Sync from SUSE:SLFO:Main MozillaFirefox revision 39823842b41190d615c846c3d855318e
This commit is contained in:
parent
8cde56270c
commit
66e5d0d6a3
@ -1,8 +1,120 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 6 07:52:51 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||||
|
|
||||||
|
- Firefox Extended Support Release 115.12.0 ESR
|
||||||
|
* Fixed: Various security fixes and other quality improvements.
|
||||||
|
MFSA 2024-26 (bsc#1226027)
|
||||||
|
* MFSA-RESERVE-2024-1193389 (bmo#1193389)
|
||||||
|
Use-after-free in networking
|
||||||
|
* MFSA-RESERVE-2024-1895086 (bmo#1895086)
|
||||||
|
Use-after-free in JavaScript object transplant
|
||||||
|
* MFSA-RESERVE-2024-1883693 (bmo#1883693)
|
||||||
|
External protocol handlers leaked by timing attack
|
||||||
|
* MFSA-RESERVE-2024-1888695 (bmo#1888695)
|
||||||
|
Sandboxed iframe were able to bypass sandbox restrictions to
|
||||||
|
open a new window
|
||||||
|
* MFSA-RESERVE-2024-1891234 (bmo#1891234)
|
||||||
|
Bypass of file name restrictions during saving
|
||||||
|
* MFSA-RESERVE-2024-1891319 (bmo#1891319)
|
||||||
|
Cross-Origin Image leak via Offscreen Canvas
|
||||||
|
* MFSA-RESERVE-2024-1896555 (bmo#1896555)
|
||||||
|
Memory Corruption in Text Fragments
|
||||||
|
* MFSA-RESERVE-2024-2 (bmo#1862809, bmo#1889355, bmo#1893388,
|
||||||
|
bmo#1895123)
|
||||||
|
Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
|
||||||
|
and Thunderbird 115.12
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 8 13:34:00 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||||
|
|
||||||
|
- Firefox Extended Support Release 115.11.0 ESR
|
||||||
|
* Fixed: Various security fixes and other quality improvements.
|
||||||
|
MFSA 2024-22 (bsc#1224056)
|
||||||
|
* CVE-2024-4367 (bmo#1893645)
|
||||||
|
Arbitrary JavaScript execution in PDF.js
|
||||||
|
* CVE-2024-4767 (bmo#1878577)
|
||||||
|
IndexedDB files retained in private browsing mode
|
||||||
|
* CVE-2024-4768 (bmo#1886082)
|
||||||
|
Potential permissions request bypass via clickjacking
|
||||||
|
* CVE-2024-4769 (bmo#1886108)
|
||||||
|
Cross-origin responses could be distinguished between script
|
||||||
|
and non-script content-types
|
||||||
|
* CVE-2024-4770 (bmo#1893270)
|
||||||
|
Use-after-free could occur when printing to PDF
|
||||||
|
* CVE-2024-4777 (bmo#1878199, bmo#1893340)
|
||||||
|
Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
|
||||||
|
and Thunderbird 115.11
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 9 10:34:07 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||||
|
|
||||||
|
- Firefox Extended Support Release 115.10.0 ESR
|
||||||
|
* Fixed: Various security fixes and other quality improvements.
|
||||||
|
MFSA 2024-19 (bsc#1222535)
|
||||||
|
* CVE-2024-3852 (bmo#1883542)
|
||||||
|
GetBoundName in the JIT returned the wrong object
|
||||||
|
* CVE-2024-3854 (bmo#1884552)
|
||||||
|
Out-of-bounds-read after mis-optimized switch statement
|
||||||
|
* CVE-2024-3857 (bmo#1886683)
|
||||||
|
Incorrect JITting of arguments led to use-after-free during
|
||||||
|
garbage collection
|
||||||
|
* CVE-2024-2609 (bmo#1866100)
|
||||||
|
Permission prompt input delay could expire when not in focus
|
||||||
|
* CVE-2024-3859 (bmo#1874489)
|
||||||
|
Integer-overflow led to out-of-bounds-read in the OpenType
|
||||||
|
sanitizer
|
||||||
|
* CVE-2024-3861 (bmo#1883158)
|
||||||
|
Potential use-after-free due to AlignedBuffer self-move
|
||||||
|
* CVE-2024-3863 (bmo#1885855)
|
||||||
|
Download Protections were bypassed by .xrm-ms files on
|
||||||
|
Windows
|
||||||
|
* CVE-2024-3302 (bmo#1881183, https://kb.cert.org/vuls/id/421644)
|
||||||
|
Denial of Service using HTTP/2 CONTINUATION frames
|
||||||
|
* CVE-2024-3864 (bmo#1888333)
|
||||||
|
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
|
||||||
|
and Thunderbird 115.10
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 22 08:11:15 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||||
|
|
||||||
|
- Firefox Extended Support Release 115.9.1esr ESR
|
||||||
|
* Fixed: Security fix.
|
||||||
|
MFSA 2024-16 (bsc#1221850)
|
||||||
|
* CVE-2024-29944 (bmo#1886852)
|
||||||
|
Privileged JavaScript Execution via Event Handlers
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 13 08:25:10 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
Wed Mar 13 08:25:10 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||||
|
|
||||||
- Firefox Extended Support Release 115.9.0 ESR
|
- Firefox Extended Support Release 115.9.0 ESR
|
||||||
Placeholder changelog-entry (bsc#1221327)
|
* Fixed: Various security fixes and other quality improvements.
|
||||||
|
MFSA 2024-13 (bsc#1221327)
|
||||||
|
* CVE-2024-0743 (bmo#1867408)
|
||||||
|
Crash in NSS TLS method
|
||||||
|
* CVE-2024-2605 (bmo#1872920)
|
||||||
|
Windows Error Reporter could be used as a Sandbox escape
|
||||||
|
vector
|
||||||
|
* CVE-2024-2607 (bmo#1879939)
|
||||||
|
JIT code failed to save return registers on Armv7-A
|
||||||
|
* CVE-2024-2608 (bmo#1880692)
|
||||||
|
Integer overflow could have led to out of bounds write
|
||||||
|
* CVE-2024-2616 (bmo#1846197)
|
||||||
|
Improve handling of out-of-memory conditions in ICU
|
||||||
|
* CVE-2023-5388 (bmo#1780432)
|
||||||
|
NSS susceptible to timing attack against RSA decryption
|
||||||
|
* CVE-2024-2610 (bmo#1871112)
|
||||||
|
Improper handling of html and body tags enabled CSP nonce
|
||||||
|
leakage
|
||||||
|
* CVE-2024-2611 (bmo#1876675)
|
||||||
|
Clickjacking vulnerability could have led to a user
|
||||||
|
accidentally granting permissions
|
||||||
|
* CVE-2024-2612 (bmo#1879444)
|
||||||
|
Self referencing object could have potentially led to a use-
|
||||||
|
after-free
|
||||||
|
* CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405,
|
||||||
|
bmo#1881093)
|
||||||
|
Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
|
||||||
|
and Thunderbird 115.9
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 19 07:18:16 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
Mon Feb 19 07:18:16 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||||
|
@ -29,8 +29,8 @@
|
|||||||
# major 69
|
# major 69
|
||||||
# mainver %%major.99
|
# mainver %%major.99
|
||||||
%define major 115
|
%define major 115
|
||||||
%define mainver %major.9.0
|
%define mainver %major.12.0
|
||||||
%define orig_version 115.9.0
|
%define orig_version 115.12.0
|
||||||
%define orig_suffix esr
|
%define orig_suffix esr
|
||||||
%define update_channel release
|
%define update_channel release
|
||||||
%define branding 1
|
%define branding 1
|
||||||
|
BIN
firefox-115.12.0esr.source.tar.xz
(Stored with Git LFS)
Normal file
BIN
firefox-115.12.0esr.source.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
firefox-115.12.0esr.source.tar.xz.asc
Normal file
16
firefox-115.12.0esr.source.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZd9scACgkQ4207E/PZ
|
||||||
|
MnSujA/8CPJt/HWe7h11g7s3QmhbP8KR2k7XrEwZZCRvEBmD21a46JsAs/hg1Dci
|
||||||
|
QRjtJuh5dFyKiW+H+52w5A5nPFJqE0kInvdro4ag2mwOjIYHsWw9PiGcYQ/gxmvQ
|
||||||
|
OZqx+GqgsuAZzsg3z9IRt7faFydpwr/BIfjWnJCENU2s6/HGlUzM9oT1CLKG9aDZ
|
||||||
|
iXxdgJ76EZTOdAUr3ZT8sDNwmFdGYxdMuKOt2MoOiZ2JZOUfHm0+mNyXQQ9z8WK7
|
||||||
|
w0fxsntaqwF5F2ISA2G5sjG8R0cLwWM4t5xcD71UrMF8OK60HzyiA0K73mNbAoUK
|
||||||
|
/9YJvcHOFjbVCRMkbTr05HJjricqfVWYPrzIfpMK6olmWmtu5DDtkacZkg78HPca
|
||||||
|
4Y+k7Z8NqDDQy3EJ3p4gV116hxhAQpQNddNda1i/QO3I4gRPeNug1cbQvtvGi3Jo
|
||||||
|
Yijw2VOODOxR525ZCvnSyM9ovT4pZjbqx8mSuMNFft5MgMdXCeW4+Kr57iOUWDXw
|
||||||
|
sR3dOhJwUoVvsQCtlrEXUm90f/KHr/ggd1zHXaQkb9BqRR2BLLiKK6cJTpzZxvcN
|
||||||
|
MOSNRJT4R1RkkRXCwHgwFo5MgbsEKGTQdIllneGT2J0qLqbutYfSfiDuJIzt0u73
|
||||||
|
g8T11OyayQhc8YRbG/lKbcwXjeemPIxvnS0T5yIjNSNyD0ntIHs=
|
||||||
|
=5hQj
|
||||||
|
-----END PGP SIGNATURE-----
|
BIN
firefox-115.9.0esr.source.tar.xz
(Stored with Git LFS)
BIN
firefox-115.9.0esr.source.tar.xz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXyisMACgkQ4207E/PZ
|
|
||||||
MnTDRhAAmTBt2/CYTWrNfBxz71vSR/brjJJHTSavv3M/VvgQl8iLMh4DOrCX6J+I
|
|
||||||
bAoRXjmlmv2nwUITQZgkMZ0spnhhJ9eIN4U0yBSwrBWk2Fe3sPwPWp97vdg9PsRG
|
|
||||||
xYFIhFFLzxep/9F0Dktw8/hy6hV00utOcr9qBTlG07PQQRv5wQVCFtFtGOJYu4hi
|
|
||||||
qTdJIvlnOj8ZEgv0cNtVmpLqbD/7hspapVfACiQ8LvgggTD33Yx/QQ1SaRRla+p9
|
|
||||||
YOd2Mwyyb7/MZHfypM0qDvtU0uOyZp6HB0ca40L4VPfrYi42JKfmDgGuDmww1Nnk
|
|
||||||
DPOzTWjZ57eCgAHxW5zvqu7XA6TgOT7mqRlRYv5GX+uo+YXsp4mYcaKZqwyX25P8
|
|
||||||
c3aQfNdwSzX8K31qLlh3XaeX+xObNDus6u2paPmIkjo48nJV9Bu18/mHAQJ5p+7c
|
|
||||||
MgtVGpiK4u8/dcpgmIpjiL/S+Srg/anjPchV3DPSusb7d3eEIpSat46u98718Zbj
|
|
||||||
d+oM0oURd4ErtgtovsLqWkqrA/PE/qeFriZfywGvMWpUb5rhWPOsz4HLP7dAqFKi
|
|
||||||
yLGe+U7owcffEslvpgyliuUnbef5rGxbthEKEp+uJ4iq9Hpvp6PY1Tjm3JuWC/0M
|
|
||||||
0vhjYo/TxInfjobdS8oGolp1r1NOArXuJ6l6n/qIN9ESu75lIP8=
|
|
||||||
=WePS
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
l10n-115.12.0esr.tar.xz
(Stored with Git LFS)
Normal file
BIN
l10n-115.12.0esr.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
l10n-115.9.0esr.tar.xz
(Stored with Git LFS)
BIN
l10n-115.9.0esr.tar.xz
(Stored with Git LFS)
Binary file not shown.
@ -1,10 +1,10 @@
|
|||||||
PRODUCT="firefox"
|
PRODUCT="firefox"
|
||||||
CHANNEL="release"
|
CHANNEL="release"
|
||||||
VERSION="115.9.0"
|
VERSION="115.12.0"
|
||||||
VERSION_SUFFIX="esr"
|
VERSION_SUFFIX="esr"
|
||||||
PREV_VERSION="115.8.0"
|
PREV_VERSION="115.11.0"
|
||||||
PREV_VERSION_SUFFIX="esr"
|
PREV_VERSION_SUFFIX="esr"
|
||||||
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
|
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
|
||||||
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115"
|
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115"
|
||||||
RELEASE_TAG="423e963b3d9b923e3c7fae8eae2f626f02c15cf2"
|
RELEASE_TAG="6b05ad1f5f2dbb0d47ac169115e250ff3776289c"
|
||||||
RELEASE_TIMESTAMP="20240314014136"
|
RELEASE_TIMESTAMP="20240603145132"
|
||||||
|
Loading…
Reference in New Issue
Block a user