head 1.16;
access;
symbols
pkgsrc-2026Q1:1.16.0.4
pkgsrc-2026Q1-base:1.16
pkgsrc-2025Q4:1.16.0.2
pkgsrc-2025Q4-base:1.16
pkgsrc-2025Q3:1.15.0.18
pkgsrc-2025Q3-base:1.15
pkgsrc-2025Q2:1.15.0.16
pkgsrc-2025Q2-base:1.15
pkgsrc-2025Q1:1.15.0.14
pkgsrc-2025Q1-base:1.15
pkgsrc-2024Q4:1.15.0.12
pkgsrc-2024Q4-base:1.15
pkgsrc-2024Q3:1.15.0.10
pkgsrc-2024Q3-base:1.15
pkgsrc-2024Q2:1.15.0.8
pkgsrc-2024Q2-base:1.15
pkgsrc-2024Q1:1.15.0.6
pkgsrc-2024Q1-base:1.15
pkgsrc-2023Q4:1.15.0.4
pkgsrc-2023Q4-base:1.15
pkgsrc-2023Q3:1.15.0.2
pkgsrc-2023Q3-base:1.15
pkgsrc-2023Q2:1.14.0.12
pkgsrc-2023Q2-base:1.14
pkgsrc-2023Q1:1.14.0.10
pkgsrc-2023Q1-base:1.14
pkgsrc-2022Q4:1.14.0.8
pkgsrc-2022Q4-base:1.14
pkgsrc-2022Q3:1.14.0.6
pkgsrc-2022Q3-base:1.14
pkgsrc-2022Q2:1.14.0.4
pkgsrc-2022Q2-base:1.14
pkgsrc-2022Q1:1.14.0.2
pkgsrc-2022Q1-base:1.14
pkgsrc-2021Q4:1.13.0.36
pkgsrc-2021Q4-base:1.13
pkgsrc-2021Q3:1.13.0.34
pkgsrc-2021Q3-base:1.13
pkgsrc-2021Q2:1.13.0.32
pkgsrc-2021Q2-base:1.13
pkgsrc-2021Q1:1.13.0.30
pkgsrc-2021Q1-base:1.13
pkgsrc-2020Q4:1.13.0.28
pkgsrc-2020Q4-base:1.13
pkgsrc-2020Q3:1.13.0.26
pkgsrc-2020Q3-base:1.13
pkgsrc-2020Q2:1.13.0.22
pkgsrc-2020Q2-base:1.13
pkgsrc-2020Q1:1.13.0.2
pkgsrc-2020Q1-base:1.13
pkgsrc-2019Q4:1.13.0.24
pkgsrc-2019Q4-base:1.13
pkgsrc-2019Q3:1.13.0.20
pkgsrc-2019Q3-base:1.13
pkgsrc-2019Q2:1.13.0.18
pkgsrc-2019Q2-base:1.13
pkgsrc-2019Q1:1.13.0.16
pkgsrc-2019Q1-base:1.13
pkgsrc-2018Q4:1.13.0.14
pkgsrc-2018Q4-base:1.13
pkgsrc-2018Q3:1.13.0.12
pkgsrc-2018Q3-base:1.13
pkgsrc-2018Q2:1.13.0.10
pkgsrc-2018Q2-base:1.13
pkgsrc-2018Q1:1.13.0.8
pkgsrc-2018Q1-base:1.13
pkgsrc-2017Q4:1.13.0.6
pkgsrc-2017Q4-base:1.13
pkgsrc-2017Q3:1.13.0.4
pkgsrc-2017Q3-base:1.13
pkgsrc-2017Q2:1.12.0.2
pkgsrc-2017Q2-base:1.12
pkgsrc-2017Q1:1.11.0.8
pkgsrc-2017Q1-base:1.11
pkgsrc-2016Q4:1.11.0.6
pkgsrc-2016Q4-base:1.11
pkgsrc-2016Q3:1.11.0.4
pkgsrc-2016Q3-base:1.11
pkgsrc-2016Q2:1.11.0.2
pkgsrc-2016Q2-base:1.11
pkgsrc-2016Q1:1.10.0.10
pkgsrc-2016Q1-base:1.10
pkgsrc-2015Q4:1.10.0.8
pkgsrc-2015Q4-base:1.10
pkgsrc-2015Q3:1.10.0.6
pkgsrc-2015Q3-base:1.10
pkgsrc-2015Q2:1.10.0.4
pkgsrc-2015Q2-base:1.10
pkgsrc-2015Q1:1.10.0.2
pkgsrc-2015Q1-base:1.10
pkgsrc-2014Q4:1.9.0.2
pkgsrc-2014Q4-base:1.9
pkgsrc-2014Q3:1.8.0.4
pkgsrc-2014Q3-base:1.8
pkgsrc-2014Q2:1.8.0.2
pkgsrc-2014Q2-base:1.8
pkgsrc-2014Q1:1.6.0.2
pkgsrc-2014Q1-base:1.6
pkgsrc-2013Q4:1.3.0.4
pkgsrc-2013Q4-base:1.3
pkgsrc-2013Q3:1.3.0.2
pkgsrc-2013Q3-base:1.3
pkgsrc-2013Q2:1.1.0.2
pkgsrc-2013Q2-base:1.1;
locks; strict;
comment @// @;
1.16
date 2025.10.27.14.24.33; author ryoon; state Exp;
branches;
next 1.15;
commitid oawlZQwTOASjrdgG;
1.15
date 2023.09.05.14.08.39; author ryoon; state Exp;
branches;
next 1.14;
commitid igIBXwmVBtUhwADE;
1.14
date 2022.01.15.15.57.38; author ryoon; state Exp;
branches;
next 1.13;
commitid pPjqZvNXNDJblKoD;
1.13
date 2017.08.10.14.46.15; author ryoon; state Exp;
branches;
next 1.12;
commitid rDI4h24RNI2oZF2A;
1.12
date 2017.04.27.01.49.47; author ryoon; state Exp;
branches;
next 1.11;
commitid J6Df3i7KVGRj47Pz;
1.11
date 2016.06.16.12.08.21; author ryoon; state Exp;
branches;
next 1.10;
commitid LAwegbTYgLLjCGaz;
1.10
date 2015.01.16.22.42.09; author ryoon; state Exp;
branches;
next 1.9;
commitid 4cICGew1Cni4Ki6y;
1.9
date 2014.10.15.13.07.07; author ryoon; state Exp;
branches;
next 1.8;
commitid BxXu2KLWwPm1yiUx;
1.8
date 2014.06.11.00.40.59; author ryoon; state Exp;
branches;
next 1.7;
commitid QTw894DEf2Let2Ex;
1.7
date 2014.05.30.03.03.36; author pho; state Exp;
branches;
next 1.6;
commitid SyhQGFZ06rmWDvCx;
1.6
date 2014.03.20.21.02.00; author ryoon; state Exp;
branches;
next 1.5;
commitid 7yTA4yPlY6RyTttx;
1.5
date 2014.02.20.13.19.03; author ryoon; state Exp;
branches;
next 1.4;
commitid T9GvdtUIEdEreQpx;
1.4
date 2014.02.08.09.36.00; author ryoon; state Exp;
branches;
next 1.3;
commitid ggxuC0XAcatWnhox;
1.3
date 2013.08.07.12.17.54; author ryoon; state Exp;
branches;
next 1.2;
commitid DF4G4SvxcEC6ew0x;
1.2
date 2013.07.17.11.00.13; author jperkin; state Exp;
branches;
next 1.1;
commitid ChOTp6rsavaYsOXw;
1.1
date 2013.05.23.13.12.13; author ryoon; state Exp;
branches;
next ;
commitid sFsg0DAPswjWXKQw;
desc
@@
1.16
log
@www/firefox: Update to 144.0
Changelog:
144.0:
New
* Focus on just one tab in a group without the clutter. Your active tab now
stays in view, keeping things tidy even with the group collapsed.
* We're excited to share another tab groups update that addresses a top
request from our community! You can now drag a tab into a collapsed group
without automatically expanding it. It's a quick way to stay organized
while minimizing visual distractions.
MoveTabCollapsedGroup
* Profile management, now rolling out gradually to users globally over the
next few weeks, helps you protect your privacy and stay focused by
separating your online life into distinct profiles for work, school,
vacation planning, or whatever you choose. You can name your profiles and
customize them with avatars and color themes for easy recognition, then
quickly switch between them while keeping bookmarks, tabs, and browsing
history completely separate. The new Profiles feature is available for
Windows 11, Mac, and Linux users, with Windows 10 support coming soon.
* You can now close a Picture-in-Picture window without pausing the video.
Press Shift + Click on the close button or use Shift + Esc to exit while
keeping playback uninterrupted.
* Logins stored in the Firefox Password Manager are now encrypted on disk
using a modern encryption scheme (AES-256-CBC), replacing the older
3DES-CBC. This change improves local data protection. Logins synced through
Firefox Sync remain end-to-end encrypted and already use AES-256-GCM.
* Visual search powered by Google Lens
With just a right-click on any image, you can now:
* Find similar products, places, or objects
* Copy, translate, or search text from images
* Get inspiration for learning, travel, or shopping
Look for the new "Search Image with Google Lens" option in your
right-click menu (highlighted with a NEW badge at first).
This is a desktop-only feature, rolling out worldwide. Your default search
engine must be set to Google in order to use it.
* Perplexity AI Search in Firefox
On desktop, Firefox now includes Perplexity, an AI-powered answer engine
built into the browser. Perplexity delivers direct, conversational answers
to complex questions, helping you get quick summaries, accurate references,
or creative inspiration without digging through multiple sources. It??s
rolling out worldwide from the address bar via the unified search button.
* The following languages are now available for translation:
+ Azerbaijani
+ Bangla
+ Icelandic
Fixed
* Various security fixes.
* The following languages have improved translation quality:
+ Arabic
+ Bulgarian
+ Catalan
+ Chinese (Simplified)
+ Czech
+ Dutch
+ Estonian
+ Finnish
+ French
+ German
+ Hungarian
+ Italian
+ Japanese
+ Portuguese
+ Persian
+ Spanish
+ Ukrainian
Changed
* On Windows, when opening a link from another application, Firefox will only
use a window on the current virtual desktop or open a new window if needed.
Security fixes:
Mozilla Foundation Security Advisory 2025-81
#CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
#CVE-2025-11709: Out of bounds read/write in a privileged process triggered by
WebGL textures
#CVE-2025-11710: Cross-process information leaked due to malicious IPC messages
#CVE-2025-11711: Some non-writable Object properties could be modified
#CVE-2025-11716: Sandboxed iframes allowed links to open in external apps
(Android only)
#CVE-2025-11717: The password edit screen was not hidden in Android card view
#CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web
resources without a content-type
#CVE-2025-11718: Address bar could be spoofed on Android using visibilitychange
#CVE-2025-11713: Potential user-assisted code execution in ??Copy as cURL??
command
#CVE-2025-11719: Use-after-free caused by the native messaging web extension
API on Windows
#CVE-2025-11720: Spoofing risk in Android custom tabs
#CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
#CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR
140.4, Firefox 144 and Thunderbird 144
#CVE-2025-11721: Memory safety bug fixed in Firefox 144 and Thunderbird 144
@
text
@$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.15 2023/09/05 14:08:39 ryoon Exp $
* Fix NetBSD linking
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2023-08-17 21:21:29.000000000 +0000
+++ ipc/glue/GeckoChildProcessHost.cpp
@@@@ -4,7 +4,13 @@@@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#if defined(__NetBSD__)
+_Pragma("GCC visibility push(default)")
+#endif
#include "GeckoChildProcessHost.h"
+#if defined(__NetBSD__)
+_Pragma("GCC visibility pop")
+#endif
#include "base/command_line.h"
#include "base/process.h"
@
1.15
log
@firefox: Update to 117.0
Changelog:
New
* Support for credit card autofill has been extended to users running Firefox
in the IT, ES, AT, BE, and PL locales.
* macOS users can now control the tabability of controls and links via
about:preferences.
Screenshot of new macOS tabability option in about:preferences
* To avoid undesirable outcomes on sites which specify their own behavior
when pressing shift+right-click, Firefox now has a
dom.event.contextmenu.shift_suppresses_event preference to prevent the
context menu from appearing.
Fixed
* YouTube video lists now scroll correctly when navigating with a screen
reader.
* Various security fixes.
Changed
* Firefox no longer shows its own screen sharing indicator on Wayland desktop
environments. The system default sharing indicator will be used instead.
Enterprise
* You can find information about policy updates and enterprise specific bug
fixes in the Firefox for Enterprise 117 Release Notes.
Developer
* Developer Information
* Web compatibility inspection has been enhanced with our new CSS
compatibility tooltip in the Developer Tools Inspector. An icon is now
displayed next to properties that could lead to web compatibility issues.
When hovered, the tooltip indicates which browsers are not supported and
displays a link to the MDN page for the property so the user can learn more
about it.
Screenshot showing CSS compatibility icon for a property shown in the
Inspector
* console.clear() no longer clears the Console output if the "Enable
persistent logs" option is enabled.
Web Platform
* Support for improved CSS nesting is now enabled by default.
* Firefox now supports RTCRtpScriptTransform.
* ReadableStream.from is now supported, allowing creation of a ReadableStream
from an (async) iterable.
* Firefox now supports the math-style and math-depth CSS properties and the
font-size: math value.
Security fixes:
#CVE-2023-4573: Memory corruption in IPC CanvasTranslator
#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an
Out of Memory Exception
#CVE-2023-4579: Persisted search terms were formatted as URLs
#CVE-2023-4580: Push notifications saved to disk unencrypted
#CVE-2023-4581: XLL file extensions were downloadable without warnings
#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
#CVE-2023-4583: Browsing Context potentially not cleared when closing Private
Window
#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and
Thunderbird 115.2
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.14 2022/01/15 15:57:38 ryoon Exp $
a2 1
* Support Solaris
@
1.14
log
@firefox: Update to 96.0.1
Changelog:
Version 96.0.1, first offered to Release channel users on January 14, 2022
Fixed
* Addresses proxy rule exceptions not working on Windows systems when "Use
system proxy settings" is set (bug 1749501)
* Improvements to make the parsing of content-length headers more robust (bug
1749957)
Version 96.0, first offered to Release channel users on January 11, 2022
New
* We've made significant improvements in noise-suppression and
auto-gain-control as well as slight improvements in echo-cancellation to
provide you with a better overall experience.
* We've also significantly reduced main-thread load.
* Firefox will now default all cookies to having a SameSite=lax attribute
which helps defend against Cross-Site Request Forgery (CSRF) attacks.
* When printing, you can now choose to print only the odd/even pages.
Fixed
* On macOS, command-clicking links in Gmail now opens them in a new tab as
expected.
* Our newest release fixes an issue where video intermittently drops SSRC.
* It also fixes an issue where WebRTC downgrades screen sharing resolution to
provide you with a clearer browsing experience.
* Plus, we've fixed video quality degradation issues on certain sites.
* Detached video in fullscreen on macOS has been temporarily disabled to
avoid some issues with corruption, brightness changes, missing subtitles
and high cpu usage.
* Various security fixes
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
window spoof
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22750: IPC passing of resource handles could have lead to sandbox
bypass
#CVE-2022-22749: Lack of URL restrictions when scanning QR codes
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22736: Potential local privilege escalation when loading modules from
the install directory.
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
#CVE-2022-22752: Memory safety bugs fixed in Firefox 96
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.13 2017/08/10 14:46:15 ryoon Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2022-01-08 15:41:40.900244448 +0000
d21 1
a21 1
#include "base/process_util.h"
@
1.13
log
@Update to 55.0
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose María Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos Álvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.12 2017/04/27 01:49:47 ryoon Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2017-07-31 16:20:47.000000000 +0000
d21 1
a21 1
#include "base/string_util.h"
@
1.12
log
@Update to 53.0
Changelog:
New
Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
Lightweight themes are now applied in private browsing windows
Reader Mode now displays estimated reading time for the page
Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer
Fixed
Various security fixes
Changed
Updated the design of site permission requests to make them harder to miss and easier to understand
Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
Updates for Mac OS X are smaller in size compared to updates for Firefox 52
New visual design for audio and video controls
Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2017-5437: Vulnerabilities in Libevent library
#CVE-2017-5454: Sandbox escape allowing file system read access through file picker
#CVE-2017-5455: Sandbox escape through internal feed reader APIs
#CVE-2017-5456: Sandbox escape allowing local file system access
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
#CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
#CVE-2017-5451: Addressbar spoofing with onblur event
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
#CVE-2017-5467: Memory corruption when drawing Skia content
#CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
#CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
#CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
#CVE-2017-5468: Incorrect ownership model for Private Browsing information
#CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.11 2016/06/16 12:08:21 ryoon Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2017-04-11 04:15:17.000000000 +0000
a21 27
@@@@ -730,7 +736,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
// and passing wstrings from one config to the other is unsafe. So
// we split the logic here.
-#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD)
+#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS)
base::environment_map newEnvVars;
ChildPrivileges privs = mPrivileges;
if (privs == base::PRIVILEGES_DEFAULT ||
@@@@ -865,7 +871,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
childArgv.push_back(pidstring);
#if defined(MOZ_CRASHREPORTER)
-# if defined(OS_LINUX) || defined(OS_BSD)
+# if defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS)
int childCrashFd, childCrashRemapFd;
if (!CrashReporter::CreateNotificationPipeForChild(
&childCrashFd, &childCrashRemapFd))
@@@@ -901,7 +907,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
LaunchAndroidService(childProcessType, childArgv, mFileMap, &process);
#else
base::LaunchApp(childArgv, mFileMap,
-#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD)
+#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS)
newEnvVars, privs,
#endif
false, &process, arch);
@
1.11
log
@Update to 47.0
* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.10 2015/01/16 22:42:09 ryoon Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2015-01-09 04:38:16.000000000 +0000
d22 1
a22 1
@@@@ -533,7 +539,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d30 2
a31 2
if (privs == base::PRIVILEGES_DEFAULT) {
@@@@ -672,7 +678,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d40 3
a42 3
@@@@ -705,7 +711,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
childArgv.push_back(childProcessType);
@
1.10
log
@Update to 35.0
Changelog:
New Firefox Hello with new rooms-based conversations model
New New search UI improved and enabled for more locales
New Access the Firefox Marketplace from the Tools menu and optional toolbar button
New Built-in support for H264 (MP4) on Mac OS X Snow Leopard (10.6) and newer through native APIs
New Use tiled rendering on OS X
New Improved high quality image resizing performance
New Improved handling of dynamic styling changes to increase responsiveness
HTML5 Added support for the CSS Font Loading API
HTML5 Resource Timing API implemented
HTML5 CSS filters enabled by default
HTML5 Changed JavaScript 'let' semantics to conform better to the ES6 specification
Developer Support for inspecting ::before and ::after pseudo elements
Developer Computed view: Nodes matching the hovered selector are now highlighted
Developer Network Monitor: New request/response headers view (more info)
Developer Added support for the EXT_blend_minmax WebGL extension
Fixed Show DOM Properties context menu item in inspector
Fixed Reduced resource usage for scaled images
Fixed PDF.js updated to version 1.0.907
Fixed Non-HTTP(S) XHR now returns correct status code
Fixed Various security fixes
Security fixes:
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-07 Gecko Media Plugin sandbox escape
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.9 2014/10/15 13:07:07 ryoon Exp $
d3 2
a4 2
* Just because OS_ARCH is Darwin does not mean MacOS X specific
kludges are needed.
@
1.9
log
@Update to 33.0
Changelog:
New
OpenH264 support (sandboxed)
New
Improved search experience through the location bar
New
Slimmer and faster JavaScript strings
New
Search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages
New
Windows: OMTC enabled by default
New
New CSP (Content Security Policy) backend
New
Support for connecting to HTTP proxy over HTTPS
New
Improved reliability of the session restoration
New
Azerbaijani [az] locale added
Changed
Proprietary window.crypto properties/functions removed
Changed
JSD (JavaScript Debugger Service) removed in favor of the Debugger interface
HTML5
@@counter-style rule from CSS3 Counter Styles specification implemented
HTML5
DOMMatrix interface implemented
Developer
Cubic-bezier curves editor
Developer
Display which elements have listeners attached
Developer
New sidebar which displays a list of shortcuts to every @@media rule in the current stylesheet
Developer
Paint flashing for browser content repaints
Developer
Editable @@keyframes rules in the Rules section of the Inspector
Developer
CSS transform highlighter in the style-inspector
Fixed
Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers (237623)
Fixed
Various security fixes
Fixed in Firefox 33
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypasses
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.8 2014/06/11 00:40:59 ryoon Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2014-10-11 09:06:28.000000000 +0000
d21 2
a22 2
#include "base/path_service.h"
@@@@ -504,7 +510,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d31 1
a31 1
@@@@ -643,7 +649,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d40 1
a40 1
@@@@ -676,7 +682,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
@
1.8
log
@Update to 30.0
* debug build is broken
Changelog:
New
Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars
New
Mac OS X command-E sets find term to selected text
New
Support for GStreamer 1.0
Changed
Disallow calling WebIDL constructors as functions on the web
Developer
With the exception of those bundled inside an extension or ones that are whitelisted, plugins will no longer be activated by default (see blog post)
Developer
Fixes to box-shadow and other visual overflow (see bug 480888)
Developer
Mute and volume available per window when using WebAudio
Developer
background-blend-mode enabled by default
Developer
Use of line-height allowed for
Developer
ES6 array and generator comprehensions implemented (read docs for more details)
Developer
Error stack now contains column number
Developer
Support for alpha option in canvas context options (feature description)
Fixed
Ignore autocomplete="off" when offering to save passwords via the password manager (see 956906)
Fixed
TypedArrays don't support new named properties (see 695438)
Fixed
Various security fixes
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.7 2014/05/30 03:03:36 pho Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2014-05-29 23:30:53.000000000 +0000
d20 3
a22 3
#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
#include "sandboxBroker.h"
@@@@ -548,7 +554,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d31 1
a31 1
@@@@ -671,7 +677,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d40 1
a40 1
@@@@ -704,7 +710,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
@
1.7
log
@PR pkg/48840: Don't assume cocoa toolkit just because OS_ARCH is Darwin
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.6 2014/03/20 21:02:00 ryoon Exp $
d6 1
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2014-05-06 22:55:41.000000000 +0000
d22 1
a22 1
@@@@ -504,7 +510,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d31 1
a31 37
@@@@ -523,7 +529,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
if (NS_SUCCEEDED(rv)) {
nsCString path;
greDir->GetNativePath(path);
-# if defined(OS_LINUX) || defined(OS_BSD)
+# if defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS)
# if defined(MOZ_WIDGET_ANDROID)
path += "/lib";
# endif // MOZ_WIDGET_ANDROID
@@@@ -538,7 +544,17 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
newEnvVars["LD_LIBRARY_PATH"] = path.get();
}
# elif OS_MACOSX
- newEnvVars["DYLD_LIBRARY_PATH"] = path.get();
+ const char *dyld_library_path = PR_GetEnv("DYLD_LIBRARY_PATH");
+ nsCString new_dyld_lib_path;
+ if (dyld_library_path && *dyld_library_path) {
+ new_dyld_lib_path.Assign(path.get());
+ new_dyld_lib_path.AppendLiteral(":");
+ new_dyld_lib_path.Append(dyld_library_path);
+ newEnvVars["DYLD_LIBRARY_PATH"] = new_dyld_lib_path.get();
+ } else {
+ newEnvVars["DYLD_LIBRARY_PATH"] = path.get();
+ }
+# if defined(MOZ_WIDGET_COCOA)
// XXX DYLD_INSERT_LIBRARIES should only be set when launching a plugin
// process, and has no effect on other subprocesses (the hooks in
// libplugin_child_interpose.dylib become noops). But currently it
@@@@ -558,6 +574,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
interpose.Append(path.get());
interpose.AppendLiteral("/libplugin_child_interpose.dylib");
newEnvVars["DYLD_INSERT_LIBRARIES"] = interpose.get();
+# endif // MOZ_WIDGET_COCOA
# endif // OS_LINUX
}
}
@@@@ -632,7 +649,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d40 1
a40 1
@@@@ -665,7 +682,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
@
1.6
log
@Update to 28.0
Changelog:
NEW
VP9 video decoding implemented
NEW
Mac OS X: Notification Center support for web notifications
NEW
Horizontal HTML5 audio/video volume control
NEW
Support for Opus in WebM
CHANGED
Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty
DEVELOPER
Support for MathML 2.0 'mathvariant' attribute
DEVELOPER
Background thread hang reporting
DEVELOPER
Support for multi-line flexbox in layout
FIXED
Various security fixes
Fixed in Firefox 28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.5 2014/02/20 13:19:03 ryoon Exp $
d3 4
a6 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2014-03-15 05:19:19.000000000 +0000
d22 1
a22 1
@@@@ -499,7 +505,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d31 1
a31 1
@@@@ -518,7 +524,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d40 28
a67 1
@@@@ -627,7 +633,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d76 1
a76 1
@@@@ -660,7 +666,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
@
1.5
log
@Update to 27.0.1
* Fix some syscall definitions in JavaScript are fixed.
Thank you, tho@@.
Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
@
text
@d1 1
a1 1
$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.3 2013/08/07 12:17:54 ryoon Exp $
d3 1
a3 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2013-07-30 00:58:17.000000000 +0000
d17 3
a19 3
#include "base/command_line.h"
#include "base/path_service.h"
@@@@ -490,7 +496,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d28 1
a28 1
@@@@ -509,7 +515,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d37 1
a37 1
@@@@ -618,7 +624,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d46 1
a46 1
@@@@ -651,7 +657,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
@
1.4
log
@Update to 27.0
Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here
Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
@
text
@d3 1
a3 1
--- ipc/glue/GeckoChildProcessHost.cpp.orig 2014-01-28 04:03:44.000000000 +0000
d19 1
a19 1
@@@@ -494,7 +500,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d28 1
a28 1
@@@@ -513,7 +519,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d37 1
a37 1
@@@@ -622,7 +628,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
d46 1
a46 1
@@@@ -655,7 +661,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc
@
1.3
log
@Update to 23.0
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed