Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2024-10-12 09:49:07
Message id: 20241012074907.EF1E4FC7E@cvs.NetBSD.org
Log Message:
www/firefox: Update to 131.0.2

131.0.2:
Fixed

  * Security fix.

Security fixes:
Mozilla Foundation Security Advisory 2024-51
#CVE-2024-9680: Use-after-free in Animation timeline

131.0:
New

  * Firefox will now offer to temporarily remember when users grant permissions
    to sites (e.g. geolocation). Temporary permissions will be removed either
    after one hour or when the tab is closed.

    permission-option

  * A tab preview is now displayed when hovering the mouse over background
    tabs, making it easier to locate the desired tab without needing to switch
    tabs.

    screenshot of a preview image displayed under a background tab when you
    mouse over the tab

  * When suggesting a default translation language, Firefox will now take into
    consideration languages you have previously used for translations.

  * We??ve re-introduced the ability to navigate to the search engine home page
    when the search bar is empty by using shift-enter/shift-click.

Fixed

  * Various security fixes.

Securiry fixes:
Mozilla Foundation Security Advisory 2024-46
#CVE-2024-9391: Prevent users from exiting full-screen mode in Firefox Focus
 for Android
#CVE-2024-9392: Compromised content process can bypass site isolation
#CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
#CVE-2024-9394: Cross-origin access to JSON contents through multipart
 responses
#CVE-2024-9395: Specially crafted filename could be used to obscure download
 type
#CVE-2024-9396: Potential memory corruption may occur when cloning certain
 objects
#CVE-2024-9397: Potential directory upload bypass via clickjacking
#CVE-2024-9398: External protocol handlers could be enumerated via popups
#CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of
 service
#CVE-2024-9400: Potential memory corruption during JIT compilation
#CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
 Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
 Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9403: Memory safety bugs fixed in Firefox 131 and Thunderbird 131
Files:
RevisionActionfile
1.610modifypkgsrc/www/firefox/Makefile
1.543modifypkgsrc/www/firefox/distinfo
1.23modifypkgsrc/www/firefox/files/node-wrapper.sh
1.1removepkgsrc/www/firefox/patches/patch-js_src_old-configure.in