Sync from SUSE:SLFO:Main MozillaFirefox revision 39823842b41190d615c846c3d855318e

MozillaFirefox.changes

@@ -1,8 +1,120 @@
+-------------------------------------------------------------------
+Thu Jun  6 07:52:51 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Firefox Extended Support Release 115.12.0 ESR
+  * Fixed: Various security fixes and other quality improvements.
+  MFSA 2024-26 (bsc#1226027)
+  * MFSA-RESERVE-2024-1193389 (bmo#1193389)
+    Use-after-free in networking
+  * MFSA-RESERVE-2024-1895086 (bmo#1895086)
+    Use-after-free in JavaScript object transplant
+  * MFSA-RESERVE-2024-1883693 (bmo#1883693)
+    External protocol handlers leaked by timing attack
+  * MFSA-RESERVE-2024-1888695 (bmo#1888695)
+    Sandboxed iframe were able to bypass sandbox restrictions to
+    open a new window
+  * MFSA-RESERVE-2024-1891234 (bmo#1891234)
+    Bypass of file name restrictions during saving
+  * MFSA-RESERVE-2024-1891319 (bmo#1891319)
+    Cross-Origin Image leak via Offscreen Canvas
+  * MFSA-RESERVE-2024-1896555 (bmo#1896555)
+    Memory Corruption in Text Fragments
+  * MFSA-RESERVE-2024-2 (bmo#1862809, bmo#1889355, bmo#1893388,
+    bmo#1895123)
+    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
+    and Thunderbird 115.12
+
+-------------------------------------------------------------------
+Wed May  8 13:34:00 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Firefox Extended Support Release 115.11.0 ESR
+  * Fixed: Various security fixes and other quality improvements.
+  MFSA 2024-22 (bsc#1224056)
+  * CVE-2024-4367 (bmo#1893645)
+    Arbitrary JavaScript execution in PDF.js
+  * CVE-2024-4767 (bmo#1878577)
+    IndexedDB files retained in private browsing mode
+  * CVE-2024-4768 (bmo#1886082)
+    Potential permissions request bypass via clickjacking
+  * CVE-2024-4769 (bmo#1886108)
+    Cross-origin responses could be distinguished between script
+    and non-script content-types
+  * CVE-2024-4770 (bmo#1893270)
+    Use-after-free could occur when printing to PDF
+  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
+    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
+    and Thunderbird 115.11
+
+-------------------------------------------------------------------
+Tue Apr  9 10:34:07 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Firefox Extended Support Release 115.10.0 ESR
+  * Fixed: Various security fixes and other quality improvements.
+  MFSA 2024-19 (bsc#1222535)
+  * CVE-2024-3852 (bmo#1883542)
+    GetBoundName in the JIT returned the wrong object
+  * CVE-2024-3854 (bmo#1884552)
+    Out-of-bounds-read after mis-optimized switch statement
+  * CVE-2024-3857 (bmo#1886683)
+    Incorrect JITting of arguments led to use-after-free during
+    garbage collection
+  * CVE-2024-2609 (bmo#1866100)
+    Permission prompt input delay could expire when not in focus
+  * CVE-2024-3859 (bmo#1874489)
+    Integer-overflow led to out-of-bounds-read in the OpenType
+    sanitizer
+  * CVE-2024-3861 (bmo#1883158)
+    Potential use-after-free due to AlignedBuffer self-move
+  * CVE-2024-3863 (bmo#1885855)
+    Download Protections were bypassed by .xrm-ms files on
+    Windows
+  * CVE-2024-3302 (bmo#1881183, https://kb.cert.org/vuls/id/421644)
+    Denial of Service using HTTP/2 CONTINUATION frames
+  * CVE-2024-3864 (bmo#1888333)
+    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
+    and Thunderbird 115.10
+
+-------------------------------------------------------------------
+Fri Mar 22 08:11:15 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Firefox Extended Support Release 115.9.1esr ESR
+  * Fixed: Security fix.
+  MFSA 2024-16 (bsc#1221850)
+  * CVE-2024-29944 (bmo#1886852)
+    Privileged JavaScript Execution via Event Handlers
+
 -------------------------------------------------------------------
 Wed Mar 13 08:25:10 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
 
 - Firefox Extended Support Release 115.9.0 ESR
-  Placeholder changelog-entry (bsc#1221327)
+  * Fixed: Various security fixes and other quality improvements.
+  MFSA 2024-13 (bsc#1221327)
+  * CVE-2024-0743 (bmo#1867408)
+    Crash in NSS TLS method
+  * CVE-2024-2605 (bmo#1872920)
+    Windows Error Reporter could be used as a Sandbox escape
+    vector
+  * CVE-2024-2607 (bmo#1879939)
+    JIT code failed to save return registers on Armv7-A
+  * CVE-2024-2608 (bmo#1880692)
+    Integer overflow could have led to out of bounds write
+  * CVE-2024-2616 (bmo#1846197)
+    Improve handling of out-of-memory conditions in ICU
+  * CVE-2023-5388 (bmo#1780432)
+    NSS susceptible to timing attack against RSA decryption
+  * CVE-2024-2610 (bmo#1871112)
+    Improper handling of html and body tags enabled CSP nonce
+    leakage
+  * CVE-2024-2611 (bmo#1876675)
+    Clickjacking vulnerability could have led to a user
+    accidentally granting permissions
+  * CVE-2024-2612 (bmo#1879444)
+    Self referencing object could have potentially led to a use-
+    after-free
+  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405,
+    bmo#1881093)
+    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
+    and Thunderbird 115.9
 
 -------------------------------------------------------------------
 Mon Feb 19 07:18:16 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>

MozillaFirefox.spec

@@ -29,8 +29,8 @@
 # major 69
 # mainver %%major.99
 %define major          115
-%define mainver        %major.9.0
-%define orig_version   115.9.0
+%define mainver        %major.12.0
+%define orig_version   115.12.0
 %define orig_suffix    esr
 %define update_channel release
 %define branding       1

firefox-115.12.0esr.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZd9scACgkQ4207E/PZ
+MnSujA/8CPJt/HWe7h11g7s3QmhbP8KR2k7XrEwZZCRvEBmD21a46JsAs/hg1Dci
+QRjtJuh5dFyKiW+H+52w5A5nPFJqE0kInvdro4ag2mwOjIYHsWw9PiGcYQ/gxmvQ
+OZqx+GqgsuAZzsg3z9IRt7faFydpwr/BIfjWnJCENU2s6/HGlUzM9oT1CLKG9aDZ
+iXxdgJ76EZTOdAUr3ZT8sDNwmFdGYxdMuKOt2MoOiZ2JZOUfHm0+mNyXQQ9z8WK7
+w0fxsntaqwF5F2ISA2G5sjG8R0cLwWM4t5xcD71UrMF8OK60HzyiA0K73mNbAoUK
+/9YJvcHOFjbVCRMkbTr05HJjricqfVWYPrzIfpMK6olmWmtu5DDtkacZkg78HPca
+4Y+k7Z8NqDDQy3EJ3p4gV116hxhAQpQNddNda1i/QO3I4gRPeNug1cbQvtvGi3Jo
+Yijw2VOODOxR525ZCvnSyM9ovT4pZjbqx8mSuMNFft5MgMdXCeW4+Kr57iOUWDXw
+sR3dOhJwUoVvsQCtlrEXUm90f/KHr/ggd1zHXaQkb9BqRR2BLLiKK6cJTpzZxvcN
+MOSNRJT4R1RkkRXCwHgwFo5MgbsEKGTQdIllneGT2J0qLqbutYfSfiDuJIzt0u73
+g8T11OyayQhc8YRbG/lKbcwXjeemPIxvnS0T5yIjNSNyD0ntIHs=
+=5hQj
+-----END PGP SIGNATURE-----

firefox-115.9.0esr.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXyisMACgkQ4207E/PZ
-MnTDRhAAmTBt2/CYTWrNfBxz71vSR/brjJJHTSavv3M/VvgQl8iLMh4DOrCX6J+I
-bAoRXjmlmv2nwUITQZgkMZ0spnhhJ9eIN4U0yBSwrBWk2Fe3sPwPWp97vdg9PsRG
-xYFIhFFLzxep/9F0Dktw8/hy6hV00utOcr9qBTlG07PQQRv5wQVCFtFtGOJYu4hi
-qTdJIvlnOj8ZEgv0cNtVmpLqbD/7hspapVfACiQ8LvgggTD33Yx/QQ1SaRRla+p9
-YOd2Mwyyb7/MZHfypM0qDvtU0uOyZp6HB0ca40L4VPfrYi42JKfmDgGuDmww1Nnk
-DPOzTWjZ57eCgAHxW5zvqu7XA6TgOT7mqRlRYv5GX+uo+YXsp4mYcaKZqwyX25P8
-c3aQfNdwSzX8K31qLlh3XaeX+xObNDus6u2paPmIkjo48nJV9Bu18/mHAQJ5p+7c
-MgtVGpiK4u8/dcpgmIpjiL/S+Srg/anjPchV3DPSusb7d3eEIpSat46u98718Zbj
-d+oM0oURd4ErtgtovsLqWkqrA/PE/qeFriZfywGvMWpUb5rhWPOsz4HLP7dAqFKi
-yLGe+U7owcffEslvpgyliuUnbef5rGxbthEKEp+uJ4iq9Hpvp6PY1Tjm3JuWC/0M
-0vhjYo/TxInfjobdS8oGolp1r1NOArXuJ6l6n/qIN9ESu75lIP8=
-=WePS
------END PGP SIGNATURE-----

tar_stamps

@@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="115.9.0"
+VERSION="115.12.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="115.8.0"
+PREV_VERSION="115.11.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115"
-RELEASE_TAG="423e963b3d9b923e3c7fae8eae2f626f02c15cf2"
-RELEASE_TIMESTAMP="20240314014136"
+RELEASE_TAG="6b05ad1f5f2dbb0d47ac169115e250ff3776289c"
+RELEASE_TIMESTAMP="20240603145132"