- Mozilla Firefox 119.0

https://www.mozilla.org/en-US/firefox/119.0/releasenotes MFSA 2023-45 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5722 (bmo#1738426) Cross-Origin size and header leakage * CVE-2023-5723 (bmo#1802057) Invalid cookie characters could have led to unexpected errors * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5729 (bmo#1823720) Fullscreen notification dialog could have been obscured by WebAuthn prompts * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1115
2023-10-27 07:18:39 +00:00 · 2023-10-27 07:18:39 +00:00 · ea5dd3dbee
commit ea5dd3dbee
parent d3e0fd0201
9 changed files with 66 additions and 31 deletions
--- a/MozillaFirefox.changes
+++ b/MozillaFirefox.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Thu Oct 26 10:31:03 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 119.0
+  https://www.mozilla.org/en-US/firefox/119.0/releasenotes
+  MFSA 2023-45 (bsc#1216338)
+  * CVE-2023-5721 (bmo#1830820)
+    Queued up rendering could have allowed websites to clickjack
+  * CVE-2023-5722 (bmo#1738426)
+    Cross-Origin size and header leakage
+  * CVE-2023-5723 (bmo#1802057)
+    Invalid cookie characters could have led to unexpected errors
+  * CVE-2023-5724 (bmo#1836705)
+    Large WebGL draw could have led to a crash
+  * CVE-2023-5725 (bmo#1845739)
+    WebExtensions could open arbitrary URLs
+  * CVE-2023-5726 (bmo#1846205)
+    Full screen notification obscured by file open dialog on macOS
+  * CVE-2023-5727 (bmo#1847180)
+    Download Protections were bypassed by .msix, .msixbundle,
+    .appx, and .appxbundle files on Windows
+  * CVE-2023-5728 (bmo#1852729)
+    Improper object tracking during GC in the JavaScript engine
+    could have led to a crash.
+  * CVE-2023-5729 (bmo#1823720)
+    Fullscreen notification dialog could have been obscured by
+    WebAuthn prompts
+  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
+    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
+    bmo#1855306, bmo#1855640, bmo#1856695)
+    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
+    and Thunderbird 115.4.1
+  * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068)
+    Memory safety bugs fixed in Firefox 119
+- requires NSS 3.94
+
 -------------------------------------------------------------------
 Wed Oct 11 18:28:09 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/MozillaFirefox.spec
+++ b/MozillaFirefox.spec
@ -28,9 +28,9 @@
 # orig_suffix b3
 # major 69
 # mainver %%major.99
-%define major          118
-%define mainver        %major.0.2
-%define orig_version   118.0.2
+%define major          119
+%define mainver        %major.0
+%define orig_version   119.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1
@ -114,7 +114,7 @@ BuildRequires:  libiw-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  makeinfo
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.93
+BuildRequires:  mozilla-nss-devel >= 3.94
 BuildRequires:  nasm >= 2.14
 BuildRequires:  nodejs >= 12.22.12
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
@ -728,7 +728,6 @@ exit 0
 %{progdir}/fonts/
 %{progdir}/pingsender
 %{progdir}/platform.ini
-%{progdir}/plugin-container
 %if %crashreporter
 %{progdir}/crashreporter
 %{progdir}/crashreporter.ini
--- a/firefox-118.0.2.source.tar.xz
+++ b/firefox-118.0.2.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89626520f2f0f782f37c074b94690e0f08dcf416be2b992f4aad68df5d727b21
-size 520864692
--- a/firefox-118.0.2.source.tar.xz.asc
+++ b/firefox-118.0.2.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUkZ6YACgkQ4207E/PZ
-MnS+jQ/+NjazyXAXoKjAkAZPsQLxMPkd0yl2fyaLALaVpneq3Q91GiIOzvs1S/2f
-yzc6P9h9uh4x7efv7Kc5ibJl6XGNbo/t7dLr0+Cylv8YQJBraL19TKf/T8C+uIey
-Pnwave+XkwCm1QvvMvYHMiL6qSmORbLMPZ4yY+blofFOXPZUGteygzGokJrhc71n
-h1lmnJg4jresU2X10b1mpfvjZK/K+YsWABe4nMHOYhBwXWxs6BB5qQ49Ox2+dfaL
-R3+AvmiNFsNNymQ6BsXjZ7Bt4m2HqfiIc3HkSMEqN0TGfPWv58fxunvP9N3WGL7r
-98BqwyyQ+j4zYmS4UZoHmRMpieBNfxh1rsNy5bzMesAQjaX20X63kxaLWdhkdBor
-T76F+wVmBqx2oJ5OBURUiDrczFhyRte9CiF2JnLqzgIjSrQyTDZOqfE4F2QUFMlB
-FFmTNUMK8o/Q5g49a/pvD/+c0v8euB5w7MvtgUY3mNnADhjnr3RhqRWc2PLWHbn7
-6QSaDjFBCXwqwj/BzFH4wNzrrzb/yK+Z7qu8vDKuzuN/h46ftkAEcISft4u3rgLV
-JOdVqDe/S8Ok1r+hK41NmE5BpJuegr6czxJq5E/7t7t9zbXPwMTyJOEiDYAd3uOH
-rc5XgujKbtjyuEv0kEkr28QEZDN+kUJpfTOiOe3wgdvXc40s10U=
-=TJxq
-----END PGP SIGNATURE-----
--- a/firefox-119.0.source.tar.xz
+++ b/firefox-119.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f63e44194548f246e1396508800739a24c0517e65e920002a6f67ee099be39dd
+size 523093112
--- a/firefox-119.0.source.tar.xz.asc
+++ b/firefox-119.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmUxiuYACgkQ4207E/PZ
+MnT6jQ//QBROJsE4hokxuX6cI1lM0b1nl8Gmvwi0GevrF6mqQ96C2/aWevjU3pav
+m3sCiSld/n72kBYKuAkUKZHuLi4VVveZSjM/46ZBj3sgr2extlXGag8Hy5ccz0hh
+SAE78Z8qrgUFNvwUsKIRnZp+f8P7aWv5HCqa98Z4iQxgGnuufnQu1Xyn+FA2Xi7B
+8OtvDwyr9PMtgi4zi6E5rGqKrqudkKoQrppV5naMT0XoA374mq6ePzOBHNL9y9sk
+olz+uzad3hPgC5CTlVRd4t2OSERzhirVqSQKd6M5+ApEM/7NTowBmlc+QQYDOpRP
+/UM8L2cBdk2+V+KP0lFigy27RSfIw69FCIu4hpWFTfOy6cM3fF44ammjr4Hbfna6
+eY6Lwpw/0KymXVs2fUGEOwdGlKbqcPVl7lLkeFyF5KexaV33tXIRrI9e1qP/hRtm
+cNI2nl0doXS0MQ30/9jcOtfCXMrQkCJzPEUmDyvP3zZmqRjh2kqLTPtuEgSsLw/3
+IfXDaXdZYyX8/fzJa3t2cdOWKE03TdgkX0lQaLAbjRd0YXdRsLfXji7LrZvlVyS
+NxQBJg2eeqQO6Vv3zum6LgMO/s/pE5hCs90SfWIHzMBrFC6T6Bzfos/o2PTMq5eS
+t1x0NPVOVPcEUtwRTgWNYYZJaoTihb4Tatvo94ImWdZQbfLHGk0=
+=DN9M
+-----END PGP SIGNATURE-----
--- a/l10n-118.0.2.tar.xz
+++ b/l10n-118.0.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cecf0f23bdcd4ae10575451b34e575b97d957b71f38a180342d416df204202fe
-size 30167788
--- a/l10n-119.0.tar.xz
+++ b/l10n-119.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:411c128505c49ebcb462a1bb0cce3402624cbbb06a6cc222f7249c212e474719
+size 30476444
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="118.0.2"
+VERSION="119.0"
 VERSION_SUFFIX=""
-PREV_VERSION="118.0.1"
+PREV_VERSION="118.0.2"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
-RELEASE_TAG="e26ce7fb8b2358ad45a84d34b1f5b6a1cc59d7fb"
-RELEASE_TIMESTAMP="20231009140911"
+RELEASE_TAG="6a78abe63b7e7aa191341b42ef4f2168bdf0fc89"
+RELEASE_TIMESTAMP="20231019122658"