Winapp2.ini Posted May 22, 2019 Share Posted May 22, 2019 https://blog.nightly.mozilla.org/2019/05/22/these-weeks-in-firefox-issue-59/ These Weeks in Firefox: Issue 59 lina May 22, 2019 No responses yet Highlights Wow, what a weekend! Hopefully your add-ons are all working now. A small set of users are still reporting add-on outages. We suspect that the Master Password and Anti-virus software are interfering with the original fix for those users. We’ve released 66.0.5 to try to handle those cases. Outreachy interns for this summer have been announced Mozilla is mentoring 8 students in this round. Thank you to all the mentors and all the applicants! The Google Summer of Code students and projects have been publicly announced! Check out what folks will be working on this summer! MattN wrote a blog post summarizing the Password Manager Improvements in Firefox 67 Friends of the Firefox team Here’s a list of all resolved bugs. Fixed more than one bug Chris Frey [:nautilus] Florens Verschelde :fvsch Kestrel lloan:[lloanalas] Mohd Umar Alam [:umaralam48] Neha Tim Nguyen :ntim New contributors (🌟 = first patch) Chujun Lu fixed a bug where pressing the Enter key when putting a conditional breakpoint into the Debugger would incorrectly cause a linebreak 🌟 DILIP fixed a spelling mistake in one of our console warning messages Chris Frey [:nautilus] converted the toolbar context menu strings to Fluent, and also fixed two other Fluent-related bugs jaril fixed a glitch where sometimes the Debugger would break on an exception unexpectedly Mariana Meireles got rid of some dead code in AboutRedirector 🌟 Ananth fixed up a styling glitch in the Web Console for console.assert strings 🌟 Myeongjun Go made it so that a better error message is emitted when WebExtensions attempt to insert a bookmark folder into the root folder 🌟 Thomas made it so that we truncate very long strings in the DevTools Inspector info bar rather than let them overflow past the end of the screen 🌟 Mohd Umar Alam [:umaralam48] made it so that the Synced Tabs toggle shows an option to “Hide” in the Synced Tabs list when the sidebar is open, and fixed a glitch where the History Sidebar toggle label was missing Project Updates Activity Stream A new Contextual Feature Recommendation for Sync is coming to the bookmark Star UI "Sync your bookmarks everywhere" recommendation in the star UI A lot of improvements and fixes to the new Pocket New Tab, specifically around network failure states. Add-ons / Web Extensions Rob Wu added browser console warnings in 68 for proxy APIs that will be deprecated in 71. Mark Striemer has finished nearly everything remaining for HTML about:addons MVP for 68. Shane Caraveo added cookieStoreId to webRequest APIs and exposed the private browsing flag in proxy/webRequest details. Luca Greco added the ability to submit an abuse report on an installed extension from about:addons. Kris Maglione fixed the theme header background image caching issue for converted LWTs (since they’re all static themes now). …and everyone is reviewing like crazy to get things in 68 as planned because this weekend was “relaxing downtime” before soft code freeze. Applications Lockwise Rebranding going on this week. The team is working on polishing the extension for an initial release, and then integrating the extension into desktop Firefox. Firefox Accounts Ed and Vlad are finalizing the sign-in UX for Fenix, our next-generation Android browser 🚦 Ed landed Rust APIs for FxA device registration and New Send Tab. Grisha is working on integrating this into Android Components so that Fenix can use it 📑 Sync and Storage Mark has an RFC for a sync manager in Rust, to orchestrate syncing of multiple data types 🔄 Thom landed code to import Firefox for iOS bookmarks into the Rust bookmarks component. The next iOS release will use the bookmarks component, and offer bookmark editing! 🔖 Ed is continuing to migrate our crypto backend to NSS 🔒 Lina has been working on adding telemetry for Android and iOS 🔍, and enabled the new bookmark sync by default in Nightly and Beta 📚 Push Jonathan and JR are bringing Push for internal Mozilla consumers (New Send Tab, FxA verification) to Fenix! 📣 Browser Architecture RKV conversions have been rolled back for now while we investigate issues migrating from 32-bit to 64-bit builds. browser.html conversion ready to go, but waiting until the next cycle. Fluent cache for chrome documents ready to land. This will fix corner cases where DOM mutations might not trigger Fluent updates. Developer Tools Console Jefry Lagrange added a way to export console output to a file in bug 1517728. “Copy as Fetch” and “Use in console” have been added to the network monitor context menu in bug 1540054. When CSS warnings are displayed in the console, you can now expand them (like a console group) to reveal all the DOM nodes that this warning applies to. So it allows you to jump from a CSS warning in the console directly to the inspector. Screenshot of expanded CSS warning showing affected elements Debugger Work on DOM & Event breakpoints started Progress with captured stacks for various errors appearing in the Console panel (for web developers) or Browser Console window (for browser + addon developers). Network Local HTTP requests are marked as secure now (bug). Screenshot of `localhost` with green lock icon in Network monitor Remote Debugging DevTools shortcuts now supported in about:devtools-toolbox (bug) Favicons and user friendly titles for about:debugging and about:devtools-toolbox (bug) Screenshot of wrench and window favicons for debugging and toolbox Closable error messages (and UI cleanup) (bug) Screenshot of "connection failed" error and "connection still pending" warning with close buttons Documentation New MDN page for Logpoints Set a breakpoint page updated to show column breakpoints Fission Subframe crashing UI landed Here’s a video demonstration Enn is working on getting BrowserTabChild ported to Fission mconley is going to work on getting PermitUnload working properly with out-of-process iframes Lint l1nt, which checks for common mistakes in en-US files, and warns on ID conflicts between central/beta/release, is now enabled. Example on phabricator: https://phabricator.services.mozilla.com/D29001 autoland: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel%2Crunnable&group_state=expanded&revision=2f1af0a1f129d6af5073c1b53fd15bc5bacb50b0&selectedJob=245063123 Mobile Android Components Support for built-in WebExtensions has been added! The new Reader View feature component (in Fenix and Reference Browser) is built on top of this. Password Manager Work continues on the breakdown of integrating the new management UI, a base patch for the desktop implementation is ready to land. Minimal scope for password generation via autocomplete was defined and most bugs have been filed. Data on adoption of autocomplete=“new-password” was gathered as part of the password generation investigation. Performance New startup main-thread IO test will be enabled on non-debug Desktop builds soon! Patch to not load userContent.css in the parent process landed and bounced. After some discussion, we’ve decided to put loading userChrome.css and userContent.css behind a default-off pref This should allow us to avoid searching the disk for those files on start-up for users that don’t have those customizations, which will improve start-up performance. aswan did some detective work and found some nice places where we can improve start-up time in the AddonManager for brand new profiles dthayer is investigating compressing various things with lz4 rather than deflate Gijs has a patch underway to avoid reading chrome.manifest files when not necessary Gijs made file renaming / moving cheaper on Windows in the common case Performance tools Welcoming Raj Meghpara, our new GSoC student! He’s going to work on Instruments import support for Firefox Profiler. Network tooltips are now displayed as soon as the line is hovered. The publishing flow has been streamlined (ux issue) New look of publish panel in Firefox Profiler with inverted checkboxes More tools in the web console: List of available profiler information in the console MOZ_PROFILER_HELP env variable gives help to profile Firefox startup. Picture-in-Picture Holding to Nightly while we iterate. Please keep filing bugs against this meta bug if you notice anything strange. Thanks! Fixed Clicking on the Picture-in-Picture toggle no longer sends mouse events to content The toggle no longer appears when in fullscreen The controls (mostly) disappear after 3 seconds on the player window when not hovering Fixed strange borders showing up when switching focus between the player window and other windows Made the player window easier to resize Soon to be fixed Player buttons look strange on “tall” videos RTL support Keyboard accessibility And loads of polish! Privacy/Security To combat malicious malware sites, Paul made us disallow add-on installation prompts in full-screen. Because it went so well, we are going to extend our experiment for requiring user interaction for Notification permission prompts to Beta. Another blog post coming soon We also landed the telemetry pieces to do the announced release measurements on permission prompt usage in 67 release. This will hopefully allow us to narrow down on a set of good heuristics for automatically blocking. Prathikshalanded the first piece of her internship project to simplify and robust-ify the way about:certerror communicates with the parent process. Jonas continues to remove all the eval() usage in our chrome-privileged code. Small improvements to DNS over HTTPS UI in settings/preferences let you pick from resolvers Search and Navigation Search Looking into consequences and prevention after the add-ons certificate problem: Search Service initialization should be more robust New Baidu search code deployed as system add-on Quantum Bar Fixed 19 Bugs in the last 2 weeks Quantum Bar is enabled by default in Firefox 68 🎉🎉🎉 Still working on a few remaining bugs Designing and discussing WebExtension APIs for the first experiment Bleeding edge browsing Download Firefox Nightly winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
trium Posted June 1, 2019 Share Posted June 1, 2019 Quote Google views ad blocking as a business risk and restricts ad blocking in Chrome but with Mozilla's Firefox browser, uBlock Origin, uMatrix and Privacy Badger will continue to work. :-) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 2, 2019 Moderators Share Posted June 2, 2019 So essentially then this version of SRWare Iron I'm using is the last version then if it the dev doesn't modify/undo what Google is doing. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 9, 2019 Share Posted June 9, 2019 The new firefox branding seems to be launching winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
trium Posted June 18, 2019 Share Posted June 18, 2019 belated ff 67.0.2 ... 11. juni 2019 Fixed Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bug 1553413) Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bug 1548804) Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bug 1551282) Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bug 1556612) Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bug 1554744) Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bug 1552275) Custom home page is broken with clearing data on shutdown settings applied (bug 1554167) Performance-regression for eclipse RAP based applications (bug 1555962) macOS 10.15 crash fix (bug 1556076) Can't start two downloads in parallel via <a download> anymore (bug 1542912) Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 18, 2019 Share Posted June 18, 2019 ff v67.0.3 18. juni 2019 Fixed Security fix Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 18, 2019 Share Posted June 18, 2019 ff v60.7.1 esr 18. juni 2019 Fixed Security fix Quote A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 18, 2019 Share Posted June 18, 2019 ff.v68.0 esr is near :-) perhaps 9. july 2019 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 21, 2019 Share Posted June 21, 2019 ff v67.0.4 20. june 2019 Fixed Security fix Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted June 21, 2019 Share Posted June 21, 2019 ff v60.7.2 esr 20. june 2019 Fixed Security fix Quote CVE-2019-11708: sandbox escape using Prompt:Open Reporter Coinbase Security Impact high Description Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted June 24, 2019 Moderators Share Posted June 24, 2019 Quote Windows Background Intelligent Transfer Service (BITS) responsible for downloading Windows Updates is going to download Firefox updates in the background even when the browser is not running or closed in upcoming Firefox release. Mozilla to use BITS for Firefox 68 to update browser whereas from version 70 onwards they are going to use BITS via a dedicated “Background Update agent” to install Firefox updates. https://techdows.com/2019/06/mozilla-to-use-bits-and-a-background-update-agent-to-update-firefox-on-windows.html Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
JDPower Posted June 25, 2019 Share Posted June 25, 2019 6 hours ago, hazelnut said: https://techdows.com/2019/06/mozilla-to-use-bits-and-a-background-update-agent-to-update-firefox-on-windows.html "the agent is aimed at users on slow connections" I'm not buying that. That's an almost non-existent issue in this day and age. My cynical side thinks this will be for more than one way traffic Link to comment Share on other sites More sharing options...
Moderators Nergal Posted June 25, 2019 Moderators Share Posted June 25, 2019 6 minutes ago, JDPower said: "the agent is aimed at users on slow connections" I'm not buying that. That's an almost non-existent issue in this day and age. My cynical side thinks this will be for more than one way traffic Obviously you've never been in rural america where even broadband speeds are as slow as a 1990s' modem ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
JDPower Posted June 25, 2019 Share Posted June 25, 2019 17 minutes ago, Nergal said: Obviously you've never been in rural america where even broadband speeds are as slow as a 1990s' modem It's not exactly a rising issue that needs addressing. It's a bit like making the entire planet take vitamin C tablets cos there are still some people that get scurvy. And those people in rural America have presumably coped perfectly well updating their browser for the last 20 years. Just doesn't add up to cynical old me Link to comment Share on other sites More sharing options...
Winapp2.ini Posted July 3, 2019 Share Posted July 3, 2019 Enabling BITS on nightly for me results in the update downloading only after pages have loaded winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
trium Posted July 9, 2019 Share Posted July 9, 2019 ff v68.0 09. july 2019 New Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars. Improved extension security and discovery: New reporting feature in about:addons allows you to report security and performance issues with extensions and themes. Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension. Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time. Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences. WebRender will roll out to Windows 10 users with AMD graphics cards. Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed. Fixed Various security fixes Local files can no longer access other files in the same directory. Changed Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization. The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version. When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it Camera and microphone access now require an HTTPS connection. The way non-default preferences are synced has changed. Please see this support article for more details Enterprise For all operating systems, we have a number of additional policies including: New tab page configuration and disabling Local file links Download behavior Search suggestions Managed storage for using policies in Webextensions Extension whitelisting and blacklisting by ID and website A subset of commonly used Firefox preferences You can see a full list of policies here. Developer Developer Information Firefox Developer Tools now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks. Added about:compat, where website-specific workarounds are listed and may be toggled. These workarounds are meant as temporary fixes for various forms of website breakage for Firefox, while the website fixes them in due time. With about:compat, it is now easy to see all of the workarounds that are active in Firefox, and easy for website developers to disable a given workaround for testing purposes. Introduces CSS Scroll Snap module that enforces scroll snap positions. unresolved The new URL bar implementation does not handle javascript: bookmarklets triggered via bookmark keywords correctly yet (bug 1552141) Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 9, 2019 Share Posted July 9, 2019 ff v60.8.0 esr 09. july 2019 Fixed Various security fixes Security vulnerabilities fixed in Firefox ESR 60.8 Announced July 9, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 60.8 #CVE-2019-9811: Sandbox escape via installation of malicious language pack Reporter Niklas Baumstark Impact high Description As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. References Bug 1538007 Bug 1539598 Bug 1563327 #CVE-2019-11711: Script injection within domain through inner window reuse Reporter Boris Zbarsky Impact high Description When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. References Bug 1552541 #CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects Reporter Gregory Smiley of Security Compass Impact high Description POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. References Bug 1543804 #CVE-2019-11713: Use-after-free with HTTP/2 cached stream Reporter Hanno Böck Impact high Description A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. References Bug 1528481 #CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Reporter Jonas Allmann Impact moderate Description Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. References Bug 1515342 #CVE-2019-11715: HTML parsing error can contribute to content XSS Reporter Linus Särud Impact moderate Description Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. References Bug 1555523 #CVE-2019-11717: Caret character improperly escaped in origins Reporter Tyson Smith Impact moderate Description A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. References Bug 1548306 #CVE-2019-11719: Out-of-bounds read when importing curve25519 private key Reporter Henry Corrigan-Gibbs Impact moderate Description When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. References Bug 1540541 #CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin Reporter Luigi Gubello Impact moderate Description A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. Luigi Gubello demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. References Bug 1558299 #CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 Reporter Mozilla developers and community Impact critical Description Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 9, 2019 Share Posted July 9, 2019 ff v68.0 esr 09. july 2019 New A number of features improve the browser experience in enterprise settings. MSI installer file type is included in this release, helping make deployments in the Windows environment easier and more flexible. Configuration profiles in macOS The ability to read added certificates roots from the macOS Keychain For all operating systems, we have a number of additional policies including: New tab page configuration and disabling Local file links Download behavior Search suggestions Managed storage for using policies in Webextensions Extension configuration (allow/deny) by ID and website A subset of commonly used Firefox preferences You can see a full list of policies here. User and enterprise added certificates are read from the operating system by default. Fixed Local files can no longer access other files in the same directory. Changed Added support for the event property on the Window object to improve web compatibility for enterprises. Developer Developer Information unresolved Windows Background Intelligent Transfer Service (BITS) update download for proxy users with authentication will fall back to legacy update system on Windows (bug 1561200) Service workers and push notifications remain disabled in Firefox ESR Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Moderators nukecad Posted July 22, 2019 Moderators Share Posted July 22, 2019 I jupdated to 68.0.1 and the contrast changed; all the screen colours in the Firefox browser now look 'washed out'. Has anybody else been affected in this way? EDIT. Looks as if it may not have been FFx that caused this. I had installed some CAD software yesterday, reverting back to the restore point from that installation seems to have cleared the issue. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
trium Posted July 22, 2019 Share Posted July 22, 2019 ff v68.0.1 18. july 2019 New macOS releases are now signed by the Apple notary service, allowing Firefox to properly run on macOS 10.15 Beta releases Fixed Fixed missing Full Screen button when watching videos in full screen mode on HBO GO (bug 1562837) Fixed a bug causing incorrect messages to appear for some locales when sites try to request the use of the Storage Access API (bug 1558503) Users in Russian regions may have their default search engine changed (bug 1565315) Built-in search engines in some locales do not function correctly (bug 1565779) Developer Developer Information ______________________________________________________________________________________________________________________________________________________________ belated ff v68.0.2 14. aug 2019 Fixed Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228) Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942) Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105) Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542) Fixed an error when starting external applications configured as URI handlers (bug 1567614) Security fixes Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted July 22, 2019 Share Posted July 22, 2019 ff v68.0.1 esr 18. july 2019 the same as ff v68.0.1 and Enterprise Enterprise Policy improvements: SupportMenu policy doesn't always work (bug 1553290) Allow the new ExtensionSettings policy to work with GPO on Windows (bug 1553586) Allow the privacy.file_unique_origin pref to be controlled by policy (bug 1563759) Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 3, 2019 Share Posted September 3, 2019 ff v69.0 03. sept 2019 Quote As of today, Enhanced Tracking Protection will be turned on by default, strengthening the security and privacy for all of our users around the world. New Enhanced Tracking Protection (ETP) rolls out stronger privacy protections: The default standard setting for this feature now blocks third-party tracking cookies and cryptominers. The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting. The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound. For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content. Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web. Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. For our users on Windows 10, you’ll see performance and UI improvements: Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback). For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar. For our users on macOS, battery life and download UI are both improved: macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life. Finder on macOS now displays download progress for files being downloaded. JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler. Fixed Various security fixes Changed As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website. With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps. Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability. Enterprise For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments. Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 3, 2019 Share Posted September 3, 2019 ff v60.9.0 esr 03. sept 2019 Fixed Various security fixes Developer Developer Information Quote Security vulnerabilities fixed in Firefox ESR 60.9 Announced September 3, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 60.9 #CVE-2019-11746: Use-after-free while manipulating video Reporter Nils Impact high Description A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. References Bug 1564449 #CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML Reporter Rakesh Mane Impact high Description Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. References Bug 1562033 #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images Reporter Paul Stone Impact high Description A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. References Bug 1559715 #CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location Reporter Holger Fuhrmannek Impact high Description The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally.Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. References Bug 1574980 #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB Reporter Zhanjia Song Impact high Description It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. References Bug 1501152 #CVE-2019-9812: Sandbox escape through Firefox Sync Reporter Niklas Baumstark via TrendMicro's Zero Day Initiative Impact high Description Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. References Bug 1538008 Bug 1538015 #CVE-2019-11743: Cross-origin access to unload event attributes Reporter Yoav Weiss Impact moderate Description Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. References Bug 1560495 Navigation-Timing Level 2 specification #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 Reporter Mozilla developers and community Impact high Description Mozilla developers and community members Tyson Smith and Nathan Froyd reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 3, 2019 Share Posted September 3, 2019 and ff v68.1.0 esr 03. sept. 2019 Fixed Various security fixes Various stability and functionality fixes Developer Developer Information Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
trium Posted September 3, 2019 Share Posted September 3, 2019 Operating Systems (32-bit and 64-bit) Windows 7 Windows 8 Windows 10 Recommended Hardware Pentium 4 or newer processor that supports SSE2 512MB of RAM / 2GB of RAM for the 64-bit version <--- 200MB of hard drive space Versions of CCleaner Cloud; Introduction Ccleaner Cloud; Ccleaner-->System-Requirements; Ccleaner FAQ´s; Ccleaner builds; Scheduling Ccleaner Free Es ist möglich, keine Fehler zu machen und dennoch zu verlieren. Das ist kein Zeichen von Schwäche. Das ist das Leben -> "Picard" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now