Navigation:
Browse pkgsrc
(this page)| 2024-10-12 09:49:07 by Ryo ONODERA | Files touched by this commit (4) |
Log message:
www/firefox: Update to 131.0.2
131.0.2:
Fixed
* Security fix.
Security fixes:
Mozilla Foundation Security Advisory 2024-51
#CVE-2024-9680: Use-after-free in Animation timeline
131.0:
New
* Firefox will now offer to temporarily remember when users grant permissions
to sites (e.g. geolocation). Temporary permissions will be removed either
after one hour or when the tab is closed.
permission-option
* A tab preview is now displayed when hovering the mouse over background
tabs, making it easier to locate the desired tab without needing to switch
tabs.
screenshot of a preview image displayed under a background tab when you
mouse over the tab
* When suggesting a default translation language, Firefox will now take into
consideration languages you have previously used for translations.
* We??ve re-introduced the ability to navigate to the search engine home page
when the search bar is empty by using shift-enter/shift-click.
Fixed
* Various security fixes.
Securiry fixes:
Mozilla Foundation Security Advisory 2024-46
#CVE-2024-9391: Prevent users from exiting full-screen mode in Firefox Focus
for Android
#CVE-2024-9392: Compromised content process can bypass site isolation
#CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
#CVE-2024-9394: Cross-origin access to JSON contents through multipart
responses
#CVE-2024-9395: Specially crafted filename could be used to obscure download
type
#CVE-2024-9396: Potential memory corruption may occur when cloning certain
objects
#CVE-2024-9397: Potential directory upload bypass via clickjacking
#CVE-2024-9398: External protocol handlers could be enumerated via popups
#CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of
service
#CVE-2024-9400: Potential memory corruption during JIT compilation
#CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9403: Memory safety bugs fixed in Firefox 131 and Thunderbird 131
|
| 2024-10-11 15:55:48 by Thomas Klausner | Files touched by this commit (12) |
Log message: firefox: fix build with Python 3.13 pipes.quote was an alias for shlex.quote, but was finally removed in Python 3.13. Directly use shlex.quote. |
| 2024-10-01 14:47:19 by Ryo ONODERA | Files touched by this commit (10) |
Log message:
www/firefox: Update to 130.0.1
Changelog:
130.0.1:
Fixed
* Fixed a recent regression causing some UI elements to be rendered as
left-to-right instead of right-to-left for users of our Saraiki
localization. (Bug 1917175)
* Linux: Fixed black rendering of AVIF images when Firefox is built with GCC.
(Bug 1916038)
130.0:
New
* Firefox now allows translating selected text portions to different
languages after a full-page translation.
* Firefox now offers an easy way to try experimental features with a new
Firefox Labs page in Settings.
+ AI Chatbot feature lets you add the chatbot of your choice to the
sidebar, for quick access as you browse.
+ Picture-in-Picture auto-open experiment enables PiP on active videos
when switching tabs.
* Overscroll animations are now enabled as the default behavior for
scrollable areas on Linux.
* Users in the United States and Canada can view local weather directly on
the new tab page. Additionally, they have the option to select a specific
location to see current weather conditions.
Fixed
* Various security fixes.
* Fixed an issue where Copy and Paste context menu items intermittently were
not enabled when expected.
Mozilla Foundation Security Advisory 2024-39
#CVE-2024-8385: WASM type confusion involving ArrayTypes
#CVE-2024-8381: Type confusion when looking up a property name in a "with"
block
#CVE-2024-8388: Fullscreen notice on Android could be hidden under various
panels and OS prompts
#CVE-2024-8382: Internal event interfaces were exposed to web content when
browser EventHandler listener callbacks ran
#CVE-2024-8383: Firefox did not ask before openings news: links in an external
application
#CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in
OOM conditions
#CVE-2024-8386: SelectElements could be shown over another site if popups are
allowed
#CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and
Thunderbird 128.2
#CVE-2024-8389: Memory safety bugs fixed in Firefox 130
|
| 2024-09-13 23:42:51 by Thomas Klausner | Files touched by this commit (3) |
Log message: firefox: fix build with cbindgen 0.27 Using upstream patches. |
| 2024-08-24 04:31:14 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
www/firefox: Update to 129.0.2
Changelog:
129.0.2:
Fixed
* Fixed an issue with screen readers prompting "Alert" when hovering over
tabs. (Bug 1908873)
* Fixed an issue where drag-and-drop operations would not work as expected
with extensions that rely on this functionality. (Bug 1911486)
|
| 2024-08-16 17:20:53 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
www/firefox: Update to 129.0.1
Changelog:
129.0.1:
Fixed
* Fixed playback issues on some websites with copyrighted video served via
digital rights management. (Bug 1911283)
* Fixed a crash when dragging a video file onto some websites. (Bug 1910990)
|
| 2024-08-12 18:53:19 by David H. Gutteridge | Files touched by this commit (1) |
Log message: firefox: 129 requires nss>=3.102 |
2024-08-12 16:03:33 by Ryo ONODERA | Files touched by this commit (5) |  |
Log message:
www/firefox: Update to 129.0
Changelog:
129.0:
New
* Reader View now has an enhanced Text and Layout menu with new options for
character spacing, word spacing, and text alignment. These changes offer a
more accessible reading experience.
* Reader View now has a Theme menu with additional Contrast and Gray options.
You can also select custom colors for text, background, and links from the
Custom tab.
* A tab preview is now displayed when hovering the mouse over background
tabs, making it easier to locate the desired tab without needing to switch
tabs.
This feature is part of a progressive roll out.
* HTTPS is replacing HTTP as the default protocol in the address bar on
non-local sites. If a site is not available via HTTPS, Firefox will fall
back to HTTP.
* HTTPS DNS records can now be resolved with the operating system's DNS
resolver on specific platforms (Windows 11, Linux, Android 10+). Previously
this required DNS over HTTPS to be enabled. This capability allows the use
of HTTP/3 without needing to use the Alt-Svc header, upgrades requests to
HTTPS when the DNS record is present, and enables wider use of ECH.
* Added support for multiple languages in the same document spoken in macOS
VoiceOver.
* Address Autofill is now enabled for users in France and Germany.
Fixed
* Various security fixes.
#
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 129 Release Notes.
Security fixes:
Mozilla Foundation Security Advisory 2024-33
#CVE-2024-7518: Fullscreen notification dialog can be obscured by document
content
#CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
#CVE-2024-7520: Type confusion in WebAssembly
#CVE-2024-7521: Incomplete WebAssembly exception handing
#CVE-2024-7522: Out of bounds read in editor component
#CVE-2024-7523: Document content could partially obscure security prompts
#CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
#CVE-2024-7525: Missing permission check when creating a StreamFilter
#CVE-2024-7526: Uninitialized memory used by WebGL
#CVE-2024-7527: Use-after-free in JavaScript garbage collection
#CVE-2024-7528: Use-after-free in IndexedDB
#CVE-2024-7529: Document content could partially obscure security prompts
#CVE-2024-7530: Use-after-free in JavaScript code coverage collection
#CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
Sandy Bridge machines
|
| 2024-08-03 04:06:31 by Izumi Tsutsui | Files touched by this commit (3) |
Log message: firefox: add one more patch to build firefox on NetBSD/i386 10.0. Also add patch comments about the kludge. |
| 2024-08-01 17:41:09 by Ryo ONODERA | Files touched by this commit (5) |
Log message:
www/firefox: Update to 128.0.3
* Fix build errors under NetBSD/i386 10 at least.
Changelog:
128.0.3:
Fixed
* Fixed an issue causing some sites to not load when connecting via HTTP/2. (
Bug 1908161, Bug 1909666)
* Fixed collapsed table rows not appearing when expected in some situations.
(Bug 1907789)
* Fixed the Windows on-screen keyboard potentially concealing the webpage
when displayed. (Bug 1907766)
128.0.2:
Fixed
* Fixed an audio echo in video calls on macOS under certain conditions. (Bug
1908539)
* Fixed an issue where the Adguard extension popup was not displaying. (Bug
1906132)
* Fixed an issue causing some screen readers to fail to read when navigating
by character in rich text editors. (Bug 1905021)
* Fixed visual glitches when dark mode is enabled in Windows ARM devices. (
Bug 1897444)
* Fixed an issue causing NTLM authentication failure. (Bug 1908115)
* Fixed an issue where content displayed on mouseover was not captured in a
screenshot. (Bug 1905468)
* Various stability fixes.
|
New packages: