Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#12242 closed enhancement (fixed)


Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:


Release is nominally Tuesday (which it now is, in my TZ), but the source has been there for a few hours.

Apart from needing a newer rust, changes to shipped versions include harfbuzz-2.4.0, icu-64.2 (although it still only seems to test for >= 63.1 in the system version when I looked), libpng-1.6.37, nss-3.44.1, sqlite-3.28.0. In external deps, cbindgen needs to be >= 0.8.7.

The options to enable|disable gconf have been removed.

Until the Release Notes appear, no idea what mozilla regard as the significant changes, nor if there are any new CVE fixes.

Change History (4)

comment:1 by ken@…, 4 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 4 years ago

From the Release Notes: (comments in parenthesis are min)

This is also the start of the next Extended Support Release (esr)

Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.

Improved extension security and discovery:

New reporting feature in about:addons allows you to report security and performance issues with extensions and themes. Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension. Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.

Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.

WebRender will roll out to Windows 10 users with AMD graphics cards.

Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.


Various security fixes (At the moment, the latest details there are for 67.0.4, but that might get updated later)

Local files can no longer access other files in the same directory. (There is a report today at The Register saying a poc worked on 67.0.4, and that mozilla responded that a patch would be supplied in a few days. This was not initially fixed because it *might* break local html documentation.)

comment:3 by ken@…, 4 years ago

Resolution: fixed
Status: assignedclosed

comment:4 by ken@…, 4 years ago

Priority: normalhigh

And lo, a list of vulnerabilities did appear.

Various CVEs rated as moderate - I think the moderate vulnerabilities include the item mentioned above, but there are also high risk and critical fixes.

Note: See TracTickets for help on using tickets.