Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaFirefox

Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 740) 
- Mozilla Firefox 112.0
  * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
  MFSA 2023-13 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
    bmo#1821906, bmo#1822298, bmo#1822305)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
    Data Races in font initialization code
  * CVE-2023-29538 (bmo#1685403)
    Directory information could have been leaked to WebExtensions
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29540 (bmo#1790542)
    Iframe sandbox bypass using redirects and sourceMappingUrls
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 739)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 738)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 737)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 736)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 735)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 734)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 733)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 732)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 731)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 730)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 729) 
- Mozilla Firefox 111.0.1 (boo#1209688)
  * Fixed a crash on macOS while pinch-zooming under some circumstances
    (bmo#1658986)
  * Fixed a bug causing Firefox to freeze on startup for some
    Windows users (bmo#1823159)
- fix build on Tumbleweed (mozilla-bmo1807652.patch)
- exclude i586/i686 once again because it fails to link libxul due
  to its size
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 728)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 727) 
- Mozilla Firefox 111.0
  * https://www.mozilla.org/en-US/firefox/111.0/releasenotes
  MFSA 2023-09 (bsc#1209173)
  * CVE-2023-28159 (bmo#1783561)
    Fullscreen Notification could have been hidden by download
    popups on Android
  * CVE-2023-25748 (bmo#1798798)
    Fullscreen Notification could have been hidden by window
    prompts on Android
  * CVE-2023-25749 (bmo#1810705)
    Firefox for Android may have opened third-party apps without
    a prompt
  * CVE-2023-25750 (bmo#1814733)
    Potential ServiceWorker cache leak during private browsing mode
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28160 (bmo#1802385)
    Redirect to Web Extension files may have leaked local path
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28161 (bmo#1811181)
    One-time permissions granted to a local file were extended to
    other local files loaded in the same tab
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 726) 
- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.

- Limit memory use on riscv64

- Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)

- Mozilla Firefox 110.0.1 (boo#1208886)
  * Fixed clearing recent cookies clears all cookies
    (bmo#1816279)
  * Fixed WebGL crashes on Linux when ran inside a VMWare virtual
    machine (bmo#1807942)
  * Fixed a bug with CSP serialization causing bugs with the MitID
    Digital ID in Denmark (bmo#1819096)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 725) 
- Mozilla Firefox 110.0
  * https://www.mozilla.org/en-US/firefox/110.0/releasenotes
  MFSA 2023-05 (bsc#1208144)
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-25743 (bmo#1800203)
    Fullscreen notification not shown in Firefox Focus
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Firefox with some
    device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25740 (bmo#1812354)
    Opening local .scf files could cause unexpected network loads
  * CVE-2023-25731 (bmo#1801542)
    Prototype pollution when rendering URLPreview
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 724) 
- Mozilla Firefox 109.0
  MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 723)
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 722) 
- add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)

- Mozilla Firefox 108.0.1 (boo#1206507)
  * Fixes the default search engine being reset on upgrade for
    profiles which were previously copied from a different location
Sergey Kondakov's avatar Sergey Kondakov (X0F) committed (revision 721)
Displaying revisions 41 - 60 of 780
openSUSE Build Service is sponsored by
Places