Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
www/firefox: Update to 132.0
Changelog:
132.0:
New
* Microsoft PlayReady encrypted media playback is now being rolled out to
select sites on Windows. Through this support, we are gradually rolling out
a 1080p baseline and 4K Ultra HD support with key streaming partners. An
added benefit is that viewers get less battery drain and better performance
when streaming their favorite movies and shows.
This feature is part of a progressive roll out.
* Wide Color Gamut WebGL is now available for Windows and macOS users! With
this support, Firefox is bringing a richer, more vivid range of colors to
the videos, games, and images on your screen. This implementation currently
supports wider color (P3) profiles in 8-bit.
* WebRender hardware accelerated rendering is now enabled for most SVG filter
primitives, improving performance for certain graphics-heavy content.
Accelerated filters are feBlend, feColorMatrix, feComponentTransfer,
feComposite, feDropShadow, feFlood, feGaussianBlur, feMerge and feOffset.
* Added support for macOS?? new screen and window sharing selection features
on macOS 15 and later. Support for macOS 14 will be added in a future
release.
* The macOS session resume feature has been enhanced. Firefox will now
automatically relaunch if it was open before a system restart, like after
an OS update.
* Firefox now blocks third-party cookie access when Enhanced Tracking
Protection's Strict mode is enabled.
Fixed
* Various security fixes.
Changed
* As a follow-up to our work to upgrade mixed content starting with Firefox
127, HTTP-favicons will now also be blocked if they can not be received
over HTTPS instead.
* The Copy Without Site Tracking option is now grayed out when no known
tracking parameters are found within the link. Additionally, more tracking
parameter support has been added for websites such as LinkedIn and Shopee.
Please report tracking parameters that aren't removed by filing a bug in
Bugzilla.
Security fixes:
Mozilla Foundation Security Advisory 2024-55
#CVE-2024-10458: Permission leak via embed or object elements
#CVE-2024-10459: Use-after-free in layout with accessibility
#CVE-2024-10460: Confusing display of origin for external protocol handler
prompt
#CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/
x-mixed-replace response
#CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
#CVE-2024-10463: Cross origin video frame leak
#CVE-2024-10468: Race conditions in IndexedDB
#CVE-2024-10464: History interface could have been used to cause a Denial of
Service condition in the browser
#CVE-2024-10465: Clipboard "paste" button persisted across tabs
#CVE-2024-10466: DOM push subscription message could hang Firefox
#CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132,
Firefox ESR 128.4, and Thunderbird 128.4