Path to this page:
Subject: CVS commit: pkgsrc/www/firefox
From: Ryo ONODERA
Date: 2022-05-13 16:12:53
Message id: 20220513141253.7435CFA94@cvs.NetBSD.org
Log Message:
firefox: Update to 100.0
* Simplify some option logics.
* Add sunaudio and jack options as audio backends.
Changelog
100.0:
New
* We now support captions/subtitles display on YouTube, Prime Video, and
Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles
on the in-page video player, and they will appear in PiP.
* Picture-in-Picture now also supports video captions on websites that use
WebVTT (Web Video Text Track) format, like Coursera.org, Canadian
Broadcasting Corporation, and many more.
* On the first run after install, Firefox detects when its language does not
match the operating system language and offers the user a choice between
the two languages.
* Firefox spell checking now checks spelling in multiple languages. To enable
additional languages, select them in the text field's context menu.
* HDR video is now supported in Firefox on Mac --- starting with YouTube!
Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
higher-fidelity video content. No need to manually flip any preferences to
turn HDR video support on --- just make sure battery preferences are NOT set
to "optimize video streaming while on battery".
* Hardware accelerated AV1 video decoding is enabled on Windows with
supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30).
Installing the AV1 Video Extension from the Microsoft Store may also be
required.
* Video overlay is enabled on Windows for Intel GPUs, reducing power usage
during video playback.
* Improved fairness between painting and handling other events. This
noticeably improves the performance of the volume slider on Twitch.
* Scrollbars on Linux and Windows 11 won't take space by default. On Linux,
users can change this in Settings. On Windows, Firefox follows the system
setting (System Settings > Accessibility > Visual Effects > Always show
scrollbars).
* Firefox now supports credit card autofill and capture in the United
Kingdom.
* Firefox now ignores less restricted referrer policies --- including
unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin
--- for cross-site subresource/iframe requests to prevent privacy
leaks from the referrer.
Fixed
* Users can now choose preferred color schemes for websites. Theme authors
can now make better decisions about which color scheme Firefox uses for
menus. Web content appearance can now be changed in Settings.
* Beginning in this release, the Firefox installer for Windows is signed with
a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for
successful installation on a computer running Microsoft Windows 7. For more
details about this update, visit the Microsoft Technical Support website.
* In macOS 11+ we now only rasterize the fonts once per window. This means
that opening a new tab is fast, and switching tabs in the same window is
also fast. (There's still work to do to share fonts across windows, or to
reduce the time it takes to initialize these fonts.)
* The performance of deeply-nested display: grid elements is greatly
improved.
* Support for profiling multiple java threads has been added.
* Soft-reloading a web page will no longer cause revalidation for all
resources.
* Non-vsync tasks are given more time to run, which improves behavior on
Google docs and Twitch.
* Geckoview APIs have been added to control the start/stop time of capturing
a profile.
* Various security fixes.
Changed
* Firefox has a new focus indicator for links which replaces the old dotted
outline with a solid blue outline. This change unifies the focus indicators
across form fields and links, which makes it easier to identify the focused
link, especially for users with low vision.
* New users can now set Firefox as the default PDF handler when setting
Firefox as their default browser.
* Some websites might not work correctly in Firefox version 100 due to
Firefox's new three-digit number. You can read about it in our blog post
here!
See the Mozilla Support article Difficulties opening or using a website in
Firefox 100 for possible workarounds you can use. There, you will also find
instructions for reporting a broken website so that Mozilla can help fix
the problem.
Mozilla Foundation Security Advisory 2022-16
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security
settings
#CVE-2022-29915: Leaking cross-origin redirect through the Performance API
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
#CVE-2022-29918: Memory safety bugs fixed in Firefox 100
99.0.1:
Fixed
* Fixed an issue for Windows users that prevented hardware video decoding on
newer Intel drivers (bug 1762125)
* Fixed an issue with text rendering in Bengali (bug 1763368)
* Fixed a selection issue in the Download panel with drag and drop (bug
1762723)
* Fixed an issue preventing Zoom gallery mode for users who go to zoom.us
URLs instead of subdomain.zoom.us URLs (bug 1763801)
99.0:
New
* You can now toggle Narrate in ReaderMode with the keyboard shortcut \
"n."
* You can find added support for search --- with or without diacritics ---
in the PDF viewer.
* The Linux sandbox has been strengthened: processes exposed to web content
no longer have access to the X Window system (X11).
* Firefox now supports credit card autofill and capture in Germany and
France.
Fixed
* Various security fixes.
Mozilla Foundation Security Advisory 2022-13
#CVE-2022-1097: Use-after-free in NSSToken objects
#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
#CVE-2022-28283: Missing security checks for fetching sourceMapURL
#CVE-2022-28284: Script could be executed via svg's use element
#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
#CVE-2022-28286: iframe contents could be rendered outside the border
#CVE-2022-28287: Text Selection could crash Firefox
#CVE-2022-24713: Denial of Service via complex regular expressions
#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
#CVE-2022-28288: Memory safety bugs fixed in Firefox 99
Files: