Log message:
*: recursive bump for icu 74.1

Log message:
firefox: 119.0 also requires nss>=3.94.

Log message:
firefox: 119.0 requires cbindgen>=0.26.0.

Log message:
firefox: Update 119.0

* Enable WebGL with information by Paul Ripke. Thank you.

Changelog:
119.0
New

  * Gradually rolling out in Fx119, Firefox View includes more content. You can
    now see all open tabs, from all windows. If you sync open tabs, you??ll see
    all tabs from other devices. Browsing history is now listed and you can
    sort by date or by site. As before, recently closed tabs are also listed on
    Firefox View.

    To access Firefox View, select the file folder icon at the top left of your
    tab strip.

    screenshot of Firefox View displaying open tabs and tabs from other devices

  * Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by
    adding images and alt text, in addition to text and drawings.

    screenshot of a photo of a red fox being added to a PDF. The alt text tool
    is open to the left of the photo, ready for a description to be added.

  * Recently closed tabs now persist between sessions that don't have automatic
    session restore enabled. Manually restoring a previous session will
    continue to reopen any previously open tabs or windows.

  * If you're migrating your data from Chrome, Firefox now offers the ability
    to import some of your extensions as well.

  * As part of Total Cookie Protection, Firefox now supports the partitioning
    of Blob URLs, this mitigates a potential tracking vector that third-party
    agents could use to track an individual.

  * The visibility of fonts to websites has been restricted to system fonts and
    language pack fonts in Enhanced Tracking Protection strict mode to mitigate
    font fingerprinting.

  * The Storage Access API web standard was updated to improve security while
    mitigating website breakages and further enabling the phase out of
    third-party cookies in Firefox.

  * Encrypted Client Hello (ECH) is now available to Firefox users, delivering
    a more private browsing experience. ECH extends the encryption used in TLS
    connections to cover more of the handshake and better protect sensitive
    fields. Read more about the launch of ECH on Mozilla Distilled.

  * Media sniffing is no longer applied to files served as type application/
    octet-stream, this allows these files to be downloaded instead of
    attempting playback.

  * On Windows, the mouse pointer will disappear while typing if the relevant
    Windows mouse properties system setting is enabled.

  * Firefox is now available in the Santali (sat) language.

Fixed

  * Fixed an issue causing unexpected jumps in scroll position on Facebook.

  * Various security fixes.

Developer

  * Developer Information
  * Several enhancements have been made to the Inactive CSS styles feature.
    This feature assists in identifying CSS properties that have no effect on
    an element. Pseudo-elements such as ::first-letter, ::cue, and
    ::placeholder are now fully supported.

  * The JSON viewer is particularly useful for debugging REST APIs, as it
    displays formatted JSON responses. Now, if the JSON is invalid or broken,
    it automatically switches to a raw data view, improving the user
    experience.

Web Platform

  * ARIA reflection for simple attributes and default Accessibility Semantics
    for Custom Elements are now supported. Note this includes boolean, enum,
    number, and string attributes, but not attributes that reference other
    elements.

  * credentialless is now supported in Cross-Origin-Embedder-Policy.

  * The CSS attr() function now supports a fallback parameter, for example attr
    (foobar, "Default value").

  * Grouping of items in an array (and iterables) is now easier by using the
    methods Object.groupBy or Map.groupBy.

Security fixes:
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5722: Cross-Origin size and header leakage
#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
 .appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
 could have led to a crash.
#CVE-2023-5729: Fullscreen notification dialog could have been obscured by
 WebAuthn prompts
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
 Thunderbird 115.4.1
#CVE-2023-5731: Memory safety bugs fixed in Firefox 119

Log message:
*: bump for openssl 3

Log message:
firefox: 118 requires nss>=3.93

Log message:
firefox: Update nodejs kit too.

Log message:
firefox: Update to 118.0.2

Changelog:
118.0.2
Fixed

  * Fixed games not loading on betsoft.com (bug 1856145)

  * Fixed printing issues for some SVG images (bug 1853727)

  * Fixed CORS XHR with authentication no longer working (bug 1855650)

  * Fixed h264 WebRTC video not working in some contexts (bug 1855636)

  * Fixed Firefox Translations not working on some pages (bugs 1841656 -
    1855307)

  * Stability fixes (bugs 1851991 - 1799326 - 1856637)

118.0.1
Fixed

  * Security fix.

Mozilla Foundation Security Advisory 2023-44
#CVE-2023-5217: Heap buffer overflow in libvpx

118.0
New

  * Automated translation of web content is now available to Firefox users!
    Unlike cloud-based alternatives, translation is done locally in Firefox, so
    that the text being translated does not leave your machine. Many thanks to
    the various partners of the EU R&D Bergamot project.

  * Web Audio in Firefox now uses the FDLIBM math library on all systems to
    improve anonymity with Fingerprint Protection.

  * The visibility of fonts to websites has been restricted to system fonts and
    language pack fonts to mitigate font fingerprinting in Private Browsing
    windows.

  * Video Effects and background blur are now available to Firefox users on
    Google Meet! (Note: These effects have also been released retroactively to
    support Firefox versions back to Firefox 115.)

  * Firefox Suggest users (US-only at this time) will now be able to see
    browser add-on suggestions right in the address bar based on their
    keywords.

Fixed

  * Various security fixes.

Enterprise

  * You can find information about policy updates and enterprise specific bug
    fixes in the Firefox for Enterprise 118 Release Notes.

Web Platform

  * 10 new CSS math functions are now supported: round, mod, rem, pow, sqrt,
    hypot, log, exp, abs, sign.

  * OpaqueResponseBlocking is now enabled by default.

  * The <search> element is now supported. The <search> element is a \ 
group
    element that serves to contain all the elements used in a search or
    filtering operation.

Mozilla Foundation Security Advisory 2023-41
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
#CVE-2023-5169: Out-of-bounds write in PathOps
#CVE-2023-5170: Memory leak from a privileged process
#CVE-2023-5171: Use-after-free in Ion Compiler
#CVE-2023-5172: Memory Corruption in Ion Hints
#CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services
#CVE-2023-5174: Double-free in process spawning on Windows
#CVE-2023-5175: Use-after-free of ImageBitmap during process shutdown
#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and
 Thunderbird 115.3

Log message:
firefox: Fix unintentional capitalization in firefox.js

* Bump PKGREVISION.

Log message:
firefox: Update to 117.0.1

Changelog:
117.0.1:
Fixed

  * Fixed a bug causing links opened from outside Firefox to not open on macOS
    (bug 1850828)

  * Fixed a bug causing extensions using an event page for long-running tasks
    to be terminated while running, causing unexpected behavior changes (bug
    1851373)

  * Temporarily reverted an intentional behavior change preventing Javascript
    from changing URL.protocol (bug 1850954).
    NOTE: This change is expected to ship in a later Firefox release alongside
    other web browsers and sites are encouraged to find alternate ways to
    change the protocol if needed.

  * Fixed audio worklets not working for sites using WebAssembly exception
    handling (bug 1851468)

  * Fixed the Reopen all tabs option in the Recently closed tabs menu sometimes
    failing to open all tabs (bug 1850856)

  * Fixed the bookmarks menu sometimes remaining partially visible when
    minimizing Firefox (bug 1843700)

  * Fixed an issue causing incorrect time zones to be detected on some sites (
    bug 1848615)