|
1 ------------------------------------------------------------------- |
|
2 Fri Jul 28 20:56:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de> |
|
3 |
|
4 - Mozilla Firefox 115.0.3 |
|
5 * fixes for other platforms |
|
6 - remove bashisms from firefox startup script (boo#1213657) |
|
7 |
|
8 ------------------------------------------------------------------- |
|
9 Thu Jul 13 13:30:20 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
10 |
|
11 - Mozilla Firefox 115.0.2 |
|
12 * Fixed a bug with displaying a caret in the text editor on some websites |
|
13 (bmo#1840804) |
|
14 * Fixed a bug with broken audio rendering on some websites (bmo#1841982) |
|
15 * Fixed a bug with patternTransform translate using the wrong units |
|
16 (bmo#1840746) |
|
17 MFSA 2023-26 (bsc#1213230) |
|
18 * CVE-2023-3600 (bmo#1839703) |
|
19 Use-after-free in workers |
|
20 |
|
21 ------------------------------------------------------------------- |
|
22 Fri Jul 7 19:39:30 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de> |
|
23 |
|
24 - Mozilla Firefox 115.0.1 |
|
25 * fixes for other platforms |
|
26 |
|
27 ------------------------------------------------------------------- |
|
28 Sun Jul 2 16:00:53 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
29 |
|
30 - Mozilla Firefox 115.0 |
|
31 * Support for importing payment methods saved in Chrome-based browser |
|
32 * Hardware video decoding is now enabled for Intel GPUs on Linux |
|
33 * The Tab Manager dropdown now features close buttons, so tabs |
|
34 can be closed more quickly |
|
35 * Streamlined the user interface for importing data in from other browsers |
|
36 * Users without platform support for H264 video decoding can now |
|
37 fallback to Cisco's OpenH264 plugin for playback. |
|
38 * Undo and redo are now available in Password fields |
|
39 * Changed: On Linux, middle clicks on the new tab button will |
|
40 now open the xclipboard contents in the new tab. If the |
|
41 xclipboard content is a URL then that URL is opened, any |
|
42 other text is opened with your default search provider. |
|
43 * Changed: For users with a Firefox Colorways built-in theme, |
|
44 the theme will be automatically migrated to the same theme |
|
45 hosted on addons.mozilla.org for Firefox profiles that have |
|
46 disabled add-ons auto-updates. This will allow users to keep |
|
47 their Colorways theme when they are later removed from |
|
48 Firefox installer files. |
|
49 * Changed: Certain Firefox users may come across a message in |
|
50 the extensions panel indicating that their add-ons are not |
|
51 allowed on the site currently open. We have introduced a new |
|
52 back-end feature to only allow some extensions monitored by |
|
53 Mozilla to run on specific websites for various reasons, |
|
54 including security concerns. |
|
55 * HTML5: The builtin editor now behaves similarly to other |
|
56 browsers with `contenteditable` and `designMode` when |
|
57 splitting a node, e.g. typing Enter to split a paragraph, and |
|
58 also when joining two nodes, e.g. typing Backspace at the |
|
59 start of a paragraph to join the paragraph and the previous |
|
60 one. |
|
61 When a node is split, the builtin editor creates a new node |
|
62 after the original one instead of before, i.e. creates the |
|
63 right node instead of the left node. |
|
64 Similarly, when two nodes are joined, the builtin editor |
|
65 deletes the latter node and moves its children to the end of |
|
66 the preceding node instead of deleting the former node and |
|
67 moving its child to the start of the following node. |
|
68 * HTML5: WebRTC application developers can now specify a target |
|
69 in milliseconds of media for the jitter buffer to hold. |
|
70 Altering the target value allows applications to control the |
|
71 tradeoff between playout delay and the risk of running out of |
|
72 audio or video frames due to network jitter. |
|
73 * HTML5: Change array by copy provides additional methods on |
|
74 `Array.prototype` and `TypedArray.prototype` to enable |
|
75 changes on the array by returning a new copy of it with the |
|
76 change. |
|
77 * HTML5: The animation-composition property is now supported, |
|
78 allowing a declarative way to define the composite operation |
|
79 used when multiple animations affect the same property |
|
80 simultaneously. |
|
81 * HTML5: Added the URL.canParse() function to allow easy and |
|
82 fast checking if URLs are valid and parseable. |
|
83 * HTML5: IndexedDB is now also supported in private browsing |
|
84 without memory limits thanks to encrypted storage on disk. |
|
85 The temporary keys to decrypt the information are hold in RAM |
|
86 only and all stored information is purged at the normal end |
|
87 of a private browsing session from disk. |
|
88 * HTML5: Supports conditions are now supported in CSS import |
|
89 rules @import supports(...) |
|
90 * Developer: In web development, we rely on third-party |
|
91 libraries which you may not be interested in while debugging. |
|
92 These can be ignored. Ignoring them means that breakpoints |
|
93 will not get hit and they are skipped during stepping. |
|
94 You can now choose to **Hide ignore-listed sources** in the |
|
95 Developer Tools source tree |
|
96 * Developer: We have introduced a new option, |
|
97 `devtools.f12_enabled`, that can be utilized to prevent the |
|
98 accidental use of the F12 key, which opens the DevTools |
|
99 toolbox (bug). |
|
100 * Enterprise: You can find information about policy updates and |
|
101 enterprise specific bug fixes in the Firefox for Enterprise |
|
102 115 Release Notes. |
|
103 MFSA 2023-22 (bsc#1212438) |
|
104 * CVE-2023-3482 (bmo#1839464) |
|
105 Block all cookies bypass for localstorage |
|
106 * CVE-2023-37201 (bmo#1826002) |
|
107 Use-after-free in WebRTC certificate generation |
|
108 * CVE-2023-37202 (bmo#1834711) |
|
109 Potential use-after-free from compartment mismatch in SpiderMonkey |
|
110 * CVE-2023-37203 (bmo#291640) |
|
111 Drag and Drop API may provide access to local system files |
|
112 * CVE-2023-37204 (bmo#1832195) |
|
113 Fullscreen notification obscured via option element |
|
114 * CVE-2023-37205 (bmo#1704420) |
|
115 URL spoofing in address bar using RTL characters |
|
116 * CVE-2023-37206 (bmo#1813299) |
|
117 Insufficient validation of symlinks in the FileSystem API |
|
118 * CVE-2023-37207 (bmo#1816287) |
|
119 Fullscreen notification obscured |
|
120 * CVE-2023-37208 (bmo#1837675) |
|
121 Lack of warning when opening Diagcab files |
|
122 * CVE-2023-37209 (bmo#1837993) |
|
123 Use-after-free in `NotifyOnHistoryReload` |
|
124 * CVE-2023-37210 (bmo#1821886) |
|
125 Full-screen mode exit prevention |
|
126 * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, |
|
127 bmo#1836550, bmo#1837450) |
|
128 Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, |
|
129 and Thunderbird 102.13 |
|
130 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, |
|
131 bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) |
|
132 Memory safety bugs fixed in Firefox 115 |
|
133 - Requires NSS 3.90 |
|
134 - Add patches: |
|
135 mozilla-rust-disable-future-incompat.patch |
|
136 mozilla-bmo1775202.patch |
|
137 mozilla-partial-revert-1768632.patch |
|
138 - removed obsolete mozilla-buildfixes.patch |
|
139 |
|
140 ------------------------------------------------------------------- |
|
141 Tue Jun 20 19:49:51 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de> |
|
142 |
|
143 - Mozilla Firefox 114.0.2: |
|
144 * Several crash fixes |
|
145 * Web Extensions: Fixes for 114 regressions in Native Messaging |
|
146 support |
|
147 |
|
148 ------------------------------------------------------------------- |
|
149 Tue Jun 20 06:30:02 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
150 |
|
151 - do not enable LTO as it caused crashes now (boo#1212101) |
|
152 |
|
153 ------------------------------------------------------------------- |
|
154 Sat Jun 10 14:48:07 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de> |
|
155 |
|
156 - Mozilla Firefox 114.0.1 |
|
157 * Fix a startup crash (bmo#1837201, boo#1212101) |
|
158 |
|
159 ------------------------------------------------------------------- |
|
160 Fri Jun 9 11:05:47 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com> |
|
161 |
|
162 - Only install vaapitest for wayland-enabled builds, where it gets built |
|
163 - Rebase mozilla-silence-no-return-type.patch |
|
164 - Rebase s390x-patches, and remove obsolete patches: |
|
165 mozilla-bmo1005535.patch mozilla-s390x-skia-gradient.patch |
|
166 |
|
167 ------------------------------------------------------------------- |
|
168 Mon Jun 5 21:22:19 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
169 |
|
170 - Mozilla Firefox 114.0 |
|
171 MFSA 2023-20 (bsc#1211922) |
|
172 * CVE-2023-34414 (bmo#1695986) |
|
173 Click-jacking certificate exceptions through rendering lag |
|
174 * CVE-2023-34415 (bmo#1811999) |
|
175 Site-isolation bypass on sites that allow open redirects to |
|
176 data: urls |
|
177 * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875, |
|
178 bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190, |
|
179 bmo#1830206, bmo#1830795, bmo#1833339) |
|
180 Memory safety bugs fixed in Firefox 114 and Firefox ESR |
|
181 102.12 |
|
182 * CVE-2023-34417 (bmo#1746447, bmo#1820903, bmo#1832832) |
|
183 Memory safety bugs fixed in Firefox 114 |
|
184 * New: Added UI to manage the DNS over HTTPS exception list. |
|
185 (bmo#1596847) |
|
186 * New: Bookmarks can now be searched from the Bookmarks menu. |
|
187 The Bookmarks menu is accessible by adding the *Bookmarks |
|
188 menu* button to the toolbar. (bmo#1736937) |
|
189 * New: Restrict searches to your local browsing history by |
|
190 selecting *Search history* from the History, Library or |
|
191 Application menu buttons. (bmo#1736939) |
|
192 * New: Mac users can now capture video from their cameras in |
|
193 all supported native resolutions. This enables resolutions |
|
194 higher than 1280x720. (bmo#1806604) |
|
195 * New: It is now possible to reorder the extensions listed in |
|
196 the extensions panel. (bmo#1805924) |
|
197 * New: Users on macOS, Linux, and Windows 7 can now use FIDO2 / |
|
198 WebAuthn authenticators over USB. Some advanced features, |
|
199 such as fully passwordless logins, require a PIN to be set on |
|
200 the authenticator. (bmo#1814487) |
|
201 * New: Pocket Recommended content can now be seen in France, |
|
202 Italy, and Spain. (bmo#None) |
|
203 * Changed: DNS over HTTPS settings are now part of the |
|
204 *Privacy & Security* section of the *Settings* page and allow |
|
205 the user to choose from all the supported modes. |
|
206 (bmo#1610741) |
|
207 * HTML5: DOM: Added support for ES Modules on DedicatedWorker |
|
208 and SharedWorker |
|
209 * HTML5: WebTransport is now enabled by default and will be |
|
210 going to release with 114. As the original Explainer notes, |
|
211 it enables multiple use-cases that are hard or impossible to |
|
212 handle without it, especially for Gaming and live streaming. |
|
213 It covers cases that are problematic for alternative |
|
214 mechanisms, such as WebSockets. |
|
215 Built on top of HTTP3 (HTTP2 support will be coming later). |
|
216 The current implementation in Firefox is passing 505 out of |
|
217 565 Web-Platform Tests. |
|
218 * HTML5: CSS: The `infinity` and `NaN` constants are now |
|
219 supported inside the `calc()` function. (bmo#1830759) |
|
220 * Developer: The *Copy as cURL* feature, available in the |
|
221 Network panel, has been enhanced. It now supports the |
|
222 -`-compressed` argument. (bmo#1776120) |
|
223 * Developer: The Accessibility Inspector has been improved to |
|
224 accurately recognize all the ARIA roles like `banner`, |
|
225 `main`, `navigation`, and `contentinfo`, etc. This |
|
226 enhancement is particularly beneficial for web developers |
|
227 working with ARIA roles to improve web accessibility. |
|
228 (bmo#1572512) |
|
229 * Developer: Firefox now provides support for the CSS Cascading |
|
230 Level 4 `supports()` syntax for `@import` rules. This allows |
|
231 for the importation of other stylesheets based on support- |
|
232 dependency. In addition, the Inspector panel now accurately |
|
233 displays the conditions at the top of the imported rule. |
|
234 - requires NSS 3.89.1 |
|
235 |
1 ------------------------------------------------------------------- |
236 ------------------------------------------------------------------- |
2 Wed May 24 19:26:35 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de> |
237 Wed May 24 19:26:35 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de> |
3 |
238 |
4 - Mozilla Firefox 113.0.2 (boo#1211696) |
239 - Mozilla Firefox 113.0.2 (boo#1211696) |
5 * Fixed: Fixed a bug which could cause Firefox to freeze on |
240 * Fixed: Fixed a bug which could cause Firefox to freeze on |