---
- branch: MAIN
  date: Wed Nov 22 13:32:12 UTC 2023
  files:
  - new: '1.581'
    old: '1.580'
    path: pkgsrc/www/firefox/Makefile
    pathrev: pkgsrc/www/firefox/Makefile@1.581
    type: modified
  - new: '1.516'
    old: '1.515'
    path: pkgsrc/www/firefox/distinfo
    pathrev: pkgsrc/www/firefox/distinfo@1.516
    type: modified
  - new: '1.270'
    old: '1.269'
    path: pkgsrc/www/firefox/mozilla-common.mk
    pathrev: pkgsrc/www/firefox/mozilla-common.mk@1.270
    type: modified
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/www/firefox/files/node-wrapper.sh
    pathrev: pkgsrc/www/firefox/files/node-wrapper.sh@1.13
    type: modified
  id: 20231122T133212Z.7c214ce9db5246a1e79e552d99e234df0414fda5
  log: |
    firefox: Update to 120.0

    Changelog:
    120.0
    New

      * Firefox supports a new "Copy Link Without Site Tracking" feature in the
        context menu which ensures that copied links no longer contain tracking
        information.

        Screenshot showing Copy Link feature

      * Firefox now supports a setting (in Preferences -> Privacy & Security) to
        enable Global Privacy Control. With this opt-in feature, Firefox informs
        the websites that the user doesn't want their data to be shared or sold.

        Screenshot showing GPC preference

      * Firefox's private windows and ETP-Strict privacy configuration now enhance
        the Canvas APIs with Fingerprinting Protection, thereby continuing to
        protect our users' online privacy.

      * Firefox has enabled Cookie Banner Blocker by default in private windows for
        all users in Germany. Firefox will now auto-refuse cookies and dismiss
        annoying cookie banners for supported sites.

      * Firefox has enabled URL Tracking Protection by default in private windows
        for all users in Germany. Firefox will remove non-essential URL query
        parameters that are often used to track users across the web.

      * Firefox now imports TLS trust anchors (e.g., certificates) from the
        operating system root store. This will be enabled by default on Windows,
        macOS, and Android, and if needed, can be turned off in settings
        (Preferences -> Privacy & Security -> Certificates).

      * Keyboard shortcuts have now been added for editing and deleting a selected
        credential on about:logins. For editing - Alt + enter (Option + return on
        macOS) and for deleting - Alt + Backspace (Option + Delete on macOS).

      * Users on Ubuntu Linux now have the ability to import from Chromium when
        both are installed as Snap packages.

      * Picture-in-Picture now supports corner snapping on Windows and Linux - just
        hold Ctrl as you move the PiP window.

    Fixed

      * Various security fixes.

    Security fixes:
    Mozilla Foundation Security Advisory 2023-49
    #CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
    #CVE-2023-6205: Use-after-free in MessagePort::Entangled
    #CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
    #CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
    #CVE-2023-6208: Using Selection API would copy contents into X11 primary
     selection.
    #CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
    #CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up
    #CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode
    #CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
     Thunderbird 115.5
    #CVE-2023-6213: Memory safety bugs fixed in Firefox 120
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/firefox'
  unixtime: '1700659932'
  user: ryoon