Path to this page:
Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2023-11-22 14:32:12
Message id: 20231122133213.0FB99FA3F@cvs.NetBSD.org
Log Message:
firefox: Update to 120.0
Changelog:
120.0
New
* Firefox supports a new "Copy Link Without Site Tracking" feature in the
context menu which ensures that copied links no longer contain tracking
information.
Screenshot showing Copy Link feature
* Firefox now supports a setting (in Preferences -> Privacy & Security) to
enable Global Privacy Control. With this opt-in feature, Firefox informs
the websites that the user doesn't want their data to be shared or sold.
Screenshot showing GPC preference
* Firefox's private windows and ETP-Strict privacy configuration now enhance
the Canvas APIs with Fingerprinting Protection, thereby continuing to
protect our users' online privacy.
* Firefox has enabled Cookie Banner Blocker by default in private windows for
all users in Germany. Firefox will now auto-refuse cookies and dismiss
annoying cookie banners for supported sites.
* Firefox has enabled URL Tracking Protection by default in private windows
for all users in Germany. Firefox will remove non-essential URL query
parameters that are often used to track users across the web.
* Firefox now imports TLS trust anchors (e.g., certificates) from the
operating system root store. This will be enabled by default on Windows,
macOS, and Android, and if needed, can be turned off in settings
(Preferences -> Privacy & Security -> Certificates).
* Keyboard shortcuts have now been added for editing and deleting a selected
credential on about:logins. For editing - Alt + enter (Option + return on
macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).
* Users on Ubuntu Linux now have the ability to import from Chromium when
both are installed as Snap packages.
* Picture-in-Picture now supports corner snapping on Windows and Linux - just
hold Ctrl as you move the PiP window.
Fixed
* Various security fixes.
Security fixes:
Mozilla Foundation Security Advisory 2023-49
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6205: Use-after-free in MessagePort::Entangled
#CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
#CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
#CVE-2023-6208: Using Selection API would copy contents into X11 primary
selection.
#CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
#CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up
#CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode
#CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
Thunderbird 115.5
#CVE-2023-6213: Memory safety bugs fixed in Firefox 120
Files: