- Mozilla Firefox 141.0.2
* Fixed a startup crash experienced by some Linux users with outdated
NVIDIA drivers. (bmo#1978911)
* Fixed a regression that caused canvas objects to be draggable,
causing web compatibility issues. (bmo#1978673)
* Fixed a crash in the Web Developer Tools panel that could occur
when inspecting pages with <iframe> elements. (bmo#1975277)
* Fixed minor visual issues across the user interface.
(bmo#1974269, bmo#1976031, bmo#1974876, bmo#1976701)
* Firefox wouldn't start on some systems where GTK+ was built
without Wayland support. (bmo#1978620)
* Fixed an issue where clicking a pinned tab could steal focus from
the content area, disrupting keyboard navigation. (bmo#1977005)
OBS-URL: https://build.opensuse.org/request/show/1298105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=463
* Fixed a startup crash experienced by some Linux users with outdated
NVIDIA drivers. (bmo#1978911)
* Fixed a regression that caused canvas objects to be draggable,
causing web compatibility issues. (bmo#1978673)
* Fixed a crash in the Web Developer Tools panel that could occur
when inspecting pages with <iframe> elements. (bmo#1975277)
* Fixed minor visual issues across the user interface.
(bmo#1974269, bmo#1976031, bmo#1974876, bmo#1976701)
* Firefox wouldn't start on some systems where GTK+ was built
without Wayland support. (bmo#1978620)
* Fixed an issue where clicking a pinned tab could steal focus from
the content area, disrupting keyboard navigation. (bmo#1977005)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1238
- Mozilla Firefox 140.0.2
* Fixed a startup crash on Windows experienced by some users
(bmo#1974259)
- Mozilla Firefox 140.0.1
* Fixed text contrast issues in the sidebar with some dark themes
(bmo#1971487)
* Fixed a startup crash experienced by some users caused by DLL
injection (mbo#1973947)
- Firefox 140.0 Release
* New: Vertical Tabs: You can now keep more — or fewer — pinned
tabs in view for quicker access to important windows. Just
drag the divider to resize your pinned tabs section.
* New: Custom Search Engines: Firefox now supports adding even
more search engines. To add a custom engine, right-click a
search field of a supported website and select “Add Search
Engine”, or go to Settings > Search > Add (below the search
shortcuts table) to manually enter a search URL.
* New: Firefox Extensions: Customize your toolbar with the
option to remove the extensions shortcut, giving you more
control over your browser. When the button is hidden, you can
access the extensions panel again at any time from the
Firefox menu by clicking the Extensions menu item.
* New: You can now unload tabs by right-clicking on a tab (or
multiple selected tabs) and selecting "Unload Tab". This can
speed up performance by reducing Firefox's memory and CPU
usage.
* New: Full-Page Translations now prioritizes translating only
the content near your current view, improving speed and
responsiveness. Content outside your view is skipped unless
OBS-URL: https://build.opensuse.org/request/show/1291039
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=460
* Fixed a startup crash on Windows experienced by some users
(bmo#1974259)
- Mozilla Firefox 140.0.1
* Fixed text contrast issues in the sidebar with some dark themes
(bmo#1971487)
* Fixed a startup crash experienced by some users caused by DLL
injection (mbo#1973947)
- Firefox 140.0 Release
* New: Vertical Tabs: You can now keep more — or fewer — pinned
tabs in view for quicker access to important windows. Just
drag the divider to resize your pinned tabs section.
* New: Custom Search Engines: Firefox now supports adding even
more search engines. To add a custom engine, right-click a
search field of a supported website and select “Add Search
Engine”, or go to Settings > Search > Add (below the search
shortcuts table) to manually enter a search URL.
* New: Firefox Extensions: Customize your toolbar with the
option to remove the extensions shortcut, giving you more
control over your browser. When the button is hidden, you can
access the extensions panel again at any time from the
Firefox menu by clicking the Extensions menu item.
* New: You can now unload tabs by right-clicking on a tab (or
multiple selected tabs) and selecting "Unload Tab". This can
speed up performance by reducing Firefox's memory and CPU
usage.
* New: Full-Page Translations now prioritizes translating only
the content near your current view, improving speed and
responsiveness. Content outside your view is skipped unless
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1232
- Mozilla Firefox 139.0.4
* Fixed Firefox freezing when switching between apps or opening
certain panels within the browser. (bmo#1969253, bmo#1969346)
* Fixed difficult selection of drop-down menu options in the Firefox
preferences page when selected via the in-page search. (bmo#1968949)
* Fixed various selection issues when triple-clicking text in some
situations. (bmo#1969100, bmo#1969432)
* Fixed an incorrect filename being used when setting an image
as the desktop wallpaper on Windows. (bmo#1969793)
MFSA 2025-47
* CVE-2025-49709 (bmo#1966083)
Memory corruption in canvas surfaces
* CVE-2025-49710 (bmo#1970095)
Integer overflow in OrderedHashTable
OBS-URL: https://build.opensuse.org/request/show/1285776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=459
* Fixed Firefox freezing when switching between apps or opening
certain panels within the browser. (bmo#1969253, bmo#1969346)
* Fixed difficult selection of drop-down menu options in the Firefox
preferences page when selected via the in-page search. (bmo#1968949)
* Fixed various selection issues when triple-clicking text in some
situations. (bmo#1969100, bmo#1969432)
* Fixed an incorrect filename being used when setting an image
as the desktop wallpaper on Windows. (bmo#1969793)
MFSA 2025-47
* CVE-2025-49709 (bmo#1966083)
Memory corruption in canvas surfaces
* CVE-2025-49710 (bmo#1970095)
Integer overflow in OrderedHashTable
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1230
* Fixed an issue which caused a blank page to be shown for Home
and New Tab pages for some users. (bmo#1963537)
* Added a workaround for a bug in outlook.office.com/outlook.live.com
where attachment filenames are incorrectly prefixed with UTF-8
when saved. (bmo#1961710)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1219
- Mozilla Firefox 137.0.2
* Fixed file picker not being displayed when exporting passwords
on macOS in about:logins for some users. (bmo#1956266)
* Fixed accessibility issues with the new PDF signature feature.
(bmo#1956110, bmo#1952571)
* Fixed an issue where using the context menu to paste in the
Style Editor would insert the code twice. (bmo#1955854)
* Fixed functional regressions in our XSLT support introduced
in 137. (bmo#1954841)
* Fixed a tooltip flickering issue on Windows that affected some
users when hovering. (bmo#1958631)
* Fixed an issue where Firefox would not respond to clicks in some
HTML5 video players. (bmo#1959251)
* Fixed an issue where radio inputs behaved incorrectly when
preventDefault() was called on the click event. (bmo#1957956)
* Fixed an issue that caused some Firefox users to restart their
browser multiple times to complete an update. (bmo#1959492)
MFSA 2025-25
* CVE-2025-3608 (bmo#1951554)
Race condition in nsHttpTransaction could lead to memory corruption
- Mozilla Firefox 137.0.1
* Fixed an issue where folder shortcuts on Windows were incorrectly
treated as files during file uploads, preventing selecting files
within the target folder. (bmo#1958222)
* Fixed a crash experienced by Windows users when downloading files
with Qihoo 360 Total Security Antivirus software installed. (bmo#1958112)
* Fixed an occasional startup crash. (bmo#1958293)
OBS-URL: https://build.opensuse.org/request/show/1269740
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=453
* Fixed file picker not being displayed when exporting passwords
on macOS in about:logins for some users. (bmo#1956266)
* Fixed accessibility issues with the new PDF signature feature.
(bmo#1956110, bmo#1952571)
* Fixed an issue where using the context menu to paste in the
Style Editor would insert the code twice. (bmo#1955854)
* Fixed functional regressions in our XSLT support introduced
in 137. (bmo#1954841)
* Fixed a tooltip flickering issue on Windows that affected some
users when hovering. (bmo#1958631)
* Fixed an issue where Firefox would not respond to clicks in some
HTML5 video players. (bmo#1959251)
* Fixed an issue where radio inputs behaved incorrectly when
preventDefault() was called on the click event. (bmo#1957956)
* Fixed an issue that caused some Firefox users to restart their
browser multiple times to complete an update. (bmo#1959492)
MFSA 2025-25
* CVE-2025-3608 (bmo#1951554)
Race condition in nsHttpTransaction could lead to memory corruption
- Mozilla Firefox 137.0.1
* Fixed an issue where folder shortcuts on Windows were incorrectly
treated as files during file uploads, preventing selecting files
within the target folder. (bmo#1958222)
* Fixed a crash experienced by Windows users when downloading files
with Qihoo 360 Total Security Antivirus software installed. (bmo#1958112)
* Fixed an occasional startup crash. (bmo#1958293)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1214
- Migrate from deprecated %suse_update_desktop_file to
%translate_suse_desktop. (boo#1158957)
- MozillaFirefox.desktop fixes done during the migration to
translate-suse-desktop:
* Remove English text from Burmese translation.
* Import translations from mis-named languages from
MozillaFirefox.desktop and move them to correct language codes.
* Remove en_GB translation that contains no real contents.
- Mozilla Firefox 137.0
* https://www.mozilla.org/en-US/firefox/137.0/releasenotes/
MFSA 2025-20 (bsc#1240083)
* CVE-2025-3028 (bmo#1941002)
Use-after-free triggered by XSLTProcessor
* CVE-2025-3031 (bmo#1947141)
JIT optimization bug with different stack slot sizes
* CVE-2025-3032 (bmo#1949987)
Leaking file descriptors from the fork server
* CVE-2025-3029 (bmo#1952213)
URL bar spoofing via non-BMP Unicode characters
* CVE-2025-3035 (bmo#1952268)
Tab title disclosure across pages when using AI chatbot
* CVE-2025-3033 (bmo#1950056)
Opening local .url files could lead to another file being opened
* CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551,
bmo#1951017, bmo#1951494)
Memory safety bugs fixed in Firefox 137, Thunderbird 137,
Firefox ESR 128.9, and Thunderbird 128.9
* CVE-2025-3034 (bmo#1894100, bmo#1934086, bmo#1950360)
Memory safety bugs fixed in Firefox 137 and Thunderbird 137
OBS-URL: https://build.opensuse.org/request/show/1267443
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=452
%translate_suse_desktop. (boo#1158957)
- MozillaFirefox.desktop fixes done during the migration to
translate-suse-desktop:
* Remove English text from Burmese translation.
* Import translations from mis-named languages from
MozillaFirefox.desktop and move them to correct language codes.
* Remove en_GB translation that contains no real contents.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1212
%translate_suse_desktop. (boo#1158957)
- MozillaFirefox.desktop fixes done during the migration to
translate-suse-desktop:
* Remove English text from Burmese translation.
* Import translations from mis-named languages from
MozillaFirefox.desktop and move them to correct language codes.
* Remove en_GB translation that contains no real contents.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1211
* https://www.mozilla.org/en-US/firefox/137.0/releasenotes/
MFSA 2025-20 (bsc#1240083)
* CVE-2025-3028 (bmo#1941002)
Use-after-free triggered by XSLTProcessor
* CVE-2025-3031 (bmo#1947141)
JIT optimization bug with different stack slot sizes
* CVE-2025-3032 (bmo#1949987)
Leaking file descriptors from the fork server
* CVE-2025-3029 (bmo#1952213)
URL bar spoofing via non-BMP Unicode characters
* CVE-2025-3035 (bmo#1952268)
Tab title disclosure across pages when using AI chatbot
* CVE-2025-3033 (bmo#1950056)
Opening local .url files could lead to another file being opened
* CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551,
bmo#1951017, bmo#1951494)
Memory safety bugs fixed in Firefox 137, Thunderbird 137,
Firefox ESR 128.9, and Thunderbird 128.9
* CVE-2025-3034 (bmo#1894100, bmo#1934086, bmo#1950360)
Memory safety bugs fixed in Firefox 137 and Thunderbird 137
- requires NSS 3.109
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1210
- Mozilla Firefox 136.0.4
MFSA 2025-19 (bsc#1240084)
* CVE-2025-2857, CVE-2025-2783 (bmo#1956398)
Incorrect handle could lead to sandbox escapes
136.0.3
* Significantly improved responsiveness on TikTok by improving the
speed of date formatting. (bmo#1954323)
136.0.2
* Fixed a bug where "Cookies and site data" and "Temporary cached
files and pages" were unexpectedly enabled after updating to
Firefox 136 for users with "History" and/or "Site settings" set
to clear on shutdown in previous versions. (bmo#1952564)
* Fixed an issue where the Primary Password prompt appeared in
unexpected situations. (bmo#1946121)
* Fixed visibility issues with radio buttons on dark backgrounds
(bmo#1951930)
* Fixed high CPU usage on Windows when the screen was locked or the
laptop lid was closed. (bmo#1924932)
- Use default clang version. (by Aaron Puchert)
OBS-URL: https://build.opensuse.org/request/show/1265284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=451
MFSA 2025-19 (bsc#1240084)
* CVE-2025-2857, CVE-2025-2783 (bmo#1956398)
Incorrect handle could lead to sandbox escapes
136.0.3
* Significantly improved responsiveness on TikTok by improving the
speed of date formatting. (bmo#1954323)
136.0.2
* Fixed a bug where "Cookies and site data" and "Temporary cached
files and pages" were unexpectedly enabled after updating to
Firefox 136 for users with "History" and/or "Site settings" set
to clear on shutdown in previous versions. (bmo#1952564)
* Fixed an issue where the Primary Password prompt appeared in
unexpected situations. (bmo#1946121)
* Fixed visibility issues with radio buttons on dark backgrounds
(bmo#1951930)
* Fixed high CPU usage on Windows when the screen was locked or the
laptop lid was closed. (bmo#1924932)
- Use default clang version. (by Aaron Puchert)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1208
* Fixed an issue where a cookie size limit caused problems with
website cookie management when using the CookieStore API.
This could cause login and other state-related issues. (bmo#1950565)
* Fixed an issue where Control/Command+L did not focus the
address bar in new windows. (bmo#1947723)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1205
- Mozilla Firefox 136.0
https://www.mozilla.org/en-US/firefox/136.0/releasenotes/
MFSA 2025-14 (bsc#1237683)
* CVE-2025-1930 (bmo#1902309)
AudioIPC StreamData could trigger a use-after-free in the
Browser process
* CVE-2025-1939 (bmo#1928334)
Tapjacking in Android Custom Tabs using transition animations
* CVE-2025-1931 (bmo#1944126)
Use-after-free in WebTransportChild
* CVE-2025-1932 (bmo#1944313)
Inconsistent comparator in XSLT sorting led to out-of-bounds access
* CVE-2025-1933 (bmo#1946004)
JIT corruption of WASM i32 return values on 64-bit CPUs
* CVE-2025-1940 (bmo#1908488)
Android Intent confirmation prompt tapjacking using Select options
* CVE-2024-9956 (bmo#1922357)
Passkey phishing within Bluetooth range
* CVE-2025-1934 (bmo#1942881)
Unexpected GC during RegExp bailout processing
* CVE-2025-1941 (bmo#1944665)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-1942 (bmo#1947139)
Disclosure of uninitialized memory when .toUpperCase() causes
string to get longer
* CVE-2025-1935 (bmo#1866661)
Clickjacking the registerProtocolHandler info-bar
* CVE-2025-1936 (bmo#1940027)
Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
OBS-URL: https://build.opensuse.org/request/show/1251116
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=449
https://www.mozilla.org/en-US/firefox/136.0/releasenotes/
MFSA 2025-14 (bsc#1237683)
* CVE-2025-1930 (bmo#1902309)
AudioIPC StreamData could trigger a use-after-free in the
Browser process
* CVE-2025-1939 (bmo#1928334)
Tapjacking in Android Custom Tabs using transition animations
* CVE-2025-1931 (bmo#1944126)
Use-after-free in WebTransportChild
* CVE-2025-1932 (bmo#1944313)
Inconsistent comparator in XSLT sorting led to out-of-bounds access
* CVE-2025-1933 (bmo#1946004)
JIT corruption of WASM i32 return values on 64-bit CPUs
* CVE-2025-1940 (bmo#1908488)
Android Intent confirmation prompt tapjacking using Select options
* CVE-2024-9956 (bmo#1922357)
Passkey phishing within Bluetooth range
* CVE-2025-1934 (bmo#1942881)
Unexpected GC during RegExp bailout processing
* CVE-2025-1941 (bmo#1944665)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-1942 (bmo#1947139)
Disclosure of uninitialized memory when .toUpperCase() causes
string to get longer
* CVE-2025-1935 (bmo#1866661)
Clickjacking the registerProtocolHandler info-bar
* CVE-2025-1936 (bmo#1940027)
Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1203
* Fixed a regression in Firefox 134 where anchored links in HTML
framesets pointing to local files did not work (bmo#1934807)
* Fixed an issue in developer tools preventing the resending of
network requests when debugging extensions (bmo#1934478)
* Fixed an issue where data consumption from service workers may
unexpectedly halt (bmo#1941210)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1199
- Mozilla Firefox 134.0.1
* Fixed UI hangs happening on YouTube and Google Docs in some situations
(bmo#1939295)
* Fixed a startup crash affecting some users upgrading from Firefox 133
(bmo#1941134)
* Fixed an issue where search engines selection menus and context
menus could be broken if a user had previously reverted to an
earlier version (bmo#1940533)
- raised required rust version to 1.81
OBS-URL: https://build.opensuse.org/request/show/1238501
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=446
* Fixed UI hangs happening on YouTube and Google Docs in some situations
(bmo#1939295)
* Fixed a startup crash affecting some users upgrading from Firefox 133
(bmo#1941134)
* Fixed an issue where search engines selection menus and context
menus could be broken if a user had previously reverted to an
earlier version (bmo#1940533)
- raised required rust version to 1.81
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1197
- Mozilla Firefox 134.0
https://www.mozilla.org/en-US/firefox/134.0/releasenotes
* Firefox now supports touchpad hold gestures on Linux. This means
that kinetic (momentum) scrolling can now be interrupted by placing
two fingers on the touchpad
* Ecosia's availability has been expanded to all languages in the
German region along with Austria, Belgium, Italy, Netherlands, Spain,
Sweden and Switzerland
MFSA 2025-01 (bsc#1234991)
* CVE-2025-0244 (bmo#1929584)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0245 (bmo#1895342)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-0246 (bmo#1912709)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
OBS-URL: https://build.opensuse.org/request/show/1236666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=445
https://www.mozilla.org/en-US/firefox/134.0/releasenotes
* Firefox now supports touchpad hold gestures on Linux. This means
that kinetic (momentum) scrolling can now be interrupted by placing
two fingers on the touchpad
* Ecosia's availability has been expanded to all languages in the
German region along with Austria, Belgium, Italy, Netherlands, Spain,
Sweden and Switzerland
MFSA 2025-01 (bsc#1234991)
* CVE-2025-0244 (bmo#1929584)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0245 (bmo#1895342)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-0246 (bmo#1912709)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1195
- Mozilla Firefox 133.0
https://www.mozilla.org/en-US/firefox/133.0/releasenotes
MFSA 2024-63 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11700 (bmo#1836921)
Potential Tapjacking Exploit for Intent Confirmation on Android
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11701 (bmo#1914797)
Misleading Address Bar State During Navigation Interruption
* CVE-2024-11702 (bmo#1918884)
Inadequate Clipboard Protection in Private Browsing Mode on
Android
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11703 (bmo#1928779)
Password access without authentication via PIN bypass on Android
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11704 (bmo#1899402)
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
* CVE-2024-11698 (bmo#1916152)
OBS-URL: https://build.opensuse.org/request/show/1226801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=443
https://www.mozilla.org/en-US/firefox/133.0/releasenotes
MFSA 2024-63 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11700 (bmo#1836921)
Potential Tapjacking Exploit for Intent Confirmation on Android
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11701 (bmo#1914797)
Misleading Address Bar State During Navigation Interruption
* CVE-2024-11702 (bmo#1918884)
Inadequate Clipboard Protection in Private Browsing Mode on
Android
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11703 (bmo#1928779)
Password access without authentication via PIN bypass on Android
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11704 (bmo#1899402)
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
* CVE-2024-11698 (bmo#1916152)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1191
* CVE-2018-12371 (bmo#1465686)
* modifies the crash protection feature to increase the amount
of time that plugins are allowed to be non-responsive before
* firefox-bug506901.patch
- improve UI colors to be usable with dark themes at all
- added KDE integration patch from llunak@novell.com
(firefox-kde.patch)
* support for knotify, making -kde4-addon obsolete
especially KDE integration:
* added the ability to set the KDE default browser
* MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading
* MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via
* MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method
* MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with
evidence of memory corruption (rv:1.9.0.6) (bmo#452913,
* Make sure the search bar is not put back when resetting the
- Update to stability/security release 3.0.1 (bnc#407573)
+ MFSA 2008-35 Command-line URLs launch multiple tabs when
- Set browser.shell.checkDefaultBrowser to true (bnc#404119)
- fix hardlinks accross partitions
- move last change a bit further in specfile
- Mark a .png file as nonexecutable.
* MFSA 2007-26 Privilege escalation through chrome-loaded
- Fixes bnc #295677
- added unzip to BuildRequires
- updated tango theme
Resuming your browsing session, Previewing and subscribing
Improved Add-ons manager, JavaScript 1.7, Extended search
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1190
