pkgsrc/www/firefox/files
ryoon d46cc44a69 Update to 69.0
* Use clang to compile all files. Mix of gcc and clang causes some errors in
  Rust c++ command invocation (C++ header mismatches).

Changelog:
New

    Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:
        The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
        The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.

    The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.

    For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.

    Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.

    Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.

    For our users on Windows 10, you’ll see performance and UI improvements:
        Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
        For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.

    For our users on macOS, battery life and download UI are both improved:
        macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
        Finder on macOS now displays download progress for files being downloaded.

    JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.

Fixed

    Various security fixes

Changed

    As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.

    With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.

    Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.

Enterprise

    For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.

Developer

    For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.

    The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.

    The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.

    Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1.


Security fixes:
#CVE-2019-11751: Malicious code execution through command line parameters
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11749: Camera information available without prompting using getUserMedia
#CVE-2019-5849: Out-of-bounds read in Skia
#CVE-2019-11750: Type confusion in Spidermonkey
#CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
#CVE-2019-11738: Content security policy bypass through hash-based sources in directives
#CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
#CVE-2019-11734: Memory safety bugs fixed in Firefox 69
#CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
2019-09-06 03:00:23 +00:00
..
desktop.in