Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 929844
from
Wolfgang Rosenauer (wrosenauer)
(revision 349)
Dominique Leuenberger (dimstar_suse)
accepted
request 927811
from
Wolfgang Rosenauer (wrosenauer)
(revision 348)
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires - (re-)enable LTO on Tumbleweed - Rebase mozilla-sandbox-fips.patch to punch another hole in the sandbox containment, to be able to open /proc/sys/crypto/fips_enabled from within the newly introduced socket process sandbox. This fixes bsc#1191815 and bsc#1190141 - Add patch to fix build on aarch64 (bmo#1729124)
Dominique Leuenberger (dimstar_suse)
accepted
request 926026
from
Wolfgang Rosenauer (wrosenauer)
(revision 347)
Dominique Leuenberger (dimstar_suse)
accepted
request 923417
from
Wolfgang Rosenauer (wrosenauer)
(revision 346)
- Mozilla Firefox 93.0 * supports the new AVIF image format * PDF viewer now supports filling more forms (XFA-based forms) * now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads * Improved web compatibility for privacy protections with SmartBlock 3.0 * Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing * TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can only be enabled when deprecated versions of TLS are also enabled * The download panel now follows the Firefox visual styles MFSA 2021-43 (bsc#1191332) * CVE-2021-38496 (bmo#1725335) Use-after-free in MessageTask * CVE-2021-38497 (bmo#1726621) Validation message could have been overlaid on another origin * CVE-2021-38498 (bmo#1729642) Use-after-free of nsLanguageAtomService object * CVE-2021-32810 (bmo#1729813) https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw) Data race in crossbeam-deque * CVE-2021-38500 (bmo#1725854, bmo#1728321) Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364) Memory safety bugs fixed in Firefox 93 - removed obsolete mozilla-bmo1708709.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 921893
from
Wolfgang Rosenauer (wrosenauer)
(revision 345)
Dominique Leuenberger (dimstar_suse)
accepted
request 917452
from
Wolfgang Rosenauer (wrosenauer)
(revision 344)
- Mozilla Firefox 92.0 * More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers * Full-range color levels are now supported for video playback on many systems MFSA 2021-38 (bsc#1190269) * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240, bmo#1712242, bmo#1729259) Handling custom intents could lead to crashes and UI spoofs * CVE-2021-38491 (bmo#1551886) Mixed-Content-Blocking was unable to check opaque origins * CVE-2021-38492 (bmo#1721107) Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107) Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 * CVE-2021-38494 (bmo#1723920, bmo#1725638) Memory safety bugs fixed in Firefox 92 - updated appdata - remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch (does not apply anymore; unclear if obsolete) - bring back mozilla-silence-no-return-type.patch and run post-build-checks everywhere again - requires NSS 3.69.1 - Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly repositioned due to rounding errors when font scaling != 1 (bmo#1708709); patch taken from upstream bug report and rebased to apply cleanly against current version.
Dominique Leuenberger (dimstar_suse)
accepted
request 914799
from
Wolfgang Rosenauer (wrosenauer)
(revision 343)
Richard Brown (RBrownSUSE)
accepted
request 912837
from
Wolfgang Rosenauer (wrosenauer)
(revision 342)
superseding the 91.0 version as another security and hotfix release - Mozilla Firefox 91.0.1 * Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bmo#1704404) * Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to-tab results in the address bar panel (bmo#1720369) * Various stability fixes MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses - Mozilla Firefox 91.0 MFSA 2021-33 (bsc#1188891) * CVE-2021-29986 (bmo#1696138) Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981 (bmo#1707774) Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988 (bmo#1717922) Memory corruption as a result of incorrect style treatment * CVE-2021-29983 (bmo#1719088) Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984 (bmo#1720031) Incorrect instruction reordering during JIT optimization * CVE-2021-29980 (bmo#1722204) Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987 (bmo#1716129) Users could have been tricked into accepting unwanted
Dominique Leuenberger (dimstar_suse)
accepted
request 908075
from
Wolfgang Rosenauer (wrosenauer)
(revision 341)
Dominique Leuenberger (dimstar_suse)
accepted
request 907201
from
Wolfgang Rosenauer (wrosenauer)
(revision 340)
- Mozilla Firefox 90.0.1 (boo#1188480): * Fixed: Fixed busy looping processing some HTTP3 responses (bmo#1720079) * Fixed: Fixed transient errors authenticating with some smart cards (bmo#1715325) * Fixed: Fixed a rare crash on shutdown (bmo#1707057) * Fixed: Fixed a race on startup that caused about:support to end up empty after upgrade (bmo#1717894, boo#1188330)
Dominique Leuenberger (dimstar_suse)
accepted
request 906586
from
Wolfgang Rosenauer (wrosenauer)
(revision 339)
- Mozilla Firefox 90.0 MFSA 2021-28 (bsc#1188275) * CVE-2021-29970 (bmo#1709976) Use-after-free in accessibility features of a document * CVE-2021-29971 (bmo#1713638) Granted permissions only compared host; omitting scheme and port on Android * CVE-2021-30547 (bmo#1715766) Out of bounds write in ANGLE * CVE-2021-29972 (bmo#1696816) Use of out-of-date library included use-after-free vulnerability * CVE-2021-29973 (bmo#1701932) Password autofill on HTTP websites was enabled without user interaction on Android * CVE-2021-29974 (bmo#1704843) HSTS errors could be overridden when network partitioning was enabled * CVE-2021-29975 (bmo#1713259) Text message could be overlaid on top of another website * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391) Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316, bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357, bmo#1714066) Memory safety bugs fixed in Firefox 90 - requires NSPR 4.31 NSS 3.66
Dominique Leuenberger (dimstar_suse)
accepted
request 901588
from
Wolfgang Rosenauer (wrosenauer)
(revision 338)
- Mozilla Firefox 89.0.2 (boo#1187648): * Fix occasional hangs with Software WebRender on Linux (bmo#1708224) - Mozilla Firefox 89.0.1 (boo#1187475): * Updated translations, including full Spanish (Mexico) localization and other improvements (bmo#1714946) * Fix various font related regressions (bmo#1694174) * Linux: Fix performance and stability regressions with WebRender (bmo#1715895, bmo#1715902) * Enterprise: Fix for the `DisableDeveloperTools` policy not having effect anymore (bmo#1715777) * Linux: Fix broken scrollbars on some GTK themes (bmo#1714103) * Various stability fixes
Dominique Leuenberger (dimstar_suse)
accepted
request 897726
from
Wolfgang Rosenauer (wrosenauer)
(revision 337)
- Mozilla Firefox 89.0 * UI redesign * The Event Timing API is now supported * The CSS forced-colors media query is now supported MFSA 2021-23 (bsc#1186696) * CVE-2021-29965 (bmo#1709257) Password Manager on Firefox for Android susceptible to domain spoofing * CVE-2021-29960 (bmo#1675965) Filenames printed from private browsing mode incorrectly retained in preferences * CVE-2021-29961 (bmo#1700235) Firefox UI spoof using `<select>` elements and CSS scaling * CVE-2021-29963 (bmo#1705068) Shared cookies for search suggestions in private browsing mode * CVE-2021-29964 (bmo#1706501) Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29959 (bmo#1395819) Devices could be re-enabled without additional permission prompt * CVE-2021-29962 (bmo#1701673) No rate-limiting for popups on Firefox for Android * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760, bmo#1704722, bmo#1706041) Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124) Memory safety bugs fixed in Firefox 89 - require NSS >= 3.64 rust-cbindgen >= 0.19.0 - do not rely on nodejs10 packagename anymore
Dominique Leuenberger (dimstar_suse)
accepted
request 892688
from
Factory Maintainer (factory-maintainer)
(revision 336)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 890833
from
Wolfgang Rosenauer (wrosenauer)
(revision 335)
Dominique Leuenberger (dimstar_suse)
accepted
request 889851
from
Wolfgang Rosenauer (wrosenauer)
(revision 334)
- add compatibility for libavcodec58_134
Dominique Leuenberger (dimstar_suse)
accepted
request 886904
from
Wolfgang Rosenauer (wrosenauer)
(revision 333)
- Mozilla Firefox 88.0 * New: PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features * New: Print updates: Margin units are now localized * New: Smooth pinch-zooming using a touchpad is now supported on Linux * New: To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more * Changed: Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access * Changed: The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize… * Changed: FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol * Developer: Introduced a new toggle button in the Network panel for switching between JSON formatted HTTP response and raw data (as received over the wire). !enter image description here * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see
Richard Brown (RBrownSUSE)
accepted
request 881766
from
Wolfgang Rosenauer (wrosenauer)
(revision 332)
- Switch to clang_build globally; just on TW/x86_64 it does not work due to unreolved externals `__rust_probestack' - disable clang_build then. - useccache: Add conditionals to enable/disable ccache. - Mozilla Firefox 87.0 * requires NSS 3.62 * removed obsolete BigEndian ICU build workaround * rebased patches MFSA 2021-10 (bsc#1183942) * CVE-2021-23981 (bmo#1692832) Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982 (bmo#1677046) Internal network hosts could have been probed by a malicious webpage * CVE-2021-23983 (bmo#1692684) Transitions for invalid ::marker properties resulted in memory corruption * CVE-2021-23984 (bmo#1693664) Malicious extensions could have spoofed popup information * CVE-2021-23985 (bmo#1659129) Devtools remote debugging feature could have been enabled without indication to the user * CVE-2021-23986 (bmo#1692623) A malicious extension could have performed credential-less same origin policy violations * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718) Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
Richard Brown (RBrownSUSE)
accepted
request 878728
from
Wolfgang Rosenauer (wrosenauer)
(revision 331)
Richard Brown (RBrownSUSE)
accepted
request 874847
from
Wolfgang Rosenauer (wrosenauer)
(revision 330)
- Mozilla Firefox 86.0 * requires NSS >= 3.61 * requires rust-cbindgen >= 0.16.0 * Firefox now supports simultaneously watching multiple videos in Picture-in-Picture. * Total Cookie Protection to Strict Mode * https://www.mozilla.org/en-US/firefox/86.0/releasenotes MSFA 2021-07 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is
Displaying revisions 81 - 100 of 429