./www/firefox, Web browser with support for extensions (version 58)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 58.0.2, Package name: firefox-58.0.2, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

Required to run:
[sysutils/desktop-file-utils] [sysutils/dbus-glib] [textproc/icu] [graphics/MesaLib] [graphics/cairo] [graphics/jpeg] [net/libIDL] [devel/nspr] [devel/libffi] [devel/nss] [x11/gtk2] [x11/pixman] [multimedia/libvpx] [x11/gtk3] [lang/gcc49-libs] [multimedia/ffmpeg3]

Required to build:
[pkgtools/x11-links] [devel/yasm] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/recordproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [lang/clang] [x11/fixesproto4] [lang/gcc49] [pkgtools/cwrappers] [lang/rust]

Package options: dbus, oss

Master sites: (Expand)

SHA1: 7a35b39e0b80f308ad22beb2037ceb5f855219f4
RMD160: bccf05f8124303a185193fd1427c0cf7c67e042f
Filesize: 241774.367 KB

Version history: (Expand)

CVS history: (Expand)

   2018-02-10 08:02:47 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
Update to 58.0.2

* Fix segfault on netbsd-7

    Avoid a signature validation issue during update on macOS

    Blocklisted graphics drivers related to off main thread painting crashes

    Tab crash during printing

    Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
      (OWA) webmail
   2018-01-31 15:02:18 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 58.0.1

* Fix build under netbsd-7, PR pkg/52956

Fix Mozilla Foundation Security Advisory 2018-05:
Arbitrary code execution through unsanitized browser UI

When using certain non-default security policies on Windows (for
example with Windows Defender Exploit Protection or Webroot security
products), Firefox 58.0 would fail to load pages (bug 1433065).
   2018-01-28 21:11:10 by Thomas Klausner | Files touched by this commit (462) | Package updated
Log message:
Bump PKGREVISION for gdbm shlib major bump
   2018-01-24 17:52:08 by Ryo ONODERA | Files touched by this commit (69) | Package removed
Log message:
Update to 58.0

    Performance improvements, including:
        Rendering graphics for Windows users by using Off-Main-Threa
           Painting (OMTP)
        Loading pages faster by changing how Firefox caches and retrieves

    Improvements to Firefox Screenshots:
        Copy and paste screenshots directly to your clipboard
        Firefox Screenshots now works in Private Browsing mode

    Added Nepali (ne-NP) locale

    In case you missed it--57 Release privacy and performance feature:
      Users can enable Tracking Protection at all times. Learn how to turn
      Tracking Protection on.

    Fonts installed in non-standard directories will no longer appear
      blank for Linux users

    Various security fixes

    User profiles created in Firefox 58 (and in future releases) are not
    supported in previous versions of Firefox. Users who downgrade to
    a previous version should create a new profile for that version.
    Learn about alternatives to downgrading on our support site.

    Added a warning to alert users and site owners of planned security
    changes to sites affected by the gradual distrust plan for
    the Symantec certificate authority

#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
 uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
 freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
 system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
 cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
 private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
 through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
 of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
   2018-01-08 10:37:57 by Ryo ONODERA | Files touched by this commit (48) | Package updated
Log message:
Update to 57.0.4

* Use lang/rust-1.23.0

Speculative execution side-channel attack ("Spectre")

    January 4, 2018
    Jann Horn (Google Project Zero); Microsoft Vunerability Research
Fixed in
    Firefox 57.0.4


Jann Horn of Google Project Zero Security reported that speculative
execution performed by modern CPUs could leak information through
a timing side-channel attack. Microsoft Vulnerability Research extended
this attack to browser JavaScript engines and demonstrated that code on
a malicious web page could read data from other web sites (violating
the same-origin policy) or private data from the browser itself.

Since this new class of attacks involves measuring precise time intervals,
as a partial, short-term, mitigation we are disabling or reducing
the precision of several time sources in Firefox. The precision of
performance.now() has been reduced from 5us to 20us, and
the SharedArrayBuffer feature has been disabled because it can be
used to construct a high-resolution timer.

SharedArrayBuffer is already disabled in Firefox 52 ESR.
   2018-01-01 08:02:17 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 57.0.3

  * Fix a crash reporting issue that inadvertently sends background tab
    crash reports to Mozilla without user opt-in (bug 1427111)
   2017-12-10 01:45:09 by Ryo ONODERA | Files touched by this commit (7) | Package updated
Log message:
Update to 57.0.2

* Move gtk3 part to mozilla-common.mk
* Add a option for Widevine CDM support

For Windows only.
   2017-12-04 16:17:55 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 57.0.1

    Fix a video color distortion issue on YouTube and other video sites
    with some AMD devices (bug 1417442)

    Fix an issue with prefs.js when the profile path has non-ascii
    characters (bug 1420427)

    Various security fixes

    Google map crashes on OSX with Intel HD Graphics 3000

    Block injection of a client library associated with the RealPlayer
    Free player which is known to cause performance problems in Firefox.
    (Bug 1418535)

Security fixes:
Not available