* Fixed a regression in Firefox 134 where anchored links in HTML
framesets pointing to local files did not work (bmo#1934807)
* Fixed an issue in developer tools preventing the resending of
network requests when debugging extensions (bmo#1934478)
* Fixed an issue where data consumption from service workers may
unexpectedly halt (bmo#1941210)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1199
- Mozilla Firefox 134.0.1
* Fixed UI hangs happening on YouTube and Google Docs in some situations
(bmo#1939295)
* Fixed a startup crash affecting some users upgrading from Firefox 133
(bmo#1941134)
* Fixed an issue where search engines selection menus and context
menus could be broken if a user had previously reverted to an
earlier version (bmo#1940533)
- raised required rust version to 1.81
OBS-URL: https://build.opensuse.org/request/show/1238501
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=446
* Fixed UI hangs happening on YouTube and Google Docs in some situations
(bmo#1939295)
* Fixed a startup crash affecting some users upgrading from Firefox 133
(bmo#1941134)
* Fixed an issue where search engines selection menus and context
menus could be broken if a user had previously reverted to an
earlier version (bmo#1940533)
- raised required rust version to 1.81
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1197
- Mozilla Firefox 134.0
https://www.mozilla.org/en-US/firefox/134.0/releasenotes
* Firefox now supports touchpad hold gestures on Linux. This means
that kinetic (momentum) scrolling can now be interrupted by placing
two fingers on the touchpad
* Ecosia's availability has been expanded to all languages in the
German region along with Austria, Belgium, Italy, Netherlands, Spain,
Sweden and Switzerland
MFSA 2025-01 (bsc#1234991)
* CVE-2025-0244 (bmo#1929584)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0245 (bmo#1895342)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-0246 (bmo#1912709)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
OBS-URL: https://build.opensuse.org/request/show/1236666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=445
https://www.mozilla.org/en-US/firefox/134.0/releasenotes
* Firefox now supports touchpad hold gestures on Linux. This means
that kinetic (momentum) scrolling can now be interrupted by placing
two fingers on the touchpad
* Ecosia's availability has been expanded to all languages in the
German region along with Austria, Belgium, Italy, Netherlands, Spain,
Sweden and Switzerland
MFSA 2025-01 (bsc#1234991)
* CVE-2025-0244 (bmo#1929584)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0245 (bmo#1895342)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-0246 (bmo#1912709)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1195
- Mozilla Firefox 133.0
https://www.mozilla.org/en-US/firefox/133.0/releasenotes
MFSA 2024-63 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11700 (bmo#1836921)
Potential Tapjacking Exploit for Intent Confirmation on Android
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11701 (bmo#1914797)
Misleading Address Bar State During Navigation Interruption
* CVE-2024-11702 (bmo#1918884)
Inadequate Clipboard Protection in Private Browsing Mode on
Android
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11703 (bmo#1928779)
Password access without authentication via PIN bypass on Android
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11704 (bmo#1899402)
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
* CVE-2024-11698 (bmo#1916152)
OBS-URL: https://build.opensuse.org/request/show/1226801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=443
https://www.mozilla.org/en-US/firefox/133.0/releasenotes
MFSA 2024-63 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11700 (bmo#1836921)
Potential Tapjacking Exploit for Intent Confirmation on Android
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11701 (bmo#1914797)
Misleading Address Bar State During Navigation Interruption
* CVE-2024-11702 (bmo#1918884)
Inadequate Clipboard Protection in Private Browsing Mode on
Android
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11703 (bmo#1928779)
Password access without authentication via PIN bypass on Android
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11704 (bmo#1899402)
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
* CVE-2024-11698 (bmo#1916152)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1191
* CVE-2018-12371 (bmo#1465686)
* modifies the crash protection feature to increase the amount
of time that plugins are allowed to be non-responsive before
* firefox-bug506901.patch
- improve UI colors to be usable with dark themes at all
- added KDE integration patch from llunak@novell.com
(firefox-kde.patch)
* support for knotify, making -kde4-addon obsolete
especially KDE integration:
* added the ability to set the KDE default browser
* MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading
* MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via
* MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method
* MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with
evidence of memory corruption (rv:1.9.0.6) (bmo#452913,
* Make sure the search bar is not put back when resetting the
- Update to stability/security release 3.0.1 (bnc#407573)
+ MFSA 2008-35 Command-line URLs launch multiple tabs when
- Set browser.shell.checkDefaultBrowser to true (bnc#404119)
- fix hardlinks accross partitions
- move last change a bit further in specfile
- Mark a .png file as nonexecutable.
* MFSA 2007-26 Privilege escalation through chrome-loaded
- Fixes bnc #295677
- added unzip to BuildRequires
- updated tango theme
Resuming your browsing session, Previewing and subscribing
Improved Add-ons manager, JavaScript 1.7, Extended search
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1190
- Mozilla Firefox 132.0.2
* Fixed possible errors when playing encrypted media content
through some streaming providers. (bmo#1929491)
* Added a mitigation to help reduce the frequency of duplicated
push notifications reported by some users. (bmo#1928868)
* Fixed hangs when printing from some sites when using the system
print dialog. (bmo#1898184)
* Fixed a crash which could occur when using Microsoft SSO on macOS
(bmo#1929622)
* Fixed a crash in the Network Monitor developer tool which could
occur in some circumstances. (bmo#1924882)
OBS-URL: https://build.opensuse.org/request/show/1224785
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=442
* Fixed possible errors when playing encrypted media content
through some streaming providers. (bmo#1929491)
* Added a mitigation to help reduce the frequency of duplicated
push notifications reported by some users. (bmo#1928868)
* Fixed hangs when printing from some sites when using the system
print dialog. (bmo#1898184)
* Fixed a crash which could occur when using Microsoft SSO on macOS
(bmo#1929622)
* Fixed a crash in the Network Monitor developer tool which could
occur in some circumstances. (bmo#1924882)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1188
- require xdg-desktop-portal (boo#1233166)
- Mozilla Firefox 132.0.1
* Fixed issues causing intermittent video playback problems on
some sites. (bmo#1928484, bmo#1928798)
- remove KDE integration patches
- mozilla-kde.patch
- firefox-kde.patch
on KDE use these settings instead
widget.use-xdg-desktop-portal.file-picker=1
widget.use-xdg-desktop-portal.mime-handler=1
(those are set by the latest branding package as well)
- Mozilla Firefox 132.0
https://www.mozilla.org/en-US/firefox/132.0/releasenotes
MFSA 2024-55 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10468 (bmo#1914982)
OBS-URL: https://build.opensuse.org/request/show/1223284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=441
* Fixed issues causing intermittent video playback problems on
some sites. (bmo#1928484, bmo#1928798)
- remove KDE integration patches
- mozilla-kde.patch
- firefox-kde.patch
on KDE use these settings instead
widget.use-xdg-desktop-portal.file-picker=1
widget.use-xdg-desktop-portal.mime-handler=1
(those are set by the latest branding package as well)
- Mozilla Firefox 132.0
https://www.mozilla.org/en-US/firefox/132.0/releasenotes
MFSA 2024-55 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10468 (bmo#1914982)
Race conditions in IndexedDB
* CVE-2024-10464 (bmo#1913000)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1184
- Mozilla Firefox 131.0.3
* some users could not access the Bill Pay portion of their
bank's site (bmo#1923500)
* some VR180 and 360 videos were not properly rendering on YouTube
(bmo#1922278)
* Fixed a crash that Windows users with Avast or AVG security
software were experiencing when visiting certain sites. (bmo#1919678)
* "List all tabs" button was not able to be moved from the toolbar
(bmo#1918681)
NFSA 2024-53
* CVE-2024-9936 (bmo#1920381)
Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch
OBS-URL: https://build.opensuse.org/request/show/1208839
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=440
* some users could not access the Bill Pay portion of their
bank's site (bmo#1923500)
* some VR180 and 360 videos were not properly rendering on YouTube
(bmo#1922278)
* Fixed a crash that Windows users with Avast or AVG security
software were experiencing when visiting certain sites. (bmo#1919678)
* "List all tabs" button was not able to be moved from the toolbar
(bmo#1918681)
NFSA 2024-53
* CVE-2024-9936 (bmo#1920381)
Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1182
- Firefox 131.0
https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
MFSA 2024-46 (bsc#1230979)
* CVE-2024-9391 (bmo#1892407)
Prevent users from exiting full-screen mode in Firefox Focus
for Android
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-9395 (bmo#1906024)
Specially crafted filename could be used to obscure download type
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
* CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
OBS-URL: https://build.opensuse.org/request/show/1205704
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=438
https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
MFSA 2024-46 (bsc#1230979)
* CVE-2024-9391 (bmo#1892407)
Prevent users from exiting full-screen mode in Firefox Focus
for Android
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-9395 (bmo#1906024)
Specially crafted filename could be used to obscure download type
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
* CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1178
------------------------------------------------------------------
- Firefox 130.0.1 Release
https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes
* Enterprise: Added an enterprise policy to disable the
*Firefox Labs* section in *Settings*. (bmo#1911826)
* Fixed a recent regression causing some UI elements to
be rendered as left-to-right instead of right-to-left for
users of our Saraiki localization. (bmo#1917175)
* Linux: Fixed black rendering of AVIF images when
Firefox is built with GCC. (bmo#1916038)
- removed obsolete patches
mozilla-bmo1916038.patch
- Mozilla Firefox 130.0
https://www.mozilla.org/en-US/firefox/130.0/releasenotes
MFSA 2024-39 (bsc#1229821)
* CVE-2024-8385 (bmo#1911909)
WASM type confusion involving ArrayTypes
* CVE-2024-8381 (bmo#1912715)
Type confusion when looking up a property name in a "with" block
* CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
bmo#1894891, bmo#1897648)
Fullscreen notice on Android could be hidden under various
panels and OS prompts
* CVE-2024-8382 (bmo#1906744)
Internal event interfaces were exposed to web content when
browser EventHandler listener callbacks ran
* CVE-2024-8383 (bmo#1908496)
Firefox did not ask before openings news: links in an
OBS-URL: https://build.opensuse.org/request/show/1202047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=437
- Firefox 130.0.1 Release
* Enterprise: Added an enterprise policy to disable the
*Firefox Labs* section in *Settings*. (bmo#1911826)
* Fixed a recent regression causing some UI elements to
be rendered as left-to-right instead of right-to-left for
users of our Saraiki localization. (bmo#1917175)
* Linux: Fixed black rendering of AVIF images when
Firefox is built with GCC. (bmo#1916038)
- removed obsolete patches
mozilla-bmo1916038.patch
- Mozilla Firefox 130.0
MFSA 2024-39 (bsc#1229821)
* CVE-2024-8385 (bmo#1911909)
WASM type confusion involving ArrayTypes
* CVE-2024-8381 (bmo#1912715)
Type confusion when looking up a property name in a "with" block
* CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
bmo#1894891, bmo#1897648)
Fullscreen notice on Android could be hidden under various
panels and OS prompts
* CVE-2024-8382 (bmo#1906744)
Internal event interfaces were exposed to web content when
browser EventHandler listener callbacks ran
* CVE-2024-8383 (bmo#1908496)
Firefox did not ask before openings news: links in an
external application
* CVE-2024-8384 (bmo#1911288)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1174
------------------------------------------------------------------
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
OBS-URL: https://build.opensuse.org/request/show/1190457
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=433
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1166
- Mozilla Firefox 128.0
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
OBS-URL: https://build.opensuse.org/request/show/1187677
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=431
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1162
- Mozilla Firefox 127.0.2
* Fixed an issue where YouTube playback may experience stalling under
certain conditions (bmo#1900191, bmo#1878510).
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
the primary password prompt (bmo#1901899).
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
to true were experiencing slow audio speeds (bmo#1900972).
* Fixed an issue where, in some circumstances, the Firefox installer
on Windows failed to complete the installation (bmo#1896868).
* Fixed an issue causing Firefox to incorrectly reject cookies
for certain websites (bmo#1901325).
- Fix GNOME search provider (boo#1225278)
OBS-URL: https://build.opensuse.org/request/show/1185336
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=430
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
* Fixed an issue where, in some circumstances, the Firefox installer
* Fixed an issue causing Firefox to incorrectly reject cookies
- Fix GNOME search provider (boo#1225278)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1160
- Mozilla Firefox 127.0.2
* Fixed an issue where YouTube playback may experience stalling under
certain conditions (bmo#1900191, bmo#1878510).
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
the primary password prompt (bmo#1901899).
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
to true were experiencing slow audio speeds (bmo#1900972).
* Fixed an issue where, in some circumstances, the Firefox installer
on Windows failed to complete the installation (bmo#1896868).
* Fixed an issue causing Firefox to incorrectly reject cookies
for certain websites (bmo#1901325).
OBS-URL: https://build.opensuse.org/request/show/1184300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1159
- Mozilla Firefox 127.0
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
OBS-URL: https://build.opensuse.org/request/show/1180696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=429
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
- Mozilla Firefox 126.0.1
* Fixed an issue with reading tagged PDF documents in a screen reader
bmo#1894849
* Fixed not displaying localized text for non-en-US locales in the
Crash Reporter dialog box on macOS. (bmo#1896097)
* Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
* Fixed an issue causing high GPU memory usage on certain versions
of AMD cards. (bmo#1897006)
- Backport upstream patches to fix build on aarch64 - boo#1225460
* mozilla-bmo1886378.patch
OBS-URL: https://build.opensuse.org/request/show/1177453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=428
* Fixed an issue with reading tagged PDF documents in a screen reader
bmo#1894849
* Fixed not displaying localized text for non-en-US locales in the
Crash Reporter dialog box on macOS. (bmo#1896097)
* Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
* Fixed an issue causing high GPU memory usage on certain versions
of AMD cards. (bmo#1897006)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1153
