 17:54:38 2004 UTC (20 years, 1 month ago) by bouyer
Branch: MAIN
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored) to selected 1.16 (colored)
The security component needs libfreebl_hybrid_3.so on SunOS/sparc, so add it to PLIST so that moz-install will copy it (the mozilla packages are correct). It seems that firefox dosn't need libfreebl_pure32_3.so to use SSL, so I didn't add it to the PLIST.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Feb 29 17:44:58 2004 UTC (20 years, 1 month ago) by xtraeme
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored) to selected 1.16 (colored)
Initial import of firefox-0.8, provided by Kouichirou Hiratsuka in PR pkg/24603. Mozilla Firefox is a free, open-source and cross-platform web browser for Windows, Linux, MacOS X and many other operating systems. It is small, fast and easy to use, and offers many advantages over other web browsers, such as tabbed browsing and the ability to block pop-up windows. Firefox also offers excellent bookmark and history management, and it can be extended by developers using industry standards such as XML, CSS, JavaScript, C++, etc. Many extensions are available.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Feb 29 17:44:58 2004 UTC (20 years, 1 month ago) by xtraeme
Branch: MAIN
Diff to selected 1.16 (colored)
Initial revision