Log message:
firefox: Update 119.0
* Enable WebGL with information by Paul Ripke. Thank you.
Changelog:
119.0
New
* Gradually rolling out in Fx119, Firefox View includes more content. You can
now see all open tabs, from all windows. If you sync open tabs, you??ll see
all tabs from other devices. Browsing history is now listed and you can
sort by date or by site. As before, recently closed tabs are also listed on
Firefox View.
To access Firefox View, select the file folder icon at the top left of your
tab strip.
screenshot of Firefox View displaying open tabs and tabs from other devices
* Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by
adding images and alt text, in addition to text and drawings.
screenshot of a photo of a red fox being added to a PDF. The alt text tool
is open to the left of the photo, ready for a description to be added.
* Recently closed tabs now persist between sessions that don't have automatic
session restore enabled. Manually restoring a previous session will
continue to reopen any previously open tabs or windows.
* If you're migrating your data from Chrome, Firefox now offers the ability
to import some of your extensions as well.
* As part of Total Cookie Protection, Firefox now supports the partitioning
of Blob URLs, this mitigates a potential tracking vector that third-party
agents could use to track an individual.
* The visibility of fonts to websites has been restricted to system fonts and
language pack fonts in Enhanced Tracking Protection strict mode to mitigate
font fingerprinting.
* The Storage Access API web standard was updated to improve security while
mitigating website breakages and further enabling the phase out of
third-party cookies in Firefox.
* Encrypted Client Hello (ECH) is now available to Firefox users, delivering
a more private browsing experience. ECH extends the encryption used in TLS
connections to cover more of the handshake and better protect sensitive
fields. Read more about the launch of ECH on Mozilla Distilled.
* Media sniffing is no longer applied to files served as type application/
octet-stream, this allows these files to be downloaded instead of
attempting playback.
* On Windows, the mouse pointer will disappear while typing if the relevant
Windows mouse properties system setting is enabled.
* Firefox is now available in the Santali (sat) language.
Fixed
* Fixed an issue causing unexpected jumps in scroll position on Facebook.
* Various security fixes.
Developer
* Developer Information
* Several enhancements have been made to the Inactive CSS styles feature.
This feature assists in identifying CSS properties that have no effect on
an element. Pseudo-elements such as ::first-letter, ::cue, and
::placeholder are now fully supported.
* The JSON viewer is particularly useful for debugging REST APIs, as it
displays formatted JSON responses. Now, if the JSON is invalid or broken,
it automatically switches to a raw data view, improving the user
experience.
Web Platform
* ARIA reflection for simple attributes and default Accessibility Semantics
for Custom Elements are now supported. Note this includes boolean, enum,
number, and string attributes, but not attributes that reference other
elements.
* credentialless is now supported in Cross-Origin-Embedder-Policy.
* The CSS attr() function now supports a fallback parameter, for example attr
(foobar, "Default value").
* Grouping of items in an array (and iterables) is now easier by using the
methods Object.groupBy or Map.groupBy.
Security fixes:
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5722: Cross-Origin size and header leakage
#CVE-2023-5723: Invalid cookie characters could have led to unexpected errors
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
.appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
could have led to a crash.
#CVE-2023-5729: Fullscreen notification dialog could have been obscured by
WebAuthn prompts
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
Thunderbird 115.4.1
#CVE-2023-5731: Memory safety bugs fixed in Firefox 119
|
Log message:
firefox: Update to 118.0.2
Changelog:
118.0.2
Fixed
* Fixed games not loading on betsoft.com (bug 1856145)
* Fixed printing issues for some SVG images (bug 1853727)
* Fixed CORS XHR with authentication no longer working (bug 1855650)
* Fixed h264 WebRTC video not working in some contexts (bug 1855636)
* Fixed Firefox Translations not working on some pages (bugs 1841656 -
1855307)
* Stability fixes (bugs 1851991 - 1799326 - 1856637)
118.0.1
Fixed
* Security fix.
Mozilla Foundation Security Advisory 2023-44
#CVE-2023-5217: Heap buffer overflow in libvpx
118.0
New
* Automated translation of web content is now available to Firefox users!
Unlike cloud-based alternatives, translation is done locally in Firefox, so
that the text being translated does not leave your machine. Many thanks to
the various partners of the EU R&D Bergamot project.
* Web Audio in Firefox now uses the FDLIBM math library on all systems to
improve anonymity with Fingerprint Protection.
* The visibility of fonts to websites has been restricted to system fonts and
language pack fonts to mitigate font fingerprinting in Private Browsing
windows.
* Video Effects and background blur are now available to Firefox users on
Google Meet! (Note: These effects have also been released retroactively to
support Firefox versions back to Firefox 115.)
* Firefox Suggest users (US-only at this time) will now be able to see
browser add-on suggestions right in the address bar based on their
keywords.
Fixed
* Various security fixes.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 118 Release Notes.
Web Platform
* 10 new CSS math functions are now supported: round, mod, rem, pow, sqrt,
hypot, log, exp, abs, sign.
* OpaqueResponseBlocking is now enabled by default.
* The <search> element is now supported. The <search> element is a \
group
element that serves to contain all the elements used in a search or
filtering operation.
Mozilla Foundation Security Advisory 2023-41
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
#CVE-2023-5169: Out-of-bounds write in PathOps
#CVE-2023-5170: Memory leak from a privileged process
#CVE-2023-5171: Use-after-free in Ion Compiler
#CVE-2023-5172: Memory Corruption in Ion Hints
#CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services
#CVE-2023-5174: Double-free in process spawning on Windows
#CVE-2023-5175: Use-after-free of ImageBitmap during process shutdown
#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and
Thunderbird 115.3
|