Commit Graph

783 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
442f0d71eb - Mozilla Firefox 91.0.1
MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=928
2021-08-18 06:41:08 +00:00
Wolfgang Rosenauer
4eb3e98e87 MFSA 2021-33 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29981 (bmo#1707774)
    Live range splitting could have led to conflicting
    assignments in the JIT
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29983 (bmo#1719088)
    Firefox for Android could get stuck in fullscreen mode
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29987 (bmo#1716129)
    Users could have been tricked into accepting unwanted
    permissions on Linux
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29982 (bmo#1715318)
    Single bit data leak due to incorrect JIT optimization and
    type confusion
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
  * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
    bmo#1719319, bmo#1722073)
    Memory safety bugs fixed in Firefox 91

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=927
2021-08-13 21:34:50 +00:00
Wolfgang Rosenauer
17ce26628d - Mozilla Firefox 91.0
MFSA 2021-?? (boo#1188891)
- requires
  * rustc/cargo >= 1.51
  * NSPR >= 4.32
  * NSS >= 3.68
- force-disable webrender on BE platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=926
2021-08-11 20:19:19 +00:00
Wolfgang Rosenauer
dfd9978e6a Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 90.0.2

OBS-URL: https://build.opensuse.org/request/show/908072
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=925
2021-07-24 09:18:43 +00:00
Wolfgang Rosenauer
faabae7eca OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=924 2021-07-19 22:17:11 +00:00
Wolfgang Rosenauer
2551b321eb Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory
90.0.1

OBS-URL: https://build.opensuse.org/request/show/907190
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=923
2021-07-19 21:56:47 +00:00
Wolfgang Rosenauer
56eac44e61 - Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=922
2021-07-15 21:12:05 +00:00
Wolfgang Rosenauer
388c86006d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=921 2021-06-23 19:59:17 +00:00
Wolfgang Rosenauer
b7391cbd25 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=920 2021-06-23 19:58:06 +00:00
Wolfgang Rosenauer
045aee718e Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 89.0.1 (boo#1187648):
  * Fixed: Fix occasional hangs with Software WebRender on Linux
    (bmo#1708224)

OBS-URL: https://build.opensuse.org/request/show/901577
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=919
2021-06-23 19:56:32 +00:00
Wolfgang Rosenauer
658a94b9ba Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 89.0.1

OBS-URL: https://build.opensuse.org/request/show/900942
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=918
2021-06-19 15:20:27 +00:00
Wolfgang Rosenauer
237bf575d4 - switched TW/x86_64 to clang as the last platform due to
https://bugs.gentoo.org/792705
- but LTO with clang is broken in TW so disable LTO for it
  https://bugs.llvm.org/show_bug.cgi?id=47872

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=916
2021-06-05 11:13:48 +00:00
Wolfgang Rosenauer
94f5a43ff8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=915 2021-06-05 07:34:47 +00:00
Wolfgang Rosenauer
09dcd9a559 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=914 2021-06-05 07:08:44 +00:00
Wolfgang Rosenauer
aa96e40e04 * UI redesign
* The Event Timing API is now supported
  * The CSS forced-colors media query is now supported
  MFSA 2021-23 (bsc#1186696)
  * CVE-2021-29965 (bmo#1709257)
    Password Manager on Firefox for Android susceptible to domain
    spoofing
  * CVE-2021-29960 (bmo#1675965)
    Filenames printed from private browsing mode incorrectly
    retained in preferences
  * CVE-2021-29961 (bmo#1700235)
    Firefox UI spoof using `<select>` elements and CSS scaling
  * CVE-2021-29963 (bmo#1705068)
    Shared cookies for search suggestions in private browsing mode
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29959 (bmo#1395819)
    Devices could be re-enabled without additional permission prompt
  * CVE-2021-29962 (bmo#1701673)
    No rate-limiting for popups on Firefox for Android
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
  * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
    Memory safety bugs fixed in Firefox 89

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=913
2021-06-01 13:45:38 +00:00
Wolfgang Rosenauer
3b46393b3a - Mozilla Firefox 89.0
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=912
2021-06-01 13:39:35 +00:00
Wolfgang Rosenauer
a15e935fd2 Accepting request 891041 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Relax RAM and disk constraints for aarch64

OBS-URL: https://build.opensuse.org/request/show/891041
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=910
2021-05-11 14:17:04 +00:00
Wolfgang Rosenauer
249abcc03e Accepting request 890804 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 88.0.1
bsc#1185633
boo#1185658

OBS-URL: https://build.opensuse.org/request/show/890804
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=908
2021-05-05 21:12:50 +00:00
Wolfgang Rosenauer
add3e35304 - add compatibility for libavcodec58_134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=906
2021-05-02 19:03:42 +00:00
Wolfgang Rosenauer
80da81df8f - Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
    Some PDF forms use JavaScript for validation and other
    interactive features
  * New: Print updates: Margin units are now localized
  * New: Smooth pinch-zooming using a touchpad is now supported
    on Linux
  * New: To protect against cross-site privacy leaks, Firefox now
    isolates window.name data to the website that created it.
    Learn more
  * Changed: Firefox will not prompt for access to your
    microphone or camera if you’ve already granted access to the
    same device on the same site in the same tab within the past
    50 seconds. This new grace period reduces the number of times
    you’re prompted to grant device access
  * Changed: The ‘Take a Screenshot’ feature was removed from the
    Page Actions menu in the url bar. To take a screenshot,
    right-click to open the context menu. You can also add a
    screenshots shortcut directly to your toolbar via the
    Customize menu. Open the Firefox menu and select Customize…
  * Changed: FTP support has been disabled, and its full removal
    is planned for an upcoming release. Addressing this security
    risk reduces the likelihood of an attack while also removing
    support for a non-encrypted protocol
  * Developer: Introduced a new toggle button in the Network
    panel for switching between JSON formatted HTTP response and
    raw data (as received over the wire).
    !enter image description here
  * Enterprise: Various bug fixes and new policies have been
    implemented in the latest version of Firefox. You can see

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 07:57:25 +00:00
Wolfgang Rosenauer
e99ed52d7a - Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
  then.
- useccache: Add conditionals to enable/disable ccache.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=902
2021-03-27 14:02:10 +00:00
Wolfgang Rosenauer
9f49ed581d - Mozilla Firefox 87.0
* requires NSS 3.62
  * removed obsolete BigEndian ICU build workaround
  * rebased patches
  MFSA 2021-10 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23983 (bmo#1692684)
    Transitions for invalid ::marker properties resulted in memory
    corruption
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23985 (bmo#1659129)
    Devtools remote debugging feature could have been enabled
    without indication to the user
  * CVE-2021-23986 (bmo#1692623)
    A malicious extension could have performed credential-less
    same origin policy violations
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  * CVE-2021-23988 (bmo#1684994, bmo#1686653)
    Memory safety bugs fixed in Firefox 87

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=901
2021-03-25 21:32:32 +00:00
Wolfgang Rosenauer
ce4482fdb1 Accepting request 879494 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/879494
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=900
2021-03-17 08:41:08 +00:00
Wolfgang Rosenauer
71952bfece Accepting request 878726 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 86.0.1

OBS-URL: https://build.opensuse.org/request/show/878726
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=898
2021-03-13 09:26:25 +00:00
Wolfgang Rosenauer
0cc9adfac0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=896 2021-02-24 12:21:26 +00:00
Wolfgang Rosenauer
10e30d8783 - Mozilla Firefox 86.0
* requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00
Wolfgang Rosenauer
030e554ee5 Accepting request 873214 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.2

OBS-URL: https://build.opensuse.org/request/show/873214
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=893
2021-02-17 21:15:35 +00:00
Wolfgang Rosenauer
7ed5ba06f9 Accepting request 873173 from home:michel_mno:branches:mozilla:Factory
- Use %limit_build macros for PowerPC to avoid oom build failure

OBS-URL: https://build.opensuse.org/request/show/873173
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=892
2021-02-17 21:14:36 +00:00
Wolfgang Rosenauer
6006519940 Accepting request 870516 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.1

OBS-URL: https://build.opensuse.org/request/show/870516
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=890
2021-02-09 12:40:21 +00:00
Wolfgang Rosenauer
1071760f66 - Mozilla Firefox 85.0
* Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=888
2021-01-26 21:38:39 +00:00
Wolfgang Rosenauer
cb92740fed Accepting request 862420 from home:Mailaender:branches:mozilla:Factory
Fixed the screenshot links.

OBS-URL: https://build.opensuse.org/request/show/862420
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=886
2021-01-11 18:42:03 +00:00
Wolfgang Rosenauer
9561954d8e Accepting request 861463 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 84.0.2
  MFSA 2021-01 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

OBS-URL: https://build.opensuse.org/request/show/861463
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=884
2021-01-07 20:33:44 +00:00
Wolfgang Rosenauer
62acf9890a - Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
    with certain third-party PKCS11 modules and smartcards installed
    (bmo#1682881) (fixed in NSS 3.59.1)
  * Fixed a bug causing some Unity JS games to not load on Apple
    Silicon devices due to improper detection of the OS version
    (bmo#1680516)
- requires NSS 3.59.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=882
2021-01-02 09:24:42 +00:00
Wolfgang Rosenauer
d78e635d11 - Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
  * WebRender is enabled by default when run on GNOME-based X11
    Linux desktops
  MFSA 2020-54 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26972 (bmo#1671382)
    Use-After-Free in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26975 (bmo#1661071)
    Malicious applications on Android could have induced Firefox
    for Android into sending arbitrary attacker-specified headers
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2020-26977 (bmo#1676311)
    URL spoofing via unresponsive port in Firefox for Android
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
    When entering an address in the address or search bars, a

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 22:40:17 +00:00
Wolfgang Rosenauer
a6d9295bba Accepting request 854531 from home:marxin:branches:mozilla:Factory
- PGO is still broken as can be seen here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1680306

OBS-URL: https://build.opensuse.org/request/show/854531
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=879
2020-12-10 12:07:53 +00:00
Wolfgang Rosenauer
18b1baa944 Accepting request 853750 from home:marxin:branches:mozilla:Factory
- Add fix-gcc-pgo.patch and enable PGO again.

OBS-URL: https://build.opensuse.org/request/show/853750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=878
2020-12-08 10:41:13 +00:00
Wolfgang Rosenauer
7c87d7ac9a Accepting request 852867 from home:marxin:branches:mozilla:Factory
- Enable again LTO as gcc10 package is fixed.

Fixed gcc10 is in devel project and is approaching openSUSE:Factory
in a staging project.

OBS-URL: https://build.opensuse.org/request/show/852867
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=877
2020-12-03 17:48:21 +00:00
Wolfgang Rosenauer
2bc33773ed - Add/Enable GNOME search provider
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=875
2020-11-21 08:13:23 +00:00
Wolfgang Rosenauer
886efa747e Accepting request 845404 from home:kkirill:branches:mozilla:Factory
Enable GNOME Shell search provider akin to Fedora by
- providing firefox-search-provider.ini file for GNOME Shell search provider (copy from Fedora)
- setting the browser.gnome-search-provider.enabled to true

OBS-URL: https://build.opensuse.org/request/show/845404
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=874
2020-11-21 08:10:39 +00:00
Wolfgang Rosenauer
0add69430b - disable LTO on TW because of ICEs in gcc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=873
2020-11-20 06:19:02 +00:00
Wolfgang Rosenauer
12e18b987e - switch to build with clang (as gcc produces only ICEs on TW)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=872
2020-11-19 22:03:00 +00:00
Wolfgang Rosenauer
fa3f07f54d - Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
  * optional HTTPS-Only mode
  * more improvements
    https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
  MFSA 2020-50 (bsc#1178824))
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-26952 (bmo#1667685)
    Out of memory handling of JITed, inlined functions could lead
    to a memory corruption
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26954 (bmo#1657026)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2020-26955 (bmo#1663261)
    Cookies set during file downloads are shared between normal
    and Private Browsing Mode in Firefox for Android
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26957 (bmo#1667179)
    OneCRL was not working in Firefox for Android
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=871
2020-11-19 13:09:37 +00:00
Wolfgang Rosenauer
1aba8812c1 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=869 2020-11-09 18:18:26 +00:00
Wolfgang Rosenauer
39ea95a52c - Mozilla Firefox 82.0.3
MSFA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=868
2020-11-09 16:14:06 +00:00
Wolfgang Rosenauer
a6a83910ad - Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=867
2020-11-02 09:07:47 +00:00
Wolfgang Rosenauer
451c4cc949 MFSA 2020-45 (bsc#1177872)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=865
2020-10-21 20:15:44 +00:00
Wolfgang Rosenauer
18c395cd85 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
MFSA 2020-45 (bsc#1177872)
  * CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15254 (bmo#1668514)
    Undefined behavior in bounded channel of crossbeam rust crate
  * CVE-2020-15680 (bmo#1658881)
    Presence of external protocol handlers could be determined
    through image tags
  * CVE-2020-15681 (bmo#1666568)
    Multiple WASM threads may have overwritten each others' stub
    table entries
  * CVE-2020-15682 (bmo#1636654)
    The domain associated with the prompt to open an external
    protocol could be spoofed to display the incorrect origin
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
  * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
    bmo#1664257)
    Memory safety bugs fixed in Firefox 82

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=864
2020-10-21 09:43:59 +00:00
Wolfgang Rosenauer
a07e952510 - Mozilla Firefox 82.0
- requires
  * NSPR 4.29
  * NSS 3.57

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=863
2020-10-19 20:37:04 +00:00
Wolfgang Rosenauer
ffe8c82253 - Mozilla Firefox 81.0.1
* https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
- remove obsolete python2 build requires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=861
2020-10-01 20:03:49 +00:00
Wolfgang Rosenauer
2d41888bb9 Accepting request 838827 from home:Guillaume_G:branches:mozilla:Factory
- Increase disk requirements in _constraints to match current needs

OBS-URL: https://build.opensuse.org/request/show/838827
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=860
2020-10-01 09:04:20 +00:00