* Remove macOS patches, because I cannot confirm them sadly
Changelog:
New
Support for Google’s Widevine CDM on Windows and Mac OS X so streaming services like Amazon Video can switch from Silverlight to encrypted HTML5 video.
Enable VP9 video codec for users with fast machines
Embedded YouTube videos now play with HTML5 video if Flash is not installed.
View and search open tabs from your smartphone or another computer in a sidebar
Allow no-cache on back/forward navigations for https resources
Latgalu [ltg] locale added. Wikipedia tells us there are 164,500 daily speakers.
Fixed
Various security fixes
Changed
FUEL (Firefox User Extension Library) has been removed. Add-ons relying on it will stop working.
The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!
The Firefox click-to-activate plugin whitelist has been removed.
XRender is no longer used for rendering web content on Linux as this may cause a regression in remote X performance
Developer
Web platform changes
View, start,and debug registered Service Workers in the Service Workers developer tool
Simulate Push messages in the Service Workers developer tool
'Start' button for service workers in about:debugging to start registered Service Workers
Changes that can affect add-on compatibility
Added support for ChaCha20/Poly1305 cipher suites
Custom user agents supported in Responsive Design Mode
Smart multi-line input in the Web Console
Developer Information
HTML5
cuechange events are now available on TextTrack objects
WebCrypto: PBKDF2 supports SHA-2 hash algorithms
WebCrypto: RSA-PSS signature support
Fixed in Firefox 47
2016-61 Network Security Services (NSS) vulnerabilities
2016-60 Java applets bypass CSP protections
2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
2016-58 Entering fullscreen and persistent pointerlock without user permission
2016-57 Incorrect icon displayed on permissions notifications
2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
2016-55 File overwrite and privilege escalation through Mozilla Windows updater
2016-54 Partial same-origin-policy through setting location.host through data URI
2016-53 Out-of-bounds write with WebGL shader
2016-52 Addressbar spoofing though the SELECT element
2016-51 Use-after-free deleting tables from a contenteditable document
2016-50 Buffer overflow parsing HTML5 fragments
2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
Changelog:
Fixed
Fix a potential performance regression (Youtube for example) (1220502)
Fix a regression causing search engine settings to be lost in some context (1254694)
Bring back non-standard jar: URIs to fix a regression in IBM iNotes (1255139)
XSLTProcessor.importStylesheet was failing when <import> was used (1249572)
Fix an issue which could cause the list of search provider to be empty (1255605)
Fix a regression when using the location bar (1254503)
Fix some loading issues when Accept third-party cookies: was set to Never (1254856)
Changed
Disabled Graphite font shaping library
Changelog:
New
Instant browser tab sharing through Hello
Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
Synced Tabs button in button bar
Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
Guarani [gn] locale added
Fixed
URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
Various security fixes
Fixed in Firefox 45
2016-37 Font vulnerabilities in the Graphite 2 library
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-33 Use-after-free in GetStaticInstance in WebRTC
2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
2016-31 Memory corruption with malicious NPAPI plugin
2016-30 Buffer overflow in Brotli decompression
2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-26 Memory corruption when modifying a file being read by FileReader
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-19 Linux video memory DOS with Intel drivers
2016-18 CSP reports fail to strip location information for embedded iframe pages
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Changelog:
Fix:
Fix issue which could lead to the removal of stored passwords under certain circumstances (1242176)
Allows spaces in cookie names (1244505)
Fix WebSockets when used in a Service Worker context (1243942)
Disable opus/vorbis audio with H.264 (1245696)
Require NSS 3.21 (1244069)
Ship the Gecko SDK (1243740)
Fix for graphics startup crash (GNU/Linux) (1222171)
Fix a crash in cache networking (1244076)
Changelog:
New
Improved warning pages for certificate errors and untrusted connections
Enable H.264 if system decoder is available
Enable WebM/VP9 video support on systems that don't support MP4/H.264
In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread
Support the brotli compression format via HTTPS content-encoding
Screenshot commands allow user choice of pixel ratio in Developer Tools
Fixed
Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610)
Various security fixes
Changed
To support unicode-range descriptor for webfonts, font matching under Linux now uses the same font matching code as other platforms
Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Firefox has removed support for the RC4 decipher
Firefox will no longer trust the Equifax Secure Certificate Authority 1024-bit root certificate or the UTN - DATACorp SGC to validate secure website certificates
Stricter validation of web fonts
On-screen keyboard support temporarily turned off for Windows 8 and Windows 8.1
Developer
Right click on a logged object in the console to store it as a global variable on the page
Visual tools for Animation:
View/Edit CSS animation keyframe rules directly in the inspector
Visually modify the cubic-bezier curve that drives the way animations progress through time
Discover and scrub through all CSS animations and transitions playing on the page
Learn more: http://devtoolschallenger.com/
Visual tools for Layout and Styles:
Display rulers along the viewport to verify size and position and use the measurement tool to easily detect spacing and alignment problems
Use CSS filters to preview and create real-time effects like drop-shadows, sepia, etc
Learn more: http://devtoolschallenger.com/
New memory tool for inspecting the memory heap
Service Workers API
Built-in JSON reader to intuitively view, search, copy and save data without extensions
Jump to function definitions in the debugger with Cmd-Click
WebSocket Debugging API and add-on
The rule view now displays styles using their authored text, and edits in the rule view are now linked to the style editor
Security bugs:
Fixed in Firefox 44
2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
2016-11 Application Reputation service disabled in Firefox 43
2016-10 Unsafe memory manipulation found through code inspection
2016-09 Addressbar spoofing attacks
2016-08 Delay following click events in file download dialog too short on OS X
2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
2016-06 Missing delay following user click events in protocol handler dialog
2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
2016-04 Firefox allows for control characters to be set in cookie names
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-02 Out of Memory crash when parsing GIF format images
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
Changelog:
Fixed: Fix for startup crash for users of a third party antivirus tool (Bug 1235537)
Fixed: Multi-user GNU/Linux download folders can be created (Bug 1233434)
Changed: Re-enable SHA-1 certificates (Bug 1236975)
* Fix alsa option build, fix PR pkg/50427
Changelog:
Fix: Fix network issue when using Nvidia's Network Access Manager (1233237)
Fix: On some Windows configurations, improve the decoding of some videos on YouTube (1233970)
Changelog:
New Private Browsing with Tracking Protection offers choice of blocking additional trackers
New Improved API support for m4v video playback
New Firefox 64-bit for Windows is now available via the Firefox download page
New Users can choose search suggestions from the Awesome Bar
New On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater
New Firefox Health Report has switched to use the same data collection mechanism as telemetry
Developer Markup view shows indicators for pseudo-classes locked for elements
Developer Bind F1 key to open the settings when the toolbox is focused
Developer New 'Use in Console' context menu item in Inspector to store selected element in a temporary variable
Developer Search button next to overridden CSS properties to find similar properties in the rules view
Developer Ability to filter styles from their property names in the rules view
Developer Stack traces are now shown for exceptions inside the console
Developer Added ability to display server-side logs in the console
Developer Ability to choose resolution for the GCLI screenshot command
Developer Subresource integrity allows developers to make their sites more secure
Developer Network requests in Console now link to Network panel instead of opening in a popup
Developer Unprefixed 'hyphens' property is now supported
Developer WebIDE now has a sidebar-based UI
Developer The 'transform-origin' property is now supported on SVG elements
Developer Animation inspector now displays animations in a timeline
Developer Single-process mode is no longer supported for NPAPI plugins
Fixed Eyedropper tool does not work as expected when page is zoomed
Fixed Various security fixes
Fixed in Firefox 43
2015-149 Cross-site reading attack through data and view-source URIs
2015-148 Privilege escalation vulnerabilities in WebExtension APIs
2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-144 Buffer overflows found through code inspection
2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
2015-142 DOS due to malformed frames in HTTP/2
2015-141 Hash in data URI is incorrectly parsed
2015-140 Cross-origin information leak through web workers error events
2015-139 Integer overflow allocating extremely large textures
2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
2015-137 Firefox allows for control characters to be set in cookies
2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
2015-135 Crash with JavaScript variable assignment with unboxed objects
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
Changelog:
New Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
New Control Center that contains site security and privacy controls
New Indicator added to tabs that play audio with one-click muting
New WebRTC improvements:
IPV6 support
Preferences for controlling ICE candidate generation and IP exposure
Hooks for extensions to allow/deny createOffer/Answer
Improved ability for applications to monitor and control which devices are used in getUserMedia
New Login Manager improvements:
Improved heuristics to save usernames and passwords
Edit and show all logins in line, Copy/Paste usernames/passwords from the Context menu
Migration imports your passwords to Firefox from Google Chrome for Windows and Internet Explorer; import anytime from the Login Manager
Changed Improved performance on interactive websites that trigger a lot of restyles
HTML5 Media Source Extension for HTML5 video available for all sites
HTML5 Support ImageBitmap and createImageBitmap()
HTML5 Implemented ES6 Reflect
Developer Ability to save filter presets inside CSS Filter Tooltip
Developer CSS filter presets in the Inspector
Developer Configurable Firefox OS Simulator in WebIDE, to simulate reference devices like phones, tablets, even TVs
Developer Asynchronous call stacks now allow web developers to follow the code flow through setTimeout, DOM event handlers, and Promise handlers.
Developer Remote website debugging over WiFi (no USB cable or ADB needed)
Developer View HTML source in a tab
