| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
107.0.1:
Fixed
* Fixed an issue with accessing some sites reliably in Private Browsing mode
or Strict ETP due to anti-adblockers (bug 1717806).
* Fixed an issue where Color Management was not available for some users (bug
1799391).
* Fixed an issue with text overlapping in the Settings Menu for some locales
(bug 1800379).
* Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions
feature resulting in hangs when copying phone number links (bug 1798098).
* Fixed an issue where the DevTools UI is not accessible when an alert dialog
is displayed (bug 1801840).
107.0:
New
* Improved the performance of the instance when Microsoft's IME and Defender
retrieve the URL of a focused document in Windows 11 version 22H2.
* Power profiling -- visualizing performance data recorded from web browsers
-- is now also supported on Linux and Mac with Intel CPUs, in addition to
Windows 11 and Apple Silicon.
Fixed
* Various security fixes.
Security fixes:
#CVE-2022-45403: Service Workers might have learned size of cross-origin media
files
#CVE-2022-45404: Fullscreen notification bypass
#CVE-2022-45405: Use-after-free in InputStream implementation
#CVE-2022-45406: Use-after-free of a JavaScript Realm
#CVE-2022-45407: Loading fonts on workers was not thread-safe
#CVE-2022-45408: Fullscreen notification bypass via windowName
#CVE-2022-45409: Use-after-free in Garbage Collection
#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie
policy
#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override
headers
#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
#CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via
intent URLs
#CVE-2022-40674: Use-after-free vulnerability in expat
#CVE-2022-45415: Downloaded file may have been saved with malicious extension
#CVE-2022-45416: Keystroke Side-Channel Leakage
#CVE-2022-45417: Service Workers in Private Browsing Mode may have been written
to disk
#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
#CVE-2022-45419: Deleting a security exception did not take effect immediately
#CVE-2022-45420: Iframe contents could be rendered outside the iframe
#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
106.0.5:
Fixed
* Addresses a crash experienced by users with Intel Gemini Lake CPUs.
106.0.4:
Fixed
* Fixed an issue with DRM Video playback (bug 1797292).
* Fixed broken layout of datetime input when switching types (bug 1797139).
* Fixes Firefox hanging when there is a Direct3D device reset (bug 1792115).
106.0.3:
Fixed
* Fix a startup crash for some users on Windows (bug 1797464).
* Fixed an incompatibility with the new Windows 11 22H2 Suggested Actions
feature resulting in hangs when copying text on a web page (bug 1774285).
106.0.2:
Fixed
* Fix missing content on some PDF forms (bug 1794351).
* Fix column width for the Notification sub-panel in Settings (bug 1793558).
* Fix a browser freeze with accessibility enabled on some sites such as the
Proxmox Web UI (bug 1793748).
* Fix page reloading not working with Firefox View and not refreshing synced
data (bug 1792680 and bug 1794474).
* Fix browser not opening if installed from the Windows Store (Bug 1796391).
106.0.1:
Fixed
* Addresses a crash experienced by users with AMD Zen 1 CPUs. (bug 1796126)
106.0:
New
* It is now possible to edit PDFs: including writing text, drawing, and
adding signatures.
* Setting Firefox as your default browser now also makes it the default PDF
application on Windows systems.
* You can now pin private windows to your Windows taskbar on Window 10 and
Windows 11 for simpler access. Also, private windows have been redesigned
to increase the feeling of privacy.
* Swipe-to-navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) now works for Linux users on Wayland.
* Text Recognition in images allows users on macOS 10.15 and higher to
extract text from the selected image (such as a meme or screenshot).
Extracted text is copied to the clipboard in order to share, store, or
search -- without needing to manually retype everything.
+ This feature is compatible with "VoiceOver," the built-in macOS
screen reader.
+ For more information, check out our SUMO article.
* "Firefox View" helps you get back to content you previously discovered. A
pinned tab allows you to find and open recently closed tabs on your current
device, access tabs from other devices (via our "Tab Pickup" feature),
and change the look of the browser (with Colorways).
+ For more information, read our SUMO article.
* With the launch of the "Independent Voices" collection, Firefox is
introducing 18 new "Colorways." You can now access a "Colorways" modal
experience via "Firefox View"; each new color is accompanied with a
bespoke graphic and a text description that speaks to its deeper meaning.
The collection will be available through Jan 16.
+ For more information, check out our SUMO article.
Fixed
* Various security fixes.
Security fixes:
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42930: Race condition in DOM Workers
#CVE-2022-42931: Username saved to a plaintext file on disk
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4
|
|
* Add --enable-new-pass-manager.
* Disable sysutils/dbus dependency for non-Linux platforms by default.
Changelog:
105.0.3:
Fixed
* Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
software installed (bug 1794064)
105.0.2:
Fixed
* Fixed poor contrast on various menu items with certain themes on Linux
systems (bug 1792063)
* Fixed the scrollbar appearing on the wrong side of select elements in
right-to-left locales (bug 1791219)
* Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bug
1786259)
* Fixed a bug causing some dynamic appearance changes to not appear when
expected (bug 1786521)
* Fixed a bug causing theme styling to not be properly applied to sidebars
for some add-ons in Private Browsing Mode (bug 1787543)
105.0.1:
Fixed
* Reverted focus behavior for new windows back to the content area
instead of the address bar (bug 1784692)
105.0:
New
* Added an option to print only the current page from the print preview
dialog.
* Firefox now supports partitioned service workers in third-party contexts.
You can register service workers in a third-party iframe and it will be
partitioned under the top-level domain.
* Swipe to navigate (two fingers on a touchpad swiped left or right to
perform history back or forward) on Windows is now enabled.
* Firefox is now compliant with the User Timing L3 specification, which adds
additional optional arguments to the performance.mark and
performance.measure methods to provide custom start times, end times,
duration, and attached details.
* Searching in large lists for individual items is now 2x faster. This
performance enhancement replaces array.includes and array.indexOf with an
optimized SIMD version.
Fixed
* Stability on Windows is significantly improved as Firefox handles
low-memory situations much better.
* Touchpad scrolling on macOS was made more accessible by reducing unintended
diagonal scrolling opposite of the intended scroll axis.
* Firefox is less likely to run out of memory on Linux and performs more
efficiently for the rest of the system when memory runs low.
* Various security fixes.
Web Platform
* Support for the Offscreen Canvas DOM API with full context and font
support. The OffscreenCanvas API provides a canvas that can be rendered
off-screen in both Window and Web Worker contexts.
Security fixes:
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host
and __Secure prefix
#CVE-2022-40961: Stack-buffer overflow when initializing Graphics
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
|
|
Changelog:
Fixed
* Fixed a bug making it impossible to use touch or a stylus to drag the
scrollbar on pages (bug 1787361).
* Fixed an issue causing some users to crash in out-of-memory conditions (bug
1774155).
* Fixed an issue that would sometimes affect video & audio playback when
loaded via a cross-origin iframe src attribute (bug 1781759).
* Fixed an issue that would sometimes affect video & audio playback when
served with Content-Security-Policy: sandbox (bug 1781063).
|
|
Changelog:
104.0.1
Fixed
* Addresses an issue with Youtube video playback that was affecting some
users.
104.0
New
* Subtitles are now available for Disney+ in Picture-in-Picture.
* Firefox now supports both the scroll-snap-stop property as well as
re-snapping. You can use the scroll-snap-stop property's always and normal
values to specify whether or not to pass the snap points, even when
scrolling fast. Re-snapping tries to keep the last snap position after any
content/layout changes.
* The Firefox profiler can analyze power usage of a website (Apple M1 and
Windows 11 only).
* The Firefox UI itself will now be throttled for performance and battery
usage when minimized or occluded, in the same way background tabs are.
Fixed
* Highlight color is preserved correctly after typing Enter in the mail
composer of Yahoo Mail and Outlook.
* After bypassing the https only error page navigating back would take you to
the error page that was previously dismissed. Back now takes you to the
previous site that was visited.
* Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text
contexts, such as input and text area.
* Various security fixes.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can find more information in the Firefox for
Enterprise 104 Release Notes.
Security fixes:
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's
permissions
#CVE-2022-38474: Recording notification not shown when microphone was recording
on Android
#CVE-2022-38475: Attacker could write a value to a zero-length array
#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
|
|
CHangelog:
Fixed
* Fixed menu shortcuts for users of the JAWS screen reader.
* Fixed an occasional non-overridable certificate error when accessing device
configuration pages.
* Fixed an issue with Picture-in-Picture displaying in fullscreen on macOS.
|
|
|
|
do the automagic inside pre-patch. Also handle aarch64.
Require SSE2. It's probably not reasonable to patch -msse2 in everywhere,
and upstream has required SSE2 on x86 for years.
|
|
Changelog:
103.0.1:
New
* Enabled hardware acceleration on newer AMD cards.
Fixed
* Fixed a crash on Firefox shutdown caused by a bug in the audio manager.
103.0:
New
* Improved responsiveness on macOS during periods of high CPU load by
switching to a modern lock API.
* Do you always forget something? Required fields are now highlighted in PDF
forms.
* Improved performance on high-refresh rate monitors (120Hz+).
* Enjoying Picture-in-Picture subtitles feature? It just got better: you can
now change subtitles font size directly from the PiP window. Additionally,
PiP subtitles are now available at Funimation, Dailymotion, Tubi, Hotstar,
and SonyLIV.
* Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and
Arrow keys. View this article for additional details.
* Windows' "Make text bigger" accessibility setting now affects all the UI
and content pages, rather than only applying to system font sizes.
* Rejoice! You can now conveniently access Firefox, which will now be pinned
to the Windows taskbar during installation on Windows 10 and 11. (This will
also allow for Firefox to be launched quicker after installing.)
Fixed
* Non-breaking spaces are now preserved --- preventing automatic line
breaks --- when copying text from a form control.
* Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on
Linux.
* Fixed an issue in which Firefox startup could be significantly slowed down
by the processing of Web content local storage. This had the greatest
impact on users with platter hard drives and significant local storage.
* Various security fixes.
Changed
* Removed a configuration option to allow SHA-1 signatures in certificates:
SHA-1 signatures in certificates --- long since determined to no longer be
secure enough --- are now not supported.
Security fixes:
#CVE-2022-36319: Mouse Position spoofing with CSS transforms
#CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
#CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected
network loads
#CVE-2022-36315: Preload Cache Bypasses Subresource Integrity
#CVE-2022-36316: Performance API leaked whether a cross-site resource is
redirecting
#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1
|
|
|
|
|
|
|
|
|
|
Clean up some pkglint while here.
Bump PKGREVISION.
|
|
Changelog:
Fixed
* Fixed bookmark shortcut creation by dragging to Windows File Explorer and
dropping partially broken (bug 1774683)
* Fixed bookmarks sidebar flashing white when opened in dark mode (bug
1776157)
* Fixed multilingual spell checking not working with content in both English
and a non-Latin alphabet (bug 1773802)
* Developer tools: Fixed an issue where the console output keep getting
scrolled to the bottom when the last visible message is an evaluation
result (bug 1776262)
* Fixed Delete cookies and site data when Firefox is closed checkbox getting
disabled on startup (bug 1777419)
* Various stability fixes
|
|
Changelog:
New
* Tired of too many windows crowding your screen? You can now disable
automatic opening of the download panel every time a new download starts.
Read more.
* Firefox now mitigates query parameter tracking when navigating sites in ETP
strict mode.
Fixed
* When using a screen reader on Windows, pressing enter to activate an
element no longer fails or clicks the wrong element and/or another
application window. For those blind or with very limited vision, this
technology reads out loud what is on the screen, and users can adapt them
to their needs (now, on our platform, without errors).
* Various security fixes.
Changed
* Improved security by moving audio decoding into a separate process with
stricter sandboxing, thus improving process isolation.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can find more information in the Firefox for
Enterprise 102 Release Notes.
* Firefox 102 is the new Extended Support Release (ESR). Firefox 91 ESR goes
out of support on September 20, 2022. (See the 102 ESR release notes for
more information)
Developer
* Developer Information
* You can now filter style sheets in the Style Editor tab of our developer
tools
Web Platform
* TransformStream and ReadableStream.pipeThrough have landed, allowing you to
pipe from a ReadableStream to a WritableStream, executing a transformation
on each chunk.
* ReadableStream, TransformStream, and WritableStream are all transferable
now.
* Firefox now supports Content-Security-Policy (CSP) integration with
WebAssembly. A document with a CSP that restricts scripts will no longer
execute WebAssembly unless the policy uses 'unsafe-eval' or the new
'wasm-unsafe-eval' keyword.
Security fixes:
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via
retargeted javascript: URI
#CVE-2022-34482: Drag and drop of malicious image could have led to malicious
executable and potential code execution
#CVE-2022-34483: Drag and drop of malicious image could have led to malicious
executable and potential code execution
#CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed
ASN.1
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-34474: Sandboxed iframes could redirect to external schemes
#CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be
bypassed by the user on Firefox for Android
#CVE-2022-34471: Compromised server could trick a browser into an addon
downgrade
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34480: Free of uninitialized pointer in lg_init
#CVE-2022-34477: MediaError message property leaked information on cross-origin
same-site pages
#CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script
via use tags
#CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
#CVE-2022-34485: Memory safety bugs fixed in Firefox 102
|
|
* Fix build under NetBSD/i386 with thiner LTO option.
Changelog:
Fixed
* Fixed Firefox clearing the clipboard when closing on macOS (bug 1771823)
* Fixed a compatibility issue causing severely impaired functionality with
win32k lockdown enabled on some Windows systems (bug 1769845)
* Fixed context menus not appearing when right-clicking Picture-in-Picture
windows on some Linux systems (bug 1771914)
* Various stability fixes
|
|
* Under NetBSD/i386 9, rustc consumes all RAM and swap and failed
to build this package.
Changelog:
New
* Reading is now easier with the prefers-contrast media query, which allows
sites to detect if the user has requested that web content is presented
with a higher (or lower) contrast.
* It??s your choice! All non-configured MIME types can now be assigned a
custom action upon download completion.
* Firefox now allows users to use as many microphones as you want, at the
same time, during video conferencing. The most exciting benefit is that you
can easily switch your microphones at any time (if your conferencing
service provider enables this flexibility).
Fixed
* Various security fixes.
Changed
* Removed "subject common name" fallback support from certificate validation.
This fallback mode was previously enabled only for manually installed
certificates. The CA Browser Forum Baseline Requirements have required the
presence of the "subjectAltName" extension since 2012, and use of the
subject common name was deprecated in RFC 2818.
|
|
Changelog:
Security fixes:
#CVE-2022-1802: Prototype pollution in Top-Level Await implementation
#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to
prototype pollution
|
|
Changelog:
100.0.1:
Fixed
* Fixed an issue with subtitles in Picture-in-Picture mode while using
Netflix (bug 1768818)
* Fixed an issue where some commands were unavailable in the
Picture-in-Picture window (bug 1768201)
Changed
* Firefox's security sandbox now blocks access to the Win32k APIs for Content
Processes on Windows (bug 1767999)
|
|
soup of checks to see whether the GPU is "good enough" (that has a failure
rate of 100% on NetBSD). Greatly improves general web page performance,
even with the unaccelerated llvmpipe OpenGL implementation. Tested
with various Xorg drivers.
|
|
|
|
* Simplify some option logics.
* Add sunaudio and jack options as audio backends.
Changelog
100.0:
New
* We now support captions/subtitles display on YouTube, Prime Video, and
Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles
on the in-page video player, and they will appear in PiP.
* Picture-in-Picture now also supports video captions on websites that use
WebVTT (Web Video Text Track) format, like Coursera.org, Canadian
Broadcasting Corporation, and many more.
* On the first run after install, Firefox detects when its language does not
match the operating system language and offers the user a choice between
the two languages.
* Firefox spell checking now checks spelling in multiple languages. To enable
additional languages, select them in the text field's context menu.
* HDR video is now supported in Firefox on Mac --- starting with YouTube!
Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
higher-fidelity video content. No need to manually flip any preferences to
turn HDR video support on --- just make sure battery preferences are NOT set
to "optimize video streaming while on battery".
* Hardware accelerated AV1 video decoding is enabled on Windows with
supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30).
Installing the AV1 Video Extension from the Microsoft Store may also be
required.
* Video overlay is enabled on Windows for Intel GPUs, reducing power usage
during video playback.
* Improved fairness between painting and handling other events. This
noticeably improves the performance of the volume slider on Twitch.
* Scrollbars on Linux and Windows 11 won't take space by default. On Linux,
users can change this in Settings. On Windows, Firefox follows the system
setting (System Settings > Accessibility > Visual Effects > Always show
scrollbars).
* Firefox now supports credit card autofill and capture in the United
Kingdom.
* Firefox now ignores less restricted referrer policies --- including
unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin
--- for cross-site subresource/iframe requests to prevent privacy
leaks from the referrer.
Fixed
* Users can now choose preferred color schemes for websites. Theme authors
can now make better decisions about which color scheme Firefox uses for
menus. Web content appearance can now be changed in Settings.
* Beginning in this release, the Firefox installer for Windows is signed with
a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for
successful installation on a computer running Microsoft Windows 7. For more
details about this update, visit the Microsoft Technical Support website.
* In macOS 11+ we now only rasterize the fonts once per window. This means
that opening a new tab is fast, and switching tabs in the same window is
also fast. (There's still work to do to share fonts across windows, or to
reduce the time it takes to initialize these fonts.)
* The performance of deeply-nested display: grid elements is greatly
improved.
* Support for profiling multiple java threads has been added.
* Soft-reloading a web page will no longer cause revalidation for all
resources.
* Non-vsync tasks are given more time to run, which improves behavior on
Google docs and Twitch.
* Geckoview APIs have been added to control the start/stop time of capturing
a profile.
* Various security fixes.
Changed
* Firefox has a new focus indicator for links which replaces the old dotted
outline with a solid blue outline. This change unifies the focus indicators
across form fields and links, which makes it easier to identify the focused
link, especially for users with low vision.
* New users can now set Firefox as the default PDF handler when setting
Firefox as their default browser.
* Some websites might not work correctly in Firefox version 100 due to
Firefox's new three-digit number. You can read about it in our blog post
here!
See the Mozilla Support article Difficulties opening or using a website in
Firefox 100 for possible workarounds you can use. There, you will also find
instructions for reporting a broken website so that Mozilla can help fix
the problem.
Mozilla Foundation Security Advisory 2022-16
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security
settings
#CVE-2022-29915: Leaking cross-origin redirect through the Performance API
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
#CVE-2022-29918: Memory safety bugs fixed in Firefox 100
99.0.1:
Fixed
* Fixed an issue for Windows users that prevented hardware video decoding on
newer Intel drivers (bug 1762125)
* Fixed an issue with text rendering in Bengali (bug 1763368)
* Fixed a selection issue in the Download panel with drag and drop (bug
1762723)
* Fixed an issue preventing Zoom gallery mode for users who go to zoom.us
URLs instead of subdomain.zoom.us URLs (bug 1763801)
99.0:
New
* You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."
* You can find added support for search --- with or without diacritics ---
in the PDF viewer.
* The Linux sandbox has been strengthened: processes exposed to web content
no longer have access to the X Window system (X11).
* Firefox now supports credit card autofill and capture in Germany and
France.
Fixed
* Various security fixes.
Mozilla Foundation Security Advisory 2022-13
#CVE-2022-1097: Use-after-free in NSSToken objects
#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
#CVE-2022-28283: Missing security checks for fetching sourceMapURL
#CVE-2022-28284: Script could be executed via svg's use element
#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
#CVE-2022-28286: iframe contents could be rendered outside the border
#CVE-2022-28287: Text Selection could crash Firefox
#CVE-2022-24713: Denial of Service via complex regular expressions
#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
#CVE-2022-28288: Memory safety bugs fixed in Firefox 99
|
|
Changelog:
98.0.2:
Fixed
* Fixed an issue preventing users from typing in Address Bar after opening
new tab and pressing cmd + enter (bug 1757376)
* Fixed an issue causing some users to crash in out-of-memory conditions (bug
1757618)
* Fixed an issue in session history which caused some sites to fail to load (
bug 1758664)
* Fixed an add-on specific compatibility issue (bug 1759162)
98.0.1:
Changed
* Yandex and Mail.ru have been removed as optional search providers in the
drop-down search menu in Firefox.
If you previously installed a customized version of Firefox with Yandex or
Mail.ru, offered through partner distribution channels, this release
removes those customizations, including add-ons and default bookmarks.
Where applicable, your browser will revert back to default settings, as
offered by Mozilla. All other releases of Firefox remain unaffected by the
change.
98.0:
New
* Firefox has a new optimized download flow. Instead of prompting every time,
files will download automatically. However, they can still be opened from
the downloads panel with just one click. Easy! More information
You'll find you have a number of options, including:
+ Always Open Similar Files: Make Firefox automatically open downloaded
files of the same type with the system default application.
+ Show In Folder: Open the folder that contains your downloaded files.
+ Go To Download Page: Surfaces the download reference page even after
leaving the site or closing the tab.
+ Copy Download Link: Copy the download link to share it, save it, or for
any applicable use.
+ Delete: You can now delete downloaded files directly from the download
panel and other download views using the context menu.
+ Remove From History: Remove a file from your list of downloaded files.
+ Clear Preview Panel: Clear the list of downloaded items in the preview
panel that opens when you start a download.
In this release, you'll also see that Firefox no longer asks what to do
for each file by default. You won't be prompted to choose a helper
application or save to disk before downloading a file unless you have
changed your download action setting for that type of file.
And now, every time you start a download, Firefox will automatically bring
up the Downloads panel by default. This means you'll experience minimal
interruptions and easily find your downloaded files. Plus, to avoid having
to close it several times, the panel won't show if there are multiple
downloads in progress.
You can now click on a file in the Downloads panel to open it even before
it has finished downloading. Firefox will open the file as soon as it is
available. Firefox: saving you time and helping you get back to what you
care about!
Any files you download will be immediately saved on your disk. Depending on
the current configuration, they'll be saved in your preferred download
folder, or you'll be asked to select a location for each download. Windows
and Linux users will find their downloaded files in the destination folder.
They'll no longer be put in the Temp folder.
* Firefox allows users to choose from a number of built-in search engines to
set as their default. In this release, some users who had previously
configured a default engine might notice their default search engine has
changed since Mozilla was unable to secure formal permission to continue
including certain search engines in Firefox.
Fixed
* Now, you can set a default app to open a file type. Choose the application
you want to use to open files of a specific type in your Firefox settings.
* After updating to Firefox version 98, "Always ask" download actions will
now be reset.
* Various security fixes.
Security fixes:
#CVE-2022-26383: Browser window spoof using fullscreen mode
#CVE-2022-26384: iframe allow-scripts sandbox bypass
#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
#CVE-2022-26381: Use-after-free in text reflows
#CVE-2022-26382: Autofill Text could be exfiltrated via side-channel attacks
#CVE-2022-26385: Use-after-free in thread shutdown
#CVE-2022-0843: Memory safety bugs fixed in Firefox 98
|
|
Changelog:
Security fixes:
#CVE-2022-26485: Use-after-free in XSLT parameter processing
#CVE-2022-26486: Use-after-free in WebGPU IPC Framework
|
|
* Remove removed or changed configure options.
Changelog:
97.0.1:
Fixed
* Fixed an issue where TikTok videos would fail to load when selected from a
user's profile page (bug 1750973)
* Fixed an issue which led to Picture-in-Picture mode being unable to be
toggled on Hulu (bug 1753401)
* Works around problems with WebRoot SecureAnywhere antivirus rendering
Firefox unusable in some situations (bug 1752466)
* Fixed an issue causing users to see the Restore Session screen unexpectedly
when starting Firefox (bug 1749996)
97.0:
New
* On February 8, we expired the 18 colorway themes that shipped along with
Firefox 94. This signals the end of a special, limited-time feature set.
However, you can hold onto your favorite colorway, as long as you??re using
it on the expiration date. In other words, if a colorway is ??enabled?? in
the add-ons manager, that colorway is yours forever.
* Beginning February 15, we are releasing 6 brand-new colorways in a special
partner collaboration. U.S.-based fans of the film can visit
truecolors.firefox.com to activate official Turning Red-inspired Colorways,
available exclusively in Firefox for desktop through April 30, 2022.
Firefox users who visit the ??True Colors?? campaign landing page will be
able to modify how their web browser looks, with colors and moods inspired
by some of the main characters in the film. To enjoy the new Colorways, you
??ll need to make sure you upgrade to the latest Firefox 97 version. This
collection will be available in the add-ons manager, within the Colorways
section. Read more about colorway updates here.
* Firefox now supports and displays the new style of scrollbars on Windows
11.
Fixed
* On macOS, we??ve made improvements to system font loading which makes
opening and switching to new tabs faster in certain situations.
* Various security fixes
Changed
* Support for directly generating PostScript for printing on Linux has been
removed. Printing to PostScript printers still remains a supported option,
however.
Security fixes:
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
Service
#CVE-2022-22754: Extensions could have bypassed permission confirmation during
update
#CVE-2022-22755: XSL could have allowed JavaScript execution after a tab was
closed
#CVE-2022-22756: Drag and dropping an image could have resulted in the dropped
object being an executable
#CVE-2022-22757: Remote Agent did not prevent local websites from connecting
#CVE-2022-22758: tel: links could have sent USSD codes to the dialer on Firefox
for Android
#CVE-2022-22759: Sandboxed iframes could have executed script if the parent
appended elements
#CVE-2022-22760: Cross-Origin responses could be distinguished between script
and non-script content-types
#CVE-2022-22761: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
#CVE-2022-22762: JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
#CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
#CVE-2022-0511: Memory safety bugs fixed in Firefox 97
|
|
Changelog:
Fixed
Fixed an issue that allowed unexpected data to be submitted in some of
our search telemetry (bug 1752317)
|
|
Changelog:
Fixed
* Fixed an issue that caused tab height to display inconsistently on Linux
when audio was played (bug 1714276)
* Fixed an issue that caused Lastpass dropdowns to appear blank in Private
Browsing mode (bug 1748158)
* Fixed a crash encountered when resizing a Facebook app (bug 1746084)
|
|
|
|
Changelog:
Version 96.0.1, first offered to Release channel users on January 14, 2022
Fixed
* Addresses proxy rule exceptions not working on Windows systems when "Use
system proxy settings" is set (bug 1749501)
* Improvements to make the parsing of content-length headers more robust (bug
1749957)
Version 96.0, first offered to Release channel users on January 11, 2022
New
* We've made significant improvements in noise-suppression and
auto-gain-control as well as slight improvements in echo-cancellation to
provide you with a better overall experience.
* We've also significantly reduced main-thread load.
* Firefox will now default all cookies to having a SameSite=lax attribute
which helps defend against Cross-Site Request Forgery (CSRF) attacks.
* When printing, you can now choose to print only the odd/even pages.
Fixed
* On macOS, command-clicking links in Gmail now opens them in a new tab as
expected.
* Our newest release fixes an issue where video intermittently drops SSRC.
* It also fixes an issue where WebRTC downgrades screen sharing resolution to
provide you with a clearer browsing experience.
* Plus, we've fixed video quality degradation issues on certain sites.
* Detached video in fullscreen on macOS has been temporarily disabled to
avoid some issues with corruption, brightness changes, missing subtitles
and high cpu usage.
* Various security fixes
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
window spoof
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22750: IPC passing of resource handles could have lead to sandbox
bypass
#CVE-2022-22749: Lack of URL restrictions when scanning QR codes
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22736: Potential local privilege escalation when loading modules from
the install directory.
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
#CVE-2022-22752: Memory safety bugs fixed in Firefox 96
|
|
* Enable RLBox WebAssembly sandboxing for i386 and x86_64 architectures.
Not tested for the other architectures yet.
Changelog:
95.0.1
Fixed
* Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
messages when trying to connect to various microsoft.com domains (bug
1745600)
* Fix for a WebRender crash on some Linux/X11 systems (bug 1741956)
* Fix for a frequent Windows shutdown crash (bug 1738984)
* Fix websites contrast issues for some Linux users with Dark mode set at OS
level (bug 1740518)
|
|
Changelog:
New
* RLBox --- a new technology that hardens Firefox against potential security
vulnerabilities in third-party libraries --- is now enabled on all
platforms.
* Good news! You can now download Firefox from the Microsoft Store on Windows
10 and Windows 11 platforms.
* We've reduced CPU usage on macOS in Firefox and WindowServer during event
processing.
* We've also reduced the power usage of software decoded video on macOS,
especially in fullscreen. This includes streaming sites such as Netflix and
Amazon Prime Video.
* You can now move the Picture-in-Picture toggle button to the opposite side
of the video. Simply look for the new context menu option Move
Picture-in-Picture Toggle to Left (Right) Side.
* To better protect Firefox users against side-channel attacks such as
Spectre, Site Isolation is now enabled for all Firefox 95 users.
Fixed
* After starting Firefox, users of the JAWS screen reader and ZoomText
magnifier will no longer need to switch applications in order to access
Firefox.
* You'll find the state of controls using the ARIA switch role is now
correctly reported by Mac OS VoiceOver.
* You'll see a faster content process startup on macOS.
* We've also made memory allocator improvements.
* And we've improved page load performance by speculatively compiling
JavaScript ahead of time.
* Various security fixes
Changed
* We've added a User Agent override for Slack.com, which allows Firefox
users to use more Call features and have access to Huddles.
Security fixes:
Mozilla Foundation Security Advisory 2021-52
#CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
#CVE-2021-43537: Heap buffer overflow when using structured clone
#CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
#CVE-2021-43539: GC rooting failure when calling wasm instance methods
#MOZ-2021-0010: Use-after-free in fullscreen objects on MacOS
#CVE-2021-43540: WebExtensions could have installed persistent ServiceWorkers
#CVE-2021-43541: External protocol handler parameters were unescaped
#CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of
an external protocol handler
#CVE-2021-43543: Bypass of CSP sandbox directive when embedding
#CVE-2021-43544: Receiving a malicious URL as text through a SEND intent could
have led to XSS
#CVE-2021-43545: Denial of Service when using the Location API in a loop
#CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
#MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
|
|
Changelog:
Fixed
* Improved hangs experienced by users of assistive technology such as NVDA
when installing Firefox through the Microsoft Store (bug 1736742)
* Resolved general instability/crashes on Linux caused by a file descriptor
leak when backgrounding tabs using WebGL (bug 1741997)
Changed
* Updated preference design for Firefox Suggest for improved clarity.
|
|
Changelog:
94.0.1
Fixed
* Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)
94.0
New
* Colorways animated screenshot
With 94, you'll find a selection of six fun seasonal Colorways (available
for a limited time only). Now you can find a color to suit (or lift) your
every mood.
Fun fact: Did you know we have more daily users with color themes than dark
or Alpenglow on Beta? With Firefox 89, 32% of users clicked through to
customize their color theme. And that was just on the first day! We decided
to introduce these new Colorways to give our users more to love.
* Firefox macOS now uses Apple's low power mode for fullscreen video on sites
such as YouTube and Twitch. This meaningfully extends battery life in long
viewing sessions. Now your kids can find out what the fox says on a loop
without you ever missing a beat'
* With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
* On Windows, there will now be fewer interruptions because Firefox won't
prompt you for updates. Instead, a background agent will download and
install updates even if Firefox is closed.
* And on Linux, we've improved WebGL performance and reduced power
consumption for many users.
* To better protect all Firefox users against side-channel attacks such as
Spectre, we're introducing Site Isolation. It will be rolled out to
Firefox 94 users over the next few weeks. We've got your
back...errr...side!
* We're rolling out the Firefox Multi-Account Containers extension with
Mozilla VPN integration. This lets you use a different server location for
each container.
* Firefox no longer warns you by default when you exit the browser or close a
window using a menu, button, or three-key command. This should cut back on
unwelcome notifications which is always nice--however, if you prefer a bit
of notice, you'll still have full control over the quit/close modal
behavior. All warnings can be managed within Firefox Settings. No worries!
(More details)
* And now, Firefox supports the new Snap Layouts menus when running on
Windows 11.
Fixed
* We've reduced the overhead of using performance.mark() and
performance.measure() APIs with a large set of performance entries.
* Plus, we've modified paint suppression during load to greatly improve
warmload performance in Site Isolation mode.
* You'll also notice a small reduction in Javascript memory usage.
* With this release, you'll notice faster Javascript property enumeration as
well.
* We've also implemented better scheduling of garbage collection which has
improved some pageload benchmarks.
* This release also sees reduced CPU usage during socket polling for HTTPS
connections.
* Additionally, you'll notice faster storage initialization.
* We've also improved cold startup by reducing main thread I/O.
* Plus, closing devtools now reclaims more memory than ever before.
* And we've improved pageload (especially with Site Isolation mode) by
setting a higher priority for loading and displaying images.
* Various security fixes
Enterprise
* Enterprise users now have more control over Firefox deployments with the
availability of our MSIX package on Windows platforms.
* You'll also notice various bug fixes and new policies have been
implemented in this latest version of Firefox. See more details in the
Firefox for Enterprise 94 Release Notes.
Security fixes:
#CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
#CVE-2021-38504: Use-after-free in file picker dialog
#CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user
data
#CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
without notification or warning
#CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
#MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
#CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
#MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context
menu was triggered by a user
#CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary
domain
#CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
#MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to
see authentication tokens
#MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
#MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts):
www/nghttp2/distinfo
Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
|
|
|
|
Changelog:
New
* Firefox now supports the new AVIF image format, which is based on the
modern and royalty free AV1 video codec. It offers significant bandwidth
savings for sites compared to existing image formats. It also supports
transparency and other advanced features.
* Firefox PDF viewer now supports filling more forms (XFA-based forms, used
by multiple governments and banks). Learn more.
* When available system memory is critically low, Firefox on Windows will
automatically unload tabs based on their last access time, memory usage,
and other attributes. This should help reduce Firefox out-of-memory
crashes. Switching to an unloaded tab automatically reloads it.
* To prevent session loss for macOS users who are running Firefox from a
mounted .dmg file, they??ll now be prompted to finish installation. This
permission prompt only appears the first time these users run Firefox on
their computer.
* Firefox now blocks downloads that rely on insecure connections, protecting
against potentially malicious or unsafe downloads. Learn more and see where
to find downloads in Firefox.
* Improved web compatibility for privacy protections with SmartBlock 3.0.
Learn more
* Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing. Learn more
* Introducing Firefox Suggest, a faster way to navigate the web. Learn more
about the experience and locale-specific features.
Fixed
* The VoiceOver screen reader now correctly reports checkable items in
accessible tree controls as checked or unchecked.
* The Orca screen reader now works correctly with Firefox, no longer
requiring users to switch to another application after starting Firefox.
* Various security fixes
Changed
* TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can
only be enabled when deprecated versions of TLS are also enabled. Learn
more.
* The download panel now follows the Firefox visual styles.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 93
Release Notes.
Developer
* Developer Information
Web Platform
* The UI for <input type="datetime-local"> has been implemented.
Security fixes:
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2
#CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
#CVE-2021-38499: Memory safety bugs fixed in Firefox 93
|
|
|
|
Changelog:
92.0.1
Fixed
* Fixes an issue where audio playback was not working on some Linux systems (
bug 1730499)
* Fixes issues with the findbar close button on different operating systems (
bug 1728368)
92.0
New
* More secure connections: Firefox can now automatically upgrade to HTTPS
using HTTPS RR as Alt-Svc headers.
* Full-range color levels are now supported for video playback on many
systems.
* Mac users can now access the macOS share options from the Firefox File
menu.
* Support for images containing ICC v4 profiles is enabled on macOS.
Fixed
* Firefox performance with screen readers and other accessibility tools is no
longer severely degraded if Mozilla Thunderbird is installed or updated
after Firefox.
* macOS VoiceOver now correctly reports buttons and links marked as ??
expanded?? using the aria-expanded attribute.
* An open alert in a tab no longer causes performance issues in other tabs
using the same process.
* Various security fixes
Changed
* Canonical is now building the official Firefox snap. It's also now
available on two additional architectures, ARMhf and ARM64.
* The bookmark toolbar menus on macOS now follow Firefox visual styles.
* Certificate error pages have been redesigned for a better user experience.
* Continuing work to restructure Firefox??s JavaScript memory management to
be more performant and use less memory.
|
|
Quick fix for "make patch" failure.
|
|
|
|
On i386, cc1plus hits an internal error when building gfx/wr/swgl/src/gl.cc
with -O2 or -O1. This change adjusts the build script to force -O0.
|
|
Changelog:
Fixed
* High Contrast Mode is no longer enabled by default when "Increase Contrast"
is checked in macOS settings (bug 1726606)
* Firefox no longer clears authentication data when purging trackers, to
avoid repeatedly prompting for a password (bug 1721084)
|
|
Changelog:
Fixed
* Fixed an issue causing buttons on the tab bar to be resized when loading
certain websites (bug 1704404)
* Fixed an issue which caused tabs from private windows to be visible in
non-private windows when viewing switch-to-tab results in the address bar
panel (bug 1720369)
* Various stability fixes
* Security fix
Security fixes:
#CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
|
|
* Convert to --enable-chrome-format=omni.
It is not necessary to modify JavaScript files to improve support recently.
* Fix build under NetBSD/i386 like lang/mozjs78.
Changelog:
New
* Building on Total Cookie Protection, we've added a more comprehensive logic
for clearing cookies that prevents hidden data leaks and makes it easy for
users to understand which websites are storing local information. Learn
more
* Firefox now supports logging into Microsoft, work, and school accounts
using Windows single sign-on. Learn more
* The simplify page when printing feature is back! When printing, under More
settings > Format select the Simplified option when available to get a
clutter-free page. Learn more
* HTTPS-First Policy: Firefox Private Browsing windows now attempt to make
all connections to websites secure, and fall back to insecure connections
only when websites do not support it. Learn more
* We've added a new locale: Scots (sco)
* The address bar now provides Switch to Tab results also in Private Browsing
windows.
* Firefox now automatically enables High Contrast Mode when "Increase
Contrast" is checked on MacOS
* Firefox now does catch-up paints for almost all user interactions, enabling
a 10-20% improvement in response time to most user interactions.
Fixed
* Various security fixes
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 91
Release Notes.
Developer
* Developer Information
Web Platform
* The Visual Viewport API is now supported on desktop platforms
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29981: Live range splitting could have led to conflicting assignments
in the JIT
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29987: Users could have been tricked into accepting unwanted
permissions on Linux
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and
type confusion
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
#CVE-2021-29990: Memory safety bugs fixed in Firefox 91
|
|
Changelog:
90.0.2:
Fixed
* Fixed truncated output when printing (bug 1720621)
* Fixed menu styling on some Gtk themes (bug 1720441, bug 1720874)
#
Changed
* Updates to support DoH Canada rollout
90.0.1:
Fixed
* Fixed a crash when using some accessibility clients on Windows (bug 1720696
)
* Fixed busy looping processing some HTTP3 responses (bug 1720079)
* Fixed transient errors authenticating with some smart cards (bug 1715325)
* Fixed a rare crash on shutdown (bug 1707057)
* Fixed a race on startup that caused about:support to end up empty after
upgrade (bug 1717894)
* Reference link to 90.0 release notes
unresolved
* Printing a page with scaling may result in truncated output (bug 1720621)
|
|
Changelog:
New
* On Windows, updates can now be applied in the background while Firefox is
not running.
* Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
* Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
* Print to PDF now produces working hyperlinks
* Version 2 of Firefox??s SmartBlock feature further improves private
browsing. Third-party Facebook scripts are blocked to prevent you from
being tracked, but are now automatically loaded ??just in time?? if you
decide to ??Log in with Facebook?? on any website.
Fixed
* Various security fixes
Changed
* The "Open Image in New Tab" context menu item now opens images and media in
a background tab by default. Learn more
* Most users without hardware accelerated WebRender will now be using
software WebRender.
* Improved software WebRender performance
* FTP support has been removed
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 90
Release Notes.
Developer
* Developer Information
* Support for Private Fields (TC39 proposal, stage 3) is available in
DevTools. The support includes: object inspection, autocompletion,
expression evaluation, variable tooltips, and pretty printing (bug)
* The Network panel shows a preview of HTTP requests for fonts in the
Response tab (bug)
Network panel font preview screenshot
Web Platform
* Support for Fetch Metadata Request Headers, which allows web applications
to better protect themselves and their users against various cross-origin
threats.
* Added the ability to use client authentication certificates stored in
hardware tokens or in Operating System storage.
Security fixes:
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
#CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
#CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
#CVE-2021-29975: Text message could be overlaid on top of another website
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
#CVE-2021-29977: Memory safety bugs fixed in Firefox 90
|
|
Changelog:
89.0.2
Fixed
* Fix occasional hangs with Software WebRender on Linux (bug 1708224)
89.0.1
Fixed
* Windows: Resolved an issue causing some screen readers to not interact
correctly with Firefox anymore (bug 1714212)
* Updated translations, including full Spanish (Mexico) localization and
other improvements (bug 1714946)
* Fix various font related regressions (bug 1694174)
* Linux: Fix performance and stability regressions with WebRender (bug
1715895, bug 1715902)
* macOS: Fix screen flickering when scrolling a page on an external monitor (
bug 1715452)
* Enterprise: Fix for the DisableDeveloperTools policy not having effect
anymore (bug 1715777)
* Linux: Fix broken scrollbars on some GTK themes (bug 1714103)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29968: Out of bounds read when drawing text characters onto a Canvas
89.0
New
* Say hello to a fresh new Firefox, designed to get you where you want to go
even faster. We??ve redesigned and modernized the core experience to be
cleaner, more inviting, and easier to use.
Beginning in 89, you??ll notice a number of changes, including:
Simplified browser chrome and toolbar: Less frequently used items removed
to focus on the most important navigation items.
Simplified browser chrome and toolbar screenshot
Clear, streamlined menus: Re-organized and prioritized menu content
according to usage. Updated labels and removed iconography.
Clear, streamlined menus screenshot
Updated prompts: Infobars, panels, and modals have a cleaner design and
clearer language.
Updated prompts screenshot
Inspired tab design: Floating tabs neatly contain information and surface
cues when you need them, like visual indicators for audio controls. The
rounded design of the active tab supports focus and signals the ability to
easily move the tab as needed.
Inspired tab design screenshot
Fewer interruptions: Reduced number of alerts and messages, so you can
browse with fewer distractions.
Cohesive, calmer visuals: Lighter iconography, a refined color palette, and
more consistent styling throughout.
This release also includes enhancements to our privacy offerings:
+ We??ve enhanced the privacy of the Firefox Browser??s Private Browsing
mode with Total Cookie Protection, which confines cookies to the site
where they were created, preventing companies from using cookies to
track your browsing across sites. This feature was originally launched
in Firefox??s ETP Strict mode.
* For macOS users, we're introducing the elastic overscroll effect known from
many other applications. A gentle bouncing animation will indicate that you
reached the end of the page.
In addition, we added support for smart zoom. Double-tap with two fingers
on your trackpad, or with a single finger on your Magic Mouse, to zoom the
content below your cursor into focus.
* Native context menus: Context menus on macOS are now native and support
Dark Mode.
macOS native context menus screenshot
* WebRender is now enabled on Linux with the NVIDIA binary driver and on all
desktop environments
#
Fixed
* Colors in Firefox on macOS will no longer be saturated on wide gamut
displays, untagged images are properly treated as sRGB, and colors in
images tagged as sRGB will now match CSS colors.
* In full screen mode on macOS, moving your mouse to the top of the screen
will no longer hide your tabs behind the system menu bar.
* Also in full screen mode on macOS, it is now possible to hide the browser
toolbars for a fully immersive full screen experience. This brings macOS in
line with Windows and Linux.
* Various stability and security fixes.
#
Changed
* Introducing a non-native implementation of web form controls, which
delivers a new modern design and some improvements to page load
performance. Watch for layout bugs in web pages that make assumptions about
the dimensions or styling of form controls.
* The screenshots feature is available in the right-click context menu. You
can also add a screenshots shortcut to your toolbar. Learn more.
Security fixes:
#CVE-2021-29965: Password Manager on Firefox for Android susceptible to domain
spoofing
#CVE-2021-29960: Filenames printed from private browsing mode incorrectly
retained in preferences
#CVE-2021-29961: Firefox UI spoof using `<select>` elements and CSS scaling
#CVE-2021-29963: Shared cookies for search suggestions in private browsing mode
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29959: Devices could be re-enabled without additional permission
prompt
#CVE-2021-29962: No rate-limiting for popups on Firefox for Android
#CVE-2021-29967: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
#CVE-2021-29966: Memory safety bugs fixed in Firefox 89
|
|
The code in question has changed in the repo since, so the patch can probably
be removed in the next major update.
|
|
|
