The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
Changelog:
Fixed in Firefox ESR 31.8
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation through internal workers
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-61 Type confusion in Indexed Database Manager
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Changelog:
Fixed in Firefox ESR 31.7
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Changelog:
Fixed in Firefox ESR 31.6
2015-40 Same-origin bypass through anchor navigation
2015-37 CORS requests should not follow 30x redirections after preflight
2015-33 resource:// documents can load privileged pages
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Changelog:
31.5.3
Fixed Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox ESR 31.5.3
2015-28 Privilege escalation through SVG navigation
31.5.2
Fixed Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest
Fixed in Firefox ESR 31.5.2
2015-29 Code execution through incorrect JavaScript bounds checking elimination
Changelog:
Fixed in Firefox/Thunderbird ESR 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Changelog:
Fixed Security fixes can be found here
Fixed @ JS::Handle::operator JSObject* const&() startup crash (see bug 1055766 )
Fixed Intermittent failures in add-ons manager mochitest-browser tests (see bug 1095128 )
Fixed Bad CPU type in executable running mochitests on yosemite (see bug 1054043 )
Fixed Error building nsChildView.mm on OS X 10.10 (see bug 1005458 )
Fixed Wrong CPU features detection on some x86 CPUs (see bug 1096651 )
Fixed Build error on Yosemite (see bug 1045231 )
Fixed XMLHttpRequest.send({}) should not throw (see bug 1096263 )
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
