The preprocessor macro XP_MACOSX is misused everywhere. They tend to
say "#if defined(XP_MACOSX)" to actually mean
"#if defined(MOZ_WIDGET_COCOA)". It's okay to equate XP_MACOSX with
XP_DARWIN but equating it with MOZ_WIDGET_COCOA is just wrong. As a
result, cairo-gtk2 build on Darwin is completely broken and needs
heavy patching. Ideally they should be fixed individually but that
will be an extremely hard work, so don't define XP_MACOSX for now.
* Restore html5 audio playback under NetBSD
Changelog:
New
Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)
New
A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls
New
Sleek new tabs provide an overall smoother look and fade into the background when not active
New
An interactive onboarding tour to guide users through the new Firefox changes
New
The ability to set up Firefox Sync by creating a Firefox account (learn more)
New
Gamepad API finalized and enabled (learn more)
New
HTTPS used for Yahoo Searches performed in en-US locale
New
Malay [ma] locale added
Changed
Clicking on a W3C Web Notification will switch to the originating tab
Developer
'box-sizing' (dropping the -moz- prefix) implemented (learn more)
Developer
Console object available in Web Workers (learn more)
Developer
Promises enabled by default (learn more)
Developer
SharedWorker enabled by default
Developer
<input type="number"> implemented and enabled
Developer
<input type="color"> implemented and enabled
Developer
Enabled ECMAScript Internationalization API
Developer
Add-on bar has been removed, content moved to navigation bar
Developer
Implemented URLSearchParams from the URL specification (see MDN for details )
Fixed
Various security fixes
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Changelog:
NEW
VP9 video decoding implemented
NEW
Mac OS X: Notification Center support for web notifications
NEW
Horizontal HTML5 audio/video volume control
NEW
Support for Opus in WebM
CHANGED
Now that spdy/3 is implemented support for spdy/2 has been removed and servers without spdy/3 will negotiate to http/1 without any penalty
DEVELOPER
Support for MathML 2.0 'mathvariant' attribute
DEVELOPER
Background thread hang reporting
DEVELOPER
Support for multi-line flexbox in layout
FIXED
Various security fixes
Fixed in Firefox 28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
* Fix some syscall definitions in JavaScript are fixed.
Thank you, tho@.
Changelog:
FIXED
27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED
27.0.1 - JS math correctness issue (bug 941381
Changelog:
NEW
You can now run more than one service at a time with Firefox SocialAPI, allowing you to receive notifications, chat and more from multiple integrated services
CHANGED
Enabled TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246) by default
CHANGED
Added support for SPDY 3.1 protocol
DEVELOPER
Ability to reset style sheets using 'all:unset'
DEVELOPER
You can now choose to deobfuscate javascript in the debugger (see 762761)
DEVELOPER
Added support for scrolled fieldsets (see 261037)
DEVELOPER
Implemented allow-popups directive for iframe sandbox, enabling increased security (see 766282)
DEVELOPER
CSS cursor keywords -moz-grab and -moz-grabbing have been unprefixed (see 880672)
DEVELOPER
Added support for ES6 generators in SpiderMonkey (see blog post)
DEVELOPER
Implemented support for mathematical function Math.hypot() in ES6 (see 896264)
HTML5
Dashed line support on Canvas (see 768067)
FIXED
Get Azure/Skia content rendering working on Linux (see 740200)
FIXED
27.0: Security fixes can be found here
Fixed in Firefox 27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* Build outside WRKSRC, fix build
Changelog:
NEW
All Java plug-ins are defaulted to 'click to play'
NEW
Password manager now supports script-generated password fields
NEW
Updates can now be performed by Windows users without write permissions to Firefox install directory (requires Mozilla Maintenance Service)
NEW
Support for H.264 on Linux if the appropriate gstreamer plug-ins are installed
CHANGED
Support for MP3 decoding on Windows XP, completing MP3 support across Windows OS versions
CHANGED
CSP implementation now supports multiple policies, including the case of both an enforced and Report-Only policy, per the spec
DEVELOPER
Social API now supports Social Bookmarking for multiple providers through its SocialMarks functionality (see MDN docs)
DEVELOPER
Math.ToFloat32 takes a JS value and converts it to a Float32, whenever possible
DEVELOPER
There is no longer a prompt when websites use appcache
DEVELOPER
Support for the CSS image orientation property
DEVELOPER
New App Manager allows you to deploy and debug HTML5 webapps on Firefox OS phones and the Firefox OS Simulator
DEVELOPER
IndexedDB can now be used as a "optimistic" storage area so it doesn't require any prompts and data is stored in a pool with LRU eviction policy, in short temporary storage
FIXED
When displaying a standalone image, Firefox matches the EXIF orientation information contained within the JPEG image (298619)
FIXED
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1 (812695)
FIXED
Improved page load times due to no longer decoding images that aren't visible (847223)
FIXED
AudioToolbox MP3 backend for OSX (914479)
FIXED
Various security fixes
Fixed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
* Disable if test "A" = "A"; then fi test
SYntax error on SmartOS
* build is fine on SmartOS, hopefully other SunOS,
but I cannot confirm functionality now
* Remove DragonFly from SkThreadUtils_pthread_linux.cpp condition.
DragonFly has no cpuset(3) or CPU_SET(3) macros/functions.
It has usched_set(2), but I cannot implement with them.
Use SkThreadUtils_pthread_other.cpp instead.
* Enable pulseaudio by default, OSS support is dropped, and ALSA support
on NetBSD does not work properly for me
* Enable GStremer support for non-webm and non-theora video support
* Create alsa option, and enabled on Linux by default
Changelog:
NEW
Web Audio support
NEW
The find bar is no longer shared between tabs
CHANGED
If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information
CHANGED
Resetting Firefox no longer clears your browsing session
DEVELOPER
CSS3 background-attachment:local support to control background scrolling
DEVELOPER
Many new ES6 functions implemented
HTML5
iframe document content can now be specified inline
FIXED
Blank or missing page thumbnails when opening a new tab
FIXED
Security fixes can be found here
Fixed in Firefox 25
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
* Install SDK to firefox-sdk directory.
* Split multiple CONFIGURE_ARS's arguments.
* Enable libmozjs.so build.
Changelog:
NEW
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
NEW
Options panel created for Web Developer Toolbox
CHANGED
"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
CHANGED
Updated Firefox Logo
CHANGED
Improved about:memory's functional UI
CHANGED
Simplified interface for notifications of plugin installation
CHANGED
Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
CHANGED
Users can now switch to a new search provider across the entire browser
CHANGED
CSP policies using the standard syntax and semantics will now be enforced
CHANGED
<input type='file'> rendering improvements (see bug 838675)
CHANGED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
CHANGED
"Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults
DEVELOPER
HTML5 <input type="range"> form control implemented
DEVELOPER
Write more accessible pages on touch interfaces with new ARIA role for key buttons
DEVELOPER
Social share functionality
DEVELOPER
Added unprefixed requestAnimationFrame
DEVELOPER
Implemented a global browser console
DEVELOPER
Dropped blink effect from text-decoration: blink; and completely removed <blink> element
DEVELOPER
New feature in toolbox: Network Monitor
FIXED
Various security fixes
n Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
* On NetBSD WebRTC support is disabled, because libxul.so has some errors
in link stage. WebRTC support should be tested on non-NetBSD platforms.
* It seems that OSS sound support is not working properly on NetBSD.
Changelog:
NEW
WebRTC is now enabled by default!
NEW
Windows: Firefox now follows display scaling options to render text larger on high-res displays
NEW
Mac OS X: Download progress in Dock application icon
NEW
HTML5 audio/video playback rate can now be changed
NEW
Social services management implemented in Add-ons Manager
NEW
asm.js optimizations (OdinMonkey) enabled for major performance improvements
CHANGED
Improved WebGL rendering performance through asynchronous canvas updates
CHANGED
Plain text files displayed within Firefox will now word-wrap
CHANGED
For user security, the |Components| object is no longer accessible from web content
CHANGED
Pointer Lock API can now be used outside of fullscreen
DEVELOPER
CSS3 Flexbox implemented and enabled by default
DEVELOPER
New Web Notifications API implemented
DEVELOPER
Added clipboardData API for JavaScript access to a user's clipboard
DEVELOPER
New built-in font inspector
HTML5
New HTML5 <data> and <time> elements
FIXED
Various security fixes
FIXED
Scrolling using some high-resolution-scroll aware touchpads feels slow (829952)
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
* Add NetBSD/sparc64 support from martin@.
Almost all functionalities work fine, but https handling.
* Enable system jpeg support. This is accidentally disabled.
* Remove reference to devel/xulrunner.
* Move some common files for firefox/xulrunner-21.0.
* Move patches from devel/sulrunner.
* Take MAINTAINERship.
