Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaFirefox

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 980191 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 367) 
- Mozilla Firefox 101.0
  * Reading is now easier with the prefers-contrast media query,
    which allows sites to detect if the user has requested that web
    content is presented with a higher (or lower) contrast
  * All non-configured MIME types can now be assigned a custom
    action upon download completion
  * allows users to use as many microphones as you want, at the
    same time, during video conferencing. The most exciting benefit
    is that you can easily switch your microphones at any time
    (if your conferencing service provider enables this flexibility)
  MFSA 2022-20 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of allowCredential
    entries may have leaked cross-origin information
  * CVE-2022-31743 (bmo#1747388)
    HTML Parsing incorrectly ended HTML comments prematurely
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 978314 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 366) 
- Mozilla Firefox 100.0.2
  MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

- Mozilla Firefox 100.0.1:
  * Fixed: Fixed an issue with subtitles in Picture-in-Picture
    mode while using Netflix (bmo#1768818)
  * Fixed: Fixed an issue where some commands were unavailable in
    the Picture-in-Picture window (bmo#1768201)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 974815 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 365) 
- Mozilla Firefox 100.0
  * subtitle support in PiP
  * spell checking supports multiple languages in parallel
  * more details here
    https://www.mozilla.org/en-US/firefox/100.0/releasenotes
  MFSA 2022-16 (boo#1198970)
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe Sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29910 (bmo#1757138)
    Firefox for Android forgot HTTP Strict Transport Security
    settings
  * CVE-2022-29915 (bmo#1751678)
    Leaking cross-origin redirect through the Performance API
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620, bmo#1764778)
    Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
  * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
    bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
    bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
    Memory safety bugs fixed in Firefox 100
- requires NSS 3.77
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 967154 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 363) 
- Mozilla Firefox 99.0
  * You can now toggle Narrate in ReaderMode with the keyboard
    shortcut "n."
  * You can find added support for search—with or without
    diacritics—in the PDF viewer.
  * The Linux sandbox has been strengthened: processes exposed to web
    content no longer have access to the X Window system (X11).
  * Firefox now supports credit card autofill and capture in
    Germany and France.
  MFSA 2022-13 (bsc#1197903)
  * CVE-2022-1097 (bmo#1745667)
    Use-after-free in NSSToken objects
  * CVE-2022-28281 (bmo#1755621)
    Out of bounds write due to unexpected WebAuthN Extensions
  * CVE-2022-28282 (bmo#1751609)
    Use-after-free in DocumentL10n::TranslateDocument
  * CVE-2022-28283 (bmo#1754066)
    Missing security checks for fetching sourceMapURL
  * CVE-2022-28284 (bmo#1754522)
    Script could be executed via svg's use element
  * CVE-2022-28285 (bmo#1756957)
    Incorrect AliasSet used in JIT Codegen
  * CVE-2022-28286 (bmo#1735265)
    iframe contents could be rendered outside the border
  * CVE-2022-28287 (bmo#1741515)
    Text Selection could crash Firefox
  * CVE-2022-24713 (bmo#1758509)
    Denial of Service via complex regular expressions
  * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
    bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 964778 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 362) 
- MozillaFirefox 98.0.2:
  * Fixed: Fixed an issue preventing users from typing in Address
    Bar after opening new tab and pressing cmd + enter
    (bmo#1757376)
  * Fixed: Fixed an issue causing some users to crash in out-of-
    memory conditions (bmo#1757618)
  * Fixed: Fixed an issue in session history which caused some
    sites to fail to load (bmo#1758664)
  * Fixed: Fixed an add-on specific compatibility issue
    (bmo#1759162)

- Change mozilla-kde.patch to follow the GNOME registry
  behavior for new MIME types to avoid opening downloaded files
  without any inquiries (bsc#1197319)

- Add patch to fix start-up on aarch64:
  * mozilla-bmo1757571.patch

- exclude slow cpus for building 

- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
  faster buildhosts, as the others struggle to build FF.

- Mozilla Firefox 98.0.1:
  * Yandex and Mail.ru have been removed as optional search
    providers in the drop-down search menu in Firefox
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 960656 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 361) 
- Mozilla Firefox 98.0
  * Firefox has a new optimized download flow
  * other changes as documented here
    https://www.mozilla.org/en-US/firefox/98.0/releasenotes
  MFSA 2022-10 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26382 (bmo#1741888)
    Autofill Text could be exfiltrated via side-channel attacks
  * CVE-2022-26385 (bmo#1747526)
    Use-after-free in thread shutdown
  * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
    bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
    bmo#1754508)
    Memory safety bugs fixed in Firefox 98
- requires NSS 3.75
- add mozilla-bmo1756347.patch to fix i586 build

- Remove bashisms ("source" and "function" keywords) from
  mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user
  has either dash-sh package or busybox-sh to handle Bourn Shell
  scripts rather than having bash-sh package, the script would
  fail. Using "." instead of "source" and "create_langpack_link()"
  function definition is enough to keep both sides sane,
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 952887 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 359) 
- Mozilla Firefox 97.0
  MFSA 2022-04 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during update
  * CVE-2022-22755 (bmo#1309630)
    XSL could have allowed JavaScript execution after a tab was closed
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22757 (bmo#1720098)
    Remote Agent did not prevent local websites from connecting
  * CVE-2022-22758 (bmo#1728742)
    tel: links could have sent USSD codes to the dialer on
    Firefox for Android
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22762 (bmo#1743931)
    JavaScript Dialogs could have been displayed over other
    domains on Firefox for Android
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 949716 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 358) 
- Mozilla Firefox 96.0.3 (bsc#1195230)
  * Fixed an issue that allowed unexpected data to be submitted in
    some of our search telemetry (bmo#1752317)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 945699 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 354) 
- Mozilla Firefox 96.0
  * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 943041 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 353) 
- Add upstream patches:
  * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
  * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
    creation

- Mozilla Firefox 95.0.2
  * Addresses frequent crashes experienced by users with C/E/Z-Series
    "Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 941230 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 352) 
- Mozilla Firefox 95.0.1 (bsc#1193845)
  * Fixed frequent
    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
    messages when trying to connect to various microsoft.com
    domains (bmo#1745600)
  * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
  * Fix for a frequent Windows shutdown crash (bmo#1738984)
  * Fix websites contrast issues for some Linux users with
    Dark mode set at OS level (bmo#1740518)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 936364 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 351) 
- Mozilla Firefox 95.0
  * You can now move the Picture-in-Picture toggle button to the
    opposite side of the video. Simply look for the new context menu
    option Move Picture-in-Picture Toggle to Left (Right) Side.
  * To better protect Firefox users against side-channel attacks such
    as Spectre, Site Isolation is now enabled for all Firefox 95 users.
  * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
  MFSA 2021-52 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * MOZ-2021-0010 (bmo#1735852)
    Use-after-free in fullscreen objects on MacOS
  * CVE-2021-43540 (bmo#1636629)
    WebExtensions could have installed persistent ServiceWorkers
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43544 (bmo#1739934)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 927811 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 348) 
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- (re-)enable LTO on Tumbleweed

- Rebase mozilla-sandbox-fips.patch to punch another hole in the
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
  from within the newly introduced socket process sandbox.
  This fixes bsc#1191815 and bsc#1190141

- Add patch to fix build on aarch64 (bmo#1729124)
Displaying revisions 61 - 80 of 427
openSUSE Build Service is sponsored by
Places