Sync from SUSE:SLFO:Main MozillaFirefox revision 39823842b41190d615c846c3d855318e

This commit is contained in:
Adrian Schröter 2024-06-22 10:03:56 +02:00
parent 8cde56270c
commit 66e5d0d6a3
9 changed files with 141 additions and 29 deletions

View File

@ -1,8 +1,120 @@
-------------------------------------------------------------------
Thu Jun 6 07:52:51 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Firefox Extended Support Release 115.12.0 ESR
* Fixed: Various security fixes and other quality improvements.
MFSA 2024-26 (bsc#1226027)
* MFSA-RESERVE-2024-1193389 (bmo#1193389)
Use-after-free in networking
* MFSA-RESERVE-2024-1895086 (bmo#1895086)
Use-after-free in JavaScript object transplant
* MFSA-RESERVE-2024-1883693 (bmo#1883693)
External protocol handlers leaked by timing attack
* MFSA-RESERVE-2024-1888695 (bmo#1888695)
Sandboxed iframe were able to bypass sandbox restrictions to
open a new window
* MFSA-RESERVE-2024-1891234 (bmo#1891234)
Bypass of file name restrictions during saving
* MFSA-RESERVE-2024-1891319 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* MFSA-RESERVE-2024-1896555 (bmo#1896555)
Memory Corruption in Text Fragments
* MFSA-RESERVE-2024-2 (bmo#1862809, bmo#1889355, bmo#1893388,
bmo#1895123)
Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
and Thunderbird 115.12
-------------------------------------------------------------------
Wed May 8 13:34:00 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Firefox Extended Support Release 115.11.0 ESR
* Fixed: Various security fixes and other quality improvements.
MFSA 2024-22 (bsc#1224056)
* CVE-2024-4367 (bmo#1893645)
Arbitrary JavaScript execution in PDF.js
* CVE-2024-4767 (bmo#1878577)
IndexedDB files retained in private browsing mode
* CVE-2024-4768 (bmo#1886082)
Potential permissions request bypass via clickjacking
* CVE-2024-4769 (bmo#1886108)
Cross-origin responses could be distinguished between script
and non-script content-types
* CVE-2024-4770 (bmo#1893270)
Use-after-free could occur when printing to PDF
* CVE-2024-4777 (bmo#1878199, bmo#1893340)
Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
and Thunderbird 115.11
-------------------------------------------------------------------
Tue Apr 9 10:34:07 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Firefox Extended Support Release 115.10.0 ESR
* Fixed: Various security fixes and other quality improvements.
MFSA 2024-19 (bsc#1222535)
* CVE-2024-3852 (bmo#1883542)
GetBoundName in the JIT returned the wrong object
* CVE-2024-3854 (bmo#1884552)
Out-of-bounds-read after mis-optimized switch statement
* CVE-2024-3857 (bmo#1886683)
Incorrect JITting of arguments led to use-after-free during
garbage collection
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-3859 (bmo#1874489)
Integer-overflow led to out-of-bounds-read in the OpenType
sanitizer
* CVE-2024-3861 (bmo#1883158)
Potential use-after-free due to AlignedBuffer self-move
* CVE-2024-3863 (bmo#1885855)
Download Protections were bypassed by .xrm-ms files on
Windows
* CVE-2024-3302 (bmo#1881183, https://kb.cert.org/vuls/id/421644)
Denial of Service using HTTP/2 CONTINUATION frames
* CVE-2024-3864 (bmo#1888333)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10
-------------------------------------------------------------------
Fri Mar 22 08:11:15 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Firefox Extended Support Release 115.9.1esr ESR
* Fixed: Security fix.
MFSA 2024-16 (bsc#1221850)
* CVE-2024-29944 (bmo#1886852)
Privileged JavaScript Execution via Event Handlers
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 13 08:25:10 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com> Wed Mar 13 08:25:10 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Firefox Extended Support Release 115.9.0 ESR - Firefox Extended Support Release 115.9.0 ESR
Placeholder changelog-entry (bsc#1221327) * Fixed: Various security fixes and other quality improvements.
MFSA 2024-13 (bsc#1221327)
* CVE-2024-0743 (bmo#1867408)
Crash in NSS TLS method
* CVE-2024-2605 (bmo#1872920)
Windows Error Reporter could be used as a Sandbox escape
vector
* CVE-2024-2607 (bmo#1879939)
JIT code failed to save return registers on Armv7-A
* CVE-2024-2608 (bmo#1880692)
Integer overflow could have led to out of bounds write
* CVE-2024-2616 (bmo#1846197)
Improve handling of out-of-memory conditions in ICU
* CVE-2023-5388 (bmo#1780432)
NSS susceptible to timing attack against RSA decryption
* CVE-2024-2610 (bmo#1871112)
Improper handling of html and body tags enabled CSP nonce
leakage
* CVE-2024-2611 (bmo#1876675)
Clickjacking vulnerability could have led to a user
accidentally granting permissions
* CVE-2024-2612 (bmo#1879444)
Self referencing object could have potentially led to a use-
after-free
* CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405,
bmo#1881093)
Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
and Thunderbird 115.9
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 19 07:18:16 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com> Mon Feb 19 07:18:16 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>

View File

@ -29,8 +29,8 @@
# major 69 # major 69
# mainver %%major.99 # mainver %%major.99
%define major 115 %define major 115
%define mainver %major.9.0 %define mainver %major.12.0
%define orig_version 115.9.0 %define orig_version 115.12.0
%define orig_suffix esr %define orig_suffix esr
%define update_channel release %define update_channel release
%define branding 1 %define branding 1

BIN
firefox-115.12.0esr.source.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmZd9scACgkQ4207E/PZ
MnSujA/8CPJt/HWe7h11g7s3QmhbP8KR2k7XrEwZZCRvEBmD21a46JsAs/hg1Dci
QRjtJuh5dFyKiW+H+52w5A5nPFJqE0kInvdro4ag2mwOjIYHsWw9PiGcYQ/gxmvQ
OZqx+GqgsuAZzsg3z9IRt7faFydpwr/BIfjWnJCENU2s6/HGlUzM9oT1CLKG9aDZ
iXxdgJ76EZTOdAUr3ZT8sDNwmFdGYxdMuKOt2MoOiZ2JZOUfHm0+mNyXQQ9z8WK7
w0fxsntaqwF5F2ISA2G5sjG8R0cLwWM4t5xcD71UrMF8OK60HzyiA0K73mNbAoUK
/9YJvcHOFjbVCRMkbTr05HJjricqfVWYPrzIfpMK6olmWmtu5DDtkacZkg78HPca
4Y+k7Z8NqDDQy3EJ3p4gV116hxhAQpQNddNda1i/QO3I4gRPeNug1cbQvtvGi3Jo
Yijw2VOODOxR525ZCvnSyM9ovT4pZjbqx8mSuMNFft5MgMdXCeW4+Kr57iOUWDXw
sR3dOhJwUoVvsQCtlrEXUm90f/KHr/ggd1zHXaQkb9BqRR2BLLiKK6cJTpzZxvcN
MOSNRJT4R1RkkRXCwHgwFo5MgbsEKGTQdIllneGT2J0qLqbutYfSfiDuJIzt0u73
g8T11OyayQhc8YRbG/lKbcwXjeemPIxvnS0T5yIjNSNyD0ntIHs=
=5hQj
-----END PGP SIGNATURE-----

BIN
firefox-115.9.0esr.source.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmXyisMACgkQ4207E/PZ
MnTDRhAAmTBt2/CYTWrNfBxz71vSR/brjJJHTSavv3M/VvgQl8iLMh4DOrCX6J+I
bAoRXjmlmv2nwUITQZgkMZ0spnhhJ9eIN4U0yBSwrBWk2Fe3sPwPWp97vdg9PsRG
xYFIhFFLzxep/9F0Dktw8/hy6hV00utOcr9qBTlG07PQQRv5wQVCFtFtGOJYu4hi
qTdJIvlnOj8ZEgv0cNtVmpLqbD/7hspapVfACiQ8LvgggTD33Yx/QQ1SaRRla+p9
YOd2Mwyyb7/MZHfypM0qDvtU0uOyZp6HB0ca40L4VPfrYi42JKfmDgGuDmww1Nnk
DPOzTWjZ57eCgAHxW5zvqu7XA6TgOT7mqRlRYv5GX+uo+YXsp4mYcaKZqwyX25P8
c3aQfNdwSzX8K31qLlh3XaeX+xObNDus6u2paPmIkjo48nJV9Bu18/mHAQJ5p+7c
MgtVGpiK4u8/dcpgmIpjiL/S+Srg/anjPchV3DPSusb7d3eEIpSat46u98718Zbj
d+oM0oURd4ErtgtovsLqWkqrA/PE/qeFriZfywGvMWpUb5rhWPOsz4HLP7dAqFKi
yLGe+U7owcffEslvpgyliuUnbef5rGxbthEKEp+uJ4iq9Hpvp6PY1Tjm3JuWC/0M
0vhjYo/TxInfjobdS8oGolp1r1NOArXuJ6l6n/qIN9ESu75lIP8=
=WePS
-----END PGP SIGNATURE-----

BIN
l10n-115.12.0esr.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

BIN
l10n-115.9.0esr.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,10 +1,10 @@
PRODUCT="firefox" PRODUCT="firefox"
CHANNEL="release" CHANNEL="release"
VERSION="115.9.0" VERSION="115.12.0"
VERSION_SUFFIX="esr" VERSION_SUFFIX="esr"
PREV_VERSION="115.8.0" PREV_VERSION="115.11.0"
PREV_VERSION_SUFFIX="esr" PREV_VERSION_SUFFIX="esr"
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115" RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr115"
RELEASE_TAG="423e963b3d9b923e3c7fae8eae2f626f02c15cf2" RELEASE_TAG="6b05ad1f5f2dbb0d47ac169115e250ff3776289c"
RELEASE_TIMESTAMP="20240314014136" RELEASE_TIMESTAMP="20240603145132"