Path to this page:
Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2021-03-30 18:39:06
Message id: 20210330163906.896DDFA95@cvs.NetBSD.org
Log Message:
firefox: Update to 87.0
Changelog:
New
* You'll encounter less website breakage in Private Browsing and Strict
Enhanced Tracking Protection with SmartBlock, which provides stand-in
scripts so that websites load properly.
* To further protect your privacy, our new default HTTP Referrer policy will
trim path and query string information from referrer headers to prevent
sites from accidentally leaking sensitive user data.
* The "Highlight All" feature on Find in Page now displays tick marks
alongside your scrollbar that correspond to the location of matches found
on that page.
* We're proud to announce full support for macOS built-in screen reader,
VoiceOver.
* We've added a new locale: Silesian (szl)
Fixed
* We've fixed several significant accessibility issues:
+ Video controls now have visible focus styling and video and audio
controls are now keyboard navigable. (Bug 1681007)
+ HTML <meter> is now spoken by screen readers. (Bug 1460378)
+ Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537
)
+ Firefox will now fire a name/description change event when
aria-labelledby/describedby content changes. (Bug 493683)
* Various security fixes.
Changed
* To prevent user data loss when filling out forms, we've disabled the
Backspace key as a navigation shortcut for the back navigation button. To
re-enable the Backspace keyboard shortcut, you can change the about:config
preference browser.backspace_action to 0. You can also use the recommended
Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
Firefox keyboard shortcuts
* We've removed items from the Library menu that weren't used often or have
other access points in the browser: Synced tabs, Recent highlights, and
Pocket list.
* We've simplified the Help menu by reducing redundant items, such as those
that point to Firefox support pages that can also be accessed via the Get
Help item.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
87 Release Notes.
Developer
* Developer Information
* We've greatly simplified the Web Developer menu. Go to Application Menu >
Web Developer > Web Developer Tools to access Inspector, Web Console,
Debugger, Network Style Error, Performance, Storage Inspector,
Accessibility, and Application
* Developers can now use the Page Inspector to simulate prefers-color-scheme
media queries, without having to change the operating system to light or
dark mode.
* Developers can now use the Page Inspector to toggle the :target
pseudo-class for the currently selected element in addition to the
pseudo-classes that were previously supported: :hover, :active and :focus,
:focus-within, :focus-visible, and :visited.
* There is a number of Page Inspector improvements and bug fixes related to
inactive CSS rules:
+ The table-layout property is now marked as inactive for non-table
elements.
+ The scroll-padding properties (shorthand and longhand) are now marked
as inactive for non-scrollable elements.
+ The text-overflow property was previously incorrectly marked as
inactive for some overflow values.
Securiy fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory
corruption
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23985: Devtools remote debugging feature could have been enabled
without indication to the user
#CVE-2021-23986: A malicious extension could have performed credential-less
same origin policy violations
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
Files: