| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Add --enable-new-pass-manager.
* Disable sysutils/dbus dependency for non-Linux platforms by default.
Changelog:
105.0.3:
Fixed
* Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
software installed (bug 1794064)
105.0.2:
Fixed
* Fixed poor contrast on various menu items with certain themes on Linux
systems (bug 1792063)
* Fixed the scrollbar appearing on the wrong side of select elements in
right-to-left locales (bug 1791219)
* Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug
1786259)
* Fixed a bug causing some dynamic appearance changes to not appear when
expected (bug 1786521)
* Fixed a bug causing theme styling to not be properly applied to sidebars
for some add-ons in Private Browsing Mode (bug 1787543)
105.0.1:
Fixed
* Reverted focus behavior for new windows back to the content area
instead of the address bar (bug 1784692)
105.0:
New
* Added an option to print only the current page from the print preview
dialog.
* Firefox now supports partitioned service workers in third-party contexts.
You can register service workers in a third-party iframe and it will be
partitioned under the top-level domain.
* Swipe to navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) on Windows is now enabled.
* Firefox is now compliant with the User Timing L3 specification, which adds
additional optional arguments to the performance.mark and
performance.measure methods to provide custom start times, end times,
duration, and attached details.
* Searching in large lists for individual items is now 2x faster. This
performance enhancement replaces array.includes and array.indexOf with an
optimized SIMD version.
Fixed
* Stability on Windows is significantly improved as Firefox handles
low-memory situations much better.
* Touchpad scrolling on macOS was made more accessible by reducing unintended
diagonal scrolling opposite of the intended scroll axis.
* Firefox is less likely to run out of memory on Linux and performs more
efficiently for the rest of the system when memory runs low.
* Various security fixes.
Web Platform
* Support for the Offscreen Canvas DOM API with full context and font
support. The OffscreenCanvas API provides a canvas that can be rendered
off-screen in both Window and Web Worker contexts.
Security fixes:
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host
and __Secure prefix
#CVE-2022-40961: Stack-buffer overflow when initializing Graphics
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
|
|
* Remove removed or changed configure options.
Changelog:
97.0.1:
Fixed
* Fixed an issue where TikTok videos would fail to load when selected from a
user's profile page (bug 1750973)
* Fixed an issue which led to Picture-in-Picture mode being unable to be
toggled on Hulu (bug 1753401)
* Works around problems with WebRoot SecureAnywhere antivirus rendering
Firefox unusable in some situations (bug 1752466)
* Fixed an issue causing users to see the Restore Session screen unexpectedly
when starting Firefox (bug 1749996)
97.0:
New
* On February 8, we expired the 18 colorway themes that shipped along with
Firefox 94. This signals the end of a special, limited-time feature set.
However, you can hold onto your favorite colorway, as long as you??re using
it on the expiration date. In other words, if a colorway is ??enabled?? in
the add-ons manager, that colorway is yours forever.
* Beginning February 15, we are releasing 6 brand-new colorways in a special
partner collaboration. U.S.-based fans of the film can visit
truecolors.firefox.com to activate official Turning Red-inspired Colorways,
available exclusively in Firefox for desktop through April 30, 2022.
Firefox users who visit the ??True Colors?? campaign landing page will be
able to modify how their web browser looks, with colors and moods inspired
by some of the main characters in the film. To enjoy the new Colorways, you
??ll need to make sure you upgrade to the latest Firefox 97 version. This
collection will be available in the add-ons manager, within the Colorways
section. Read more about colorway updates here.
* Firefox now supports and displays the new style of scrollbars on Windows
11.
Fixed
* On macOS, we??ve made improvements to system font loading which makes
opening and switching to new tabs faster in certain situations.
* Various security fixes
Changed
* Support for directly generating PostScript for printing on Linux has been
removed. Printing to PostScript printers still remains a supported option,
however.
Security fixes:
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation during
update
#CVE-2022-22755: XSL could have allowed JavaScript execution after a tab was
closed
#CVE-2022-22756: Drag and dropping an image could have resulted in the dropped
object being an executable
#CVE-2022-22757: Remote Agent did not prevent local websites from connecting
#CVE-2022-22758: tel: links could have sent USSD codes to the dialer on Firefox
for Android
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between script
and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22762: JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
#CVE-2022-0511: Memory safety bugs fixed in Firefox 97
|
|
Changelog:
94.0.1
Fixed
* Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)
94.0
New
* Colorways animated screenshot
With 94, you'll find a selection of six fun seasonal Colorways (available
for a limited time only). Now you can find a color to suit (or lift) your
every mood.
Fun fact: Did you know we have more daily users with color themes than dark
or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to
customize their color theme. And that was just on the first day! We decided
to introduce these new Colorways to give our users more to love.
* Firefox macOS now uses Apple's low power mode for fullscreen video on sites
such as YouTube and Twitch. This meaningfully extends battery life in long
viewing sessions. Now your kids can find out what the fox says on a loop
without you ever missing a beat'
* With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
* On Windows, there will now be fewer interruptions because Firefox won't
prompt you for updates. Instead, a background agent will download and
install updates even if Firefox is closed.
* And on Linux, we've improved WebGL performance and reduced power
consumption for many users.
* To better protect all Firefox users against side-channel attacks such as
Spectre, we're introducing Site Isolation. It will be rolled out to
Firefox 94 users over the next few weeks. We've got your
back...errr...side!
* We're rolling out the Firefox Multi-Account Containers extension with
Mozilla VPN integration. This lets you use a different server location for
each container.
* Firefox no longer warns you by default when you exit the browser or close a
window using a menu, button, or three-key command. This should cut back on
unwelcome notifications which is always nice--however, if you prefer a bit
of notice, you'll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox Settings. No worries!
(More details)
* And now, Firefox supports the new Snap Layouts menus when running on
Windows 11.
Fixed
* We've reduced the overhead of using performance.mark() and
performance.measure() APIs with a large set of performance entries.
* Plus, we've modified paint suppression during load to greatly improve
warmload performance in Site Isolation mode.
* You'll also notice a small reduction in Javascript memory usage.
* With this release, you'll notice faster Javascript property enumeration as
well.
* We've also implemented better scheduling of garbage collection which has
improved some pageload benchmarks.
* This release also sees reduced CPU usage during socket polling for HTTPS
connections.
* Additionally, you'll notice faster storage initialization.
* We've also improved cold startup by reducing main thread I/O.
* Plus, closing devtools now reclaims more memory than ever before.
* And we've improved pageload (especially with Site Isolation mode) by
setting a higher priority for loading and displaying images.
* Various security fixes
Enterprise
* Enterprise users now have more control over Firefox deployments with the
availability of our MSIX package on Windows platforms.
* You'll also notice various bug fixes and new policies have been
implemented in this latest version of Firefox. See more details in the
Firefox for Enterprise 94 Release Notes.
Security fixes:
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user
data
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context
menu was triggered by a user
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary
domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
#MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to
see authentication tokens
#MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
|
|
|
|
* Convert to --enable-chrome-format=omni.
It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.
Changelog:
New
* Building on Total Cookie Protection, we've added a more comprehensive logic
for clearing cookies that prevents hidden data leaks and makes it easy for
users to understand which websites are storing local information. Learn
more
* Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
* The simplify page when printing feature is back! When printing, under More
settings > Format select the Simplified option when available to get a
clutter-free page. Learn more
* HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
all connections to websites secure, and fall back to insecure connections
only when websites do not support it. Learn more
* We've added a new locale: Scots (sco)
* The address bar now provides Switch to Tab results also in Private Browsing
windows.
* Firefox now automatically enables High Contrast Mode when "Increase
Contrast" is checked on MacOS
* Firefox now does catch-up paints for almost all user interactions, enabling
a 10-20% improvement in response time to most user interactions.
Fixed
* Various security fixes
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 91
Release Notes.
Developer
* Developer Information
Web Platform
* The Visual Viewport API is now supported on desktop platforms
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
|
|
Changelog:
New
* On Windows, updates can now be applied in the background while Firefox is
not running.
* Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
* Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
* Print to PDF now produces working hyperlinks
* Version 2 of Firefox??s SmartBlock feature further improves private
browsing. Third-party Facebook scripts are blocked to prevent you from
being tracked, but are now automatically loaded ??just in time?? if you
decide to ??Log in with Facebook?? on any website.
Fixed
* Various security fixes
Changed
* The "Open Image in New Tab" context menu item now opens images and media in
a background tab by default. Learn more
* Most users without hardware accelerated WebRender will now be using
software WebRender.
* Improved software WebRender performance
* FTP support has been removed
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 90
Release Notes.
Developer
* Developer Information
* Support for Private Fields (TC39 proposal, stage 3) is available in
DevTools. The support includes: object inspection, autocompletion,
expression evaluation, variable tooltips, and pretty printing (bug)
* The Network panel shows a preview of HTTP requests for fonts in the
Response tab (bug)
Network panel font preview screenshot
Web Platform
* Support for Fetch Metadata Request Headers, which allows web applications
to better protect themselves and their users against various cross-origin
threats.
* Added the ability to use client authentication certificates stored in
hardware tokens or in Operating System storage.
Security fixes:
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
#CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
#CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
#CVE-2021-29975: Text message could be overlaid on top of another website
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
#CVE-2021-29977: Memory safety bugs fixed in Firefox 90
|
|
Changelog:
89.0.2
Fixed
* Fix occasional hangs with Software WebRender on Linux (bug 1708224)
89.0.1
Fixed
* Windows: Resolved an issue causing some screen readers to not interact
correctly with Firefox anymore (bug 1714212)
* Updated translations, including full Spanish (Mexico) localization and
other improvements (bug 1714946)
* Fix various font related regressions (bug 1694174)
* Linux: Fix performance and stability regressions with WebRender (bug
1715895, bug 1715902)
* macOS: Fix screen flickering when scrolling a page on an external monitor (
bug 1715452)
* Enterprise: Fix for the DisableDeveloperTools policy not having effect
anymore (bug 1715777)
* Linux: Fix broken scrollbars on some GTK themes (bug 1714103)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas
89.0
New
* Say hello to a fresh new Firefox, designed to get you where you want to go
even faster. We??ve redesigned and modernized the core experience to be
cleaner, more inviting, and easier to use.
Beginning in 89, you??ll notice a number of changes, including:
Simplified browser chrome and toolbar: Less frequently used items removed
to focus on the most important navigation items.
Simplified browser chrome and toolbar screenshot
Clear, streamlined menus: Re-organized and prioritized menu content
according to usage. Updated labels and removed iconography.
Clear, streamlined menus screenshot
Updated prompts: Infobars, panels, and modals have a cleaner design and
clearer language.
Updated prompts screenshot
Inspired tab design: Floating tabs neatly contain information and surface
cues when you need them, like visual indicators for audio controls. The
rounded design of the active tab supports focus and signals the ability to
easily move the tab as needed.
Inspired tab design screenshot
Fewer interruptions: Reduced number of alerts and messages, so you can
browse with fewer distractions.
Cohesive, calmer visuals: Lighter iconography, a refined color palette, and
more consistent styling throughout.
This release also includes enhancements to our privacy offerings:
+ We??ve enhanced the privacy of the Firefox Browser??s Private Browsing
mode with Total Cookie Protection, which confines cookies to the site
where they were created, preventing companies from using cookies to
track your browsing across sites. This feature was originally launched
in Firefox??s ETP Strict mode.
* For macOS users, we're introducing the elastic overscroll effect known from
many other applications. A gentle bouncing animation will indicate that you
reached the end of the page.
In addition, we added support for smart zoom. Double-tap with two fingers
on your trackpad, or with a single finger on your Magic Mouse, to zoom the
content below your cursor into focus.
* Native context menus: Context menus on macOS are now native and support
Dark Mode.
macOS native context menus screenshot
* WebRender is now enabled on Linux with the NVIDIA binary driver and on all
desktop environments
#
Fixed
* Colors in Firefox on macOS will no longer be saturated on wide gamut
displays, untagged images are properly treated as sRGB, and colors in
images tagged as sRGB will now match CSS colors.
* In full screen mode on macOS, moving your mouse to the top of the screen
will no longer hide your tabs behind the system menu bar.
* Also in full screen mode on macOS, it is now possible to hide the browser
toolbars for a fully immersive full screen experience. This brings macOS in
line with Windows and Linux.
* Various stability and security fixes.
#
Changed
* Introducing a non-native implementation of web form controls, which
delivers a new modern design and some improvements to page load
performance. Watch for layout bugs in web pages that make assumptions about
the dimensions or styling of form controls.
* The screenshots feature is available in the right-click context menu. You
can also add a screenshots shortcut to your toolbar. Learn more.
Security fixes:
#CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain
spoofing
#CVE-2021-29960: Filenames printed from private browsing mode incorrectly
retained in preferences
#CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling
#CVE-2021-29963: Shared cookies for search suggestions in private browsing mode
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29959: Devices could be re-enabled without additional permission
prompt
#CVE-2021-29962: No rate-limiting for popups on Firefox for Android
#CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
#CVE-2021-29966: Memory safety bugs fixed in Firefox 89
|
|
|
|
|
|
Changelog:
New
* PDF forms now support JavaScript embedded in PDF files. Some PDF forms use
JavaScript for validation and other interactive features.
* Print updates: Margin units are now localized.
* Smooth pinch-zooming using a touchpad is now supported on Linux
* To protect against cross-site privacy leaks, Firefox now isolates
window.name data to the website that created it. Learn more
Fixed
* Screen readers no longer incorrectly read content that websites have
visually hidden, as in the case of articles in the Google Help panel.
* Various security fixes.
Changed
* Firefox will not prompt for access to your microphone or camera if you've
already granted access to the same device on the same site in the same tab
within the past 50 seconds. This new grace period reduces the number of
times you're prompted to grant device access.
* The "Take a Screenshot" feature was removed from the Page Actions menu in
the url bar. To take a screenshot, right-click to open the context menu.
You can also add a screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize...
* FTP support has been disabled, and its full removal is planned for an
upcoming release. Addressing this security risk reduces the likelihood of
an attack while also removing support for a non-encrypted protocol.
Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23996: Content rendered outside of webpage viewport
#CVE-2021-23997: Use-after-free when freeing fonts from cache
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24000: requestPointerLock() could be applied to a tab different from
the visible tab
#CVE-2021-24001: Testing code could have enabled session history manipulations
by a compromised content process
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
null-reads
#CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader
View
#CVE-2021-29946: Port blocking could be bypassed
#CVE-2021-29947: Memory safety bugs fixed in Firefox 88
|
|
Changelog:
New
* You'll encounter less website breakage in Private Browsing and Strict
Enhanced Tracking Protection with SmartBlock, which provides stand-in
scripts so that websites load properly.
* To further protect your privacy, our new default HTTP Referrer policy will
trim path and query string information from referrer headers to prevent
sites from accidentally leaking sensitive user data.
* The "Highlight All" feature on Find in Page now displays tick marks
alongside your scrollbar that correspond to the location of matches found
on that page.
* We're proud to announce full support for macOS built-in screen reader,
VoiceOver.
* We've added a new locale: Silesian (szl)
Fixed
* We've fixed several significant accessibility issues:
+ Video controls now have visible focus styling and video and audio
controls are now keyboard navigable. (Bug 1681007)
+ HTML <meter> is now spoken by screen readers. (Bug 1460378)
+ Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537
)
+ Firefox will now fire a name/description change event when
aria-labelledby/describedby content changes. (Bug 493683)
* Various security fixes.
Changed
* To prevent user data loss when filling out forms, we've disabled the
Backspace key as a navigation shortcut for the back navigation button. To
re-enable the Backspace keyboard shortcut, you can change the about:config
preference browser.backspace_action to 0. You can also use the recommended
Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
Firefox keyboard shortcuts
* We've removed items from the Library menu that weren't used often or have
other access points in the browser: Synced tabs, Recent highlights, and
Pocket list.
* We've simplified the Help menu by reducing redundant items, such as those
that point to Firefox support pages that can also be accessed via the Get
Help item.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
87 Release Notes.
Developer
* Developer Information
* We've greatly simplified the Web Developer menu. Go to Application Menu >
Web Developer > Web Developer Tools to access Inspector, Web Console,
Debugger, Network Style Error, Performance, Storage Inspector,
Accessibility, and Application
* Developers can now use the Page Inspector to simulate prefers-color-scheme
media queries, without having to change the operating system to light or
dark mode.
* Developers can now use the Page Inspector to toggle the :target
pseudo-class for the currently selected element in addition to the
pseudo-classes that were previously supported: :hover, :active and :focus,
:focus-within, :focus-visible, and :visited.
* There is a number of Page Inspector improvements and bug fixes related to
inactive CSS rules:
+ The table-layout property is now marked as inactive for non-table
elements.
+ The scroll-padding properties (shorthand and longhand) are now marked
as inactive for non-scrollable elements.
+ The text-overflow property was previously incorrectly marked as
inactive for some overflow values.
Securiy fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory
corruption
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23985: Devtools remote debugging feature could have been enabled
without indication to the user
#CVE-2021-23986: A malicious extension could have performed credential-less
same origin policy violations
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
|
|
Changelog:
New
* Firefox now supports simultaneously watching multiple videos in
Picture-in-Picture.
* Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total
Cookie Protection, every website gets its own "cookie jar," preventing
cookies from being used to track you from site to site.
* We've improved our Print functionality with a cleaner design and better
integration with your computer's printer settings.
* For Firefox users in Canada, credit card management and auto-fill are now
enabled.
* Notable performance and stability improvements are achieved by moving
canvas drawing and WebGL drawing to the GPU process.
Fixed
* Reader mode now works with local HTML pages.
* Using screen reader quick navigation to move to editable text controls no
longer incorrectly reaches non-editable cells in some grids such as on
messenger.com.
* The Orca screen reader's mouse review feature now works correctly after
switching tabs in Firefox.
* Screen readers no longer report column headers incorrectly in tables
containing cells spanning multiple columns.
* Links in Reader View now have more color contrast.
* Various security fixes.
Changed
* On Linux and Android, the protection to mitigate the stack clash attack has
been activated.
* From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing
WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from
now on as the minimum version.
* Consolidated all video decoding in the new RDD process which results in a
more secure Firefox.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
86 Release Notes.
Developer
* Developer Information
* CSS image-set() function in CSS is now enabled, allowing for responsive
images in CSS.
* Inactive CSS tool is now showing a warning when margin or padding is set on
internal table elements.
Inactive CSS screenshot
* Developer Tools Toolbox is now showing a number of errors on the current
page. This is a quick way to surface information to a developer that
something is wrong with their page. Clicking on the red exclamation icon
navigates the user to the Console panel.
Develeoper tools: screenshot of number of errors
Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23970: Multithreaded WASM triggered assertions validating separation
of script domains
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
#CVE-2021-23971: A website's Referrer-Policy could have been be overridden,
potentially resulting in the full URL being sent as a Referrer
#CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox
for Android
#CVE-2021-23977: Malicious application could read sensitive data from Firefox
for Android's application directories
#CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is
cached
#CVE-2021-23975: about:memory Measure function caused an incorrect pointer
operation
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
#CVE-2021-23979: Memory safety bugs fixed in Firefox 86
|
|
Changelog:
New
* Firefox now protects you from supercookies, a type of tracker that can stay
hidden in your browser and track you online, even after you clear cookies.
By isolating supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
* It??s easier than ever to save and access your bookmarks. Firefox now
remembers your preferred location for saved bookmarks, displays the
bookmarks toolbar by default on new tabs, and gives you easy access to all
of your bookmarks via a toolbar folder.
* The password manager now allows you to remove all of your saved logins with
one click, as opposed to having to delete each login individually.
Fixed
* Various security fixes.
Changed
* Firefox no longer supports Adobe Flash. There is no setting available to
re-enable Flash support.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
85 Release Notes.
Developer
* Developer Information
* CSS: We have added support for the :focus-visible pseudo class.
* It's possible to prettify JS expressions in Console source code Editor
(available in multiline mode) using a new toolbar button.
Console Editor Pretty Print Expression Screenshot
Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
JavaScript switch statements
#CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
#CVE-2021-23956: File picker dialog could have been used to disclose a complete
directory
#CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the
intent URL scheme
#CVE-2021-23958: Screen sharing permission leaked across tabs
#CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
variables during GC
#CVE-2021-23961: More internal network hosts could have been probed by a
malicious webpage
#CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</
code>
#CVE-2021-23963: Permission prompt inaccessible after asking for additional
permissions
#CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
#CVE-2021-23965: Memory safety bugs fixed in Firefox 85
|
|
Changelog:
Fixed
* Fixed problems loading secure websites and crashes for users with certain
third-party PKCS11 modules and smartcards installed (bug 1682881).
* Fixed slower than expected performance and flickering on Canvas elements
for some Windows users (bug 1683116).
* Fixed a bug causing some Unity JS games to not load on Apple Silicon
devices due to improper detection of the OS version (bug 1680516).
* Fixed crashes caused by various third-party antivirus software.
|
|
Changelog:
New
* Native support for macOS devices built with Apple Silicon CPUs brings
dramatic performance improvements over the non-native build that was
shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps
are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest Firefox.
* WebRender rolls out to MacOS Big Sur, Windows devices with Intel Gen 6
GPUs, and Intel laptops running Windows 7 and 8. Additionally we'll ship an
accelerated rendering pipeline for Linux/GNOME/X11 users for the first
time, ever!
* Firefox now uses more modern techniques for allocating shared memory on
Linux, improving performance and increasing compatibility with Docker.
* Firefox 84 is the final release to support Adobe Flash.
Fixed
* Various security fixes
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory
to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26972: Use-After-Free in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26975: Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
#CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
#CVE-2020-26978: Internal network hosts could have been probed by a malicious
webpage
#CVE-2020-26979: When entering an address in the address or search bars, a
website could have redirected the user before they were navigated to the
intended url
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
|
|
Changelog:
Version 83.0, first offered to Release channel users on November 17, 2020
New
* Firefox keeps getting faster as a result of significant updates to
SpiderMonkey, our JavaScript engine, you will now experience improved page
load performance by up to 15%, page responsiveness by up to 12%, and
reduced memory usage by up to 8%. We have replaced part of the JavaScript
engine that helps to compile and display websites for you, improving
security and maintainability of the engine at the same time.
* Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures
that every connection Firefox makes to the web is secure and alerts you
when a secure connection is not available. You can enable it in Firefox
Preferences.
* Pinch zooming will now be supported for our users with Windows touchscreen
devices and touchpads on Mac devices. Firefox users may now use pinch to
zoom on touch-capable devices to zoom in and out of webpages.
* Picture-in-Picture now supports keyboard shortcuts for fast forwarding and
rewinding videos: use the arrow keys to move forward and back 15 seconds,
along with volume controls. For a list of supported commands see Support
Mozilla
* When you are presenting your screen on a video conference in Firefox, you
will see our improved user interface that makes it clearer which devices or
displays are being shared.
* We've improved functionality and design for a number of Firefox search
features:
+ Selecting a search engine at the bottom of the search panel now enters
search mode for that engine, allowing you to see suggestions (if
available) for your search terms. The old behavior (immediately
performing a search) is available with a shift-click.
+ When Firefox autocompletes the URL of one of your search engines, you
can now search with that engine directly in the address bar by
selecting the shortcut in the address bar results.
+ We've added buttons at the bottom of the search panel to allow you to
search your bookmarks, open tabs, and history.
* Firefox supports AcroForm, which will allow you to fill in, print, and save
supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in India on the English build of Firefox will now see Pocket
recommendations in their new tab featuring some of the best stories on the
web. If you don't see them, you can turn on Pocket articles in your new
tab by following these steps.
* For the recently released Apple devices built with Apple Silicon CPUs, you
can use Firefox 83 and future releases without any change. This release
(83) will support emulation under Apple's Rosetta 2 that ships with macOS
Big Sur. We are working toward Firefox being natively-compiled for these
CPUs in a future release.
* This is a major release for WebRender as we roll out to more Firefox users
on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
* This release also includes a number of accessibility fixes:
+ Screen reader features which report paragraphs now correctly report
paragraphs instead of lines in Google Docs
+ When reading by word using a screen reader, words are now correctly
reported when there is punctuation nearby
+ The arrow keys now work correctly after tabbing in the
picture-in-picture window
* For users on macOS restoring a session with minimized windows, Firefox now
uses much less power and you should see much longer battery life.
* Various security fixes
Security fixes:
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
#CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26957: OneCRL was not working in Firefox for Android
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26962: Cross-origin iframes supported login autofill
#CVE-2020-26963: History and Location interfaces could have been used to hang the browser
#CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
#CVE-2020-26969: Memory safety bugs fixed in Firefox 83
|
|
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
|
|
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you don’t see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
Firefox’s new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* We’ve fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files you’ve downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
|
|
Changelog:
New
Firefox can now be set as the default system PDF viewer.
The name reported by accessibility tools for items in multi-tiered
tree controls no longer incorrectly includes information from
items at deeper levels, providing users with the correct level
of content when using a screen reader.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed including
a frequently encountered crash when using the JAWS screen
reader.
Firefox Developer Tools received significant fixes allowing
screen reader users to benefit from some of the tools that were
previously inaccessible.
SVG title and desc elements (labels and descriptions) are now
correctly exposed to assistive technology products such as
screen readers.
Changed
For users with reduced motion settings, we've reduced a number
of animations such as tab loading to reduce motion for users
with migraines and epilepsy.
The new add-ons blocklist has been enabled to improve performance
and scalability.
Enterprise
A number of bug fixes and new policies have been implemented
in the latest version of Firefox. You can see more details in
the Firefox for Enterprise 80 Release Notes.
Today's release is the final scheduled for Firefox 68 ESR
(68.12) unless there is a critical security issue found prior
to the release of Firefox ESR 78.3 on September 22, 2020. Users
of Firefox 68 ESR will be automatically upgraded to the Firefox
78 ESR series with the release of 78.3.
Developer
We've shipped an experimental sidebar panel in the inspector
to Firefox Developer Edition that helps developers more quickly
identify potential browser compatibility problems based on MDN
data.
In the Network Monitor request list, a turtle icon is shown
for "slow" requests that exceed a threshold for the waiting
time.
Firefox now supports RTX and Transport-cc for improved call
quality in poor network conditions and better bandwidth
estimation. These features also provide better compatibility
with many websites using WebRTC.
Security fixes:
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
#CVE-2020-15664: Attacker-induced prompt for extension installation
#CVE-2020-12401: Timing-attack on ECDSA signature generation
#CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
#CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
#CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
#CVE-2020-15666: MediaError message property leaks cross-origin response status
#CVE-2020-15667: Heap overflow when processing an update file
#CVE-2020-15668: Data Race when reading certificate information
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
|
|
New
We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.
Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.
Fixed
Various security fixes.
Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.
Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.
Enterprise
A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.
Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.
Developer
Developer Information
Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators.
Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.
JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.
Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.
Inspecting accessibility properties from the browser context menu is now available to all users by default.
|
|
* Some dependency changes.
* Wayland and webcam may not work.
Changelog: New
The Protections Dashboard includes consolidated reports about
tracking protection, data breaches, and password management.
New features let you:
Track how many breaches you’ve resolved right from the
dashboard
See if any of your saved passwords may have been exposed
in a data breach
To view your dashboard, type about:protections into the address
bar, or select “Protections Dashboard” from the main menu.
Because we know people try to fix problems by reinstalling
Firefox when a simple refresh is more likely to solve the issue,
we’ve added a Refresh button to the Uninstaller.
With this release, your screen saver will no longer interrupt
WebRTC calls on Firefox, making conference and video calling
in Firefox better.
We’ve rolled out WebRender to Windows users with Intel GPUs,
bringing improved graphics performance to an even larger
audience.
Firefox 78 is also our Extended Support Release (ESR), where
the changes made over the course of the previous 10 releases
will now roll out to our ESR users. Some of the highlights are:
Kiosk mode
Client certificates
Service Worker and Push APIs are now enabled
The Block Autoplay feature is enabled
Picture-in-picture support
View and manage web certificates in about:certificate
Pocket recommendations, featuring some of the best stories on
the web, will now appear on the Firefox new tab for 100% of
our users in the UK. If you don’t see them, you can turn on
Pocket articles in your new tab, follow these steps.
Fixed
Various security fixes.
We fixed bugs in the search results quality composition and
improved search result texts based on recommendations by our
partners.
Changed
The minimal system requirements on Linux have been updated.
Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14
or newer versions.
As part of our ongoing effort to deprecate obsolete cryptography,
we have disabled all remaining DHE-based TLS ciphersuites by
default.
To mitigate web compatibility issues from disabling DHE-based
TLS ciphersuites, Firefox 78 enables two more AES-GCM
SHA2-based ciphersuites.
We have disabled TLS 1.0 and TLS 1.1 to improve your website
connections. Sites that don't support TLS version 1.2 will now
show an error page.
The context menu (accessed by right clicking on a tab) lets
you undo multiple tab closings with a single click and places
Close Tabs to the Right and Close Other Tabs in a submenu.
A number of accessibility improvements have been made with this
release.
When using the JAWS screen reader, pressing the down arrow
in an HTML input control with a datalist no longer incorrectly
moves the cursor to the next element after the input control.
Screen readers no longer severely lag or freeze when focusing
the microphone/camera/screen sharing indicator.
Large tables with thousands of rows now load much faster
for screen reader users.
Text input controls with custom styling now correctly show
the focus outline when appropriate.
Screen readers no longer sometimes incorrectly switch to
document browsing mode unexpectedly when the user enters
the main Developer Tools window.
We reduced a number of animations such as tab hover, search
bar expansion, and others to reduce motion for users with
migraines and epilepsy.
Enterprise
Enable support for client certificates stored on macOS and
Windows by setting the experimental preference
security.osclientcerts.autoload to true.
New policies allow you to configure application handlers,
disable picture in picture, and require a master password,
which will be renamed to ‘primary password’ in future releases.
More details in the Firefox for Enterprise 78 release notes
Security fixes:
Not available yet.
|
|
Changelog:
New
Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps.
WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440).
You can view and manage web certificates more easily on the new about:certificate page.
Fixed
Various security fixes.
A number of features have been fixed to improve Firefox accessibility.
The applications list in Firefox Options is now accessible to screen reader users.
Some live regions previously didn't report updated text with the JAWS screen reader. This issue has been fixed.
Date/time inputs are now no longer missing labels for users of accessibility tools.
Changed
The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page
Security fixes:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript type confusion with NativeTypes
#CVE-2020-12407: WebRender leaking GPU memory when using border-image CSS directive
#CVE-2020-12408: URL spoofing when using IP addresses
#CVE-2020-12409: URL spoofing with unicode characters
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
#CVE-2020-12411: Memory safety bugs fixed in Firefox 77
|
|
Changelog:
New
With today’s release, Firefox strengthens protections for your
online account logins and passwords, with innovative approaches
to managing your accounts during this critical time:
Firefox displays critical alerts in the Lockwise password
manager when a website is breached;
If one of your accounts is involved in a website breach
and you've used the same password on other websites, you
will now be prompted to update your password. A key icon
identifies which accounts use that vulnerable password.
Automatically generate secure, complex passwords for new
accounts across more of the web that are easily saved right
in the browser;
You have been able to access and see your saved passwords
under Logins and Passwords easily under the main menu. If
your device happens to be shared among your family or
roommates, the latest update helps to prevent casual snooping
over your shoulder. If you don’t have a master password
set up for Firefox, Windows and macOS now requires a login
to your operating system account before showing your saved
passwords.
Picture-in-Picture allows you to multitask, the small video
window following along no matter what you are doing on your
computer, across different applications and even workspaces.
Now, when you are ready to focus on the video, a double click
can take the small window into full screen. Double click again
to reduce the size again.
Firefox now supports Audio Worklets that will allow more complex
audio processing like VR and gaming on the web; and is being
adopted by some of your favorite software programs.
With this change, you can now join Zoom calls on Firefox
without the need for any additional downloads.
WebRender continues its roll out to more Firefox for Windows
users, now available by default on modern Intel laptops with
a small screen (<= 1920x1200) for improved graphics rendering.
Fixed
Various security fixes
Changed
Two updates to the address bar improve its usability and
visibility:
The shadow around the address bar field is reduced in width
when a new tab is opened;
The bookmarks toolbar has expanded slightly in size to
improve its surface area for touchscreens.
Security fixes:
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
#CVE-2020-12389: Sandbox escape with improperly separated process types
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12390: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
#CVE-2020-12391: Content-Security-Policy bypass using object elements
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12394: URL spoofing in location bar when unfocussed
#CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
#CVE-2020-12396: Memory safety bugs fixed in Firefox 76
|
|
Changelog:
New
With today's release, a number of improvements will help you
search smarter, faster. Type less and find more with Firefox's
revamped address bar:
Focused, clean search experience that's optimized for
smaller laptop screens
Top sites now appear when you select the address
Improved readability of search suggestions with a focus on
new search terms
Suggestions include solutions to common Firefox issues
On Linux, the behavior when clicking on the Address Bar
and the Search Bar now matches other desktop platforms: a
single click selects all without primary selection, a double
click selects a word, and a triple click selects all with
primary selection
Firefox will locally cache all trusted Web PKI Certificate
Authority certificates known to Mozilla. This will improve
HTTPS compatibility with misconfigured web servers and improve
security.
Firefox is now available in Flatpak, an easier way to install
and use Firefox on Linux.
Direct Composition is being integrated for our users on Windows
to help improve performance and enable our ongoing work to ship
WebRender on Windows 10 laptops with Intel graphics cards.
Fixed
Various security fixes
Enterprise
Experimental support for using client certificates from the OS
certificate store can be enabled on macOS by setting the
preference security.osclientcerts.autoload to true.
Enterprise policies may be used to exclude domains from being
resolved via TRR (Trusted Recursive Resolver) using DNS over
HTTPS.
Developer
Developer Information
Save bandwidth and reduce browser memory by using the loading
attribute on the <img> element. The default "eager" value loads
images immediately, and the "lazy" value delays loading until
the image is within range of the viewport.
Instant evaluation for Console expressions lets developers
identify and fix errors more rapidly than before. As long as
expressions typed into the Web Console are side-effect free,
their results will be previewed while you type.
Security fixes:
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6823: Malicious Extension could obtain auth codes from OAuth login flows
#CVE-2020-6824: Generated passwords may be identical on the same site between separate private browsing sessions
#CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
#CVE-2020-6826: Memory safety bugs fixed in Firefox 75
|
|
|
|
* Follow HOMEPAGE redirect
Changelog:
New
Your login management has improved with the ability to reverse
alpha sort (Name Z-A) in Lockwise, which you can access under
Logins and Passwords.
Firefox now makes importing your bookmarks and history from
the new Microsoft Edge browser on Windows and Mac simple.
Add-ons installed by external applications can now be removed
using the Add-ons Manager (about:addons). Going forward, only
users can install add-ons; they cannot be installed by an
application.
Facebook Container prevents Facebook from tracking you around
the web - Facebook logins, likes, and comments are automatically
blocked on non-Facebook sites. But when we need an exception,
you can now create one by adding custom sites to the Facebook
Container.
Firefox now provides better privacy for your web voice and
video calls through support for mDNS ICE by cloaking your
computer’s IP address with a random ID in certain WebRTC
scenarios.
Fixed
Various security fixes.
We have fixed issues involving pinned tabs such as being lost.
You should also no longer see them reorder themselves.
Security fixes:
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6808: URL Spoofing via javascript: URL
#CVE-2020-6809: Web Extensions with the all-urls permission could access local files
#CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
#CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
#CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74
|
|
A bunch of files that are mysteriously not on linux, and a bunch of files
that are mysteriously OS-specific (probably missing "else").
And a sandboxing library.
|
|
Changelog:
New
Today's Firefox release includes two features that help users
view and read website content more easily, quickly. Like all
accessibility improvements, these features improve browsing
for everyone.
Firefox has offered a page zoom feature for more than a
decade that allows users to set the zoom level on a per-site
basis. For users who need to zoom most websites, having to
adjust zoom for each new site can be an annoyance. To
address this, we have implemented a new global default zoom
level setting. This option is available in about:preferences
under "Language and Appearance" and can be scaled up or
down from 100% as needed and sets the default zoom level
for all sites. Per-site zoom is still available to make
adjustments to individual sites as needed.
Many users with low vision rely on Windows' High Contrast
Mode to make websites more readable. Traditionally, to
increase the readability of text, Firefox has disabled
background images when High Contrast Mode is enabled. With
today's release of Firefox 73, we introduce a "readability
backplate" solution which places a block of background
color between the text and background image. Now, websites
in High Contrast Mode are more readable without disabling
background images.
Fixed
Various security fixes.
Improved audio quality when playing back audio at a faster or
slower speed.
Firefox will now only prompt you to save logins if a field in
a login form was modified.
Changed
WebRender will roll out to laptops with Nvidia graphics cards
with drivers newer than 432.00, and screen sizes smaller than
1920x1200
Security fixes:
#CVE-2020-6796: Missing bounds check on shared memory read in the parent process
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
#CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
#CVE-2020-6801: Memory safety bugs fixed in Firefox 73
|
|
One file name changed amongst the extra files generated when the full
debugging option is set.
|
|
Changelog:
72.0.1
Security fixes:
#CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
72.0
New
Firefox’s Enhanced Tracking Protection marks a major new
milestone in our battle against cross-site tracking: we now
block fingerprinting scripts by default for all users, taking
a new bold step in the fight for our users’ privacy.
Firefox replaces annoying notification request pop-ups with a
more delightful experience, by default for all users. The
pop-ups no longer interrupt your browsing, in its place, a
speech bubble will appear in the address bar when you interact
with the site.
Picture-in-picture video is now also available in Firefox for
Mac and Linux: Select the blue icon from the right edge of a
video to pop open a floating window so you can keep watching
while working in other tabs or apps. Learn how the feature
works.
Security fixes:
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
#CVE-2019-17019: Python files could be inadvertently executed upon opening a download
#CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent
#CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
#CVE-2019-17025: Memory safety bugs fixed in Firefox 72
|
|
|
|
Bump PKGREVISIONs
|
|
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
|
|
|
|
* Offline build is incomplete. However I cannot finish the fix.
Changelog:
New
More privacy protections from Enhanced Tracking Protection:
Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.
More security protections from Firefox Lockwise, our digital identity and password management tool:
Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers
.
Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
Complex password generation, to help you create and save strong passwords for new online accounts.
Improvements to core engine components, for better browsing on more sites
A faster Javascript Baseline Interpreter to handle the modern web’s
large codebases and improve page load performance by as much as 8
percent.
WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
Compositor improvements in Firefox for macOS that reduce power
consumption, speed up page load by as much as 22 percent, and reduce
resource use for video by up to 37 percent.
More browser features to help you get the most out of Firefox products and services
A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
When a website uses your geolocation, an indicator is shown in the
address bar.
Fixed
Various security fixes
Changed
Built-in Firefox pages now follow the system dark mode preference
Aliased theme properties have been removed, which may affect some themes
Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
Improved privacy and security indicators
A new crossed-out lock icon will indicate sites delivered via
insecure HTTP
The formerly green lock icon is now grey
The Extended Validation (EV) indicator has been moved to the identity
popup that appears when clicking the lock icon
Security fixes:
#CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11765: Incorrect permissions could be granted to a website
#CVE-2019-17000: CSP bypass using object tag with data: URI
#CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
#CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
|
|
Changelog:
Fixed
Fixed a crash when editing files on Office 365 websites (bug 1579858)
Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)
|
|
Changelog:
Fixed
Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
Fixed missing stacks in the Developer Tools Performance section (bug 1578354)
Security and stability fixes
irefox 69.0.1
Security fixes:
#CVE-2019-11754: Pointer Lock is enabled with no user notification
|
|
PeerConnectionIdp.jsm is installed universally, not just when webrtc is
an enabled option.
|
|
* Use clang to compile all files. Mix of gcc and clang causes some errors in
Rust c++ command invocation (C++ header mismatches).
Changelog:
New
Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.
For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.
Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.
Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.
For our users on Windows 10, you’ll see performance and UI improvements:
Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
For our users on macOS, battery life and download UI are both improved:
macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
Finder on macOS now displays download progress for files being downloaded.
JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.
Fixed
Various security fixes
Changed
As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.
With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.
Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.
Enterprise
For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.
Developer
For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.
The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.
The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.
Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.
Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
|
|
Changelog:
Fixed
Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Security fixes
#CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry
|
|
Changelog:
New
Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
Improved extension security and discovery:
New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.
Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.
WebRender will roll out to Windows 10 users with AMD graphics cards.
Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.
Fixed
Various security fixes
Local files can no longer access other files in the same directory.
Security fixes:
#CVE-2019-9811: Sandbox escape via installation of malicious language pack
#CVE-2019-11711: Script injection within domain through inner window reuse
#CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
#CVE-2019-11713: Use-after-free with HTTP/2 cached stream
#CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
#CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
#CVE-2019-11715: HTML parsing error can contribute to content XSS
#CVE-2019-11716: globalThis not enumerable until accessed
#CVE-2019-11717: Caret character improperly escaped in origins
#CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
#CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
#CVE-2019-11720: Character encoding XSS vulnerability
#CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
#CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
#CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
#CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
#CVE-2019-11725: Websocket resources bypass safebrowsing protections
#CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
#CVE-2019-11728: Port scanning through Alt-Svc header
#CVE-2019-11710: Memory safety bugs fixed in Firefox 68
#CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
|
|
Fix packaging when the "debug" option is enabled, which generates nine
extra files.
|
|
Changelog:
New
Firefox 67 demonstrates improved performance thanks to a number of changes such as:
Lowering priority of setTimeout during page load
Delayed component initialization until after start up
Painting sooner during page load but less often
Suspending unused tabs
Learn more about our approach to performance in 67 in the Mozilla blog.
Users can block known cryptominers and fingerprinters in the Custom settings of their Content Blocking preferences.
Keyboard accessibility has improved in the latest version of Firefox. Toolbar and toolbar overflow menu are both fully keyboard accessible: keyboard users can now access add-ons, the downloads panel, the overflow, Page actions and Firefox menus, and much more.
Private Browsing sees both usability and security improvements:
Save passwords in private browsing mode
Choose which extensions to exclude from private tabs
A myriad of new features help make Firefox easier to use:
We’ve added a toolbar menu for your Firefox Account to provide more transparency for when you are synced, sharing data across devices and with Firefox. Personalize the appearance of the menu with your own avatar
Tabs can now be pinned from the Page Actions menu in the address bar
Firefox will highlight useful features (like Pin Tabs) when users are most likely to benefit from them.
Easier access to your list of saved logins from the main menu and login autocomplete. Learn about all the ways you can manage your passwords in Firefox.
The Import Data from Another Browser feature is now also available from the File menu
Users will be able to run different Firefox installs side by side by default so that you can run the beta and release versions simultaneously
Firefox will now protect you against running older versions of the browser which can lead to data corruption and stability issues
Firefox is upgrading to the newer, higher performance, AV1 decoder known as ‘dav1d’
WebRender is gradually enabled by default on Windows 10 desktops with NVIDIA graphics cards
Mozilla’s highest performing JavaScript compiler now supports ARM64 Windows devices.
Enable FIDO U2F API, and permit registrations for Google Accounts
Some users will see experiments with an improved Pocket experience in Firefox Home with different layouts and more topical content.
Fixed
Various security fixes
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-9821: Use-after-free in AssertWorkerThread
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11695: Custom cursor can render over user interface outside of web content
#CVE-2019-11t .JNLP files are not recognized as executable files for download prompts
#CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to andsulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.
#CVE-2019-11700: res: protocol can be used to open known local files
#CVE-2019-11699: Incorrect domain name highlighting during page navigation
#CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
#CVE-2019-9814: Memory safety bugs fixed in Firefox 67
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
|
|
Changelog:
New
Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.
Improved search experience:
Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu
Easier search via a redesigned new tab in Private Windows
Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page
Improved performance and better user experience for extensions:
Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster
A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts
Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software
Added basic support for macOS Touch Bar
Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content
Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1]
Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication
Fixed
The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10
Linux users: Resolved an issue that caused Firefox to freeze when downloading files
Various security fixes
Changed
System title bar is hidden by default to match Gnome guideline for Linux users
Developer
DevTools Inspector is now fully usable when the Debugger is paused
Lowered priority of setTimeout and setInterval during page load to improve overall page load performance
Fixed: <button> element is no longer special cased in event dispatch, per latest specifications
Security fixes:
Not available yet.
|
|
This includes patches for third_party/rust/libc 2.43, which requires
hack to overwrite checksum fields in .cargo-checksum.json. These will
become unnecessary if libc >= 2.45 is imported.
For aarch64,
- python locks up randomly when "make configure"; see lib/54017:
http://gnats.netbsd.org/54017
- nodejs randomly(?) crashes sometimes.
However, if you are luckly enough ;-), you will have a working binary.
Bump revision.
|
|
Changelog:
New
Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.
A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.
Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.
A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.
Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.
Fixed
Various security fixes.
Changed
Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.
Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).
Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.
Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.
Security fixes:
Not available yet.
|
|
http://mail-index.netbsd.org/pkgsrc-users/2018/11/10/msg027658.html
|
|
Changelog:
New
Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)
Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily
Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power
Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)
More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu
Added option to remove add-ons using the context menu on their toolbar buttons
New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments
Fixed
Various security fixes
Changed
RSS feed preview and live bookmarks are available only via add-ons
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.
about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com
The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of [apple]-enter
Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
|
|
* Minimize pkgsrc specific patches.
* A build system written in Rust lang does not find a C++ header files
from pkgsrc (non-base) GCC, this version is not buildable on NetBSD 7.
I will investigate this problem again.
Changelog:
63.0.1
Fixed
Snippets are not loaded due to missing element (bug 1503047)
Print preview always shows 30% scale when it is actually Shrink To Fit
(bug 1501952)
Dialog displayed when closing multiple windows shows unreplaced %1$S
placeholder in Japanese and potentially other locales (bug 1500823)
63.0
New
Performance and visual improvements for Windows users
Performance improvements for macOS users
Added content blocking, a collection of Firefox settings that offer
users greater control over technology that can track them around the
web. In 63, users can opt to block third-party tracking cookies or
block all trackers and create exceptions for trusted sites that don't
work correctly with content blocking enabled.
WebExtensions now run in their own process on Linux
Firefox now warns about having multiple windows and tabs open
when quitting from the main menu. The Save and Quit feature has been
removed. You can restore your session by ticking the box for Restore
previous session in the General->Startup options or by using Restore
Previous Session in the main menu.
Firefox now recognizes the operating system accessibility setting for
reducing animation
Added search shortcuts for Top Sites: Amazon and Google appear as Top
Sites tiles on the Firefox Home (New Tab) page. When selected these
tiles will change focus to the address bar to initiate a search.
Currently in US only.
Fixed
Resolved an issue that prevented the address bar from autofilling
bookmarked URLs in certain cases
Various security fixes
Changed
In the Library, the Open in Sidebar feature for individual bookmarks
was removed
The option to Never check for updates was removed from about:preferences.
You can use the DisableAppUpdate enterprise policy as a substitute.
The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and
cycles through tabs in recently used order. This new default behavior
is activated only in new profiles and can be changed in preferences.
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
#CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
#CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
#CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
#CVE-2018-12399: Spoofing of protocol registration notification bar
#CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
#CVE-2018-12401: DOS attack through special resource URI parsing
#CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
#CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
#CVE-2018-12388: Memory safety bugs fixed in Firefox 63
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
|
|
Noticed by Marc Baudoin.
|
