------------------------------------------------------------------- Wed Jul 31 11:59:32 UTC 2024 - Martin Sirringhaus - Firefox Extended Support Release 128.1.0 ESR * Fixed: Various security fixes and other quality improvements. MFSA 2024-35 (bsc#1228648) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7531 (bmo#1905691) PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines ------------------------------------------------------------------- Wed Jul 10 13:00:49 UTC 2024 - Martin Sirringhaus - Firefox Extended Support Release 128.0esr ESR * ### General * Windows 7-8.1 and macOS 10.12-10.14 are no longer supported operating systems. * Firefox now supports automated translation of web content. Also, unlike cloud-based alternatives, translation is done locally so that the text being translated never leaves the machine. * The line breaking rules of web content now match the Unicode standard, improving cross-browser compatibility. Additionally, for East Asian and South East Asian end users, Firefox now supports proper language-aware word selection when double-clicking on text for languages including Chinese, Japanese, Burmese, Lao, Khmer, and Thai. * Video effects and background blur are now available to Firefox users on Google Meet. Firefox now displays images and descriptions for search suggestions when provided by the search engine. * It is now possible to copy and paste any file from the operating system into Firefox. * Having any issues with a website on Firefox, yet the site seems to be working as expected on another browser? You can now let us know via the Web Compatibility Reporting Tool! By filing a web compatibility issue, you’re directly helping us detect, target, and fix the most impacted sites to make your browsing experience on Firefox smoother. * Firefox now prompts users in the US and Canada to save their addresses upon submitting an address form, allowing Firefox to autofill stored address information in the future. * Support for credit card autofill has been extended to users running Firefox in the IT, ES, AT, BE, and PL locales. * Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows. * When migrating data from Chrome, Firefox now offers the ability to import certain extensions as well. * The Screenshots feature in Firefox has been updated. It now supports taking screenshots of file types like SVG, XML, and more as well as various about: pages within Firefox. The screenshot tool was also made more accessible to everyone by implementing new keyboard shortcuts and adding theme compatibility and High Contrast Mode (HCM) support. And finally, performance for capturing large screenshots has been improved. * ### PDF Viewer * The Firefox PDF viewer has expanded PDF editing capabilities: * Text highlighting is now supported. * Editing already-existing text annotations is now supported. * Images and alt text can be added in addition to text and drawings. * A floating button is now included to simplify deleting drawings, text, and images added in PDFs. * Caret browsing mode now also works in the PDF viewer. (Learn more) * ### Firefox View * Firefox View includes more content. You can now see all open tabs from all windows. If you sync open tabs, you’ll see all tabs from other devices. Browsing history is now listed and you can sort by date or by site. As before, recently closed tabs are also listed on Firefox View. To access Firefox View, select the file folder icon at the top left of your tab strip. * We’ve integrated search into Firefox View. You can now search through all of the tabs on each of the section subpages - Recent Browsing, Open Tabs, Recently Closed Tabs, Tabs from other devices, or History. * In Firefox View, open tabs can now be sorted by either recent activity or tab order. Recent activity is the default setting. * Firefox View now displays pinned tabs in the Open tabs section. Tab indicators have also been added to Open tabs, so users can do things like see which tabs are playing media and quickly mute or unmute across windows. Indicators were also added for bookmarks, tabs with notifications, and more! * It is now possible to close all duplicate tabs in a window with the `Close duplicate tabs` command available from the `List all tabs` widget in the tab bar or a tab context menu. * ### Security & Privacy * For added protection on macOS and Windows, a device sign in (e.g. operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page. * Firefox now supports creating and using passkeys stored in the iCloud Keychain on macOS. * Firefox now imports user-added TLS trust anchors (e.g., certificates) from the operating system root store. This will be enabled by default on Windows, macOS, and Android, and if needed, can be turned off in settings (Settings → Privacy & Security → Certificates). * The Storage Access API web standard was updated to improve security while mitigating website breakages and further enabling the phase out of third-party cookies in Firefox. * Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled. * Firefox supports a new “Copy Link Without Site Tracking” feature in the context menu which ensures that copied links no longer contain tracking information. * Firefox now supports a setting (in Preferences → Privacy & Security) to enable Global Privacy Control. With this opt-in feature, Firefox informs the websites that the user doesn’t want their data to be shared or sold. This feature is enabled in private browsing mode by default. * Firefox now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy. * ### Anti-Fingerprinting * Web Audio in Firefox now uses the FDLIBM math library on all systems to improve anonymity with Fingerprint Protection. * As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual. * To mitigate font fingerprinting, the visibility of fonts to websites has been restricted to system fonts and language pack fonts when in Private Browsing Mode or with Enhanced Tracking Protection set to strict mode. * Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection. * To reduce user fingerprinting information and the risk of some website compatibility issues, the CPU architecture for 32-bit x86 Linux will now be reported as x86_64 in Firefox's User-Agent string and `navigator.platform` and `navigator.oscpu` Web APIs. * ### Windows * Firefox can now be set to automatically launch whenever the computer starts up. (Learn more) * The background updater now updates properly when there are multiple user accounts on a system. * Firefox now populates the Windows taskbar jump list more efficiently, which should allow for a smoother overall browsing experience. * ### macOS * Firefox now supports Voice Control commands on macOS systems. * Links and other focusable elements are now tab-navigable by default on macOS, instead of following macOS' "Keyboard navigation" setting. This is a more accessible default and matches the default in all other platforms. A checkbox in the settings page still allows users to restore the old behavior. * Firefox on Mac now uses the macOS fullscreen API for all types of fullscreen windows. This should better match the expected macOS user experience for fullscreen spaces, menubar and the Dock. * ### Linux * Firefox now defaults to the Wayland compositor when available instead of XWayland. This brings support for touchpad & touchscreen gestures, swipe-to-nav, per-monitor DPI settings, better graphics performance, and more. * Firefox now ships with a new .deb package for Linux users on Ubuntu, Debian, and Linux Mint. * ### Video Playback * Enabled AV1 hardware decode acceleration on macOS for M3 Macs. * Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers. * NVIDIA RTX Video Super Resolution (“VSR”) is now available in Firefox. RTX VSR enhances and sharpens lower resolution video when upscaled to higher resolutions and also removes blocky artifacts commonly visible on low bitrate streamed video. VSR requires at least a 20-series or higher NVIDIA RTX GPU, Microsoft Windows 10/11 64-bit, and NVIDIA driver version R530 or higher. The feature can be enabled in the NVIDIA control panel. * NVIDIA RTX Video HDR is now available in Firefox. RTX Video HDR automatically converts SDR video to vibrant HDR10 in real time, letting you enjoy video with improved clarity on your HDR10 panel. It requires at least a 20-series NVIDIA RTX GPU, Microsoft Windows 10/11 64-bit, and NVIDIA driver version 550 or higher. The feature can be enabled in the NVIDIA control panel. * Developer: * Firefox now supports DNS prefetching for HTTPS documents via the `rel="dns-prefetch"` link hint. This standard allows web developers to specify domain names for important assets that should be resolved preemptively. * Firefox will now automatically try to upgrade ,