Revisions of MozillaFirefox
- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 FIPS aborts if it cannot access it (bsc#1167132)
- Mozilla Firefox 74.0 * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ MFSA 2020-08 (bsc#1166238) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6808 (bmo#1247968) URL Spoofing via javascript: URL * CVE-2020-6809 (bmo#1420296) Web Extensions with the all-urls permission could access local files * CVE-2020-6810 (bmo#1432856) Focusing a popup while in fullscreen could have obscured the fullscreen notification * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6813 (bmo#1605814) @import statements in CSS could bypass the Content Security Policy nonce feature * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
- big endian fixes - Fix build on aarch64/armv7 with: * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
- Mozilla Firefox 73.0.1 * Resolved problems connecting to the RBC Royal Bank website (bmo#1613943) * Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bmo#1611133) * Fixed crashes when playing encrypted content on some Linux systems (bmo#1614535) - start in wayland mode when running under wayland session
- Mozilla Firefox 73.0 * Added support for setting a default zoom level applicable for all web content * High-contrast mode has been updated to allow background images * Improved audio quality when playing back audio at a faster or slower speed * Added NextDNS as alternative option for DNS over HTTPS MFSA 2020-05 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) (MacOS X only) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) (Windows only) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851, bmo#1608580,bmo#1608785,bmo#1605777) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492) Memory safety bugs fixed in Firefox 73 - updated requirements * rust >= 1.39 * NSS >= 3.49.2 * rust-cbindgen >= 0.12.0 - rebased patches - removed obsolete patch * mozilla-bmo1601707.patch
- Mozilla Firefox 72.0.2 * Various stability fixes * Fixed issues opening files with spaces in their path (bmo#1601905) * Fixed a hang opening about:logins when a master password is set (bmo#1606992) * Fixed a web compatibility issue with CSS Shadow Parts which shipped in Firefox 72 (bmo#1604989) * Fixed inconsistent playback performance for fullscreen 1080p videos on some systems (bmo#1608485) - Fix build for aarch64/ppc64le (do not update config.sub file for libbacktrace)
- Mozilla Firefox 72.0.1 MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Mozilla Firefox 72.0 * block fingerprinting scripts by default * new notification pop-ups * Picture-in-picture video MFSA 2020-01 (bsc#1160305) * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17020 (bmo#1597645) Content Security Policy not applied to XSL stylesheets applied to XML documents * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME) NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965 bmo#1595692,bmo#1597321,bmo#1597481) Memory safety bugs fixed in Firefox 72 - update create-tar.sh to skip compare-locales - requires NSPR 4.24 and NSS 3.48 - removed usage of browser-plugins convention for NPAPI plugins from start wrapper and changed the RPM macro to the
- Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71
- Mozilla Firefox 70.0.1 * Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (bmo#1592136) * Title bar no longer shows in full screen view (bmo#1588747) - added mozilla-bmo1504834-part4.patch to fix some visual issues on big endian platforms - Mozilla Firefox 70.0 * more privacy protections from Enhanced Tracking Protection * Firefox Lockwise passwordmanager * Improvements to core engine components, for better browsing on more sites * Improved privacy and security indicators MFSA 2019-34 * CVE-2018-6156 (bmo#1480088) Heap buffer overflow in FEC processing in WebRTC * CVE-2019-15903 (bmo#1584907) Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757 (bmo#1577107) Use-after-free when creating index updates in IndexedDB * CVE-2019-11759 (bmo#1577953) Stack buffer overflow in HKDF output * CVE-2019-11760 (bmo#1577719) Stack buffer overflow in WebRTC networking * CVE-2019-11761 (bmo#1561502) Unintended access to a privileged JSONView object * CVE-2019-11762 (bmo#1582857) document.domain-based origin isolation has same-origin-property violation * CVE-2019-11763 (bmo#1584216) Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11765 (bmo#1562582)
- Mozilla Firefox 69.0.3 * Fixed Yahoo mail users being prompted to download files when clicking on emails (bmo#1582848) - devel package build can easily be disabled now
- Mozilla Firefox 69.0.2 * Fixed a crash when editing files on Office 365 websites (bmo#1579858) * Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bmo#1582222) - updated supported locale list - Allow to build without profile guided optimizations (boo#1040589) (contributed by Bernhard Wiedemann) - Make build verbose (contributed by Martin Liška) - remove obsolete kde.js setting (boo#1151186) and related patch firefox-add-kde.js-in-order-to-survive-PGO-build.patch - update create-tar.sh to latest revision and adjusted tar_stamps - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO) - extension preferences moved from branding package to core package (packaging but not branding specific)
- Mozilla Firefox 69.0.1 * Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bmo#1570845) * Usability improvements to the Add-ons Manager for users with screen readers (bmo#1567600) * Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bmo#1578633) * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454) * Fixed missing stacks in the Developer Tools Performance section (bmo#1578354) MFSA 2019-31 * CVE-2019-11754 (bmo#1580506) Pointer Lock is enabled with no user notification - disable DOH by default
- Mozilla Firefox 69.0 * Enhanced Tracking Protection (ETP) for stronger privacy protections * Block Autoplay feature is enhanced to give users the option to block any video * Users in the US or using the en-US browser, can get a new “New Tab” page experience connecting to the best of Pocket's content. * Support for the Web Authentication HmacSecret extension via Windows Hello introduced. * Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. MFSA 2019-25 (boo#1149324) * CVE-2019-11741 (bmo#1539595) Isolate addons.mozilla.org and accounts.firefox.com * CVE-2019-5849 (bmo#1555838) Out-of-bounds read in Skia * CVE-2019-11737 (bmo#1388015) Content security policy directives ignore port and path if host is a wildcard * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641) Memory safety bugs fixed in Firefox 69 * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, bmo#1565744,bmo#1568858,bmo#1570358) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 - requires * rust/cargo >= 1.35 * rust-cbindgen >= 0.9.0 * mozilla-nss >= 3.45 - rebased patches
Due to release timing and vacation time as well as security considerations Tumbleweed is getting 68.1esr as intermediate before switching back to regular and release 69. - Mozilla Firefox 68.1.0 MFSA 2019-26 * CVE-2019-11751 (bmo#1572838; Windows only) Malicious code execution through command line parameters * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal cross-origin images * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only)) File manipulation and privilege escalation in Mozilla Maintenance Service * CVE-2019-11753 (bmo#1574980; Windows only) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-9812 (bmo#1538008, bmo#1538015) Sandbox escape through Firefox Sync * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11748 (bmo#1564588) Persistence of WebRTC permissions in a third party context * CVE-2019-11749 (bmo#1565374) Camera information available without prompting using getUserMedia * CVE-2019-11750 (bmo#1568397) Type confusion in Spidermonkey * CVE-2019-11738 (bmo#1452037) Content security policy bypass through hash-based sources in directives
- Mozilla Firefox 68.0.1 * Fixed missing Full Screen button when watching videos in full screen mode on HBO GO (bmo#1562837) * Fixed a bug causing incorrect messages to appear for some locales when sites try to request the use of the Storage Access API (bmo#1558503) * Users in Russian regions may have their default search engine changed (bmo#1565315) * Built-in search engines in some locales do not function correctly (bmo#1565779) * SupportMenu policy doesn't always work (bmo#1553290) * Allow the privacy.file_unique_origin pref to be controlled by policy (bmo#1563759) - add fix-build-after-y2038-changes-in-glibc.patch - Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970) - Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse
- Mozilla Firefox 67.0.4 MFSA 2019-19 (boo#1138872) * CVE-2019-11708 (bmo#1559858) sandbox escape using Prompt:Open - Mozilla Firefox 67.0.3 MFSA 2019-18 (boo#1138614) * CVE-2019-11707 (bmo#1544386) Type confusion in Array.pop - Mozilla Firefox 67.0.2 * Fixed: Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bmo#1553413) * Fixed: Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bmo#1548804) * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bmo#1551282) * Fixed: Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bmo#1556612) * Fixed: Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bmo#1554744) * Fixed: Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bmo#1552275) * Fixed: Custom home page is broken with clearing data on shutdown settings applied (bmo#1554167) * Fixed: Performance-regression for eclipse RAP based applications
Displaying revisions 121 - 140 of 429