-
Posts
2,544 -
Joined
-
Last visited
Posts posted by trium
-
-
ff v82.0.1
27. october 2020
Fixed
-
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
-
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
-
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
-
Fixed handling of the
WebDriver:ClickElement
command in the marionette testing framework (bug 1666755) -
Stability fix (bug 1660539)
-
-
a nice romantic song (from 1990)
stefan waggershausen - viktor lazslo -> das erste mal tats noch weh
-
e nomine - vater unser (mellow-d remix) i mean from 2005
E Nomine - Vater unser, Part II (Mellow-D Remix)
-
-
-
ublock v1.30.4
gorhill released this
Oct 12, 2020
Closed as fixed:
- Prevent set-constant properties from being overtaken [regression]
- Update urlhaus-filter URL
- Update for twitch.tv (pull request by @pixeltris)
-
ublock v1.30.2
gorhill released this
Oct 7, 2020
Summary
A regression in the element picker caused it to generate needlessly long cosmetic filter. The issue was reported at /r/uBlockOrigin
Fixed:
-
ff v78.4.0 esr
20. october 2020
Fixed
-
Various stability, functionality, and security fixes
QuoteSecurity Vulnerabilities fixed in Firefox ESR 78.4
- Announced October 20, 2020
- Impact high
- Products Firefox ESR
- Fixed in
-
- Firefox ESR 78.4
#CVE-2020-15969: Use-after-free in usersctp
- Reporter Mark Wodrich of Google
- Impact high
Description
A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash.
References
#CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
- Reporter Mozilla developers and community
- Impact high
Description
Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
-
-
ff v82.0
20. october 2020
New
-
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
- the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
- Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
- For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
-
Firefox is faster than ever with improved performance on both page loads and start up time:
- Websites that use flexbox-based layouts load 20% faster than before;
- Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
- For Windows users, opening new windows got quicker by 10%.
-
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
-
WebRender continues to roll out to more Firefox users on Windows.
Fixed
-
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
-
Various security fixes
Changed
-
Credit card auto-fill is now more accessible with the card type, and the card number in the card editor now available to screen readers.
-
Printing dialog errors for invalid form entries are now reported to screen readers.
Developer
-
MediaSession API has been enabled by default which allows web authors to provide custom behaviors for standard media playback interactions, giving them more options than ever.
-
DevTools now shows server side events in the Network panel. This allows a server to send new data to a web page at any time allowing developers to see events they previously couldn't and help with lower-level troubleshooting.
-
-
Quote
The block is no longer happening. (The licence for the old address has been renewed).
it looks like its not renewed https://forum.piriform.com/
ff + ms chrome edge + palemoon + iron blocking the redirection. it works with exception-rules
-
since 12. october show me ff the following redirection mistake...
Quoteforum.piriform.com verwendet ein ungültiges Sicherheitszertifikat. Das Zertifikat ist am Montag, 12. Oktober 2020 14:00 abgelaufen. Die aktuelle Zeit ist Samstag, 17. Oktober 2020 22:37.
Fehlercode: SEC_ERROR_EXPIRED_CERTIFICATE
Quoteforum.piriform.com is using an invalid security certificate. The certificate expired on Monday, October 12, 2020 14:00.
would this be renewed or not for this older forumslink?
-
ff v81.0.2
13. october 2020
Fixed
-
Fixed an incompatibility with Twitter.com manifesting itself with the intermittent display of a network protocol violation error page
-
-
ff v78.3.1 esr
01. october 2020
Fixed
-
Fixed legacy preferences not being properly applied when set via GPO (bug 1666836)
-
-
ff v81.0.1
01. october 2020
Fixed
-
Fixed missing content on Blackboard course listings (bug 1665447)
-
Resolved incorrect scaling of Flash content on HiDPI macOS systems (bug 1667267)
-
Fixes for various printing issues (bug 1667342, bug 1667510, bug 1667723)
-
Fixed legacy preferences not being properly applied when set via GPO (bug 1666836)
-
Fixed Picture-in-Picture controls being visible on audio-only page elements (bug 1666775)
-
Fixed high memory growth with addons such as Disconnect installed, causing browser responsiveness issues over time (bug 1658571)
-
Various stability improvements (bug 1661485, bug 1664542, bug 1664843)
-
-
with defraggler...
try the "file list" -defragmentation - relatively fast with good fragmentation-result
-
firefox legacy v1.16.4.25
gorhill released this on
22 Aug
Change
-
Backport several improvements and fixes from the upstream (thanks to @hawkeye116477)
-
Allow
:upward()
operator to selecthtml
element -
Fix broken
:spath
operators starting with>
- Better parsing of hosts file system addresses
- Add ability to control auto-commenting at filter creation time
- Use ISO8061 dates in filter comments
-
Fix
xmlhttprequest
redirection -
Fix
badfilter
exception on CSP filters
-
Allow
- Use "Trusted sites" instead of "Whitelist"
- Change the way zapper and picker work on CSP protected sites (requires bug #1415352, see #254)
Note: The release notes are created/maintained by @JustOff.
-
Backport several improvements and fixes from the upstream (thanks to @hawkeye116477)
-
ublock v1.30.0
gorhill released this
4 days ago
Summary
Important: The compile format of filter lists has changed, and this means upon update uBO will have to recompile all filter lists, so this may cause a longer delay at launch the first time uBO is launched after being updated. This is a one time event.
The cloud storage feature has been improved in a number of ways:
- Better reporting of error conditions in the user interface;
- User interface widget to report storage used/total/max;
- Support for compressing cloud storage data.
Improved "My rules" user interface:
- Ability to sort rules by type, source, or destination;
- Ability to show changes only.
Added support to chain
:style(...)
operator to procedural operators.The element picker has been refactored to fix long standing issues (including some not reported in the issue tracker). The Ctrl key is no longer used to control the specificity of a candidate filter, and new widgets have been introduced for the purpose of more easily tuning the depth and specificity.
The click-to-subscribe feature has been reworked and is now allowed only on a select number of domains, currently: https://easylist.to/, https://fanboy.co.nz/, https://filterlists.com/, https://forums.lanik.us/, https://github.com/, https://github.io/.
The concept of "bad list" has been introduced, to prevent users from unwittingly end up using what are deemed "bad lists" by the uBO team. Some "bad lists" will be completely ignored and importing them will be forbidden by uBO. This restriction can be bypassed by users by simply appending a dummy query parameter to the URL of the list.
Closed as fixed:
Firefox for Android
Core
-
Improper support of IPv6 addresses in static filter
domain=
option -
has()
not work on<html>
- Cosmetic filters interfere with element picker visuals
- Picker gets deformed when a cosmetic filter is added
- Add Support for AdGuard special case pre-processor directives
- Sort dynamic filter list by destination / host components
- Better parsing of hosts file system addresses
- Can't control specificity in element picker with Firefox for Android
- Subscriber script needs to be improved
-
Add ability to view changes only in
My Rules
- Combining procedural selector :has() and :style()
- Add visual hint for last selected entry in element picker
- Prevent malicious pages from tampering with element picker
Notable commits with no entry in issue tracker:
- Prevent spurious instantiation of procedural filterer
-
Add
abort-on-stack-trace
scriptlet- Related discussion: AdguardTeam/Scriptlets#82
- Fix ability to overwrite overquota'ed cloud storage
- Add support for blocklist of filter lists
- Use modern popup panel in logger
- Add support for cloud storage compression
- Add widget to convey the amount of sync storage in use
- Fix cloud storage errors not reported in user interface
-
ff v78.3.0 esr
22. sept. 2020
Fixed
-
Various stability, functionality, and security fixes
QuoteSecurity Vulnerabilities fixed in Firefox ESR 78.3
- Announced September 22, 2020
- Impact moderate
- Products Firefox ESR
- Fixed in
-
- Firefox ESR 78.3
#CVE-2020-15677: Download origin spoofing via redirect
- Reporter Richard Thomas and Tom Chothia of University of Birmingham
- Impact moderate
Description
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from.
References
#CVE-2020-15676: XSS when pasting attacker-controlled data into a contenteditable element
- Reporter Daniel Fröjdendahl
- Impact moderate
Description
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.
References
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
- Reporter Lukas Bernhard
- Impact moderate
Description
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function
APZCTreeManager::ComputeClippedCompositionBounds
did not follow iterator invalidation rules.References
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
- Reporter Jason Kratzer
- Impact high
Description
Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
-
-
ff v78.2.0 esr
25. august 2020
Fixed
-
Various stability, functionality, and security fixes
QuoteSecurity Vulnerabilities fixed in Firefox ESR 78.2
- Announced August 25, 2020
- Impact high
- Products Firefox ESR
- Fixed in
-
- Firefox ESR 78.2
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
- Reporter Xiaoyin Liu
- Impact high
Description
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges.
Note: This issue only affected Windows operating systems. Other operating systems are unaffected.References
#CVE-2020-15664: Attacker-induced prompt for extension installation
- Reporter Kaizer Soze
- Impact high
Description
By holding a reference to the
eval()
function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed.References
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- Reporter Mozilla developers and community
- Impact high
Description
Mozilla developers Jason Kratzer, Christian Holler, and Byron Campen reported memory safety bugs present in Firefox 79 and Firefox ESR 78.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
-
-
ff v78.1.0 esr
28. july 2020
Fixed
-
Various stability, functionality, and security fixes
QuoteSecurity Vulnerabilities fixed in Firefox ESR 78.1
- Announced July 28, 2020
- Impact high
- Products Firefox ESR
- Fixed in
-
- Firefox ESR 78.1
#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
- Reporter Mikhail Oblozhikhin
- Impact high
Description
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.
References
#CVE-2020-6514: WebRTC data channel leaks internal address to peer
- Reporter Natalie Silvanovich of Google Project Zero
- Impact high
Description
WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR.
References
#CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
- Reporter Rob Wu
- Impact high
Description
Mozilla Developer Rob Wu discovered that a redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information.
References
#CVE-2020-15653: Bypassing iframe sandbox when allowing popups
- Reporter Anne van Kesteren
- Impact moderate
Description
Mozilla developer Anne van Kesteren discovered that
<iframe sandbox>
with theallow-popups
flag could be bypassed when usingnoopener
links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content.References
#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
- Reporter Reported by Pawel Wylecial of REDTEAM.PL
- Impact moderate
Description
Crafted media files could lead to a race in texture caches, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
References
#CVE-2020-15656: Type confusion for special arguments in IonMonkey
- Reporter Carl Smith, working with Google Project Zero
- Impact moderate
Description
JIT optimizations involving the Javascript
arguments
object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity.References
#CVE-2020-15658: Overriding file type when saving to disk
- Reporter belden
- Impact low
Description
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog.
References
#CVE-2020-15657: DLL hijacking due to incorrect loading path
- Reporter Steve Nyan Lin
- Impact low
Description
Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory.
Note: This issue only affected Windows operating systems. Other operating systems are unaffected.References
#CVE-2020-15654: Custom cursor can overlay user interface
- Reporter SophosLabs Offensive Security team
- Impact low
Description
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.
References
#CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
- Reporter Mozilla developers and community
- Impact high
Description
Mozilla developers and community members Natalia Csoregi, Simon Giesecke, Jason Kratzer, Christian Holler, and Luke Wagner reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
-
-
ff v81.0
22. sept. 2020
New
-
You can pause and play audio or video in Firefox right from your keyboard or headset, giving you easy access to control your media when in another Firefox tab, another program, or even when your computer is locked.
-
In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences.
-
For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. To ensure the smoothest experience, this will be rolling out to users gradually.
-
Firefox supports AcroForm, which will soon allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.
-
Our users in Austria, Belgium and Switzerland using the German version of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. In addition to Firefox’s new tab, Pocket is also available as an app on iOS and Android.
Fixed
-
Various security fixes.
-
We’ve fixed a bug for users of language packs where the default language was reset to English after Firefox updates.
-
Browser native HTML5 audio/video controls received several important accessibility fixes:
- Audio/video controls remain accessible to screen readers even when they are temporarily hidden visually.
- Audio/video elapsed and total time are now accessible to screen readers where they weren't previously.
- Various unlabelled controls are now labelled making them identifiable to screen readers.
- Screen readers no longer intrusively report progress information unless the user requests it.
Changed
-
You will soon find Picture-in-Picture more easily on all the videos you watch with new iconography.
-
The bookmarks toolbar is now automatically revealed once bookmarks are imported into Firefox, making it easier to find your most important websites.
-
We have expanded our supported file types - .xml, .svg, and .webp - so files you’ve downloaded can be opened right in Firefox.
Enterprise
-
Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 81 Release Notes.
Developer
-
TypeScript files are now properly identified in the Debugger panel and labeled with corresponding icons making it easier for you to find these files in the list.
-
HTTP JSON responses using XSSI prevention characters are properly parsed and JSON data presented in a form of an expandable tree. This allows easy inspection of such HTTP responses through traditional (expandable) tree UI.
-
It’s possible to pause on script first statement, which is useful e.g. in cases where developers want to debug side effects caused by script execution or timers.
-
The color vision deficiency simulation in the accessibility panel of Developer Tools is now more accurate. We removed protanomaly, deuteranomaly and tritanomaly and added achromatopsia.
-
-
are there no updates from microsoft via the update channel?
my c++ 2015 x64 = 14.0.24212 from 09.05.2018
my c++ 2015 x86 = 14.0.24210 from 03.01.2017
-
i mean you should backup your important files.
i dont think you can get back the good status of this hdd.
look at point 5 - reallocated sectors count...
-
ff v80.0.1
01. sept 2020
Fixed
-
Fixed a performance regression when encountering new intermediate CA certificates (bug 1661543)
-
Fixed crashes possibly related to GPU resets (bug 1627616)
-
Fixed rendering on some sites using WebGL (bug 1659225)
-
Fixed the zoom-in keyboard shortcut on Japanese language builds (bug 1661895)
-
Fixed download issues related to extensions and cookies (bug 1655190)
-
The Firefox/Mozilla Thread
in Software
Posted
ff v82.0.2
28. october 2020
Fixed
Fixed duplication of WebSocket messages in certain cases (bug 1673340)