Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to 50.0.2
* Change default audio support to ALSA.
You can use OSS or pulseaudio via ALSA plugin package.
Changelog:
50.0.2:
Fixed in Firefox 50.0.2
#CVE-2016-9079: Use-after-free in SVG Animation
50.0.1:
Fixed
*Firefox crashes with 3rd party Chinese IME when using IME text
Security vulnerabilities fixed in Firefox 50.0.1:
#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
50.0:
New
*Playback video on more sites without plugins with WebM EME Support for \
Widevine on Windows and Mac
*Improved performance for SDK extensions or extensions using the SDK module loader
*Added download protection for a large number of executable file types on \
Windows, Mac and Linux
*Increased availability of WebGL to more than 98 percent of users on Windows \
7 and newer
*Added Guarani (gn) locale
*Added option to Find in page that allows users to limit search to whole \
words only
*Updates to keyboard shortcuts
*Set a preference to have Ctrl+Tab cycle through tabs in recently used order
*View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
Fixed
*Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
*Various security fixes
*Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
Changed
*The link to check for plugin security updates has been removed from the \
addon manager as Firefox automatically checks for plugin updates
*Blocked versions of libavcodec older than 54.35.1
*Added a built-in Emoji set for operating systems without native Emoji fonts \
(Windows 8.0 and lower and Linux)
Developer
*Changes for web developers
Security vulnerabilities fixed in Firefox 50:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5292: URL parsing causes crash
#CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance \
Service using updater.log hardlink
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9064: Add-ons update must verify IDs match between current and new \
versions
#CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
#CVE-2016-9068: heap-use-after-free in nsRefreshDriver
#CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
#CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to \
gain elevated privileges
#CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to \
cross-origin images, allowing timing attacks on them
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved \
shortcut file
#CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as \
SYSTEM
#CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
#CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level \
permission can be accessed by an application installed beforehand that defines \
the same permissionsPI key (glocation) in broadcast protected with \
signature-level permission can be accessed by an application installed \
beforehand that defines the same permissions
#CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
#CVE-2016-9070: Sidebar bookmark can have reference to chrome window
#CVE-2016-9073: windows.create schema doesn't specify "format": \
"relativeUrl"
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
#CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
#CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
#CVE-2016-5289: Memory safety bugs fixed in Firefox 50
#CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5