pkgsrc changes:
- Fixed building with wayland libs installed
Security fixes:
- CVE-2019-17008: Use-after-free in worker destruction
- CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
- CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
- CVE-2019-17009: Updater temporary files accessible to unprivileged processes
- CVE-2019-17010: Use-after-free when performing device orientation checks
- CVE-2019-17005: Buffer overflow in plain text serializer
- CVE-2019-17011: Use-after-free when retrieving a document in antitracking
- CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
Changelog:
Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package provides Firefox 68 ESR.
