Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2024-04-06 10:53:35
Message id: 20240406085335.9E064FA2C@cvs.NetBSD.org
Log Message:
www/firefox: Update to 124.0.1

Changelog:
124.0.2:
Fixed

  * Fixed an issue where users with a large amount of bookmarks would be unable
    to restore a bookmarks backup. (Bug 1884308)

  * Fixed an issue that would cause open Firefox windows to go blank or crash
    during video playback on sites such as Netflix. (Bug 1883932)

  * Fixed a crash that affected Linux AArch64 builds.(Bug 1866396)

  * Fixed an issue where some users experienced difficulties loading webpages
    due to changes made to the default AppArmor configuration shipping in
    Ubuntu 24.04. (Bug 1884347)

124.0.1:
Fixed

  * Security fixes.

Mozilla Foundation Security Advisory 2024-15
#CVE-2024-29943: Out-of-bounds access via Range Analysis bypass
#CVE-2024-29944: Privileged JavaScript Execution via Event Handlers

124.0:
New

  * Caret browsing mode now also works in the PDF viewer. (Learn more)

  * In Firefox View, open tabs can now be sorted by either recent activity or
    tab order. Recent activity is the default setting.

  * Firefox now populates the Windows taskbar jump list more efficiently, which
    should allow for a smoother overall browsing experience.

  * Firefox on Mac now uses the macOS fullscreen API for all types of
    fullscreen windows. This should better match the expected macOS user
    experience for fullscreen spaces, menubar and the Dock.

  * As of Firefox 124, Qwant's availability has been expanded to all languages
    in the France region along with Belgium, Italy, Netherlands, Spain, and
    Switzerland.

Fixed

  * Various security fixes.

Mozilla Foundation Security Advisory 2024-12
#CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector
#CVE-2024-2606: Mishandling of WASM register values
#CVE-2024-2607: JIT code failed to save return registers on Armv7-A
#CVE-2024-2608: Integer overflow could have led to out of bounds write
#CVE-2023-5388: NSS susceptible to timing attack against RSA decryption
#CVE-2024-2609: Permission prompt input delay could expire when not in focus
#CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce
#CVE-2024-2611: Clickjacking vulnerability could have led to a user
 accidentally granting permissions
#CVE-2024-2612: Self referencing object could have potentially led to a
 use-after-free
#CVE-2024-2613: Improper handling of QUIC ACK frame data could have led to OOM
#CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and
 Thunderbird 115.9
#CVE-2024-2615: Memory safety bugs fixed in Firefox 124
Files:
RevisionActionfile
1.594modifypkgsrc/www/firefox/Makefile
1.526modifypkgsrc/www/firefox/distinfo
1.276modifypkgsrc/www/firefox/mozilla-common.mk
1.16modifypkgsrc/www/firefox/files/node-wrapper.sh
1.23modifypkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js
1.4modifypkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_desktop__capture_desktop__capture__gn_moz.build
1.1removepkgsrc/www/firefox/patches/patch-js_src_zydis_Zycore_Defines.h
1.1removepkgsrc/www/firefox/patches/patch-third__party_libwebrtc_modules_video__capture_video__capture__factory.cc
1.4removepkgsrc/www/firefox/patches/patch-toolkit_modules_subprocess_subprocess__shared__unix.js