Path to this page:
Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2018-12-12 15:08:50
Message id: 20181212140850.F355FFB16@cvs.NetBSD.org
Log Message:
Update to 64.0
Changelog:
New
Better recommendations: You may see suggestions in regular browsing mode for \
new and relevant Firefox features, services, and extensions based on how you use \
the web (for US users only)
Enhanced tab management: You can now select multiple tabs from the tab bar \
and close, move, bookmark, or pin them quickly and easily
Easier performance management: The new Task Manager page found at \
about:performance lets you see how much energy each open tab consumes and \
provides access to close tabs to conserve power
Improved performance for Mac and Linux users, by enabling link time \
optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox \
63.)
More seamless sharing on Windows: Windows users can now share web pages \
using the native sharing experience. You can access Share in the Page Actions \
menu
Added option to remove add-ons using the context menu on their toolbar buttons
New for enterprise users: Updated the policy engine on macOS to allow using \
configuration profiles to customize Firefox for enterprise deployments
Fixed
Various security fixes
Changed
RSS feed preview and live bookmarks are available only via add-ons
TLS certificates issued by Symantec are no longer trusted by Firefox. \
Website operators are strongly encouraged to replace any remaining Symantec TLS \
certificates as soon as possible.
about:crashes has been redesigned to make it clear when a crash is being \
submitted to Mozilla, as well as being clear that removing crashes locally does \
not remove them from crash-stats.mozilla.com
The macOS keyboard shortcut to add "www" and ".com" to a \
URL is now ctrl-enter instead of [apple]-enter
Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with \
TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and \
performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Files: