--- - branch: MAIN date: Fri Nov 3 10:20:03 UTC 2023 files: - new: '1.575' old: '1.574' path: pkgsrc/www/firefox/Makefile pathrev: pkgsrc/www/firefox/Makefile@1.575 type: modified - new: '1.187' old: '1.186' path: pkgsrc/www/firefox/PLIST pathrev: pkgsrc/www/firefox/PLIST@1.187 type: modified - new: '1.513' old: '1.512' path: pkgsrc/www/firefox/distinfo pathrev: pkgsrc/www/firefox/distinfo@1.513 type: modified - new: '1.266' old: '1.265' path: pkgsrc/www/firefox/mozilla-common.mk pathrev: pkgsrc/www/firefox/mozilla-common.mk@1.266 type: modified - new: '1.22' old: '1.21' path: pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js pathrev: pkgsrc/www/firefox/patches/patch-browser_app_profile_firefox.js@1.22 type: modified - new: '0' old: '1.1' path: pkgsrc/www/firefox/patches/patch-widget_gtk_v4l2test_v4l2test.cpp pathrev: pkgsrc/www/firefox/patches/patch-widget_gtk_v4l2test_v4l2test.cpp@0 type: deleted id: 20231103T102003Z.429da9e773a9286ca3177c90ec4ac1e279a36c2d log: | firefox: Update 119.0 * Enable WebGL with information by Paul Ripke. Thank you. Changelog: 119.0 New * Gradually rolling out in Fx119, Firefox View includes more content. You can now see all open tabs, from all windows. If you sync open tabs, you??ll see all tabs from other devices. Browsing history is now listed and you can sort by date or by site. As before, recently closed tabs are also listed on Firefox View. To access Firefox View, select the file folder icon at the top left of your tab strip. screenshot of Firefox View displaying open tabs and tabs from other devices * Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by adding images and alt text, in addition to text and drawings. screenshot of a photo of a red fox being added to a PDF. The alt text tool is open to the left of the photo, ready for a description to be added. * Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows. * If you're migrating your data from Chrome, Firefox now offers the ability to import some of your extensions as well. * As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual. * The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting. * The Storage Access API web standard was updated to improve security while mitigating website breakages and further enabling the phase out of third-party cookies in Firefox. * Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled. * Media sniffing is no longer applied to files served as type application/ octet-stream, this allows these files to be downloaded instead of attempting playback. * On Windows, the mouse pointer will disappear while typing if the relevant Windows mouse properties system setting is enabled. * Firefox is now available in the Santali (sat) language. Fixed * Fixed an issue causing unexpected jumps in scroll position on Facebook. * Various security fixes. Developer * Developer Information * Several enhancements have been made to the Inactive CSS styles feature. This feature assists in identifying CSS properties that have no effect on an element. Pseudo-elements such as ::first-letter, ::cue, and ::placeholder are now fully supported. * The JSON viewer is particularly useful for debugging REST APIs, as it displays formatted JSON responses. Now, if the JSON is invalid or broken, it automatically switches to a raw data view, improving the user experience. Web Platform * ARIA reflection for simple attributes and default Accessibility Semantics for Custom Elements are now supported. Note this includes boolean, enum, number, and string attributes, but not attributes that reference other elements. * credentialless is now supported in Cross-Origin-Embedder-Policy. * The CSS attr() function now supports a fallback parameter, for example attr (foobar, "Default value"). * Grouping of items in an array (and iterables) is now easier by using the methods Object.groupBy or Map.groupBy. Security fixes: #CVE-2023-5721: Queued up rendering could have allowed websites to clickjack #CVE-2023-5722: Cross-Origin size and header leakage #CVE-2023-5723: Invalid cookie characters could have led to unexpected errors #CVE-2023-5724: Large WebGL draw could have led to a crash #CVE-2023-5725: WebExtensions could open arbitrary URLs #CVE-2023-5726: Full screen notification obscured by file open dialog on macOS #CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows #CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. #CVE-2023-5729: Fullscreen notification dialog could have been obscured by WebAuthn prompts #CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 #CVE-2023-5731: Memory safety bugs fixed in Firefox 119 module: pkgsrc subject: 'CVS commit: pkgsrc/www/firefox' unixtime: '1699006803' user: ryoon