![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.75 / (download) - annotate - [select for diffs], Thu Aug 17 20:43:43 2023 UTC (7 months, 4 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
HEAD
Changes since 1.74: +9 -2
lines
Diff to previous 1.74 (colored) to selected 1.13 (colored)
firefox: Update to 116.0.3
* Make speech-dispatcher denendency as optional and disabled by default.
Changelog:
116.0.3:
Fixed
* Fixed an issue for OPFS users (especially those using the Adobe Photoshop)
that broke access to files that were locally cached in a previous version.
(bug 1847989, bug 1847619)
* Fixed an issue that was breaking screensharing for some users on Wayland. (
bug 1841851)
* Fixed an issue where a fullscreen notification was persistently being shown
to a user, even after disabling it. (bug 1847901)
* Fixed an issue where Firefox would hang when doing a Google search. (bug
1847066)
116.0.2:
Fixed
* Fixed an issue that was causing keystrokes to be scrambled for users using
ZoneAlarm anti-keylogger. (bug 1847033)
116.0.1:
Fixed
* Fixed an issue which caused chart elements to render incorrectly for
Windows users. (bug 1846613)
Revision 1.74 / (download) - annotate - [select for diffs], Sat Jul 22 09:00:24 2023 UTC (8 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored) to selected 1.13 (colored)
firefox: Enable alsa backend by default on Linux
Revision 1.73 / (download) - annotate - [select for diffs], Wed Apr 5 14:22:35 2023 UTC (12 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored) to selected 1.13 (colored)
firefox: Update to 111.0.1
* Enable eventfd(2) for NetBSD 10 or later.
* Fix LICENSE in official Firefox branding case.
Changelog:
111.0.1
Fixed
* Fixed a crash on macOS while pinch-zooming under some circumstances (bug
1658986).
* Fixed a bug causing Firefox to freeze on startup for some Windows users (
bug 1823159).
111.0
New
* Windows native notifications are now enabled.
* Firefox Relay users can now opt-in to create Relay email masks directly
from the Firefox credential manager. You must be signed in with your
Firefox Account.
* We've added two new locales: Silhe Friulian (fur) and Sardinian (sc).
Fixed
* Various security fixes.
Security fixes
#CVE-2023-28159: Fullscreen Notification could have been hidden by download
popups on Android
#CVE-2023-25748: Fullscreen Notification could have been hidden by window
prompts on Android
#CVE-2023-25749: Firefox for Android may have opened third-party apps without a
prompt
#CVE-2023-25750: Potential ServiceWorker cache leak during private browsing
mode
#CVE-2023-25751: Incorrect code generation during JIT compilation
#CVE-2023-28160: Redirect to Web Extension files may have leaked local path
#CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the
same tab triggered navigation
#CVE-2023-28161: One-time permissions granted to a local file were extended to
other local files loaded in the same tab
#CVE-2023-28162: Invalid downcast in Worklets
#CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
#CVE-2023-28163: Windows Save As dialog resolved environment variables
#CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
#CVE-2023-28177: Memory safety bugs fixed in Firefox 111
Revision 1.72 / (download) - annotate - [select for diffs], Sat Oct 8 21:18:55 2022 UTC (18 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.71: +2 -3
lines
Diff to previous 1.71 (colored) to selected 1.13 (colored)
firefox: Update to 105.0.3
* Add --enable-new-pass-manager.
* Disable sysutils/dbus dependency for non-Linux platforms by default.
Changelog:
105.0.3:
Fixed
* Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
software installed (bug 1794064)
105.0.2:
Fixed
* Fixed poor contrast on various menu items with certain themes on Linux
systems (bug 1792063)
* Fixed the scrollbar appearing on the wrong side of select elements in
right-to-left locales (bug 1791219)
* Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug
1786259)
* Fixed a bug causing some dynamic appearance changes to not appear when
expected (bug 1786521)
* Fixed a bug causing theme styling to not be properly applied to sidebars
for some add-ons in Private Browsing Mode (bug 1787543)
105.0.1:
Fixed
* Reverted focus behavior for new windows back to the content area
instead of the address bar (bug 1784692)
105.0:
New
* Added an option to print only the current page from the print preview
dialog.
* Firefox now supports partitioned service workers in third-party contexts.
You can register service workers in a third-party iframe and it will be
partitioned under the top-level domain.
* Swipe to navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) on Windows is now enabled.
* Firefox is now compliant with the User Timing L3 specification, which adds
additional optional arguments to the performance.mark and
performance.measure methods to provide custom start times, end times,
duration, and attached details.
* Searching in large lists for individual items is now 2x faster. This
performance enhancement replaces array.includes and array.indexOf with an
optimized SIMD version.
Fixed
* Stability on Windows is significantly improved as Firefox handles
low-memory situations much better.
* Touchpad scrolling on macOS was made more accessible by reducing unintended
diagonal scrolling opposite of the intended scroll axis.
* Firefox is less likely to run out of memory on Linux and performs more
efficiently for the rest of the system when memory runs low.
* Various security fixes.
Web Platform
* Support for the Offscreen Canvas DOM API with full context and font
support. The OffscreenCanvas API provides a canvas that can be rendered
off-screen in both Window and Web Worker contexts.
Security fixes:
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host
and __Secure prefix
#CVE-2022-40961: Stack-buffer overflow when initializing Graphics
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jul 27 17:09:46 2022 UTC (20 months, 2 weeks ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.70: +3 -1
lines
Diff to previous 1.70 (colored) to selected 1.13 (colored)
firefox: fix build without dbus; --disable-necko-wifi invalid on BSD
Revision 1.70 / (download) - annotate - [select for diffs], Mon Jul 25 13:57:01 2022 UTC (20 months, 3 weeks ago) by tnn
Branch: MAIN
Changes since 1.69: +2 -1
lines
Diff to previous 1.69 (colored) to selected 1.13 (colored)
firefox: --disable-necko-wifi is mandated with --disable-dbus At least on platforms where the geolocation API is implemented (i.e. Linux)
Revision 1.69 / (download) - annotate - [select for diffs], Sun Jul 24 16:33:09 2022 UTC (20 months, 3 weeks ago) by rjs
Branch: MAIN
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored) to selected 1.13 (colored)
Fix build on NetBSD/aarch64 with webrtc.
Revision 1.68 / (download) - annotate - [select for diffs], Wed Jul 20 22:09:56 2022 UTC (20 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.67: +2 -2
lines
Diff to previous 1.67 (colored) to selected 1.13 (colored)
firefox: pkglint cleanup
Revision 1.67 / (download) - annotate - [select for diffs], Sun Jul 17 17:37:11 2022 UTC (21 months ago) by tnn
Branch: MAIN
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored) to selected 1.13 (colored)
firefox: enable webrtc by default only on x86 libwebrtc build is borked on at least arm and aarch64
Revision 1.66 / (download) - annotate - [select for diffs], Fri May 13 14:12:53 2022 UTC (23 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2
Changes since 1.65: +23 -11
lines
Diff to previous 1.65 (colored) to selected 1.13 (colored)
firefox: Update to 100.0
* Simplify some option logics.
* Add sunaudio and jack options as audio backends.
Changelog
100.0:
New
* We now support captions/subtitles display on YouTube, Prime Video, and
Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles
on the in-page video player, and they will appear in PiP.
* Picture-in-Picture now also supports video captions on websites that use
WebVTT (Web Video Text Track) format, like Coursera.org, Canadian
Broadcasting Corporation, and many more.
* On the first run after install, Firefox detects when its language does not
match the operating system language and offers the user a choice between
the two languages.
* Firefox spell checking now checks spelling in multiple languages. To enable
additional languages, select them in the text field's context menu.
* HDR video is now supported in Firefox on Mac --- starting with YouTube!
Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
higher-fidelity video content. No need to manually flip any preferences to
turn HDR video support on --- just make sure battery preferences are NOT set
to "optimize video streaming while on battery".
* Hardware accelerated AV1 video decoding is enabled on Windows with
supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30).
Installing the AV1 Video Extension from the Microsoft Store may also be
required.
* Video overlay is enabled on Windows for Intel GPUs, reducing power usage
during video playback.
* Improved fairness between painting and handling other events. This
noticeably improves the performance of the volume slider on Twitch.
* Scrollbars on Linux and Windows 11 won't take space by default. On Linux,
users can change this in Settings. On Windows, Firefox follows the system
setting (System Settings > Accessibility > Visual Effects > Always show
scrollbars).
* Firefox now supports credit card autofill and capture in the United
Kingdom.
* Firefox now ignores less restricted referrer policies --- including
unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin
--- for cross-site subresource/iframe requests to prevent privacy
leaks from the referrer.
Fixed
* Users can now choose preferred color schemes for websites. Theme authors
can now make better decisions about which color scheme Firefox uses for
menus. Web content appearance can now be changed in Settings.
* Beginning in this release, the Firefox installer for Windows is signed with
a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for
successful installation on a computer running Microsoft Windows 7. For more
details about this update, visit the Microsoft Technical Support website.
* In macOS 11+ we now only rasterize the fonts once per window. This means
that opening a new tab is fast, and switching tabs in the same window is
also fast. (There's still work to do to share fonts across windows, or to
reduce the time it takes to initialize these fonts.)
* The performance of deeply-nested display: grid elements is greatly
improved.
* Support for profiling multiple java threads has been added.
* Soft-reloading a web page will no longer cause revalidation for all
resources.
* Non-vsync tasks are given more time to run, which improves behavior on
Google docs and Twitch.
* Geckoview APIs have been added to control the start/stop time of capturing
a profile.
* Various security fixes.
Changed
* Firefox has a new focus indicator for links which replaces the old dotted
outline with a solid blue outline. This change unifies the focus indicators
across form fields and links, which makes it easier to identify the focused
link, especially for users with low vision.
* New users can now set Firefox as the default PDF handler when setting
Firefox as their default browser.
* Some websites might not work correctly in Firefox version 100 due to
Firefox's new three-digit number. You can read about it in our blog post
here!
See the Mozilla Support article Difficulties opening or using a website in
Firefox 100 for possible workarounds you can use. There, you will also find
instructions for reporting a broken website so that Mozilla can help fix
the problem.
Mozilla Foundation Security Advisory 2022-16
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security
settings
#CVE-2022-29915: Leaking cross-origin redirect through the Performance API
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
#CVE-2022-29918: Memory safety bugs fixed in Firefox 100
99.0.1:
Fixed
* Fixed an issue for Windows users that prevented hardware video decoding on
newer Intel drivers (bug 1762125)
* Fixed an issue with text rendering in Bengali (bug 1763368)
* Fixed a selection issue in the Download panel with drag and drop (bug
1762723)
* Fixed an issue preventing Zoom gallery mode for users who go to zoom.us
URLs instead of subdomain.zoom.us URLs (bug 1763801)
99.0:
New
* You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."
* You can find added support for search --- with or without diacritics ---
in the PDF viewer.
* The Linux sandbox has been strengthened: processes exposed to web content
no longer have access to the X Window system (X11).
* Firefox now supports credit card autofill and capture in Germany and
France.
Fixed
* Various security fixes.
Mozilla Foundation Security Advisory 2022-13
#CVE-2022-1097: Use-after-free in NSSToken objects
#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
#CVE-2022-28283: Missing security checks for fetching sourceMapURL
#CVE-2022-28284: Script could be executed via svg's use element
#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
#CVE-2022-28286: iframe contents could be rendered outside the border
#CVE-2022-28287: Text Selection could crash Firefox
#CVE-2022-24713: Denial of Service via complex regular expressions
#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
#CVE-2022-28288: Memory safety bugs fixed in Firefox 99
Revision 1.65 / (download) - annotate - [select for diffs], Thu May 5 08:21:33 2022 UTC (23 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.64: +2 -2
lines
Diff to previous 1.64 (colored) to selected 1.13 (colored)
firefox*: Use OPSYS_VERSION to numerically compare NetBSD versions
Revision 1.64 / (download) - annotate - [select for diffs], Thu Sep 16 21:12:48 2021 UTC (2 years, 7 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Changes since 1.63: +3 -1
lines
Diff to previous 1.63 (colored) to selected 1.13 (colored)
firefox: Use "unofficial" branding Firefox's build system defaults to "nightly" for builds without official branding, and in practice there seems to be very little difference between "nightly" and "unofficial", but this at least makes our choice explicit. Bump PKGREVISION
Revision 1.63 / (download) - annotate - [select for diffs], Fri Aug 13 14:57:52 2021 UTC (2 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.62: +1 -5
lines
Diff to previous 1.62 (colored) to selected 1.13 (colored)
firefox: Update to 91.0
* Convert to --enable-chrome-format=omni.
It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.
Changelog:
New
* Building on Total Cookie Protection, we've added a more comprehensive logic
for clearing cookies that prevents hidden data leaks and makes it easy for
users to understand which websites are storing local information. Learn
more
* Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
* The simplify page when printing feature is back! When printing, under More
settings > Format select the Simplified option when available to get a
clutter-free page. Learn more
* HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
all connections to websites secure, and fall back to insecure connections
only when websites do not support it. Learn more
* We've added a new locale: Scots (sco)
* The address bar now provides Switch to Tab results also in Private Browsing
windows.
* Firefox now automatically enables High Contrast Mode when "Increase
Contrast" is checked on MacOS
* Firefox now does catch-up paints for almost all user interactions, enabling
a 10-20% improvement in response time to most user interactions.
Fixed
* Various security fixes
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 91
Release Notes.
Developer
* Developer Information
Web Platform
* The Visual Viewport API is now supported on desktop platforms
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
Revision 1.62 / (download) - annotate - [select for diffs], Wed Nov 18 22:38:21 2020 UTC (3 years, 4 months ago) by riastradh
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.61: +3 -3
lines
Diff to previous 1.61 (colored) to selected 1.13 (colored)
www/firefox*: Use -Og for debug option and -O2 for debug-info option.
Revision 1.61 / (download) - annotate - [select for diffs], Wed Nov 11 10:11:21 2020 UTC (3 years, 5 months ago) by nia
Branch: MAIN
Changes since 1.60: +2 -7
lines
Diff to previous 1.60 (colored) to selected 1.13 (colored)
firefox: Clean up some problems identified by pkglint. Most of these PLIST variables are no longer used.
Revision 1.60 / (download) - annotate - [select for diffs], Wed Sep 2 10:00:23 2020 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.59: +1 -6
lines
Diff to previous 1.59 (colored) to selected 1.13 (colored)
firefox: Update to 80.0.1
* Change WebRTC dependency to new graphics/libv4l.
Changelog:
Fixed
Fixed a performance regression when encountering new intermediate CA certificates (bug 1661543)
Fixed crashes possibly related to GPU resets (bug 1627616)
Fixed rendering on some sites using WebGL (bug 1659225)
Fixed the zoom-in keyboard shortcut on Japanese language builds (bug 1661895)
Fixed download issues related to extensions and cookies (bug 1655190)
Revision 1.59 / (download) - annotate - [select for diffs], Sat Aug 29 22:24:27 2020 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.58: +6 -1
lines
Diff to previous 1.58 (colored) to selected 1.13 (colored)
firefox: Use graphics/libv4l1 for NetBSD 9.99.70 or later * This enables webcam for WebRTC. Bump PKGREVISION. * And fix rust.mk patch, from Michael Forney on tech-pkg@.
Revision 1.58 / (download) - annotate - [select for diffs], Wed Aug 26 10:27:40 2020 UTC (3 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.57: +1 -4
lines
Diff to previous 1.57 (colored) to selected 1.13 (colored)
firefox: allow dbus to be disabled on Linux From Michael Forney on tech-pkg With the release of firefox 80, there are no longer any issues with --disable-dbus on Linux[0]. [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1561207
Revision 1.57 / (download) - annotate - [select for diffs], Tue Aug 4 14:00:03 2020 UTC (3 years, 8 months ago) by tnn
Branch: MAIN
Changes since 1.56: +4 -1
lines
Diff to previous 1.56 (colored) to selected 1.13 (colored)
firefox: bomb early if dbus is disabled on Linux It cannot be disabled because it is unconditionally depended on by third-party/rust/audio-thread-priority (and maybe other components?)
Revision 1.56 / (download) - annotate - [select for diffs], Thu Jul 16 19:51:48 2020 UTC (3 years, 9 months ago) by riastradh
Branch: MAIN
Changes since 1.55: +2 -2
lines
Diff to previous 1.55 (colored) to selected 1.13 (colored)
www/firefox{,68}: Use -Og for debug-info builds, not -O0.
Makes them considerably less painful to use.
Revision 1.55 / (download) - annotate - [select for diffs], Mon Jun 29 11:53:09 2020 UTC (3 years, 9 months ago) by nia
Branch: MAIN
Changes since 1.54: +2 -13
lines
Diff to previous 1.54 (colored) to selected 1.13 (colored)
Detect if gtk3 was built with Wayland properly in Mozilla packages. thanks jperkin for the hint.
Revision 1.54 / (download) - annotate - [select for diffs], Thu Feb 27 15:53:33 2020 UTC (4 years, 1 month ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.53: +2 -2
lines
Diff to previous 1.53 (colored) to selected 1.13 (colored)
firefox: Remove gnome plist var, no longer used
Revision 1.53 / (download) - annotate - [select for diffs], Sun Jan 5 17:57:58 2020 UTC (4 years, 3 months ago) by nia
Branch: MAIN
Changes since 1.52: +5 -3
lines
Diff to previous 1.52 (colored) to selected 1.13 (colored)
firefox[68]: Enable WebRTC by default on NetBSD 9+. Tested with Jitsi Meet.
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jan 5 17:55:22 2020 UTC (4 years, 3 months ago) by nia
Branch: MAIN
Changes since 1.51: +13 -2
lines
Diff to previous 1.51 (colored) to selected 1.13 (colored)
*: Enable Wayland where supported in GTK and Firefox. Bump PKGREVISIONs
Revision 1.51 / (download) - annotate - [select for diffs], Tue Dec 3 14:21:20 2019 UTC (4 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.50: +5 -10
lines
Diff to previous 1.50 (colored) to selected 1.13 (colored)
Update to 71.0
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
Revision 1.50 / (download) - annotate - [select for diffs], Mon Nov 4 22:09:54 2019 UTC (4 years, 5 months ago) by rillig
Branch: MAIN
Changes since 1.49: +4 -4
lines
Diff to previous 1.49 (colored) to selected 1.13 (colored)
www: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded phraseanet since pkglint got the indentation wrong.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Sep 11 16:30:05 2019 UTC (4 years, 7 months ago) by gutteridge
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored) to selected 1.13 (colored)
firefox: remove no longer defined/required make variable
Revision 1.48 / (download) - annotate - [select for diffs], Wed Sep 11 14:19:08 2019 UTC (4 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.47: +1 -11
lines
Diff to previous 1.47 (colored) to selected 1.13 (colored)
Remove GCC related things Reported by David H. Gutteridge, thank you.
Revision 1.47 / (download) - annotate - [select for diffs], Fri Sep 6 03:00:23 2019 UTC (4 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.46: +2 -2
lines
Diff to previous 1.46 (colored) to selected 1.13 (colored)
Update to 69.0
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new ãàׯew Tabãàpage experience that connects you to the best of PocketãàÑÔ content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, youãàÑÍl see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Revision 1.46 / (download) - annotate - [select for diffs], Sun Jun 9 03:44:50 2019 UTC (4 years, 10 months ago) by gutteridge
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.45: +4 -3
lines
Diff to previous 1.45 (colored) to selected 1.13 (colored)
firefox: correct some non-default debug settings
Revision 1.45 / (download) - annotate - [select for diffs], Fri Mar 15 12:52:42 2019 UTC (5 years, 1 month ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.44: +1 -7
lines
Diff to previous 1.44 (colored) to selected 1.13 (colored)
Fix build with webrtc option, bump PKGREVISION * webrtc option requires the internal libvpx. * And remove widevinecdm option. It is not useful.
Revision 1.44 / (download) - annotate - [select for diffs], Sun Dec 10 00:45:09 2017 UTC (6 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.43: +7 -5
lines
Diff to previous 1.43 (colored) to selected 1.13 (colored)
Update to 57.0.2 * Move gtk3 part to mozilla-common.mk * Add a option for Widevine CDM support Changelog: For Windows only.
Revision 1.43 / (download) - annotate - [select for diffs], Tue Oct 17 03:39:04 2017 UTC (6 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored) to selected 1.13 (colored)
Fix webrtc build on recent NetBSD current From rjs@. Thank you. WebRTC connection works. However video capture does not work.
Revision 1.42 / (download) - annotate - [select for diffs], Thu Aug 10 14:46:15 2017 UTC (6 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.41: +1 -18
lines
Diff to previous 1.41 (colored) to selected 1.13 (colored)
Update to 55.0
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose MarÃa Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a pageÑÔ content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos lvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Revision 1.41 / (download) - annotate - [select for diffs], Mon May 15 15:49:27 2017 UTC (6 years, 11 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.40: +3 -9
lines
Diff to previous 1.40 (colored) to selected 1.13 (colored)
firefox: default to oss everywhere but linux, which defaults to pulseaudio. alsa is not supported upstream, and checks for failures by calling assert, which means the default setup crashes whenever audio is played. bump pkgrevision
Revision 1.40 / (download) - annotate - [select for diffs], Mon Mar 20 13:39:33 2017 UTC (7 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.39: +4 -2
lines
Diff to previous 1.39 (colored) to selected 1.13 (colored)
gtk2 is still required from gtk3 option. Fix configure
Revision 1.39 / (download) - annotate - [select for diffs], Mon Mar 20 10:54:46 2017 UTC (7 years ago) by szptvlfn
Branch: MAIN
Changes since 1.38: +2 -1
lines
Diff to previous 1.38 (colored) to selected 1.13 (colored)
reduce gtk2 include, move comment to options.mk
Revision 1.38 / (download) - annotate - [select for diffs], Tue Mar 7 20:45:43 2017 UTC (7 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.37: +2 -4
lines
Diff to previous 1.37 (colored) to selected 1.13 (colored)
Update to 52.0
* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032
Changelog:
New
Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.
Added user warnings for non-secure HTTP pages with logins. Firefox now displays a "This connection is not secure" message when users click into the username and password fields on pages that don't use HTTPS.
Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
Enhanced Sync to allow users to send and open tabs from one device to another.
Fixed
Various security fixes
Improved text input for third-party keyboard layouts on Windows. This will address some keyboard layouts that
* have chained dead keys
* input two or more characters with a non-printable key or a dead key sequence
* input a character even when a dead key sequence failed to compose a character
Changed
Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
Removed Battery Status API to reduce fingerprinting of users by trackers
Improved experience for downloads:
* Notification in the toolbar when a download fails
* Quick access to five most recent downloads rather than three
* Larger buttons for canceling and restarting downloads
Display (but allow users to override) an "Untrusted Connection" error when encountering SHA-1 certificates that chain up to a root certificate included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit SHA-1 certificates that chain to manually imported root certificates.) Read more about the Mozilla Security Team's plans to deprecate SHA-1
Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR) version of Firefox.
When not using Direct2D on Windows, Skia is used for content rendering
Developer
Enabled CSS Grid Layout, opening up a world of new possibilities for graphic design
Redesigned Responsive Design Mode to include device selection, network throttling, and more
Improved security for screen sharing, which now shows a preview and no longer requires a whitelisted domain
unresolved
Google Hangouts temporarily won't work
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5415: Addressbar spoofing through blob URL
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Firefox 52
#CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
Revision 1.37 / (download) - annotate - [select for diffs], Sun Feb 12 07:36:27 2017 UTC (7 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.36: +1 -2
lines
Diff to previous 1.36 (colored) to selected 1.13 (colored)
Fix non-gtk3 (gtk2) packaging
Revision 1.36 / (download) - annotate - [select for diffs], Sat Feb 11 12:12:02 2017 UTC (7 years, 2 months ago) by abs
Branch: MAIN
Changes since 1.35: +21 -1
lines
Diff to previous 1.35 (colored) to selected 1.13 (colored)
Add gtk3 (cairo-gtk3) option for firefox. Default build is unchanged with gtk2 (cairo-gtk2)
Revision 1.35 / (download) - annotate - [select for diffs], Sat Feb 4 11:14:27 2017 UTC (7 years, 2 months ago) by maya
Branch: MAIN
Changes since 1.34: +5 -1
lines
Diff to previous 1.34 (colored) to selected 1.13 (colored)
firefox: use oss on freebsd and dragonflybsd. no pkgrevision bump because it does not build. only part of PR pkg/51695 from David Shao.
Revision 1.34 / (download) - annotate - [select for diffs], Sat Feb 4 11:12:04 2017 UTC (7 years, 2 months ago) by maya
Branch: MAIN
Changes since 1.33: +1 -2
lines
Diff to previous 1.33 (colored) to selected 1.13 (colored)
firefox: fix debug build. don't pass --enable-debug-symbols in debug option. as we do it, we create conflicting flags, and configure complains. PR pkg/51927
Revision 1.33 / (download) - annotate - [select for diffs], Sat Dec 3 11:30:28 2016 UTC (7 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.32: +4 -2
lines
Diff to previous 1.32 (colored) to selected 1.13 (colored)
Bump PKGREVISION. On NetBSD use alsa by default.
Revision 1.32 / (download) - annotate - [select for diffs], Sat Aug 20 11:17:32 2016 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.31: +11 -5
lines
Diff to previous 1.31 (colored) to selected 1.13 (colored)
Update to 48.0.1
* Remove dbus-glib dependency and add dbus option (from Robert Swindells)
* Fix potential build failure in skia (from Robert Swindells)
Changelog:
Fixed
Fix an audio regression impacting some major websites (bug 1295296)
Fix a top crash in the JavaScript engine (Bug 1290469)
Fix a startup crash issue caused by Websense (Bug 1291738)
Fix a different behavior with e10s / non-e10s on <select> and mouse events (Bug 1291078)
Fix a top crash caused by plugin issues (Bug 1264530)
Fix an unsigned add-ons issue on Windows
Fix a shutdown issue (Bug 1276920)
Fix a crash in WebRTC
Revision 1.31 / (download) - annotate - [select for diffs], Sat Aug 6 08:46:59 2016 UTC (7 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.30: +2 -14
lines
Diff to previous 1.30 (colored) to selected 1.13 (colored)
Update to 48.0
* OSS audio support may not work. I will revisit later
Changelog:
New:
Roar for moar protection against harmful downloads! We've got your back
Process separation (e10s) is enabled for some of you. Like it? Let us know and we'll roll it out to more.
Add-ons that have not been verified and signed by Mozilla will not load
GNU/Linux fans: Get better Canvas performance with speedy Skia support. Try saying that three times fast
WebRTC embetterments:
Delay-agnostic AEC enabled
Full duplex for GNU/Linux enabled
ICE Restart & Update is supported
Cloning of MediaStream and MediaStreamTrack is now supported
Searching for something already in your bookmarks or open tabs? We added super smart icons to let you know
Windows folks: Tab (move buttons) and Shift+F10 (pop-up menus) now behave as they should in Firefox customization mode
The media parser has been redeveloped using the Rust programming language
Windows 7 systems without Platform Update can now use D3D11 WARP
Fixed:
Various security fixes
Heyo, Jabra & Logitech C920 webcam users. We fixed those pesky WebRTC bugs causing frequency distortions. Buh-bye, squeaky voice!
Improved step debugging on last line of functions
Changed:
Starting with the Firefox version 49 release, so long to support for 10.6, 10.7 and 10.8. Now we can focus on where most Mac users are: 10.9. Don't forget to upgrade!
After version 48, SSE2 CPU extensions are going to be required on Windows
Au revoir to Windows Remote Access Service modem Autodial
Developer:
WebExtensions support is now considered as stable
Workers can now use the Web Crypto API
Want to move absolute & fixed positioned elements? (Who doesn't, right?) Now you can with our geometry editor.
The memory tool now has a tree map view for your debugging pleasure. It's a little bit of "boo" and a whole lot of "ya."
We're putting the spotlight on the background. Now you can debug WebExtensions background content scripts and background pages
Content Security Policy (CSP) is now enforced for WebExtensions. (Who's down with CSP?)
Old and busted: Error Console. New hotness: Browser Console for your debugging pleasure.
Add-on development just got easier because you can reload them from about:debugging ãàbecause we're all about debugging.
This theme is hot, hot, hot! Say hi to the Firebug theme for Developer Tools.
Expand network requests from the console panel to view request details in line, so you can see things in context
Fixed in Firefox 48:
2016-84 Information disclosure through Resource Timing API during page navigation
2016-83 Spoofing attack through text injection into internal error pages
2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
2016-81 Information disclosure and local file manipulation through drag and drop
2016-80 Same-origin policy violation using local HTML file and saved shortcut file
2016-79 Use-after-free when applying SVG effects
2016-78 Type confusion in display transformation
2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
2016-76 Scripts on marquee tag can execute in sandboxed iframes
2016-75 Integer overflow in WebSockets during data buffering
2016-74 Form input type change from password to text can store plain text password in session restore file
2016-73 Use-after-free in service workers with nested sync events
2016-72 Use-after-free in DTLS during WebRTC session shutdown
2016-71 Crash in incremental garbage collection in JavaScript
2016-70 Use-after-free when using alt key and toplevel menus
2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
2016-68 Out-of-bounds read during XML parsing in Expat library
2016-67 Stack underflow during 2D graphics rendering
2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
2016-64 Buffer overflow rendering SVG with bidirectional content
2016-63 Favicon network connection can persist when page is closed
2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jun 16 12:08:21 2016 UTC (7 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.29: +7 -2
lines
Diff to previous 1.29 (colored) to selected 1.13 (colored)
Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for GoogleãàÑÔ Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
Revision 1.29 / (download) - annotate - [select for diffs], Fri Feb 26 10:57:45 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.28: +2 -4
lines
Diff to previous 1.28 (colored) to selected 1.13 (colored)
Use OPSYSVARS.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Dec 27 18:25:33 2015 UTC (8 years, 3 months ago) by ryoon
Branch: MAIN
Changes since 1.27: +10 -2
lines
Diff to previous 1.27 (colored) to selected 1.13 (colored)
Update to 43.0.2 * Add OSS support, disabled by default Changelog: 43.0.2: Stability fixes. 43.0.1: Not for non-Microsoft Windows platforms.
Revision 1.27 / (download) - annotate - [select for diffs], Fri Oct 16 12:58:16 2015 UTC (8 years, 6 months ago) by jmcneill
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.26: +3 -4
lines
Diff to previous 1.26 (colored) to selected 1.13 (colored)
gio is part of gtk2 not gnome, so dont make the gio extension conditional on the gnome pkg option. bump pkg revision.
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jul 3 10:25:40 2015 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.25: +2 -2
lines
Diff to previous 1.25 (colored) to selected 1.13 (colored)
Update to 39.0
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement <link rel="preconnect">allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Revision 1.25 / (download) - annotate - [select for diffs], Wed Apr 15 12:36:23 2015 UTC (9 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.24: +4 -4
lines
Diff to previous 1.24 (colored) to selected 1.13 (colored)
Use gio instead of gnomevfs option. From hiramatsu@. Thank you.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Aug 13 22:33:16 2014 UTC (9 years, 8 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.23: +4 -2
lines
Diff to previous 1.23 (colored) to selected 1.13 (colored)
Separate the if statements as clang will result in a string expression and make warning about it.
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jun 20 07:27:50 2014 UTC (9 years, 9 months ago) by martin
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.22: +18 -5
lines
Diff to previous 1.22 (colored) to selected 1.13 (colored)
Add compiler depenend magic to keep the version compiled with option "debug" usable with modern gcc. Since the full "debug" version will behave differently to the standard version (as it enables all the mozilla internal consistency checks, and also drops compiler optimization), it is not very usefull when trying to debug crashes that could be compiler bugs, or mozilla low level bugs - so provide a new option "debug-info" that creates a debuggable, but fully optimized version. The result is best run from the pkgobj dir via the work/build/dist/bin/run-mozilla script with options "-g ./firefox". No changes to the default pkg generated.
Revision 1.22 / (download) - annotate - [select for diffs], Mon May 5 00:53:34 2014 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.21: +2 -2
lines
Diff to previous 1.21 (colored) to selected 1.13 (colored)
Try to fix build under OpenBSD
Revision 1.21 / (download) - annotate - [select for diffs], Sat May 3 10:58:26 2014 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored) to selected 1.13 (colored)
Fix build under FreeBSD/amd64 10.0 * Use MOZ_SAMPLE_TYPE_FLOAT32=1 for FreeBSD * Disable WebRTC support under FreeBSD, because graphics/libv4l is not built under FreeBSD/amd64 10.0
Revision 1.20 / (download) - annotate - [select for diffs], Sun Apr 20 23:07:55 2014 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.19: +3 -1
lines
Diff to previous 1.19 (colored) to selected 1.13 (colored)
Fix PR pkg/48749. When pulseaudio option is not selected, disable pulseaudio option explicitly. Fix Linux build.
Revision 1.19 / (download) - annotate - [select for diffs], Sat Nov 16 02:01:46 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.18: +3 -1
lines
Diff to previous 1.18 (colored) to selected 1.13 (colored)
In non-ALSA case, ALSA support is disabled explicitly
Revision 1.18 / (download) - annotate - [select for diffs], Sat Nov 2 22:57:55 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.17: +10 -3
lines
Diff to previous 1.17 (colored) to selected 1.13 (colored)
Update to 25.0 * Enable pulseaudio by default, OSS support is dropped, and ALSA support on NetBSD does not work properly for me * Enable GStremer support for non-webm and non-theora video support * Create alsa option, and enabled on Linux by default Changelog: NEW Web Audio support NEW The find bar is no longer shared between tabs CHANGED If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information CHANGED Resetting Firefox no longer clears your browsing session DEVELOPER CSS3 background-attachment:local support to control background scrolling DEVELOPER Many new ES6 functions implemented HTML5 iframe document content can now be specified inline FIXED Blank or missing page thumbnails when opening a new tab FIXED Security fixes can be found here Fixed in Firefox 25 MFSA 2013-102 Use-after-free in HTML document templates MFSA 2013-101 Memory corruption in workers MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing MFSA 2013-99 Security bypass of PDF.js checks using iframes MFSA 2013-98 Use-after-free when updating offline cache MFSA 2013-97 Writing to cycle collected object during image decoding MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 21 11:40:57 2013 UTC (10 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.16: +3 -2
lines
Diff to previous 1.16 (colored) to selected 1.13 (colored)
Fix non-official branding build.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Jul 17 11:00:13 2013 UTC (10 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored) to selected 1.13 (colored)
Add SunOS/x86 patchset. This produces a package, but the resulting firefox binary does not yet work correctly.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jul 4 08:07:09 2013 UTC (10 years, 9 months ago) by martin
Branch: MAIN
Changes since 1.14: +3 -2
lines
Diff to previous 1.14 (colored) to selected 1.13 (colored)
Remove an uneeded patch (harmless, does not change binary)
Revision 1.14 / (download) - annotate - [select for diffs], Wed Jun 26 11:32:12 2013 UTC (10 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.13: +15 -2
lines
Diff to previous 1.13 (colored)
Update to 22.0
* On NetBSD WebRTC support is disabled, because libxul.so has some errors
in link stage. WebRTC support should be tested on non-NetBSD platforms.
* It seems that OSS sound support is not working properly on NetBSD.
Changelog:
NEW
WebRTC is now enabled by default!
NEW
Windows: Firefox now follows display scaling options to render text larger on high-res displays
NEW
Mac OS X: Download progress in Dock application icon
NEW
HTML5 audio/video playback rate can now be changed
NEW
Social services management implemented in Add-ons Manager
NEW
asm.js optimizations (OdinMonkey) enabled for major performance improvements
CHANGED
Improved WebGL rendering performance through asynchronous canvas updates
CHANGED
Plain text files displayed within Firefox will now word-wrap
CHANGED
For user security, the |Components| object is no longer accessible from web content
CHANGED
Pointer Lock API can now be used outside of fullscreen
DEVELOPER
CSS3 Flexbox implemented and enabled by default
DEVELOPER
New Web Notifications API implemented
DEVELOPER
Added clipboardData API for JavaScript access to a user's clipboard
DEVELOPER
New built-in font inspector
HTML5
New HTML5 <data> and <time> elements
FIXED
Various security fixes
FIXED
Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Revision 1.13 / (download) - annotate - [selected], Thu May 23 13:12:13 2013 UTC (10 years, 10 months ago) by ryoon
Branch: MAIN
Changes since 1.12: +1 -3
lines
Diff to previous 1.12 (colored)
Bump PKGREVISION. * Remove reference to devel/xulrunner. * Move some common files for firefox/xulrunner-21.0. * Move patches from devel/sulrunner. * Take MAINTAINERship.
Revision 1.12 / (download) - annotate - [select for diffs], Sun May 19 12:31:58 2013 UTC (10 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored) to selected 1.13 (colored)
Fix gnome option. This is related to PR pkg/47801. But devel/xulrunner is broken now.
Revision 1.11 / (download) - annotate - [select for diffs], Sun May 19 08:50:24 2013 UTC (10 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.10: +44 -1
lines
Diff to previous 1.10 (colored) to selected 1.13 (colored)
Update to 21.0 * This release of firefox is built with internal xulrunner. Because separated (system) xulrunner has prefs and chrome load problem. * gnome option is broken in libnkmozgnomevfs.so build. Changelog: NEW The Social API now supports multiple providers NEW Enhanced three-state UI for Do Not Track (DNT) NEW Firefox will suggest how to improve your application startup time if needed NEW Preliminary implementation of Firefox Health Report CHANGED Ability to restore removed thumbnails on New Tab Page CHANGED CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298) CHANGED Graphics related performance improvements (bug 809821) CHANGED Removed E4X support from Spidermonkey DEVELOPER Implemented Remote Profiling DEVELOPER Integrated add-on SDK loader and API libraries into Firefox HTML5 Added support for <main> element HTML5 Implemented scoped stylesheets HTML5 Added support for window.crypto.getRandomValues FIXED Some function keys may not work when pressed (833719) FIXED Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627) FIXED 21.0: Security fixes can be found here Fixed in Firefox 21 MFSA 2013-48 Memory corruption found using Address Sanitizer MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-43 File input control has access to full path MFSA 2013-42 Privileged access for content level constructor MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jul 11 13:17:40 2011 UTC (12 years, 9 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.9: +4 -1
lines
Diff to previous 1.9 (colored) to selected 1.13 (colored)
Fix PLIST when official branding is disabled.
Revision 1.9 / (download) - annotate - [select for diffs], Tue Mar 16 15:57:03 2010 UTC (14 years, 1 month ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.8: +1 -4
lines
Diff to previous 1.8 (colored) to selected 1.13 (colored)
Update to firefox-3.6.2. .2 is not formally released yet, but is release tagged in the scm and I want to get this update in before we freeze the tree. "Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform, which has been under development since early 2009 and contains many improvements for web developers, add-on developers, and users." - Improved JavaScript performance, overall browser responsiveness, and startup time. - The ability for web developers to indicate that scripts should run asynchronously to speed up page load times. - Continued support for downloadable web fonts using the new WOFF font format. - Support for new CSS attributes such as gradients, background sizing, and pointer events. - Support for new DOM and HTML5 specifications including the Drag & Drop API and the File API, which allow for more interactive web pages.
Revision 1.8 / (download) - annotate - [select for diffs], Wed Feb 17 18:32:18 2010 UTC (14 years, 2 months ago) by tnn
Branch: MAIN
Changes since 1.7: +2 -8
lines
Diff to previous 1.7 (colored) to selected 1.13 (colored)
Update to firefox-3.5.8 and xulrunner-1.9.1.8. Security and bugfix release. (no MFSAs released at time of writing) While here drop defunct debug option from firefox and reduce diff to wip/
Revision 1.7 / (download) - annotate - [select for diffs], Wed Sep 16 19:06:18 2009 UTC (14 years, 7 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.6: +3 -37
lines
Diff to previous 1.6 (colored) to selected 1.13 (colored)
Build firefox against external runtime components from devel/xulrunner. Bump PKGREVISION.
Revision 1.6 / (download) - annotate - [select for diffs], Sun Aug 30 01:14:50 2009 UTC (14 years, 7 months ago) by markd
Branch: MAIN
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored) to selected 1.13 (colored)
libgnome is also needed for the gnome option to do anything.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Aug 29 15:47:58 2009 UTC (14 years, 7 months ago) by tnn
Branch: MAIN
Changes since 1.4: +1 -2
lines
Diff to previous 1.4 (colored) to selected 1.13 (colored)
Upon giving this some more thought, I think the gnome option is better left disabled by default. Correct me if I'm wrong but it feels like most pkgsrc users don't use gnome. If someone can comment on the benefits of these dependencies in the GNOME environment, speak up.
Revision 1.4 / (download) - annotate - [select for diffs], Sat Aug 29 11:50:32 2009 UTC (14 years, 7 months ago) by tnn
Branch: MAIN
Changes since 1.3: +3 -2
lines
Diff to previous 1.3 (colored) to selected 1.13 (colored)
PLIST fix for previous
Revision 1.3 / (download) - annotate - [select for diffs], Sat Aug 29 10:34:37 2009 UTC (14 years, 7 months ago) by tnn
Branch: MAIN
Changes since 1.2: +10 -2
lines
Diff to previous 1.2 (colored) to selected 1.13 (colored)
Add a "gnome" option which toggles gnome-vfs (and dbus) support. Enable this by default. Bump revision.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Aug 9 21:13:39 2009 UTC (14 years, 8 months ago) by tnn
Branch: MAIN
Changes since 1.1: +16 -4
lines
Diff to previous 1.1 (colored) to selected 1.13 (colored)
add mozilla-jit option
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Aug 5 02:37:10 2009 UTC (14 years, 8 months ago) by tnn
Branch: TNF
CVS Tags: pkgsrc-20090805
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored) to selected 1.13 (colored)
Import firefox-3.5.2 as www/firefox. from pkgsrc-wip. Firefox 3.5 is based on the Gecko 1.9.1 rendering platform. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use. Some of the notable features are: * Support for the HTML5 <video> and <audio> elements * Improved tools for controlling your private data * Better web application performance using the new TraceMonkey JavaScript engine * The ability to share your location with websites using Location Aware Browsing * Support for native JSON, and web worker threads. * Improvements to the Gecko layout engine, including speculative parsing for faster content rendering. * Support for new web technologies such as: downloadable fonts, CSS media queries, new transformations and properties, JavaScript query selectors, HTML5 local storage and offline application storage, <canvas> text, ICC profiles, and SVG transforms.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Aug 5 02:37:10 2009 UTC (14 years, 8 months ago) by tnn
Branch: MAIN
Diff to selected 1.13 (colored)
Initial revision