Revisions of MozillaFirefox

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1150527 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 421)
- Mozilla Firefox 123.0
  https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
  MFSA 2024-05 (bsc#1220048)
  * CVE-2024-1546 (bmo#1843752)
    Out-of-bounds memory read in networking channels
  * CVE-2024-1547 (bmo#1877879)
    Alert dialog could have been spoofed on another site
  * CVE-2024-1554 (bmo#1816390)
    fetch could be used to effect cache poisoning
  * CVE-2024-1548 (bmo#1832627)
    Fullscreen Notification could have been hidden by select element
  * CVE-2024-1549 (bmo#1833814)
    Custom cursor could obscure the permission dialog
  * CVE-2024-1550 (bmo#1860065)
    Mouse cursor re-positioned unexpectedly could have led to
    unintended permission grants
  * CVE-2024-1551 (bmo#1864385)
    Multipart HTTP Responses would accept the Set-Cookie header
    in response parts
  * CVE-2024-1555 (bmo#1873223)
    SameSite cookies were not properly respected when opening a
    website from an external browser
  * CVE-2024-1556 (bmo#1870414)
    Invalid memory access in the built-in profiler
  * CVE-2024-1552 (bmo#1874502)
    Incorrect code generation on 32-bit ARM devices
  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
    bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
    bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
    bmo#1878286)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1141490 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 417)
- Mozilla Firefox 122.0
  https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
  MFSA 2024-01 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-0744 (bmo#1871089)
    Wild pointer dereference in JavaScript
  * CVE-2024-0745 (bmo#1871838)
    Stack buffer overflow in WebAudio
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0748 (bmo#1783504)
    Compromised content process could modify document URI
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0752 (bmo#1866840)
    Use-after-free could occur when applying update on macOS
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0754 (bmo#1871605)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1134603 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 415)
- Mozilla Firefox 121.0
  https://www.mozilla.org/en-US/firefox/121.0/releasenotes
  MFSA 2023-56 (bsc#1217974)
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6135 (bmo#1853908)
    NSS susceptible to "Minerva" attack
  * CVE-2023-6865 (bmo#1864123)
    Potential exposure of uninitialized data in EncryptingOutputStream
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6866 (bmo#1849037)
    TypedArrays lack sufficient exception handling
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6867 (bmo#1863863)
    Clickjacking permission prompts using the popup transition
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6868 (bmo#1865488)
    WebPush requests on Firefox for Android did not require VAPID key
  * CVE-2023-6869 (bmo#1799036)
    Content can paint outside of sandboxed iframe
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1129161 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 413)
- Mozilla Firefox 120.0
  https://www.mozilla.org/en-US/firefox/120.0/releasenotes
  MFSA 2023-49 (bsc#1217230)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen
    transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6210 (bmo#1801501)
    Mixed-content resources not blocked in a javascript: pop-up
  * CVE-2023-6211 (bmo#1850200)
    Clickjacking to load insecure pages in HTTPS-only mode
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
    bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
    bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5
  * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
    Memory safety bugs fixed in Firefox 120
- rebased patches
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1114282 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 410)
- Mozilla Firefox 118.0.1
  MFSA 2023-44 (bsc#1215814)
  * CVE-2023-5217 (bmo#1855550),
    Heap buffer overflow in libvpx

- Mozilla Firefox 118.0
  MFSA 2023-41 (bsc#1215575)
  * CVE-2023-5168 (bmo#1846683)
    Out-of-bounds write in FilterNodeD2D1
  * CVE-2023-5169 (bmo#1846685)
    Out-of-bounds write in PathOps
  * CVE-2023-5170 (bmo#1846686)
    Memory leak from a privileged process
  * CVE-2023-5171 (bmo#1851599)
    Use-after-free in Ion Compiler
  * CVE-2023-5172 (bmo#1852218)
    Memory Corruption in Ion Hints
  * CVE-2023-5173 (bmo#1823172)
    Out-of-bounds write in HTTP Alternate Services
  * CVE-2023-5174 (bmo#1848454)
    Double-free in process spawning on Windows
  * CVE-2023-5175 (bmo#1849704)
    Use-after-free of ImageBitmap during process shutdown
  * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
    bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
    and Thunderbird 115.3
- requires NSS 3.93
- add mozilla-bmo1822730.patch
- deactivated KDE integration temporarily
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1107944 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 408)
- Mozilla Firefox 117.0
  https://www.mozilla.org/en-US/firefox/117.0/releasenotes
  MFSA 2023-34 (bsc#1214606)
  * CVE-2023-4573 (bmo#1846687)
    Memory corruption in IPC CanvasTranslator
  * CVE-2023-4574 (bmo#1846688)
    Memory corruption in IPC ColorPickerShownCallback
  * CVE-2023-4575 (bmo#1846689)
    Memory corruption in IPC FilePickerShownCallback
  * CVE-2023-4576 (bmo#1846694)
    Integer Overflow in RecordedSourceSurfaceCreation
  * CVE-2023-4577 (bmo#1847397)
    Memory corruption in JIT UpdateRegExpStatics
  * CVE-2023-4578 (bmo#1839007)
    Error reporting methods in SpiderMonkey could have triggered
    an Out of Memory Exception
  * CVE-2023-4579 (bmo#1842766)
    Persisted search terms were formatted as URLs
  * CVE-2023-4580 (bmo#1843046)
    Push notifications saved to disk unencrypted
  * CVE-2023-4581 (bmo#1843758)
    XLL file extensions were downloadable without warnings
  * CVE-2023-4582 (bmo#1773874)
    Buffer Overflow in WebGL glGetProgramiv
  * CVE-2023-4583 (bmo#1842030)
    Browsing Context potentially not cleared when closing Private
    Window
  * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,
    bmo#1846526, bmo#1847529)
    Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1103536 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 406)
- Mozilla Firefox 116.0.2
  * fixes for other platforms

- Fix OOM when linking on 32-bit

- Mozilla Firefox 116.0.1
  * fixes for other platforms

- ship vaapitest binary for supported archs

- re-enable ppc64le
- ship v4l2test binary for supported archs
- drop obsolete mozilla-bmo1775202.patch

- Mozilla Firefox 116.0
  * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/
  MFSA 2023-29 (bsc#1213746)
  * CVE-2023-4045 (bmo#1833876)
    Offscreen Canvas could have bypassed cross-origin restrictions
  * CVE-2023-4046 (bmo#1837686)
    Incorrect value used during WASM compilation
  * CVE-2023-4047 (bmo#1839073)
    Potential permissions request bypass via clickjacking
  * CVE-2023-4048 (bmo#1841368)
    Crash in DOMParser due to out-of-memory conditions
  * CVE-2023-4049 (bmo#1842658)
    Fix potential race conditions when releasing platform objects
  * CVE-2023-4050 (bmo#1843038)
    Stack buffer overflow in StorageManager
  * CVE-2023-4051 (bmo#1821884)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1098544 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 404)
- Mozilla Firefox 115.0.2
  * Fixed a bug with displaying a caret in the text editor on some websites
    (bmo#1840804)
  * Fixed a bug with broken audio rendering on some websites (bmo#1841982)
  * Fixed a bug with patternTransform translate using the wrong units
    (bmo#1840746)
  MFSA 2023-26 (bsc#1213230)
  * CVE-2023-3600 (bmo#1839703)
    Use-after-free in workers
Displaying revisions 1 - 20 of 422
openSUSE Build Service is sponsored by