* Support for importing payment methods saved in Chrome-based browser
* Hardware video decoding is now enabled for Intel GPUs on Linux
* The Tab Manager dropdown now features close buttons, so tabs
can be closed more quickly
* Streamlined the user interface for importing data in from other browsers
* Users without platform support for H264 video decoding can now
fallback to Cisco's OpenH264 plugin for playback.
* Undo and redo are now available in Password fields
* Changed: On Linux, middle clicks on the new tab button will
now open the xclipboard contents in the new tab. If the
xclipboard content is a URL then that URL is opened, any
other text is opened with your default search provider.
* Changed: For users with a Firefox Colorways built-in theme,
the theme will be automatically migrated to the same theme
hosted on addons.mozilla.org for Firefox profiles that have
disabled add-ons auto-updates. This will allow users to keep
their Colorways theme when they are later removed from
Firefox installer files.
* Changed: Certain Firefox users may come across a message in
the extensions panel indicating that their add-ons are not
allowed on the site currently open. We have introduced a new
back-end feature to only allow some extensions monitored by
Mozilla to run on specific websites for various reasons,
including security concerns.
* HTML5: The builtin editor now behaves similarly to other
browsers with `contenteditable` and `designMode` when
splitting a node, e.g. typing Enter to split a paragraph, and
also when joining two nodes, e.g. typing Backspace at the
start of a paragraph to join the paragraph and the previous
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1071
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
MFSA 2020-08 (bsc#1166238)
* CVE-2020-6805 (bmo#1610880)
Use-after-free when removing data about origins
* CVE-2020-6806 (bmo#1612308)
BodyStream::OnInputStreamReady was missing protections against
state confusion
* CVE-2020-6807 (bmo#1614971)
Use-after-free in cubeb during stream destruction
* CVE-2020-6808 (bmo#1247968)
URL Spoofing via javascript: URL
* CVE-2020-6809 (bmo#1420296)
Web Extensions with the all-urls permission could access local
files
* CVE-2020-6810 (bmo#1432856)
Focusing a popup while in fullscreen could have obscured the
fullscreen notification
* CVE-2020-6811 (bmo#1607742)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2019-20503 (bmo#1613765)
Out of bounds reads in sctp_load_addresses_from_init
* CVE-2020-6812 (bmo#1616661)
The names of AirPods with personally identifiable information
were exposed to websites with camera or microphone permission
* CVE-2020-6813 (bmo#1605814)
@import statements in CSS could bypass the Content Security
Policy nonce feature
* CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
* Firefox 67 will be able to run different Firefox installs side by side
https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
* Tabs can now be pinned from the Page Actions menu in the address bar
* Users can block known cryptominers and fingerprinters in the
Custom settings or their Content Blocking preferences
* The Import Data from Another Browser feature is now also available
from the File menu
* Firefox will now protect you against running older versions which
can lead to data corruption and stability issues
* Easier access to your list of saved logins from the main menu and
login autocomplete
* We’ve added a toolbar menu for your Firefox Account to provide more
transparency for when you are synced, sharing data across devices
and with Firefox. Personalize the appearance of the menu with your
own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts
* Enabled AV1 support on Linux
MFSA 2019-13
* CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736
