Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 1156327
from
Wolfgang Rosenauer (wrosenauer)
(revision 422)
Ana Guerrero (anag+factory)
accepted
request 1150527
from
Wolfgang Rosenauer (wrosenauer)
(revision 421)
- Mozilla Firefox 123.0 https://www.mozilla.org/en-US/firefox/123.0/releasenotes/ MFSA 2024-05 (bsc#1220048) * CVE-2024-1546 (bmo#1843752) Out-of-bounds memory read in networking channels * CVE-2024-1547 (bmo#1877879) Alert dialog could have been spoofed on another site * CVE-2024-1554 (bmo#1816390) fetch could be used to effect cache poisoning * CVE-2024-1548 (bmo#1832627) Fullscreen Notification could have been hidden by select element * CVE-2024-1549 (bmo#1833814) Custom cursor could obscure the permission dialog * CVE-2024-1550 (bmo#1860065) Mouse cursor re-positioned unexpectedly could have led to unintended permission grants * CVE-2024-1551 (bmo#1864385) Multipart HTTP Responses would accept the Set-Cookie header in response parts * CVE-2024-1555 (bmo#1873223) SameSite cookies were not properly respected when opening a website from an external browser * CVE-2024-1556 (bmo#1870414) Invalid memory access in the built-in profiler * CVE-2024-1552 (bmo#1874502) Incorrect code generation on 32-bit ARM devices * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296, bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080, bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211, bmo#1878286)
Ana Guerrero (anag+factory)
accepted
request 1146565
from
Wolfgang Rosenauer (wrosenauer)
(revision 420)
Ana Guerrero (anag+factory)
accepted
request 1143092
from
Wolfgang Rosenauer (wrosenauer)
(revision 419)
Ana Guerrero (anag+factory)
accepted
request 1142680
from
Wolfgang Rosenauer (wrosenauer)
(revision 418)
Ana Guerrero (anag+factory)
accepted
request 1141490
from
Wolfgang Rosenauer (wrosenauer)
(revision 417)
- Mozilla Firefox 122.0 https://www.mozilla.org/en-US/firefox/122.0/releasenotes/ MFSA 2024-01 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605)
Ana Guerrero (anag+factory)
accepted
request 1138351
from
Wolfgang Rosenauer (wrosenauer)
(revision 416)
Ana Guerrero (anag+factory)
accepted
request 1134603
from
Wolfgang Rosenauer (wrosenauer)
(revision 415)
- Mozilla Firefox 121.0 https://www.mozilla.org/en-US/firefox/121.0/releasenotes MFSA 2023-56 (bsc#1217974) * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6135 (bmo#1853908) NSS susceptible to "Minerva" attack * CVE-2023-6865 (bmo#1864123) Potential exposure of uninitialized data in EncryptingOutputStream * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6866 (bmo#1849037) TypedArrays lack sufficient exception handling * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6867 (bmo#1863863) Clickjacking permission prompts using the popup transition * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6868 (bmo#1865488) WebPush requests on Firefox for Android did not require VAPID key * CVE-2023-6869 (bmo#1799036) Content can paint outside of sandboxed iframe
Dominique Leuenberger (dimstar_suse)
accepted
request 1132165
from
Wolfgang Rosenauer (wrosenauer)
(revision 414)
Ana Guerrero (anag+factory)
accepted
request 1129161
from
Wolfgang Rosenauer (wrosenauer)
(revision 413)
- Mozilla Firefox 120.0 https://www.mozilla.org/en-US/firefox/120.0/releasenotes MFSA 2023-49 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6210 (bmo#1801501) Mixed-content resources not blocked in a javascript: pop-up * CVE-2023-6211 (bmo#1850200) Clickjacking to load insecure pages in HTTPS-only mode * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911) Memory safety bugs fixed in Firefox 120 - rebased patches
Ana Guerrero (anag+factory)
accepted
request 1124746
from
Wolfgang Rosenauer (wrosenauer)
(revision 412)
Ana Guerrero (anag+factory)
accepted
request 1121261
from
Wolfgang Rosenauer (wrosenauer)
(revision 411)
Ana Guerrero (anag+factory)
accepted
request 1114282
from
Wolfgang Rosenauer (wrosenauer)
(revision 410)
- Mozilla Firefox 118.0.1 MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550), Heap buffer overflow in libvpx - Mozilla Firefox 118.0 MFSA 2023-41 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5170 (bmo#1846686) Memory leak from a privileged process * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5172 (bmo#1852218) Memory Corruption in Ion Hints * CVE-2023-5173 (bmo#1823172) Out-of-bounds write in HTTP Alternate Services * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5175 (bmo#1849704) Use-after-free of ImageBitmap during process shutdown * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 - requires NSS 3.93 - add mozilla-bmo1822730.patch - deactivated KDE integration temporarily
Ana Guerrero (anag+factory)
accepted
request 1110687
from
Wolfgang Rosenauer (wrosenauer)
(revision 409)
Ana Guerrero (anag+factory)
accepted
request 1107944
from
Wolfgang Rosenauer (wrosenauer)
(revision 408)
- Mozilla Firefox 117.0 https://www.mozilla.org/en-US/firefox/117.0/releasenotes MFSA 2023-34 (bsc#1214606) * CVE-2023-4573 (bmo#1846687) Memory corruption in IPC CanvasTranslator * CVE-2023-4574 (bmo#1846688) Memory corruption in IPC ColorPickerShownCallback * CVE-2023-4575 (bmo#1846689) Memory corruption in IPC FilePickerShownCallback * CVE-2023-4576 (bmo#1846694) Integer Overflow in RecordedSourceSurfaceCreation * CVE-2023-4577 (bmo#1847397) Memory corruption in JIT UpdateRegExpStatics * CVE-2023-4578 (bmo#1839007) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception * CVE-2023-4579 (bmo#1842766) Persisted search terms were formatted as URLs * CVE-2023-4580 (bmo#1843046) Push notifications saved to disk unencrypted * CVE-2023-4581 (bmo#1843758) XLL file extensions were downloadable without warnings * CVE-2023-4582 (bmo#1773874) Buffer Overflow in WebGL glGetProgramiv * CVE-2023-4583 (bmo#1842030) Browsing Context potentially not cleared when closing Private Window * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Ana Guerrero (anag+factory)
accepted
request 1104464
from
Wolfgang Rosenauer (wrosenauer)
(revision 407)
Dominique Leuenberger (dimstar_suse)
accepted
request 1103536
from
Wolfgang Rosenauer (wrosenauer)
(revision 406)
- Mozilla Firefox 116.0.2 * fixes for other platforms - Fix OOM when linking on 32-bit - Mozilla Firefox 116.0.1 * fixes for other platforms - ship vaapitest binary for supported archs - re-enable ppc64le - ship v4l2test binary for supported archs - drop obsolete mozilla-bmo1775202.patch - Mozilla Firefox 116.0 * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/ MFSA 2023-29 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4051 (bmo#1821884)
Dominique Leuenberger (dimstar_suse)
accepted
request 1101322
from
Wolfgang Rosenauer (wrosenauer)
(revision 405)
Dominique Leuenberger (dimstar_suse)
accepted
request 1098544
from
Wolfgang Rosenauer (wrosenauer)
(revision 404)
- Mozilla Firefox 115.0.2 * Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) * Fixed a bug with broken audio rendering on some websites (bmo#1841982) * Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) MFSA 2023-26 (bsc#1213230) * CVE-2023-3600 (bmo#1839703) Use-after-free in workers
Dominique Leuenberger (dimstar_suse)
accepted
request 1097630
from
Wolfgang Rosenauer (wrosenauer)
(revision 403)
Displaying revisions 1 - 20 of 422