Path to this page:
Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2019-09-06 05:00:24
Message id: 20190906030024.6D078FBF4@cvs.NetBSD.org
Log Message:
Update to 69.0
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party \
tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items \
blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any \
video that automatically starts playing, not just those that automatically play \
with sound.
For our users in the US or using the en-US browser, we are shipping a new \
“New Tab” page experience that connects you to the best of Pocket’s \
content.
Support for the Web Authentication HmacSecret extension via Windows Hello \
now comes with this release, for versions of Windows 10 May 2019 or newer, \
enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it \
easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, you’ll see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process \
priority levels, meaning more processor time spent on the tasks you're actively \
working on, and less processor time spent on things in the background (with the \
exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch \
Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will \
switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript \
Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always \
Activate" option for Flash plugin content has been removed. Firefox will \
now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to \
identify users on 32-bit version of the Firefox browser on 64-bit version \
operating systems reducing user agent fingerprinting factors providing greater \
level of privacy to our users as well as improving the experience of downloading \
other apps.
Firefox no longer loads userChrome.css or userContent.css by default \
improving start-up performance. Users who wish to customize Firefox by using \
these files can set the toolkit.legacyUserProfileCustomizations.stylesheets \
preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin \
shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the \
old WebIDE into a re-designed about:debugging, making debugging GeckoView on \
remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to \
best understand the impact of content blocking and ad blocking extensions given \
our ongoing expansion of Enhanced Tracking Protection to all users with this \
release.
The new event listener breakpoint feature allows developers to pause on a \
host of different event types, whether it be related to animations, DOM, media, \
mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text \
alternatives for non-text content, the a11y panel checks toolbar has been \
augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to \
steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla \
Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom \
Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host \
is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in \
directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and \
Firefox ESR 60.9
Files: