From 3b2b98176ac7267b7611ef82c264c78a48501d54c47e1811d420c35e672d2f79 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 23 Apr 2024 06:12:35 +0000 Subject: [PATCH 1/2] Accepting request 1169748 from home:AndreasStieger:branches:mozilla:Factory Mozilla Firefox 125.0.2 OBS-URL: https://build.opensuse.org/request/show/1169748 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1145 --- MozillaFirefox.changes | 125 +++++++++++++++++++++++++++ MozillaFirefox.spec | 11 +-- firefox-124.0.2.source.tar.xz | 3 - firefox-124.0.2.source.tar.xz.asc | 16 ---- firefox-125.0.2.source.tar.xz | 3 + firefox-125.0.2.source.tar.xz.asc | 16 ++++ l10n-124.0.2.tar.xz | 3 - l10n-125.0.2.tar.xz | 3 + mozilla-kde.patch | 15 ++-- mozilla-libproxy-fix.patch | 25 ++++++ mozilla-silence-no-return-type.patch | 12 +-- tar_stamps | 8 +- 12 files changed, 197 insertions(+), 43 deletions(-) delete mode 100644 firefox-124.0.2.source.tar.xz delete mode 100644 firefox-124.0.2.source.tar.xz.asc create mode 100644 firefox-125.0.2.source.tar.xz create mode 100644 firefox-125.0.2.source.tar.xz.asc delete mode 100644 l10n-124.0.2.tar.xz create mode 100644 l10n-125.0.2.tar.xz create mode 100644 mozilla-libproxy-fix.patch diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 03b33b59..216c6284 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,3 +1,128 @@ +------------------------------------------------------------------- +Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer + +- Mozilla Firefox 125.0.2 + * The 125.0 and 125.0.1 releases were skipped due to problems + with a feature that proactively blocked downloads from + potentially untrustworthy URLs. + * New: Firefox now supports the AV1 codec for Encrypted Media + Extensions (EME), enabling higher-quality playback from video + streaming providers + * New: The Firefox PDF viewer now supports text highlighting. + * New: Firefox View now displays pinned tabs in the Open tabs + section. Tab indicators have also been added to Open tabs, so + users can do things like see which tabs are playing media and + quickly mute or unmute across windows. Indicators were also + added for bookmarks, tabs with notifications, and more! + their addresses upon submitting an address form, allowing + Firefox to autofill stored address information in the future. + * New: The URL Paste Suggestion feature provides a convenient + way for users to quickly visit URLs copied to the clipboard + in the address bar of Firefox. When the clipboard contains a + URL and the URL bar is focused, an autocomplete result + appears automatically. Activating the clipboard suggestion + will navigate the user to the URL with 1 click. + * New: Users of tab-specific Container add-ons can now search + in the Address Bar for tabs that are open in different + containers. Special thanks to volunteer contributor atararx + for kicking off the work on this feature! + * New: Firefox now provides an option to enable Web Proxy Auto- + Discovery (WPAD) while configured to use system proxy + settings. + * Changed: In a group of radio buttons where no option is + selected, the tab key now only reaches the first option + rather than cycling through all available options. The arrow + keys navigate between options as they do when there is a + selected option. This makes keyboard navigation more + efficient and consistent + * HTML5: Firefox now supports the `popover` global attribute + used for designating an element as a popover element. The + element won't be rendered until it is made visible, after + which it will appear on top of other page content. + * HTML5: WebAssembly multi-memory is now enabled by default. + Wasm multi-memory allows wasm modules to use and import + multiple independent linear memories. This enables more + efficient interoperability between modules and provides + better polyfills for upcoming wasm standards, such as the + component model. + * HTML5: Added support for Unicode Text Segmentation to + JavaScript. + * HTML5: Added support for `contextlost` and `contextrestored` + events on HTMLCanvasElement and OffscreenCanvas to allow user + code to recover from context loss with hardware accelerated + 2d canvas. + * HTML5: Firefox now supports the + `navigator.clipboard.readText()` web API. A paste context + menu will appear for the user to confirm when attempting to + read clipboard data not provided by the same-origin page. + * HTML5: Added support for the `content-box` and `stroke-box` + keywords of the `transform-box` CSS property. + * HTML5: The `align-content` property now works in block + layout, allowing block direction alignment without needing a + flex or grid container. + * HTML5: Support for `SVGAElement.text` was removed in favor of + the more widely-implemented `SVGAElement.textContent` method. + * Developer: Following several requests, we have reintroduced + the option to disable the Pause Debugger Overlay + (`devtools.debugger.features.overlay`). This overlay appears + over the page content when the debugger pauses JavaScript + execution. In certain scenarios, the overlay can be + intrusive, making it challenging to interact with the page, + for instance, evaluating shades of color underneath. + * Developer: We've added a new drop-down menu button at the + bottom of the source view in the Debugger panel, specifically + designed for Source Map related actions. Users can now easily + disable or enable Source Maps support, open the Source Map + file in a new tab, switch between the original source and the + generated bundle, toggle the "open original source by + default" option, and view the Source Map status such as + errors, loading status, etc. + MFSA 2024-18 (bsc#1221327) + * CVE-2024-3852 (bmo#1883542) + GetBoundName in the JIT returned the wrong object + * CVE-2024-3853 (bmo#1884427) + Use-after-free if garbage collection runs during realm + initialization + * CVE-2024-3854 (bmo#1884552) + Out-of-bounds-read after mis-optimized switch statement + * CVE-2024-3855 (bmo#1885828) + Incorrect JIT optimization of MSubstr leads to out-of-bounds + reads + * CVE-2024-3856 (bmo#1885829) + Use-after-free in WASM garbage collection + * CVE-2024-3857 (bmo#1886683) + Incorrect JITting of arguments led to use-after-free during + garbage collection + * CVE-2024-3858 (bmo#1888892) + Corrupt pointer dereference in + js::CheckTracedThing + * CVE-2024-3859 (bmo#1874489) + Integer-overflow led to out-of-bounds-read in the OpenType + sanitizer + * CVE-2024-3860 (bmo#1881417) + Crash when tracing empty shape lists + * CVE-2024-3861 (bmo#1883158) + Potential use-after-free due to AlignedBuffer self-move + * CVE-2024-3862 (bmo#1884457) + Potential use of uninitialized memory in MarkStack assignment + operator on self-assignment + * CVE-2024-3863 (bmo#1885855) + Download Protections were bypassed by .xrm-ms files on + Windows + * CVE-2024-3302 (bmo#1881183, + bmo#https://kb.cert.org/vuls/id/421644) + Denial of Service using HTTP/2 CONTINUATION frames + * CVE-2024-3864 (bmo#1888333) + Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, + and Thunderbird 115.10 + * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, + bmo#1889049) + Memory safety bugs fixed in Firefox 125 +- requires + NSS 3.99 + rust 1.76 +- add mozilla-libproxy-fix.patch to fix with-libproxy build variant + ------------------------------------------------------------------- Wed Apr 3 12:50:27 UTC 2024 - Martin Sirringhaus diff --git a/MozillaFirefox.spec b/MozillaFirefox.spec index 11de94d9..8e0572d7 100644 --- a/MozillaFirefox.spec +++ b/MozillaFirefox.spec @@ -28,9 +28,9 @@ # orig_suffix b3 # major 69 # mainver %%major.99 -%define major 124 +%define major 125 %define mainver %major.0.2 -%define orig_version 124.0.2 +%define orig_version 125.0.2 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -103,8 +103,8 @@ BuildRequires: gcc12-c++ %else BuildRequires: gcc-c++ %endif -BuildRequires: cargo1.71 -BuildRequires: rust1.71 +BuildRequires: cargo1.76 +BuildRequires: rust1.76 %if 0%{useccache} != 0 BuildRequires: ccache %endif @@ -114,7 +114,7 @@ BuildRequires: libiw-devel BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.35 -BuildRequires: mozilla-nss-devel >= 3.98 +BuildRequires: mozilla-nss-devel >= 3.99 BuildRequires: nasm >= 2.14 BuildRequires: nodejs >= 12.22.12 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 @@ -229,6 +229,7 @@ Patch21: svg-rendering.patch Patch22: mozilla-partial-revert-1768632.patch Patch23: mozilla-rust-disable-future-incompat.patch Patch24: mozilla-bmo1822730.patch +Patch25: mozilla-libproxy-fix.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch diff --git a/firefox-124.0.2.source.tar.xz b/firefox-124.0.2.source.tar.xz deleted file mode 100644 index 932af37e..00000000 --- a/firefox-124.0.2.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a6526d3540e19c8875cb7364e4490436c189478d375c4cb5216b0414e4b2d91c -size 555223648 diff --git a/firefox-124.0.2.source.tar.xz.asc b/firefox-124.0.2.source.tar.xz.asc deleted file mode 100644 index 25e381b3..00000000 --- a/firefox-124.0.2.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmYK0koACgkQ4207E/PZ -MnRBKg/+JHNrEx1oOwz8RYYwsP5Cw14VSdVC+na8fKfWdpeXPUnD5/qJ+Qx4ZSVp -4JcHQrB43qckNwswIcVz3Xl/1WbUDMVYzKNk/hIUYO4mWAcqmo7y8RYPEFYuCkPn -5JIHJo35r3Hl+KJNDctV1dQhw2yAvXXQxDRmD7hqVJhkQQ3+At77lt+doTrth8yb -zBx3dBleD7RPU/nS9ry/i3S2kGluG6bjyDbp6wCI8P1jSVguOdBvo5uOGr00v9yX -Bdx0efp81ouz7jsv+gOyZS8EaV6M0+F5fyyw6MZcxbEZ/jsCMW1wICeJBTDVg8Zh -oJPd7yXsFpFbHE7o6tyzEUgoM/0bqgIneWLVuc5RZj0khxIK+puRJMOqMeuK6pzo -V8Vr/1KYYoi4kkI2a1asmai0X71cWgSP250Feb/n9af7LNoPp4SaxkWJK7wPzSEu -04dojP58Eod1xifQTZKpptsPF4JLXy7+hpFvjk4SvOTlGhEgKyN1/8zK6sOhr0gi -uuFcD5CSMjnFzeRIi8d6XzfPfmGWrz/VhzqG+3QCZ7g26N6rKY/YECaFLxGWOmMN -BKn11wAVLqnsJoWaijxsu9sTyPC33p1FgHjSfsbggqFtIjSitRy1XUcGZ+RMHlGO -/gwVKVDY1xG+0It2vRN2vv2SdBwBSmp3fyJzXmUfRBXtodlZqEk= -=Upqq ------END PGP SIGNATURE----- diff --git a/firefox-125.0.2.source.tar.xz b/firefox-125.0.2.source.tar.xz new file mode 100644 index 00000000..c4264e4a --- /dev/null +++ b/firefox-125.0.2.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:69d0563361bab375407b25430c782346bec7623f3f1005e7dc505351ac69f799 +size 544666944 diff --git a/firefox-125.0.2.source.tar.xz.asc b/firefox-125.0.2.source.tar.xz.asc new file mode 100644 index 00000000..d5678000 --- /dev/null +++ b/firefox-125.0.2.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmYitoYACgkQ4207E/PZ +MnQ0bBAAtYGIsLtC7teA3ehMAnoRY1GugWfQDxVOvP6WyvrpwCKrVCwTaW8w8FU+ +lF3uA9PrpJWX4bY2lW+1rAAR/Bn7Tv7OgT+sHlEjQCG3tsHgtc1RmhaWPDWsOKdm +tuv9wbCcmNPMuBue7H/edaIEKvtgzZrttYA5QKFAojgHwAAQa1/xyJqL6Ew4lu/7 +nC9ixAMteMt6iCG0T59VO6CfyALwQhtW0fTZkAzKGn66kMyejeVCO/+6SCFNE2zB +u7vn1Sbo1KkkRR5y+NQByzTtAUl1IsAgLV7pL1hVaReo2UoNZ85fZHdMBXxjrS7z +z3YXATzCo8yzFXiPplV7nqMG9r4ce81G91c/jTu/iSZRbcANqei3XsUCkb4s1UyD +mnB0ZU0eSoAgs+ikg/3ABCvYhMatorTdopSNWDiZ4lVHAz7YZUsONFBq1Y1UqU6H +mCAPNChdUhcikTLIo16XXsD9iePKs4Wj8clhpriGSsY49agfTO4c85Ff10Jg/Sf+ +fZ3qKda+M7/DoQtcU/ckEHYw8ZN+rbUHYT97QBQZkoEO312TCr8HkUPIDYK4DLrI +G9bpbJ2kLUlB2cQ6yRWVxAcYp8hv4q0JZUF5mvaQJxQdBWetwQFPJPRRRSbYsj3D +M5VTtmBEVsJmHSdDwlUuOzy8+y0CeH0Tp4YKrAEdkQ2K+50Y3to= +=H/Mp +-----END PGP SIGNATURE----- diff --git a/l10n-124.0.2.tar.xz b/l10n-124.0.2.tar.xz deleted file mode 100644 index 301d0452..00000000 --- a/l10n-124.0.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5a2654acb77950eb3b18d4418cf338194e838a0f3dbd26dff52ede3d6c7cb18 -size 32588820 diff --git a/l10n-125.0.2.tar.xz b/l10n-125.0.2.tar.xz new file mode 100644 index 00000000..aef35497 --- /dev/null +++ b/l10n-125.0.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:67744c91e271a3e28c59a5b7d4136c0f338fdee73c633ebfcb350cb9a05a4df7 +size 31332840 diff --git a/mozilla-kde.patch b/mozilla-kde.patch index ee0d6c6a..bf2723ea 100644 --- a/mozilla-kde.patch +++ b/mozilla-kde.patch @@ -155,7 +155,7 @@ diff --git a/toolkit/components/downloads/moz.build b/toolkit/components/downloa diff --git a/toolkit/mozapps/downloads/HelperAppDlg.sys.mjs b/toolkit/mozapps/downloads/HelperAppDlg.sys.mjs --- a/toolkit/mozapps/downloads/HelperAppDlg.sys.mjs +++ b/toolkit/mozapps/downloads/HelperAppDlg.sys.mjs -@@ -1241,36 +1241,66 @@ nsUnknownContentTypeDialog.prototype = { +@@ -1227,36 +1227,66 @@ nsUnknownContentTypeDialog.prototype = { params.handlerApp && params.handlerApp.executable && params.handlerApp.executable.isFile() @@ -238,7 +238,7 @@ diff --git a/toolkit/mozapps/downloads/HelperAppDlg.sys.mjs b/toolkit/mozapps/do var nsIFilePicker = Ci.nsIFilePicker; var fp = Cc["@mozilla.org/filepicker;1"].createInstance(nsIFilePicker); fp.init( - this.mDialog, + this.mDialog.browsingContext, this.dialogElement("strings").getString("chooseAppFilePickerTitle"), nsIFilePicker.modeOpen ); @@ -283,7 +283,7 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) { // dbus prevents us from being threadsafe, but this routine should not block // anyhow -@@ -388,21 +392,46 @@ nsresult nsUnixSystemProxySettings::GetP +@@ -388,24 +392,49 @@ nsresult nsUnixSystemProxySettings::GetP return NS_OK; } @@ -325,11 +325,14 @@ diff --git a/toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp b/toolkit/sy + return NS_OK; +} + + NS_IMETHODIMP + nsUnixSystemProxySettings::GetSystemWPADSetting(bool* aSystemWPADSetting) { + *aSystemWPADSetting = false; + return NS_OK; + } + NS_IMPL_COMPONENT_FACTORY(nsUnixSystemProxySettings) { auto result = MakeRefPtr(); - result->Init(); - return result.forget().downcast(); - } diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build --- a/toolkit/xre/moz.build +++ b/toolkit/xre/moz.build diff --git a/mozilla-libproxy-fix.patch b/mozilla-libproxy-fix.patch new file mode 100644 index 00000000..3789564a --- /dev/null +++ b/mozilla-libproxy-fix.patch @@ -0,0 +1,25 @@ +# HG changeset patch +# User Wolfgang Rosenauer +# Parent 302a32e4a14475d3bae305decad92870ec37bbe5 + +diff --git a/toolkit/system/unixproxy/nsLibProxySettings.cpp b/toolkit/system/unixproxy/nsLibProxySettings.cpp +--- a/toolkit/system/unixproxy/nsLibProxySettings.cpp ++++ b/toolkit/system/unixproxy/nsLibProxySettings.cpp +@@ -94,11 +94,17 @@ nsresult nsUnixSystemProxySettings::GetP + + c++; + } + + free(proxyArray); + return NS_OK; + } + ++NS_IMETHODIMP ++nsUnixSystemProxySettings::GetSystemWPADSetting(bool* aSystemWPADSetting) { ++ *aSystemWPADSetting = false; ++ return NS_OK; ++} ++ + NS_IMPL_COMPONENT_FACTORY(nsUnixSystemProxySettings) { + return do_AddRef(new nsUnixSystemProxySettings()).downcast(); + } diff --git a/mozilla-silence-no-return-type.patch b/mozilla-silence-no-return-type.patch index 3c7a0837..d4436719 100644 --- a/mozilla-silence-no-return-type.patch +++ b/mozilla-silence-no-return-type.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 831d03cde86aa6b8803d5ac431e2d28bf85c9289 +# Parent af0655f894a27ef60aa8438af7939a5ebc498df0 diff --git a/gfx/skia/skia/include/codec/SkEncodedOrigin.h b/gfx/skia/skia/include/codec/SkEncodedOrigin.h --- a/gfx/skia/skia/include/codec/SkEncodedOrigin.h @@ -420,7 +420,7 @@ diff --git a/intl/icu/source/i18n/number_rounding.cpp b/intl/icu/source/i18n/num diff --git a/js/src/irregexp/imported/regexp-parser.cc b/js/src/irregexp/imported/regexp-parser.cc --- a/js/src/irregexp/imported/regexp-parser.cc +++ b/js/src/irregexp/imported/regexp-parser.cc -@@ -2644,16 +2644,17 @@ bool MayContainStrings(ClassSetOperandTy +@@ -2764,16 +2764,17 @@ bool MayContainStrings(ClassSetOperandTy return false; case ClassSetOperandType::kCharacterClassEscape: case ClassSetOperandType::kClassStringDisjunction: @@ -434,10 +434,10 @@ diff --git a/js/src/irregexp/imported/regexp-parser.cc b/js/src/irregexp/importe } // namespace - // TODO(v8:11935): Change permalink once proposal is in stage 4. - // https://arai-a.github.io/ecma262-compare/snapshot.html?pr=2418#prod-ClassUnion template - RegExpTree* RegExpParserImpl::ParseClassUnion( + void RegExpParserImpl::AddMaybeSimpleCaseFoldedRange( + ZoneList* ranges, CharacterRange new_range) { + DCHECK(unicode_sets()); diff --git a/third_party/libwebrtc/api/adaptation/resource.cc b/third_party/libwebrtc/api/adaptation/resource.cc --- a/third_party/libwebrtc/api/adaptation/resource.cc +++ b/third_party/libwebrtc/api/adaptation/resource.cc @@ -684,7 +684,7 @@ diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwe diff --git a/third_party/libwebrtc/media/base/codec.cc b/third_party/libwebrtc/media/base/codec.cc --- a/third_party/libwebrtc/media/base/codec.cc +++ b/third_party/libwebrtc/media/base/codec.cc -@@ -201,16 +201,17 @@ bool Codec::Matches(const Codec& codec, +@@ -200,16 +200,17 @@ bool Codec::Matches(const Codec& codec) (codec.bitrate == 0 || bitrate <= 0 || bitrate == codec.bitrate) && ((codec.channels < 2 && channels < 2) || diff --git a/tar_stamps b/tar_stamps index ce0e85a6..1dcf38f1 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="124.0.2" +VERSION="125.0.2" VERSION_SUFFIX="" -PREV_VERSION="124.0.1" +PREV_VERSION="125.0.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release" -RELEASE_TAG="2718fafaf6b2e4137cff8a71794487d25057e688" -RELEASE_TIMESTAMP="20240401114208" +RELEASE_TAG="c5ee44e4135571bec3220340242f9189c59ca5ba" +RELEASE_TIMESTAMP="20240419144423" From 32b276a2577d2c170c4b078f5213b60fb86026dfd789eb6d8a0b4756b4f48702 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 24 Apr 2024 07:40:26 +0000 Subject: [PATCH 2/2] * The 125.0 and 125.0.1 releases were skipped due to problems with a feature that proactively blocked downloads from potentially untrustworthy URLs Use-after-free if garbage collection runs during realm initialization Incorrect JIT optimization of MSubstr leads to out-of-bounds reads Corrupt pointer dereference in js::CheckTracedThing Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1146 --- MozillaFirefox.changes | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 216c6284..f0e95294 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -2,9 +2,9 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer - Mozilla Firefox 125.0.2 - * The 125.0 and 125.0.1 releases were skipped due to problems - with a feature that proactively blocked downloads from - potentially untrustworthy URLs. + * The 125.0 and 125.0.1 releases were skipped due to problems with a + feature that proactively blocked downloads from potentially + untrustworthy URLs * New: Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers @@ -81,21 +81,18 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer * CVE-2024-3852 (bmo#1883542) GetBoundName in the JIT returned the wrong object * CVE-2024-3853 (bmo#1884427) - Use-after-free if garbage collection runs during realm - initialization + Use-after-free if garbage collection runs during realm initialization * CVE-2024-3854 (bmo#1884552) Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3855 (bmo#1885828) - Incorrect JIT optimization of MSubstr leads to out-of-bounds - reads + Incorrect JIT optimization of MSubstr leads to out-of-bounds reads * CVE-2024-3856 (bmo#1885829) Use-after-free in WASM garbage collection * CVE-2024-3857 (bmo#1886683) Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-3858 (bmo#1888892) - Corrupt pointer dereference in - js::CheckTracedThing + Corrupt pointer dereference in js::CheckTracedThing * CVE-2024-3859 (bmo#1874489) Integer-overflow led to out-of-bounds-read in the OpenType sanitizer @@ -107,16 +104,14 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer Potential use of uninitialized memory in MarkStack assignment operator on self-assignment * CVE-2024-3863 (bmo#1885855) - Download Protections were bypassed by .xrm-ms files on - Windows + Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302 (bmo#1881183, bmo#https://kb.cert.org/vuls/id/421644) Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864 (bmo#1888333) Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 - * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, - bmo#1889049) + * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) Memory safety bugs fixed in Firefox 125 - requires NSS 3.99