Navigation:
Browse pkgsrc
(this page)
www firefox
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2025-01-19 14:49:00 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
www/firefox: Update to 134.0.1
Changelog:
134.0.1:
Fixed
* Fixed UI hangs happening on YouTube and Google Docs in some situations (Bug
1939295).
* Fixed a startup crash affecting some users upgrading from Firefox 133 (Bug
1941134).
* Fixed an issue where search engines selection menus and context menus could
be broken if a user had previously reverted to an earlier version (Bug
1940533).
|
| 2025-01-17 18:24:23 by David H. Gutteridge | Files touched by this commit (1) |
Log message: firefox: 134 requires nss>=3.107 |
2025-01-14 14:36:15 by Ryo ONODERA | Files touched by this commit (10) |  |
Log message:
www/firefox: Update to 134.0
Changelog:
134.0:
New
* Firefox now supports touchpad hold gestures on Linux. This means that
kinetic (momentum) scrolling can now be interrupted by placing two fingers
on the touchpad.
* Hardware-accelerated playback of HEVC video content is now supported on
Windows.
* Ecosia's availability has been expanded to all languages in the German
region along with Austria, Belgium, Italy, Netherlands, Spain, Sweden and
Switzerland.
Fixed
* Various security fixes.
Changed
* Firefox now follows the model HTML specification for transient user
activation more closely. This change makes popup blocking less strict in
cases where previous versions of Firefox were overly aggressive, reducing
erroneous blocking prompts.
* A refreshed New Tab layout is being rolled out to users in the US and
Canada, featuring a repositioned logo and weather widget to prioritize Web
Search, Shortcuts, and Recommended Stories at the top. The update includes
changes to the card UI for recommended stories and allows users with larger
screens to see up to four columns, making better use of space.
Currently available in: Canada, United States
[progressiv]
This feature is part of a progressive roll out.
Security fixes:
Mozilla Foundation Security Advisory 2025-01
#CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on
Firefox for Android
#CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android
#CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on
Firefox for Android
#CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
#CVE-2025-0238: Use-after-free when breaking lines in text
#CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
#CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module
#CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation
#CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird
128.6
#CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 128.6, and Thunderbird 128.6
#CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134
|
| 2024-12-28 04:18:27 by David H. Gutteridge | Files touched by this commit (1) |
Log message: firefox: 133 requires nss>=3.106 |
| 2024-12-27 09:21:09 by Thomas Klausner | Files touched by this commit (1055) |
Log message: *: recursive bump for pango requiring fontconfig 2.15 |
2024-12-25 14:30:11 by Ryo ONODERA | Files touched by this commit (10) |  |
Log message:
www/firefox: Update to 133.0.3
Changelog:
133.0.3:
Fixed
* Fixed the missing scrollbar in the Library window, such as when viewing
History or Bookmarks. (Bug 1934482)
* Fixed a problem where toolbar buttons were not visible on mouseover when
using both the Windows High Contrast theme and the Firefox System theme. (
Bug 1930840)
* Fixed blurry line drawing on some Canvas elements when hardware
acceleration is enabled. (Bug 1933668)
* Fixed incorrect Firefox window positioning on Windows when restoring from
maximized. (Bug 1934238)
133.0:
New
* Firefox now has a new anti-tracking feature, Bounce Tracking Protection,
which is now available in Enhanced Tracking Protection's "Strict" mode.
This feature detects bounce trackers based on their redirect behavior and
periodically purges their cookies and site data to block tracking.
* The sidebar to view tabs from other devices can now be opened via the Tab
overview menu.
screenshot of the Tab Overview menu showing the tabs from other devices
menu entry
* Canvas2D switched from Direct2D to a platform independent acceleration
backend on Windows.
Fixed
* Various security fixes.
* The "Picture-in-Picture: auto-open on tab switch" feature from Firefox
Labs now behaves more reliably across a wider range of sites, automatically
opening relevant videos while ignoring others.
Changed
* When server time is available, the "expire" attribute value is \
adjusted by
adding the difference between the server and local times. If the current
time is set in the future, cookies that have not expired according to the
server time are considered valid.
Security fixes:
Mozilla Foundation Security Advisory 2024-63
#CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
#CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation on
Android
#CVE-2024-11692: Select list elements could be shown over another site
#CVE-2024-11701: Misleading Address Bar State During Navigation Interruption
#CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing Mode on
Android
#CVE-2024-11693: Download Protections were bypassed by .library-ms files on
Windows
#CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
#CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace
Characters
#CVE-2024-11703: Password access without authentication via PIN bypass on
Android
#CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
#CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation
Dialog
#CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7 Decryption
Handling
#CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on
macOS
#CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
#CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
#CVE-2024-11708: Data race with PlaybackParams
#CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5,
and Thunderbird 128.5
|
| 2024-12-23 01:52:25 by John Klos | Files touched by this commit (1) |
Log message: PR pkg/58739 Replace _SVE2 aarch64 functions with _NEON. |
| 2024-11-22 15:54:42 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
www/firefox: Update to 132.0.2
Changelog:
132.0.2:
Fixed
* Fixed possible errors when playing encrypted media content through some
streaming providers. (Bug 1929491)
* Added a mitigation to help reduce the frequency of duplicated push
notifications reported by some users. (Bug 1928868)
* Fixed hangs when printing from some sites when using the system print
dialog. (Bug 1898184)
* Fixed a crash which could occur when using Microsoft SSO on macOS. (Bug
1929622)
* Fixed a crash in the Network Monitor developer tool which could occur in
some circumstances. (Bug 1924882)
|
New packages: