Changelog:
Fixed 36.0.1 - Disable the usage of the ANY DNS query type (1093983)
Fixed 36.0.1 - Fixed a startup crash with EMET (1137050)
Fixed 36.0.1 - Hello may become inactive until restart (1137469)
Fixed 36.0.1 - Print preferences may not be preserved (1136855)
Fixed 36.0.1 - Hello contact tabs may not be visible (1137141)
Fixed 36.0.1 - Accept hostnames that include an underscore character ("_") (1136616)
Fixed 36.0.1 - WebGL may use significant memory with Canvas2d (1137251)
Fixed 36.0.1 - Option -remote has been restored (1080319)
Fixed 36.0.1 - Fix a top crash
Changelog:
New Pinned tiles on the new tab page can be synced
New Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
New Locale added: Uzbek (uz)
Changed -remote option removed
Changed No longer accept insecure RC4 ciphers whenever possible
Changed Phasing out Certificates with 1024-bit RSA Keys
Changed Shut down hangs will now show the crash reporter before exiting the program
Changed Add-on Compatibility
HTML5 Support for the ECMAScript 6 Symbol data type added
HTML5 unicode-range CSS descriptor implemented
HTML5 CSSOM-View scroll behavior implemented allowing smooth scrolling of content without custom libraries
HTML5 object-fit and object-position implemented.
Defines how and where the content of a replaced element is displayed
HTML5 isolation CSS property implemented.
Create a new stacking context to isolate groups of boxes to control which blend together
HTML5 CSS3 will-change property implemented.
Hints the browser of elements that will be modified. The browser will perform some performance optimization for these
HTML5 Changed JavaScript 'const' semantics to conform better to the ES6 specification.
The const declaration is now block-scoped and requires an initializer. It also can not be redeclared anymore.
HTML5 Improved ES6 generators for better performance
Developer Eval sources now appear in the Debugger
Debug JavaScript code that is evaluated dynamically, either as a string passed to eval() or as a string passed to the Function constructor
Developer DOM Promises inspection
Developer Inspector: More paste options in markup view
Fixed CSS gradients work on premultiplied colors
Fixed Fix some unexpected logout from Facebook or Google after restart
Fixed Various security fixes
Fixed in Firefox 36
2015-27 Caja Compiler JavaScript sandbox bypass
2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
2015-25 Local files or privileged URLs in pages can be opened into new tabs
2015-24 Reading of local files through manipulation of form autocomplete
2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
2015-22 Crash using DrawTarget in Cairo graphics library
2015-21 Buffer underflow during MP3 playback
2015-20 Buffer overflow during CSS restyling
2015-19 Out-of-bounds read and write while rendering SVG content
2015-18 Double-free when using non-default memory allocators with a zero-length XHR
2015-17 Buffer overflow in libstagefright during MP4 video playback
2015-16 Use-after-free in IndexedDB
2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
2015-14 Malicious WebGL content crash when writing strings
2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
PLIST:
* lib/firefox/libmozglue.so is built and installed as a shared
library on some platforms including Darwin.
mozilla-common.mk:
* Sandboxing support is only available when the toolkit is
cairo-cocoa.
* It tries to use MacOS X 10.6 SDK by default, which is not always
possible.
patches/patch-build_gyp.mozbuild:
* Don't assume iOS just because the toolkit is not cocoa. Ideally
there should be an AC_SUBST just like 'ARM_ARCH' but nothing
exists currently.
* MacOS X SDK version should be able to configure with ./configure
--enable-macos-target=VER
patches/patch-extensions_spellcheck_hunspell_src_mozHunspell.cpp:
* NS_NewNativeLocalFile() can fail and leave hunDir null, so we must
check if it succeeded. This is not Darwin specific though.
* "%%LOCALBASE%%" in the hunspell path is currently not substituted,
which looks very erroneous to me. But since I don't know why
ryoon@ changed it from "@PREFIX@" to "%%LOCALBASE%%" I leave it as
it is.
patches/patch-ipc_glue_moz.build:
* Don't assume cocoa toolkit just because OS_ARCH is Darwin.
patches/patch-js_src_asmjs_AsmJSSignalHandlers.cpp:
* Increase portability for non-x86 Darwin by not hardwiring
x86_THREAD_STATE.
patches/patch-js_xpconnect_src_xpcprivate.h:
* The declaration has to be C++11 'extern template', otherwise
non-weak symbol collision will occur between libmozjs and
libxul. We can't easily test if the feature is supported by
compiler due to GCC bug #1773:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=1773
patches/patch-memory_mozalloc_VolatileBufferOSX.cpp:
* Try to fallback to valloc(3) if posix_memalign(3) is not
avialble. It has been added since MacOS 10.6.
patches/patch-toolkit_library_moz.build:
* GSTREAMER_LIBS are linked to libxul on Darwin, while they are
dlopen(3)'ed at runtime on other platforms. The problem is that
the toolkit being cocoa isn't relevant at all. It's Darwin that
needs the special handling, not Cocoa.
patches/patch-toolkit_xre_nsAppRunner.cpp:
* MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2)
and had more than one active thread, the kernel returned
ENOTSUP. So we have to either fork(2) or vfork(2) before calling
execve(2) to make sure the caller is single-threaded as otherwise
the application fails to restart itself.
patches/patch-xpcom_base_nsStackWalk.cpp,
patches/patch-xpcom_build_PoisonIOInterposer.h:
* Replace XP_MACOSX with XP_DARWIN as the former is not defined when
the toolkit is not cocoa.
patches/patch-xpcom_glue_standalone_nsXPCOMGlue.cpp:
* Fix inconsistent use of XP_DARWIN and XP_MACOSX:
LEADING_UNDERSCORE should be empty when we are going to load XPCOM
using dlopen(3), not NSAddImage().
Changelog:
Fixed 35.0.1 - With the Enhanced Steam extension, Firefox could crash (1123732)
Fixed 35.0.1 - Fix a potential startup crash (1122367)
Fixed 35.0.1 - Kerberos authentication did not work with alias (1108971)
Fixed 35.0.1 - SVG / CSS animation had a regression causing rendering issues on websites like openstreemap.org (1083079)
Fixed 35.0.1 - On Godaddy webmail, Firefox could crash (1113121)
Fixed 35.0.1 - document.baseURI did not get updated to document.location after base tag was removed from DOM for site with a CSP (1121857)
Fixed 35.0.1 - With a Right-to-left (RTL) version of Firefox, the text selection could be broken (1104036)
Fixed 35.0.1 - CSP had a change in behavior with regard to case sensitivity resources loading (1122445)
Changelog:
New Firefox Hello with new rooms-based conversations model
New New search UI improved and enabled for more locales
New Access the Firefox Marketplace from the Tools menu and optional toolbar button
New Built-in support for H264 (MP4) on Mac OS X Snow Leopard (10.6) and newer through native APIs
New Use tiled rendering on OS X
New Improved high quality image resizing performance
New Improved handling of dynamic styling changes to increase responsiveness
HTML5 Added support for the CSS Font Loading API
HTML5 Resource Timing API implemented
HTML5 CSS filters enabled by default
HTML5 Changed JavaScript 'let' semantics to conform better to the ES6 specification
Developer Support for inspecting ::before and ::after pseudo elements
Developer Computed view: Nodes matching the hovered selector are now highlighted
Developer Network Monitor: New request/response headers view (more info)
Developer Added support for the EXT_blend_minmax WebGL extension
Fixed Show DOM Properties context menu item in inspector
Fixed Reduced resource usage for scaled images
Fixed PDF.js updated to version 1.0.907
Fixed Non-HTTP(S) XHR now returns correct status code
Fixed Various security fixes
Security fixes:
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-07 Gecko Media Plugin sandbox escape
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Changelog:
New Default search engine changed to Yahoo! for North America
New Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales
New Improved search bar (en-US only)
New Firefox Hello real-time communication client
New Easily switch themes/personas directly in the Customizing mode
New Wikipedia search now uses HTTPS for secure searching (en-US only)
New Implementation of HTTP/2 (draft14) and ALPN
New Recover from a locked Firefox process in the "Firefox is already running" dialog on Windows
Changed Disabled SSLv3
Changed Proprietary window.crypto properties/functions re-enabled (to be removed in Firefox 35)
Changed Firefox signed by Apple OS X version 2 signature
HTML5 ECMAScript 6 WeakSet Implemented
HTML5 JavaScript Template Strings Implemented
HTML5 CSS3 Font variants and features control (e.g. kerning) implemented
HTML5 WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support
HTML5 WebCrypto: wrapKey and unwrapKey implemented
HTML5 WebCrypto: Import/export of JWK-formatted keys
HTML5 matches() DOM API implemented (formerly mozMatchesSelector())
HTML5 Performance.now() for workers implemented
HTML5 WebCrypto: ECDH support
Developer WebIDE: Create, edit, and test a new Web application from your browser
Developer Highlight all nodes that match a given selector in the Style Editor and the Inspector's Rules panel
Developer Improved User Interface of the Profiler
Developer console.table function added to web console
Fixed CSS transitions start correctly when started at the same time as changes to display, position, overflow, and similar properties
Fixed Various security fixes
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-86 CSP leaks redirect data via violation reports
2014-85 XMLHttpRequest crashes with some input streams
2014-84 XBL bindings accessible via improper CSS declarations
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Changelog:
Fixed
33.0.3: Blacklisted graphics drivers that were causing black screens with OMTC enabled (1093863)
Fixed
33.0.3 Fix two startup crashes with some combination of hardware and drivers (1064107 and 1021265)
Changelog:
New
OpenH264 support (sandboxed)
New
Improved search experience through the location bar
New
Slimmer and faster JavaScript strings
New
Search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages
New
Windows: OMTC enabled by default
New
New CSP (Content Security Policy) backend
New
Support for connecting to HTTP proxy over HTTPS
New
Improved reliability of the session restoration
New
Azerbaijani [az] locale added
Changed
Proprietary window.crypto properties/functions removed
Changed
JSD (JavaScript Debugger Service) removed in favor of the Debugger interface
HTML5
@counter-style rule from CSS3 Counter Styles specification implemented
HTML5
DOMMatrix interface implemented
Developer
Cubic-bezier curves editor
Developer
Display which elements have listeners attached
Developer
New sidebar which displays a list of shortcuts to every @media rule in the current stylesheet
Developer
Paint flashing for browser content repaints
Developer
Editable @keyframes rules in the Rules section of the Inspector
Developer
CSS transform highlighter in the style-inspector
Fixed
Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers (237623)
Fixed
Various security fixes
Fixed in Firefox 33
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypasses
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Changelog:
Fixed
32.0.3: New security fixes can be found here
New
New HTTP cache provides improved performance including crash recovery
New
Integration of generational garbage collection
New
Public key pinning support enabled
New
View historical use information for logins stored in password manager
New
Display the number of found items in the find toolbar
New
Easier back, forward, reload, and bookmarking through the context menu
New
Lower Sorbian [dsb] locale added
Changed
Removed and turned off trust bit for some 1024-bit root certificates
Changed
Performance improvements to Password Manager and Add-on Manager
HTML5
drawFocusIfNeeded enabled by default
HTML5
ECMAScript 6 built-in method Array#copyWithin implemented
HTML5
CSS position:sticky enabled by default
HTML5
mix-blend-mode enabled by default
HTML5
New Array built-in: Array.from()
HTML5
navigator.languages property and languagechange event implemented
HTML5
Vibration API updated to latest W3C spec
HTML5
CSS box-decoration-break replaces -moz-background-inline-policy
HTML5
box-decoration-break enabled by default
Developer
HiDPI support in Developer Tools UI
Developer
Inspector button moved to the top left
Developer
Hidden nodes displayed differently in the markup-view
Developer
New Web Audio Editor
Developer
Code completion and inline documentation added to Scratchpad
Fixed
32.0.2 - Corrupt installations cause Firefox to crash on update
Fixed
32.0.1 - Stability issues for computers with multiple graphics cards
Fixed
32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites
Fixed
32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified
Fixed
Various security fixes
Fixed
Mac OS X: cmd-L does not open a new window when no window is available
Fixed
Text Rendering Issues on Windows 7 with Platform Update KB2670838 (MSIE 10 Prerequisite) or on Windows 8.1
Security fixes:
Fixed in Firefox 32.0.3
MFSA 2014-73 RSA Signature Forgery in NSS
Fixed in Firefox 32
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-71 Profile directory file access through file: protocol
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
