---
- branch: MAIN
date: Sat Jan 21 01:14:07 UTC 2023
files:
- new: '1.545'
old: '1.544'
path: pkgsrc/www/firefox/Makefile
pathrev: pkgsrc/www/firefox/Makefile@1.545
type: modified
- new: '1.488'
old: '1.487'
path: pkgsrc/www/firefox/distinfo
pathrev: pkgsrc/www/firefox/distinfo@1.488
type: modified
- new: '1.248'
old: '1.247'
path: pkgsrc/www/firefox/mozilla-common.mk
pathrev: pkgsrc/www/firefox/mozilla-common.mk@1.248
type: modified
id: 20230121T011407Z.c310e0fc686752467529da3a48acc77f590aca29
log: |
firefox: Update to 109.0
Changelog:
109.0
New
* Manifest Version 3 (MV3) extension support is now enabled by default (MV2
remains enabled/supported). This major update also ushers an exciting user
interface change in the form of the new extensions button.
* The Arbitrary Code Guard exploit protection has been enabled in the media
playback utility processes, improving security for Windows users.
* The native HTML date picker for date and datetime inputs can now be used
with a keyboard alone, improving its accessibility for screen reader users.
Users with limited mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
* Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina
(es-AR) locales now come with a built-in dictionary for the Firefox
spellchecker.
Fixed
* Various security fixes.
Changed
* Effective on January 16, Colorways will no longer be in Firefox. Users will
still be able to access saved and active Colorways from the Add-ons and
themes menu option.
* On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page
instead of zooming. This avoids accidental zooming and matches the behavior
of other web browsers on macOS.
* The Recently Closed section of Firefox View now equips users with the
ability to manually close/remove url links from the list.
* The empty state messages and graphic components surfaced in Firefox View
for the Tab Pickup and Recently Closed sections have been updated for an
improved user experience.
Developer
* The ability to automatically break when code on the page hits an events
handler has been available since Firefox 69. Firefox 109 now adds new
support for the scrollend event. To use this new event breakpoint, open the
JS debugger and find and expand the Event Listener Breakpoints section in
the right hand column (learn more).
Web Platform
* The scrollend event is now enabled by default. The event is fired when a
scroll has completed.
* Firefox now permanently partitions Storage in third-party contexts
independent of Storage Access to align with other browsers and provide
better Web compatibility.
Security fixes:
#CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary
files
#CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
#CVE-2023-23599: Malicious command could be hidden in devtools output on
Windows
#CVE-2023-23600: Notification permissions persisted between Normal and Private
Browsing on Android
#CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
triggers navigation
#CVE-2023-23602: Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
#CVE-2023-23603: Calls to console.log
allowed bypasing Content
Security Policy via format directive
#CVE-2023-23604: Creation of duplicate SystemPrincipal
from less
secure contexts
#CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
#CVE-2023-23606: Memory safety bugs fixed in Firefox 109
module: pkgsrc
subject: 'CVS commit: pkgsrc/www/firefox'
unixtime: '1674263647'
user: ryoon