pkgsrc.se | The NetBSD package collection

./www/firefox78, Web browser with support for extensions (version 78ESR)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2020Q3, Version: 78.6.0, Package name: firefox78-78.6.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 78 ESR.

Package options: dbus

Master sites:

SHA1: 4dc4e41ae749e1d189ac8f45d0b804a18b8d38c3
RMD160: 55970d3df407955f191b47ecae83d6597adbbc5b
Filesize: 330174.477 KB

Version history: (Expand)

(2020-12-20) Updated to version: firefox78-78.6.0
(2020-11-24) Updated to version: firefox78-78.5.0
(2020-10-23) Updated to version: firefox78-78.4.0
(2020-10-10) Package added to pkgsrc.se, version firefox78-78.3.0 (created)

CVS history: (Expand)

2020-12-19 21:38:04 by Benny Siegert | Files touched by this commit (2)

Log message:
Pullup ticket #6385 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.14
- www/firefox78/distinfo                                        1.7

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Dec 17 13:24:30 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log message:
   firefox78: Update to 78.6.0

   Security Vulnerabilities fixed in Firefox ESR 78.6

   #CVE-2020-16042: Operations on a BigInt could have caused uninitialized
   memory to be exposed

   #CVE-2020-26971: Heap buffer overflow in WebGL

   #CVE-2020-26973: CSS Sanitizer performed incorrect sanitization

   #CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
   use-after-free

   #CVE-2020-26978: Internal network hosts could have been probed by a
   malicious webpage

   #CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs

   #CVE-2020-35112: Opening an extension-less download may have inadvertently
   launched an executable instead

   #CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6

2020-12-10 20:54:33 by Benny Siegert | Files touched by this commit (1)

Log message:
Pullup ticket #6369 - requested by riastradh
www/firefox78: build fix

(via patch)

Add build dependency to expat Python module.

2020-11-24 19:29:25 by Benny Siegert | Files touched by this commit (4)

Log message:
Pullup ticket #6370 - requested by nia
www/firefox78: security fix

NOTE: This also includes the changes from pullup tickets #6363 and #6369.

Revisions pulled up:
- www/firefox78/Makefile                                        1.9,1.13
- www/firefox78/distinfo                                        1.5-1.6
- www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp 1.1
- www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp   1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue Nov 10 02:59:28 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo
   Added Files:
   	pkgsrc/www/firefox78/patches:
   	    patch-js_src_jit_ProcessExecutableMemory.cpp
   	    patch-js_src_vm_ArrayBufferObject.cpp

   Log message:
   firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.

   Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and \ 
Thunderbird 78.4.2

   #CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Nov 18 12:33:45 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log message:
   firefox78: Update to 78.5.0

   Security Vulnerabilities fixed in Firefox ESR 78.5

       #CVE-2020-26951: Parsing mismatches could confuse and bypass security
       sanitizer for chrome privileged code

       #CVE-2020-16012: Variable time processing of cross-origin images during
       drawImage calls

       #CVE-2020-26953: Fullscreen could be enabled without displaying the security
       UI

       #CVE-2020-26956: XSS through paste (manual and clipboard API)

       #CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
       type restrictions

       #CVE-2020-26959: Use-after-free in WebRequestService

       #CVE-2020-26960: Potential use-after-free in uses of nsTArray

       #CVE-2020-15999: Heap buffer overflow in freetype

       #CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

       #CVE-2020-26965: Software keyboards may have remembered typed passwords

       #CVE-2020-26966: Single-word search queries were also broadcast to local
       network

       #CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

2020-10-23 17:36:35 by Benny Siegert | Files touched by this commit (2)

Log message:
Pullup ticket #6348 - requested by nia
www/firefox78: security fix

Revisions pulled up:
- www/firefox78/Makefile                                        1.7
- www/firefox78/distinfo                                        1.4

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Wed Oct 21 19:23:05 UTC 2020

   Modified Files:
   	pkgsrc/www/firefox78: Makefile distinfo

   Log message:
   firefox78: Update to 78.4.0

   Security Vulnerabilities fixed in Firefox ESR 78.4

   #CVE-2020-15969: Use-after-free in usersctp
   #CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4