./www/firefox, Web browser with support for extensions (version 128)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 128.0, Package name: firefox-128.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

Note: Due to upstream's trademark policies, this package identifies as
"Nightly" rather than "Firefox" by default.


Required to run:
[sysutils/desktop-file-utils] [sysutils/dbus-glib] [textproc/icu] [graphics/MesaLib] [net/libIDL] [devel/nspr] [devel/libevent] [devel/libffi] [devel/nss] [x11/gtk2] [x11/pixman] [x11/gtk3] [graphics/libwebp] [multimedia/ffmpeg4]

Required to build:
[pkgtools/x11-links] [databases/py-sqlite3] [x11/xcb-proto] [lang/clang] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto] [lang/rust-bin]

Package options: sunaudio, webrtc

Master sites: (Expand)

Filesize: 547618.984 KB

Version history: (Expand)


CVS history: (Expand)


   2024-04-24 16:33:13 by Ryo ONODERA | Files touched by this commit (2)
Log message:
www/firefox: Update to 125.0.2

Changelog:
125.0.2:
Fixed

  * Reverted the changes recently shipped in Firefox 125 that more proactively
    blocked downloads from potentially untrustworthy URLs. The changes caused
    unexpected problems with downloading files in some situations. We plan to
    fix and re-enable these protections in a future release. (Bug 1892069)
   2024-04-18 03:04:05 by David H. Gutteridge | Files touched by this commit (1)
Log message:
firefox: reflect correct minimum NSS and Rust for 125
   2024-04-16 22:10:33 by Ryo ONODERA | Files touched by this commit (5)
Log message:
www/firefox: Update to 125.0.1

* Back to multimedia/ffmpeg6.
  ffmpeg7 causes unstable H.264 and AV1 playback.

Changelog:
125.0.1;
New

  * Firefox now supports the AV1 codec for Encrypted Media Extensions (EME),
    enabling higher-quality playback from video streaming providers.

  * The Firefox PDF viewer now supports text highlighting.

  * Firefox View now displays pinned tabs in the Open tabs section. Tab
    indicators have also been added to Open tabs, so users can do things like
    see which tabs are playing media and quickly mute or unmute across windows.
    Indicators were also added for bookmarks, tabs with notifications, and
    more!

  * Firefox now prompts users in the US and Canada to save their addresses upon
    submitting an address form, allowing Firefox to autofill stored address
    information in the future.

  * Firefox now more proactively blocks downloads from URLs that are considered
    to be potentially untrustworthy.

  * The URL Paste Suggestion feature provides a convenient way for users to
    quickly visit URLs copied to the clipboard in the address bar of Firefox.
    When the clipboard contains a URL and the URL bar is focused, an
    autocomplete result appears automatically. Activating the clipboard
    suggestion will navigate the user to the URL with 1 click.

  * Users of tab-specific Container add-ons can now search in the Address Bar
    for tabs that are open in different containers. Special thanks to volunteer
    contributor atararx for kicking off the work on this feature!

  * Firefox now provides an option to enable Web Proxy Auto-Discovery (WPAD)
    while configured to use system proxy settings.

Fixed

  * Various security fixes.

Security fixes:
Mozilla Foundation Security Advisory 2024-18
#CVE-2024-3852: GetBoundName in the JIT returned the wrong object
#CVE-2024-3853: Use-after-free if garbage collection runs during realm
 initialization
#CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
#CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds
 reads
#CVE-2024-3856: Use-after-free in WASM garbage collection
#CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during
 garbage collection
#CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
#CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType
 sanitizer
#CVE-2024-3860: Crash when tracing empty shape lists
#CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
#CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment
 operator on self-assignment
#CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows
#CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
#CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and
 Thunderbird 115.10
#CVE-2024-3865: Memory safety bugs fixed in Firefox 125
   2024-04-12 00:20:18 by David H. Gutteridge | Files touched by this commit (1)
Log message:
firefox: drop comment that's no longer relevant
   2024-04-07 19:54:03 by Ryo ONODERA | Files touched by this commit (2)
Log message:
firefox: Use ffmpeg7

Bump PKGREVISION.
   2024-04-07 09:35:33 by Thomas Klausner | Files touched by this commit (1138)
Log message:
*: bump for cairo buildlink3.mk change

lzo was made an option
   2024-04-06 10:54:54 by Ryo ONODERA | Files touched by this commit (1)
Log message:
www/firefox: Add missing patch
   2024-04-06 10:53:35 by Ryo ONODERA | Files touched by this commit (9)
Log message:
www/firefox: Update to 124.0.1

Changelog:
124.0.2:
Fixed

  * Fixed an issue where users with a large amount of bookmarks would be unable
    to restore a bookmarks backup. (Bug 1884308)

  * Fixed an issue that would cause open Firefox windows to go blank or crash
    during video playback on sites such as Netflix. (Bug 1883932)

  * Fixed a crash that affected Linux AArch64 builds.(Bug 1866396)

  * Fixed an issue where some users experienced difficulties loading webpages
    due to changes made to the default AppArmor configuration shipping in
    Ubuntu 24.04. (Bug 1884347)

124.0.1:
Fixed

  * Security fixes.

Mozilla Foundation Security Advisory 2024-15
#CVE-2024-29943: Out-of-bounds access via Range Analysis bypass
#CVE-2024-29944: Privileged JavaScript Execution via Event Handlers

124.0:
New

  * Caret browsing mode now also works in the PDF viewer. (Learn more)

  * In Firefox View, open tabs can now be sorted by either recent activity or
    tab order. Recent activity is the default setting.

  * Firefox now populates the Windows taskbar jump list more efficiently, which
    should allow for a smoother overall browsing experience.

  * Firefox on Mac now uses the macOS fullscreen API for all types of
    fullscreen windows. This should better match the expected macOS user
    experience for fullscreen spaces, menubar and the Dock.

  * As of Firefox 124, Qwant's availability has been expanded to all languages
    in the France region along with Belgium, Italy, Netherlands, Spain, and
    Switzerland.

Fixed

  * Various security fixes.

Mozilla Foundation Security Advisory 2024-12
#CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector
#CVE-2024-2606: Mishandling of WASM register values
#CVE-2024-2607: JIT code failed to save return registers on Armv7-A
#CVE-2024-2608: Integer overflow could have led to out of bounds write
#CVE-2023-5388: NSS susceptible to timing attack against RSA decryption
#CVE-2024-2609: Permission prompt input delay could expire when not in focus
#CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce
#CVE-2024-2611: Clickjacking vulnerability could have led to a user
 accidentally granting permissions
#CVE-2024-2612: Self referencing object could have potentially led to a
 use-after-free
#CVE-2024-2613: Improper handling of QUIC ACK frame data could have led to OOM
#CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and
 Thunderbird 115.9
#CVE-2024-2615: Memory safety bugs fixed in Firefox 124