MozillaFirefox

pool/MozillaFirefox

SHA256

Fork 1

6b3fcc6ae1 Accepting request 1298105 from mozilla:Factory factory Dominique Leuenberger 2025-08-08 13:09:19 +00:00
613b2aa26a - Mozilla Firefox 141.0.2 * Fixed a startup crash experienced by some Linux users with outdated NVIDIA drivers. (bmo#1978911) * Fixed a regression that caused canvas objects to be draggable, causing web compatibility issues. (bmo#1978673) * Fixed a crash in the Web Developer Tools panel that could occur when inspecting pages with <iframe> elements. (bmo#1975277) * Fixed minor visual issues across the user interface. (bmo#1974269, bmo#1976031, bmo#1974876, bmo#1976701) * Firefox wouldn't start on some systems where GTK+ was built without Wayland support. (bmo#1978620) * Fixed an issue where clicking a pinned tab could steal focus from the content area, disrupting keyboard navigation. (bmo#1977005) devel Wolfgang Rosenauer 2025-08-07 09:30:38 +00:00
7b71e58f7a Accepting request 1297007 from mozilla:Factory Dominique Leuenberger 2025-08-03 11:36:25 +00:00
3d34ceee8d - Update memory constraints Wolfgang Rosenauer 2025-08-01 08:44:39 +00:00
493f603b75 Accepting request 1295686 from mozilla:Factory Dominique Leuenberger 2025-07-26 11:39:47 +00:00
907f9ebbb3 - Mozilla Firefox 141.0 * https://www.mozilla.org/en-US/firefox/141.0/releasenotes/ MFSA 2025-56 (bsc#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8041 (bmo#1670725) Incorrect URL truncation in Firefox for Android * CVE-2025-8042 (bmo#1791322) Sandboxed iframe could start downloads * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8043 (bmo#1970209) Incorrect URL truncation * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Wolfgang Rosenauer 2025-07-25 06:49:34 +00:00
331649180e Accepting request 1291039 from mozilla:Factory Ana Guerrero 2025-07-09 15:25:36 +00:00
f5de6987c8 - Mozilla Firefox 140.0.2 * Fixed a startup crash on Windows experienced by some users (bmo#1974259) - Mozilla Firefox 140.0.1 * Fixed text contrast issues in the sidebar with some dark themes (bmo#1971487) * Fixed a startup crash experienced by some users caused by DLL injection (mbo#1973947) Wolfgang Rosenauer 2025-07-07 12:30:11 +00:00
948b5f39d0 Accepting request 1285776 from mozilla:Factory Ana Guerrero 2025-06-16 09:11:34 +00:00
c5d30293e2 - Mozilla Firefox 139.0.4 * Fixed Firefox freezing when switching between apps or opening certain panels within the browser. (bmo#1969253, bmo#1969346) * Fixed difficult selection of drop-down menu options in the Firefox preferences page when selected via the in-page search. (bmo#1968949) * Fixed various selection issues when triple-clicking text in some situations. (bmo#1969100, bmo#1969432) * Fixed an incorrect filename being used when setting an image as the desktop wallpaper on Windows. (bmo#1969793) MFSA 2025-47 * CVE-2025-49709 (bmo#1966083) Memory corruption in canvas surfaces * CVE-2025-49710 (bmo#1970095) Integer overflow in OrderedHashTable Wolfgang Rosenauer 2025-06-14 09:11:17 +00:00
d023218841 Accepting request 1282106 from mozilla:Factory Dominique Leuenberger 2025-06-04 18:27:41 +00:00
9865226fda - Fix %{progdir}/crashhelper packaging Wolfgang Rosenauer 2025-06-03 06:47:39 +00:00
5bc67424ee Accepting request 1281674 from mozilla:Factory Ana Guerrero 2025-06-02 19:59:09 +00:00
b0d93e7dae 139.0.1 Wolfgang Rosenauer 2025-06-01 13:32:04 +00:00
28a1a8f674 - Mozilla Firefox 139.0 https://www.mozilla.org/en-US/firefox/139.0/releasenotes/ MFSA 2025-42 (bsc#1243353) * MFSA-TMP-2025-0001 (bmo#1962421) Double-free in libvpx encoder * CVE-2025-5263 (bmo#1960745) Error handling for script execution was incorrectly isolated from web content * CVE-2025-5264 (bmo#1950001) Potential local code execution in “Copy as cURL” command * CVE-2025-5265 (bmo#1962301) Potential local code execution in “Copy as cURL” command * CVE-2025-5266 (bmo#1965628) Script element events leaked cross-origin resource status * CVE-2025-5270 (bmo#1910298) SNI was sometimes unencrypted * CVE-2025-5271 (bmo#1920348) Devtools' preview ignored CSP headers * CVE-2025-5267 (bmo#1954137) Clickjacking vulnerability could have led to leaking saved payment card details * CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634) Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 * CVE-2025-5272 (bmo#1726254, bmo#1742738, bmo#1960121) Memory safety bugs fixed in Firefox 139 and Thunderbird 139 Wolfgang Rosenauer 2025-05-31 04:44:43 +00:00
3dcfa7e476 - Replace usage of %jobs for reproducible builds (boo#1237231) Wolfgang Rosenauer 2025-05-26 16:18:59 +00:00
1c009b84cc Accepting request 1278349 from mozilla:Factory Ana Guerrero 2025-05-23 12:28:36 +00:00
f01e196d71 Accepting request 1278346 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2025-05-19 08:33:09 +00:00
de6e91879a Accepting request 1278279 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2025-05-19 04:42:56 +00:00
e45d0d81d3 Accepting request 1276701 from mozilla:Factory Ana Guerrero 2025-05-12 14:46:22 +00:00
caf9625167 - Mozilla Firefox 138.0.1 * Fixed an issue which caused a blank page to be shown for Home and New Tab pages for some users. (bmo#1963537) * Added a workaround for a bug in outlook.office.com/outlook.live.com where attachment filenames are incorrectly prefixed with UTF-8 when saved. (bmo#1961710) Wolfgang Rosenauer 2025-05-12 06:04:40 +00:00
182cfeee26 - build on s390x needs 15G memory, adjust _constraints Wolfgang Rosenauer 2025-05-12 05:54:05 +00:00
5feeaece7b Accepting request 1273825 from mozilla:Factory Dominique Leuenberger 2025-05-02 12:55:53 +00:00
2bbe0a69a1 - Mozilla Firefox 138.0 https://www.mozilla.org/en-US/firefox/138.0/releasenotes/ MFSA 2025-28 (bsc#1241621) * CVE-2025-2817 (bmo#1917536) Privilege escalation in Firefox Updater * CVE-2025-4082 (bmo#1937097) WebGL shader attribute memory corruption in Firefox for macOS * CVE-2025-4083 (bmo#1958350) Process isolation bypass using "javascript:" URI links in cross-origin frames * CVE-2025-4085 (bmo#1915280) Potential information leakage and privilege escalation in UITour actor * CVE-2025-4086 (bmo#1945705) Specially crafted filename could be used to obscure download type * CVE-2025-4087 (bmo#1952465) Unsafe attribute access during XPath parsing * CVE-2025-4088 (bmo#1953521) Cross-site request forgery via storage access API redirects * CVE-2025-4089 (bmo#1949994, bmo#1956698, bmo#1960198) Potential local code execution in "copy as cURL" command * CVE-2025-4090 (bmo#1929478) Leaked library paths in Firefox for Android * CVE-2025-4091 (bmo#1951161, bmo#1952105) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 * CVE-2025-4092 (bmo#1924108, bmo#1950780, bmo#1959367) Memory safety bugs fixed in Firefox 138 and Thunderbird 138 - requires NSS 3.110 Wolfgang Rosenauer 2025-05-01 10:12:10 +00:00
3ea69c38f1 Accepting request 1269740 from mozilla:Factory Ana Guerrero 2025-04-17 14:07:02 +00:00
4b366dac1f - Mozilla Firefox 137.0.2 * Fixed file picker not being displayed when exporting passwords on macOS in about:logins for some users. (bmo#1956266) * Fixed accessibility issues with the new PDF signature feature. (bmo#1956110, bmo#1952571) * Fixed an issue where using the context menu to paste in the Style Editor would insert the code twice. (bmo#1955854) * Fixed functional regressions in our XSLT support introduced in 137. (bmo#1954841) * Fixed a tooltip flickering issue on Windows that affected some users when hovering. (bmo#1958631) * Fixed an issue where Firefox would not respond to clicks in some HTML5 video players. (bmo#1959251) * Fixed an issue where radio inputs behaved incorrectly when preventDefault() was called on the click event. (bmo#1957956) * Fixed an issue that caused some Firefox users to restart their browser multiple times to complete an update. (bmo#1959492) MFSA 2025-25 * CVE-2025-3608 (bmo#1951554) Race condition in nsHttpTransaction could lead to memory corruption - Mozilla Firefox 137.0.1 * Fixed an issue where folder shortcuts on Windows were incorrectly treated as files during file uploads, preventing selecting files within the target folder. (bmo#1958222) * Fixed a crash experienced by Windows users when downloading files with Qihoo 360 Total Security Antivirus software installed. (bmo#1958112) * Fixed an occasional startup crash. (bmo#1958293) Wolfgang Rosenauer 2025-04-15 20:35:36 +00:00
8c7ed61a97 Accepting request 1267443 from mozilla:Factory Ana Guerrero 2025-04-08 15:50:16 +00:00
c3f911d998 - Migrate from deprecated %suse_update_desktop_file to %translate_suse_desktop. (boo#1158957) - MozillaFirefox.desktop fixes done during the migration to translate-suse-desktop: * Remove English text from Burmese translation. * Import translations from mis-named languages from MozillaFirefox.desktop and move them to correct language codes. * Remove en_GB translation that contains no real contents. Wolfgang Rosenauer 2025-04-06 13:52:03 +00:00
cbdfc3d65a - Migrate from deprecated %suse_update_desktop_file to %translate_suse_desktop. (boo#1158957) - MozillaFirefox.desktop fixes done during the migration to translate-suse-desktop: * Remove English text from Burmese translation. * Import translations from mis-named languages from MozillaFirefox.desktop and move them to correct language codes. * Remove en_GB translation that contains no real contents. Wolfgang Rosenauer 2025-04-06 13:49:20 +00:00
0a09fb785c - Mozilla Firefox 137.0 * https://www.mozilla.org/en-US/firefox/137.0/releasenotes/ MFSA 2025-20 (bsc#1240083) * CVE-2025-3028 (bmo#1941002) Use-after-free triggered by XSLTProcessor * CVE-2025-3031 (bmo#1947141) JIT optimization bug with different stack slot sizes * CVE-2025-3032 (bmo#1949987) Leaking file descriptors from the fork server * CVE-2025-3029 (bmo#1952213) URL bar spoofing via non-BMP Unicode characters * CVE-2025-3035 (bmo#1952268) Tab title disclosure across pages when using AI chatbot * CVE-2025-3033 (bmo#1950056) Opening local .url files could lead to another file being opened * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551, bmo#1951017, bmo#1951494) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 * CVE-2025-3034 (bmo#1894100, bmo#1934086, bmo#1950360) Memory safety bugs fixed in Firefox 137 and Thunderbird 137 - requires NSS 3.109 Wolfgang Rosenauer 2025-04-06 13:44:23 +00:00
d432587fcf Accepting request 1265284 from mozilla:Factory Ana Guerrero 2025-03-31 09:37:39 +00:00
4f243df708 - Mozilla Firefox 136.0.4 MFSA 2025-19 (bsc#1240084) * CVE-2025-2857, CVE-2025-2783 (bmo#1956398) Incorrect handle could lead to sandbox escapes 136.0.3 * Significantly improved responsiveness on TikTok by improving the speed of date formatting. (bmo#1954323) 136.0.2 * Fixed a bug where "Cookies and site data" and "Temporary cached files and pages" were unexpectedly enabled after updating to Firefox 136 for users with "History" and/or "Site settings" set to clear on shutdown in previous versions. (bmo#1952564) * Fixed an issue where the Primary Password prompt appeared in unexpected situations. (bmo#1946121) * Fixed visibility issues with radio buttons on dark backgrounds (bmo#1951930) * Fixed high CPU usage on Windows when the screen was locked or the laptop lid was closed. (bmo#1924932) - Use default clang version. (by Aaron Puchert) Wolfgang Rosenauer 2025-03-28 16:17:42 +00:00
f256e053b0 - Use default clang version. Wolfgang Rosenauer 2025-03-28 16:08:25 +00:00
b9550c87b0 Accepting request 1253342 from mozilla:Factory Dominique Leuenberger 2025-03-16 17:58:28 +00:00
b05d1b670d - Mozilla Firefox 136.0.1 * Fixed an issue where a cookie size limit caused problems with website cookie management when using the CookieStore API. This could cause login and other state-related issues. (bmo#1950565) * Fixed an issue where Control/Command+L did not focus the address bar in new windows. (bmo#1947723) Wolfgang Rosenauer 2025-03-15 07:38:10 +00:00
e1158ab5be Accepting request 1251116 from mozilla:Factory Ana Guerrero 2025-03-07 15:39:26 +00:00
55e8aca1ce - Mozilla Firefox 136.0 https://www.mozilla.org/en-US/firefox/136.0/releasenotes/ MFSA 2025-14 (bsc#1237683) * CVE-2025-1930 (bmo#1902309) AudioIPC StreamData could trigger a use-after-free in the Browser process * CVE-2025-1939 (bmo#1928334) Tapjacking in Android Custom Tabs using transition animations * CVE-2025-1931 (bmo#1944126) Use-after-free in WebTransportChild * CVE-2025-1932 (bmo#1944313) Inconsistent comparator in XSLT sorting led to out-of-bounds access * CVE-2025-1933 (bmo#1946004) JIT corruption of WASM i32 return values on 64-bit CPUs * CVE-2025-1940 (bmo#1908488) Android Intent confirmation prompt tapjacking using Select options * CVE-2024-9956 (bmo#1922357) Passkey phishing within Bluetooth range * CVE-2025-1934 (bmo#1942881) Unexpected GC during RegExp bailout processing * CVE-2025-1941 (bmo#1944665) Lock screen setting bypass in Firefox Focus for Android * CVE-2025-1942 (bmo#1947139) Disclosure of uninitialized memory when .toUpperCase() causes string to get longer * CVE-2025-1935 (bmo#1866661) Clickjacking the registerProtocolHandler info-bar * CVE-2025-1936 (bmo#1940027) Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents Wolfgang Rosenauer 2025-03-06 17:52:12 +00:00
46a01a1b5f Accepting request 1243203 from mozilla:Factory Ana Guerrero 2025-02-05 11:40:04 +00:00
55fe4a5056 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1201 Wolfgang Rosenauer 2025-02-04 17:01:45 +00:00
baa820544d Accepting request 1239966 from mozilla:Factory Dominique Leuenberger 2025-01-24 12:39:24 +00:00
7f911f5ab4 - Mozilla Firefox 134.0.2 * Fixed a regression in Firefox 134 where anchored links in HTML framesets pointing to local files did not work (bmo#1934807) * Fixed an issue in developer tools preventing the resending of network requests when debugging extensions (bmo#1934478) * Fixed an issue where data consumption from service workers may unexpectedly halt (bmo#1941210) Wolfgang Rosenauer 2025-01-23 16:40:40 +00:00
1c477cbce0 Accepting request 1238501 from mozilla:Factory Dominique Leuenberger 2025-01-18 12:17:45 +00:00
f61f955454 - Mozilla Firefox 134.0.1 * Fixed UI hangs happening on YouTube and Google Docs in some situations (bmo#1939295) * Fixed a startup crash affecting some users upgrading from Firefox 133 (bmo#1941134) * Fixed an issue where search engines selection menus and context menus could be broken if a user had previously reverted to an earlier version (bmo#1940533) - raised required rust version to 1.81 Wolfgang Rosenauer 2025-01-17 12:57:47 +00:00
666da69274 Accepting request 1236666 from mozilla:Factory Ana Guerrero 2025-01-12 10:09:39 +00:00
dbfcbec55a - Mozilla Firefox 134.0 https://www.mozilla.org/en-US/firefox/134.0/releasenotes * Firefox now supports touchpad hold gestures on Linux. This means that kinetic (momentum) scrolling can now be interrupted by placing two fingers on the touchpad * Ecosia's availability has been expanded to all languages in the German region along with Austria, Belgium, Italy, Netherlands, Spain, Sweden and Switzerland MFSA 2025-01 (bsc#1234991) * CVE-2025-0244 (bmo#1929584) Address bar spoofing using an invalid protocol scheme on Firefox for Android * CVE-2025-0245 (bmo#1895342) Lock screen setting bypass in Firefox Focus for Android * CVE-2025-0246 (bmo#1912709) Address bar spoofing using an invalid protocol scheme on Firefox for Android * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, Wolfgang Rosenauer 2025-01-09 17:42:05 +00:00
03fe740876 Accepting request 1231224 from mozilla:Factory Ana Guerrero 2024-12-16 18:09:09 +00:00
13e7b2ae0d - Mozilla Firefox 133.0.3 * Fixed the missing scrollbar in the Library window, such as when viewing History or Bookmarks. (bmo#1934482) * Fixed blurry line drawing on some Canvas elements when hardware acceleration is enabled. (bmo#1933668) Wolfgang Rosenauer 2024-12-15 11:52:36 +00:00
d1d6a0968b Accepting request 1226801 from mozilla:Factory Ana Guerrero 2024-11-28 23:08:13 +00:00
9e86c649c9 - Mozilla Firefox 133.0 https://www.mozilla.org/en-US/firefox/133.0/releasenotes MFSA 2024-63 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11700 (bmo#1836921) Potential Tapjacking Exploit for Intent Confirmation on Android * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11701 (bmo#1914797) Misleading Address Bar State During Navigation Interruption * CVE-2024-11702 (bmo#1918884) Inadequate Clipboard Protection in Private Browsing Mode on Android * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11703 (bmo#1928779) Password access without authentication via PIN bypass on Android * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11704 (bmo#1899402) Potential Double-Free Vulnerability in PKCS#7 Decryption Handling * CVE-2024-11698 (bmo#1916152) Wolfgang Rosenauer 2024-11-27 07:41:19 +00:00
a409d8adda - add mozilla-python313.patch to fix build with python 3.13+ Wolfgang Rosenauer 2024-11-25 10:56:51 +00:00
78130d13f6 Accepting request 1224785 from mozilla:Factory Ana Guerrero 2024-11-18 18:56:43 +00:00
df90b62ed6 - Mozilla Firefox 132.0.2 * Fixed possible errors when playing encrypted media content through some streaming providers. (bmo#1929491) * Added a mitigation to help reduce the frequency of duplicated push notifications reported by some users. (bmo#1928868) * Fixed hangs when printing from some sites when using the system print dialog. (bmo#1898184) * Fixed a crash which could occur when using Microsoft SSO on macOS (bmo#1929622) * Fixed a crash in the Network Monitor developer tool which could occur in some circumstances. (bmo#1924882) Wolfgang Rosenauer 2024-11-15 13:48:17 +00:00
cd12b8e0e6 Accepting request 1223284 from mozilla:Factory Dominique Leuenberger 2024-11-11 12:43:37 +00:00
f50f411e72 - require xdg-desktop-portal (boo#1233166) Wolfgang Rosenauer 2024-11-11 07:13:08 +00:00
944ffaaffb OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1185 Wolfgang Rosenauer 2024-11-06 08:15:15 +00:00
d5ecca7d59 - Mozilla Firefox 132.0.1 * Fixed issues causing intermittent video playback problems on some sites. (bmo#1928484, bmo#1928798) - remove KDE integration patches - mozilla-kde.patch - firefox-kde.patch on KDE use these settings instead widget.use-xdg-desktop-portal.file-picker=1 widget.use-xdg-desktop-portal.mime-handler=1 (those are set by the latest branding package as well) Wolfgang Rosenauer 2024-11-05 10:48:26 +00:00
446a0e7696 Accepting request 1208839 from mozilla:Factory Ana Guerrero 2024-10-20 08:13:22 +00:00
46b65f8c49 - Mozilla Firefox 131.0.3 * some users could not access the Bill Pay portion of their bank's site (bmo#1923500) * some VR180 and 360 videos were not properly rendering on YouTube (bmo#1922278) * Fixed a crash that Windows users with Avast or AVG security software were experiencing when visiting certain sites. (bmo#1919678) * "List all tabs" button was not able to be moved from the toolbar (bmo#1918681) NFSA 2024-53 * CVE-2024-9936 (bmo#1920381) Undefined behavior in selection node cache - remove obsolete mozilla-rust-disable-future-incompat.patch Wolfgang Rosenauer 2024-10-18 10:29:37 +00:00
51bca241c8 Accepting request 1206551 from mozilla:Factory Ana Guerrero 2024-10-11 15:01:08 +00:00
fe2ab4d47d - Mozilla Firefox 131.0.2 MFSA 2024-51 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline Wolfgang Rosenauer 2024-10-09 14:55:13 +00:00
b292b641fd Accepting request 1205704 from mozilla:Factory Ana Guerrero 2024-10-06 15:51:24 +00:00
d873e57e81 - Firefox 131.0 https://www.mozilla.org/en-US/firefox/131.0/releasenotes/ MFSA 2024-46 (bsc#1230979) * CVE-2024-9391 (bmo#1892407) Prevent users from exiting full-screen mode in Firefox Focus for Android * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-9395 (bmo#1906024) Specially crafted filename could be used to obscure download type * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) Wolfgang Rosenauer 2024-10-04 13:15:49 +00:00
e21c4e6bf7 Accepting request 1202047 from mozilla:Factory Ana Guerrero 2024-09-22 09:05:23 +00:00
4ad63c96a3 - Update dependency on clang-devel from LLVM15 to LLVM18 Wolfgang Rosenauer 2024-09-19 20:06:25 +00:00
1b43cd3da8 https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes https://www.mozilla.org/en-US/firefox/130.0/releasenotes Wolfgang Rosenauer 2024-09-19 16:55:30 +00:00
f2f6b49a7f ------------------------------------------------------------------ - Firefox 130.0.1 Release * Enterprise: Added an enterprise policy to disable the *Firefox Labs* section in *Settings*. (bmo#1911826) * Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (bmo#1917175) * Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (bmo#1916038) - removed obsolete patches mozilla-bmo1916038.patch Wolfgang Rosenauer 2024-09-19 16:43:14 +00:00
58fc7f28bf Accepting request 1199138 from mozilla:Factory Ana Guerrero 2024-09-06 15:17:41 +00:00
9978f0bae4 - _constraints: increase RAM on s390x to fix the build Wolfgang Rosenauer 2024-09-06 08:46:31 +00:00
657e9a281d Accepting request 1195695 from mozilla:Factory Ana Guerrero 2024-08-25 10:09:39 +00:00
c9813ec197 - Mozilla Firefox 129.0.1 * Fixed playback issues on some websites with copyrighted video served via digital rights management. (bmo#1911283) * Fixed a crash when dragging a video file onto some websites (bmo#1910990) Wolfgang Rosenauer 2024-08-16 09:33:53 +00:00
8a18bf4d27 Accepting request 1193124 from mozilla:Factory Dominique Leuenberger 2024-08-13 11:21:48 +00:00
351b951583 - Mozilla Firefox 129.0 https://www.mozilla.org/en-US/firefox/129.0/releasenotes MFSA 2024-33 (bsc#1228648)) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7523 (bmo#1908344) Document content could partially obscure security prompts * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7530 (bmo#1904011) Use-after-free in JavaScript code coverage collection * CVE-2024-7531 (bmo#1905691) Wolfgang Rosenauer 2024-08-10 12:42:53 +00:00
59dbe96551 Accepting request 1190457 from mozilla:Factory Dominique Leuenberger 2024-07-31 11:28:35 +00:00
5bbcb979e1 ------------------------------------------------------------------ - Firefox 128.0.3 Release * Fixed: Fixed an issue causing some sites to not load when connecting via HTTP/2. (bmo#1908161, bmo#1909666) * Fixed: Fixed collapsed table rows not appearing when expected in some situations. (bmo#1907789) * Fixed: Fixed the Windows on-screen keyboard potentially concealing the webpage when displayed. (bmo#1907766) - Firefox 128.0.2 Release * Fixed: Fixed an audio echo in video calls on macOS under certain conditions. (bmo#1908539) * Fixed: Fixed an issue where the Adguard extension popup was not displaying. (bmo#1906132) * Fixed: Fixed an issue causing some screen readers to fail to read when navigating by character in rich text editors. (Bug 1905021) * Fixed: Fixed visual glitches when dark mode is enabled in Windows ARM devices. (bmo#1897444) * Fixed: Fixed an issue causing NTLM authentication failure. (bmo#1908115) * Fixed: Fixed an issue where content displayed on mouseover was not captured in a screenshot. (bmo#1905468) * Fixed: Various stability fixes. - renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch to conform with patch structure and naming for the package Wolfgang Rosenauer 2024-07-30 11:20:32 +00:00
2d4ab48832 Accepting request 1188582 from mozilla:Factory Ana Guerrero 2024-07-22 15:14:28 +00:00
41c367e33f - Add firefox-3781e3117706.patch to fix boo#1227856 aka bmo#1905018 where an incompatible pointer assignment is not accepted in C by GCC 14. Wolfgang Rosenauer 2024-07-19 09:54:37 +00:00
2ae5300e78 Accepting request 1187677 from mozilla:Factory Ana Guerrero 2024-07-17 13:14:05 +00:00
3623424b10 - Mozilla Firefox 128.0 https://www.mozilla.org/en-US/firefox/128.0/releasenotes MFSA 2024-29 (bsc#1226316) * CVE-2024-6605 (bmo#1836786) Firefox Android missed activation delay to prevent tapjacking * CVE-2024-6606 (bmo#1902305) Out-of-bounds read in clipboard component * CVE-2024-6607 (bmo#1694513) Leaving pointerlock by pressing the escape key could be prevented * CVE-2024-6608 (bmo#1743329) Cursor could be moved out of the viewport using pointerlock. * CVE-2024-6609 (bmo#1839258) Memory corruption in NSS * CVE-2024-6610 (bmo#1883396) Form validation popups could block exiting full-screen mode * CVE-2024-6600 (bmo#1888340) Memory corruption in WebGL API * CVE-2024-6601 (bmo#1890748) Race condition in permission assignment * CVE-2024-6602 (bmo#1895032) Memory corruption in NSS * CVE-2024-6603 (bmo#1895081) Memory corruption in thread creation * CVE-2024-6611 (bmo#1844827) Incorrect handling of SameSite cookies * CVE-2024-6612 (bmo#1880374) CSP violation leakage when using devtools * CVE-2024-6613 (bmo#1900523) Incorrect listing of stack frames Wolfgang Rosenauer 2024-07-16 07:10:33 +00:00
53ab0a2e0b Accepting request 1185336 from mozilla:Factory Ana Guerrero 2024-07-05 17:44:47 +00:00
65de930456 * Fixed an issue where YouTube playback may experience stalling under * Fixed an issue where the Private Window icon was displayed in the taskbar on Windows when browser.privateWindowSeparation.enabled was * Fixed an issue where users with a primary password set on their profile could lose their previous session of tabs upon upgrading if they dismissed * Fixed an issue where Linux users with accessibility.monoaudio.enable set * Fixed an issue where, in some circumstances, the Firefox installer * Fixed an issue causing Firefox to incorrectly reject cookies - Fix GNOME search provider (boo#1225278) Wolfgang Rosenauer 2024-07-04 08:07:19 +00:00
e22e1216b1 Accepting request 1184300 from home:develop7:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 08:00:08 +00:00
ae5669436c Accepting request 1184277 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 07:55:26 +00:00
42cc248788 Accepting request 1180696 from mozilla:Factory Ana Guerrero 2024-06-14 16:57:28 +00:00
26b5620df4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1156 Wolfgang Rosenauer 2024-06-13 13:44:22 +00:00
8d549ff22f - Mozilla Firefox 127.0 https://www.mozilla.org/en-US/firefox/127.0/releasenotes MFSA 2024-25 (bsc#1226027) * CVE-2024-5687 (bmo#1889066) An incorrect principal could have been used when opening new tabs * CVE-2024-5688 (bmo#1895086) Use-after-free in JavaScript object transplant * CVE-2024-5689 (bmo#1389707) User confusion and possible phishing vector via Firefox Screenshots * CVE-2024-5690 (bmo#1883693) External protocol handlers leaked by timing attack * CVE-2024-5691 (bmo#1888695) Sandboxed iframes were able to bypass sandbox restrictions to open a new window * CVE-2024-5692 (bmo#1837514, bmo#1891234) Bypass of file name restrictions during saving * CVE-2024-5693 (bmo#1891319) Cross-Origin Image leak via Offscreen Canvas * CVE-2024-5694 (bmo#1895055) Use-after-free in JavaScript Strings * CVE-2024-5695 (bmo#1895579) Memory Corruption using allocation using out-of-memory conditions * CVE-2024-5696 (bmo#1896555) Memory Corruption in Text Fragments * CVE-2024-5697 (bmo#1414937) Website was able to detect when Firefox was taking a screenshot of them * CVE-2024-5698 (bmo#1828259) Data-list could have overlaid address bar * CVE-2024-5699 (bmo#1891349) Wolfgang Rosenauer 2024-06-12 20:38:41 +00:00
aee654ea3f Accepting request 1177453 from mozilla:Factory Ana Guerrero 2024-05-30 13:32:10 +00:00
7548fa49d0 - Mozilla Firefox 126.0.1 * Fixed an issue with reading tagged PDF documents in a screen reader bmo#1894849 * Fixed not displaying localized text for non-en-US locales in the Crash Reporter dialog box on macOS. (bmo#1896097) * Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115) * Fixed an issue causing high GPU memory usage on certain versions of AMD cards. (bmo#1897006) Wolfgang Rosenauer 2024-05-29 07:15:42 +00:00
ffc2e2a358 Accepting request 1177370 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2024-05-29 07:11:01 +00:00
f2d4ae6b6f Accepting request 1175472 from mozilla:Factory Ana Guerrero 2024-05-21 16:33:21 +00:00
5b06ba2de6 - Mozilla Firefox 126.0 https://www.mozilla.org/en-US/firefox/126.0/releasenotes MFSA 2024-21 (bsc#1224056) * CVE-2024-4764 (bmo#1879093) Use-after-free when audio input connected with multiple consumers * CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4765 (bmo#1871109) Web application manifests could have been overwritten via hash collision * CVE-2024-4766 (bmo#1871214, bmo#1871217) Fullscreen notification could have been obscured on Firefox for Android * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4771 (bmo#1893891) Failed allocation could lead to use-after-free * CVE-2024-4772 (bmo#1870579) Use of insecure rand() function to generate nonce * CVE-2024-4773 (bmo#1875248) URL bar could be cleared after network error * CVE-2024-4774 (bmo#1886598) Undefined behavior in ShmemCharMapHashEntry() Wolfgang Rosenauer 2024-05-21 08:22:00 +00:00
640c98451f Accepting request 1170867 from mozilla:Factory Dominique Leuenberger 2024-05-01 12:54:55 +00:00
072f7b36ed Accepting request 1170864 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-29 18:30:27 +00:00
d3c437774c Accepting request 1169983 from mozilla:Factory Ana Guerrero 2024-04-26 21:26:13 +00:00
32b276a257 * The 125.0 and 125.0.1 releases were skipped due to problems with a feature that proactively blocked downloads from potentially untrustworthy URLs Use-after-free if garbage collection runs during realm initialization Incorrect JIT optimization of MSubstr leads to out-of-bounds reads Corrupt pointer dereference in js::CheckTracedThing<js::Shape> Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) Wolfgang Rosenauer 2024-04-24 07:40:26 +00:00
3b2b98176a Accepting request 1169748 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-23 06:12:35 +00:00
9ba5b17011 Accepting request 1164364 from mozilla:Factory Ana Guerrero 2024-04-04 20:24:08 +00:00
d592c1b03e * Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (bmo#1884308) * Fixed an issue that would cause open Firefox windows Netflix. (bmo#1883932) * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) * Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (bmo#1884347) Wolfgang Rosenauer 2024-04-03 13:07:33 +00:00
32874c1308 Accepting request 1164363 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-03 13:05:03 +00:00
23c8d9fe7f Accepting request 1160726 from mozilla:Factory Ana Guerrero 2024-03-25 20:06:23 +00:00
90db4db449 - Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free Wolfgang Rosenauer 2024-03-22 16:21:08 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory