Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to 52.0
* Switch to GTK3 build
* Remove py-sqlite2 dependency, fix PR pkg/52032
Changelog:
New
Added support for WebAssembly, an emerging standard that brings near-native \
performance to Web-based games, apps, and software libraries without the use of \
plugins.
Added automatic captive portal detection, for easier access to Wi-Fi \
hotspots. When accessing the Internet via a captive portal, Firefox will alert \
users and open the portal login page in a new tab.
Added user warnings for non-secure HTTP pages with logins. Firefox now \
displays a "This connection is not secure" message when users click \
into the username and password fields on pages that don't use HTTPS.
Implemented the Strict Secure Cookies specification which forbids insecure \
HTTP sites from setting cookies with the "secure" attribute. In some \
cases, this will prevent an insecure site from setting a cookie with the same \
name as an existing "secure" cookie from the same base domain.
Enhanced Sync to allow users to send and open tabs from one device to another.
Fixed
Various security fixes
Improved text input for third-party keyboard layouts on Windows. This will \
address some keyboard layouts that
* have chained dead keys
* input two or more characters with a non-printable key or a dead key sequence
* input a character even when a dead key sequence failed to compose a character
Changed
Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. \
Silverlight, Java, Acrobat and the like are no longer supported.
Removed Battery Status API to reduce fingerprinting of users by trackers
Improved experience for downloads:
* Notification in the toolbar when a download fails
* Quick access to five most recent downloads rather than three
* Larger buttons for canceling and restarting downloads
Display (but allow users to override) an "Untrusted Connection" \
error when encountering SHA-1 certificates that chain up to a root certificate \
included in Mozilla's CA Certificate Program. (Note: Firefox continues to permit \
SHA-1 certificates that chain to manually imported root certificates.) Read more \
about the Mozilla Security Team's plans to deprecate SHA-1
Migrated Firefox users on Windows XP and Windows Vista operating systems to \
the extended support release (ESR) version of Firefox.
When not using Direct2D on Windows, Skia is used for content rendering
Developer
Enabled CSS Grid Layout, opening up a world of new possibilities for graphic \
design
Redesigned Responsive Design Mode to include device selection, network \
throttling, and more
Improved security for screen sharing, which now shows a preview and no \
longer requires a whitelisted domain
unresolved
Google Hangouts temporarily won't work
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root \
object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side \
channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection \
incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater \
and Maintenance Service
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5415: Addressbar spoofing through blob URL
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression \
access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter \
is running
#CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one \
hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Firefox 52
#CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
