Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2024-04-16 22:10:33
Message id: 20240416201033.7981BFA2C@cvs.NetBSD.org
Log Message:
www/firefox: Update to 125.0.1

* Back to multimedia/ffmpeg6.
  ffmpeg7 causes unstable H.264 and AV1 playback.

Changelog:
125.0.1;
New

  * Firefox now supports the AV1 codec for Encrypted Media Extensions (EME),
    enabling higher-quality playback from video streaming providers.

  * The Firefox PDF viewer now supports text highlighting.

  * Firefox View now displays pinned tabs in the Open tabs section. Tab
    indicators have also been added to Open tabs, so users can do things like
    see which tabs are playing media and quickly mute or unmute across windows.
    Indicators were also added for bookmarks, tabs with notifications, and
    more!

  * Firefox now prompts users in the US and Canada to save their addresses upon
    submitting an address form, allowing Firefox to autofill stored address
    information in the future.

  * Firefox now more proactively blocks downloads from URLs that are considered
    to be potentially untrustworthy.

  * The URL Paste Suggestion feature provides a convenient way for users to
    quickly visit URLs copied to the clipboard in the address bar of Firefox.
    When the clipboard contains a URL and the URL bar is focused, an
    autocomplete result appears automatically. Activating the clipboard
    suggestion will navigate the user to the URL with 1 click.

  * Users of tab-specific Container add-ons can now search in the Address Bar
    for tabs that are open in different containers. Special thanks to volunteer
    contributor atararx for kicking off the work on this feature!

  * Firefox now provides an option to enable Web Proxy Auto-Discovery (WPAD)
    while configured to use system proxy settings.

Fixed

  * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2024-18
#CVE-2024-3852: GetBoundName in the JIT returned the wrong object
#CVE-2024-3853: Use-after-free if garbage collection runs during realm
 initialization
#CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
#CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds
 reads
#CVE-2024-3856: Use-after-free in WASM garbage collection
#CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during
 garbage collection
#CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
#CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType
 sanitizer
#CVE-2024-3860: Crash when tracing empty shape lists
#CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
#CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment
 operator on self-assignment
#CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows
#CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
#CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and
 Thunderbird 115.10
#CVE-2024-3865: Memory safety bugs fixed in Firefox 125
Files:
RevisionActionfile
1.597modifypkgsrc/www/firefox/Makefile
1.527modifypkgsrc/www/firefox/distinfo
1.279modifypkgsrc/www/firefox/mozilla-common.mk
1.17modifypkgsrc/www/firefox/files/node-wrapper.sh
1.7modifypkgsrc/www/firefox/patches/patch-media_libpng_pngpriv.h