Commit Graph

5 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
03a9133f62 - Mozilla Firefox 112.0
* https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
  MFSA 2023-13 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
    bmo#1821906, bmo#1822298, bmo#1822305)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
    Data Races in font initialization code
  * CVE-2023-29538 (bmo#1685403)
    Directory information could have been leaked to WebExtensions
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29540 (bmo#1790542)
    Iframe sandbox bypass using redirects and sourceMappingUrls
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1051
2023-04-11 21:09:55 +00:00
Wolfgang Rosenauer
aded881413 - Firefox 102.0
* You can now disable automatic opening of the download panel
    every time a new download starts
  * Firefox now mitigates query parameter tracking when navigating
    sites in ETP strict mode
  * Improved security by moving audio decoding into a separate
    process with stricter sandboxing, thus improving process isolation
  * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
  MFSA 2022-24 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-34482 (bmo#845880)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34483 (bmo#1335845)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34476 (bmo#1387919)
    ASN.1 parser could have been tricked into accepting malformed ASN.1
  * CVE-2022-34481 (bmo#1483699, bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-34474 (bmo#1677138)
    Sandboxed iframes could redirect to external schemes
  * CVE-2022-34469 (bmo#1721220)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=983
2022-06-29 07:44:18 +00:00
Wolfgang Rosenauer
81d7e6aaa3 - Mozilla Firefox 99.0
* You can now toggle Narrate in ReaderMode with the keyboard
    shortcut "n."
  * You can find added support for search—with or without
    diacritics—in the PDF viewer.
  * The Linux sandbox has been strengthened: processes exposed to web
    content no longer have access to the X Window system (X11).
  * Firefox now supports credit card autofill and capture in
    Germany and France.
  MFSA 2022-13 (bsc#1197903)
  * CVE-2022-1097 (bmo#1745667)
    Use-after-free in NSSToken objects
  * CVE-2022-28281 (bmo#1755621)
    Out of bounds write due to unexpected WebAuthN Extensions
  * CVE-2022-28282 (bmo#1751609)
    Use-after-free in DocumentL10n::TranslateDocument
  * CVE-2022-28283 (bmo#1754066)
    Missing security checks for fetching sourceMapURL
  * CVE-2022-28284 (bmo#1754522)
    Script could be executed via svg's use element
  * CVE-2022-28285 (bmo#1756957)
    Incorrect AliasSet used in JIT Codegen
  * CVE-2022-28286 (bmo#1735265)
    iframe contents could be rendered outside the border
  * CVE-2022-28287 (bmo#1741515)
    Text Selection could crash Firefox
  * CVE-2022-24713 (bmo#1758509)
    Denial of Service via complex regular expressions
  * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
    bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=970
2022-04-05 20:51:21 +00:00
Wolfgang Rosenauer
add3e35304 - add compatibility for libavcodec58_134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=906
2021-05-02 19:03:42 +00:00
Wolfgang Rosenauer
8cff92525b Accepting request 821486 from home:badshah400:branches:mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.

OBS-URL: https://build.opensuse.org/request/show/821486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=842
2020-07-17 15:04:42 +00:00