Path to this page:
Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2019-07-11 13:32:40
Message id: 20190711113241.00C71FBF4@cvs.NetBSD.org
Log Message:
Update to 68.0
Changelog:
New
Dark mode in reader view expands so that windows are also dark on the \
controls, sidebars and toolbars.
Improved extension security and discovery:
New reporting feature in about:addons allows you to report security and \
performance issues with extensions and themes.
Redesigned extensions dashboard in about:addons provides easy access to \
information about your extensions, including data and settings access required \
by each extension.
Find high quality, secure extensions via the Recommended Extensions \
program in about:addons, which now displays user count and ratings for each \
extension. "Recommended” badges for these extensions also appear on AMO. \
More extensions will be added over time.
Cryptomining and fingerprinting protections are added to strict content \
blocking settings in Privacy & Security preferences.
WebRender will roll out to Windows 10 users with AMD graphics cards.
Windows Background Intelligent Transfer Service (BITS) update download \
support, which allows Firefox update downloads to continue when Firefox is \
closed.
Fixed
Various security fixes
Local files can no longer access other files in the same directory.
Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by \
following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a \
segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having \
the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing \
boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting \
permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
Files: