This replaces the OSS backend with something that passes the unit tests,
supports additional channels, and supports recording. It will be included
with future versions of Firefox.
Tested with:
* YouTube audio-video sync test
* about:support device detection
* WebRTC microphone recording (using an USB microphone)
While here, fix WebRTC builds.
Note: you can select an audio backend using the about:config variable
media.cubeb.backend. This can be set to options such as sun/pulse/oss.
Let me know if you still need to use the oss backend. It's very
incomplete, buggy, and FreeBSD has already removed it - ideally we
should eventually.
Bump PKGREVISION.
copy tsutsui's commit to firefox:
fix wrong latency unit in stream_init() function.
Based on a patch in PR pkg/54206 from Y.Sugahara.
Bump PKGREVISION.
From Piotr Meyer, thank you.
Changelog:
changed:
Font and date adjustments to accommodate the new Reiwa era in Japan
fixed:
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-9797: Cross-origin theft of images with createImageBitmap
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
#CVE-2019-5798: Out-of-bounds read in Skia
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* Convert to ffmpeg dependency to 4
Changelog:
Fixed:
Further improvements to re-enable web extensions which had been
disabled for users with a master password set (Bug 1549249).
Changelog:
60.6.1
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
60.6.0
#CVE-2019-9790: Use-after-free when removing in-use DOM elements
#CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
#CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
#CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
#CVE-2019-9794: Command line arguments not discarded during execution
#CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
#CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content
#CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied
#CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
Enterprise
In the network connections settings, sites added to the "No proxy for" list will now honor that setting regardless of any other specified proxy settings
Changelog:
New
Updated list of currency codes to include Unidad Previsional (UYW) (Bug 1499028)
Fixed
Various security fixes
Security fixes:
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Changelog:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package provides Firefox 60 ESR.
Securty fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
#CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
