MozillaFirefox

pool/MozillaFirefox

SHA256

Fork 1

666da69274 Accepting request 1236666 from mozilla:Factory factory Ana Guerrero 2025-01-12 10:09:39 +0000
dbfcbec55a - Mozilla Firefox 134.0 https://www.mozilla.org/en-US/firefox/134.0/releasenotes * Firefox now supports touchpad hold gestures on Linux. This means that kinetic (momentum) scrolling can now be interrupted by placing two fingers on the touchpad * Ecosia's availability has been expanded to all languages in the German region along with Austria, Belgium, Italy, Netherlands, Spain, Sweden and Switzerland MFSA 2025-01 (bsc#1234991) * CVE-2025-0244 (bmo#1929584) Address bar spoofing using an invalid protocol scheme on Firefox for Android * CVE-2025-0245 (bmo#1895342) Lock screen setting bypass in Firefox Focus for Android * CVE-2025-0246 (bmo#1912709) Address bar spoofing using an invalid protocol scheme on Firefox for Android * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, devel Wolfgang Rosenauer 2025-01-09 17:42:05 +0000
03fe740876 Accepting request 1231224 from mozilla:Factory Ana Guerrero 2024-12-16 18:09:09 +0000
13e7b2ae0d - Mozilla Firefox 133.0.3 * Fixed the missing scrollbar in the Library window, such as when viewing History or Bookmarks. (bmo#1934482) * Fixed blurry line drawing on some Canvas elements when hardware acceleration is enabled. (bmo#1933668) Wolfgang Rosenauer 2024-12-15 11:52:36 +0000
d1d6a0968b Accepting request 1226801 from mozilla:Factory Ana Guerrero 2024-11-28 23:08:13 +0000
9e86c649c9 - Mozilla Firefox 133.0 https://www.mozilla.org/en-US/firefox/133.0/releasenotes MFSA 2024-63 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11700 (bmo#1836921) Potential Tapjacking Exploit for Intent Confirmation on Android * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11701 (bmo#1914797) Misleading Address Bar State During Navigation Interruption * CVE-2024-11702 (bmo#1918884) Inadequate Clipboard Protection in Private Browsing Mode on Android * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11703 (bmo#1928779) Password access without authentication via PIN bypass on Android * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11704 (bmo#1899402) Potential Double-Free Vulnerability in PKCS#7 Decryption Handling * CVE-2024-11698 (bmo#1916152) Wolfgang Rosenauer 2024-11-27 07:41:19 +0000
a409d8adda - add mozilla-python313.patch to fix build with python 3.13+ Wolfgang Rosenauer 2024-11-25 10:56:51 +0000
78130d13f6 Accepting request 1224785 from mozilla:Factory Ana Guerrero 2024-11-18 18:56:43 +0000
df90b62ed6 - Mozilla Firefox 132.0.2 * Fixed possible errors when playing encrypted media content through some streaming providers. (bmo#1929491) * Added a mitigation to help reduce the frequency of duplicated push notifications reported by some users. (bmo#1928868) * Fixed hangs when printing from some sites when using the system print dialog. (bmo#1898184) * Fixed a crash which could occur when using Microsoft SSO on macOS (bmo#1929622) * Fixed a crash in the Network Monitor developer tool which could occur in some circumstances. (bmo#1924882) Wolfgang Rosenauer 2024-11-15 13:48:17 +0000
cd12b8e0e6 Accepting request 1223284 from mozilla:Factory Dominique Leuenberger 2024-11-11 12:43:37 +0000
f50f411e72 - require xdg-desktop-portal (boo#1233166) Wolfgang Rosenauer 2024-11-11 07:13:08 +0000
944ffaaffb OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1185 Wolfgang Rosenauer 2024-11-06 08:15:15 +0000
d5ecca7d59 - Mozilla Firefox 132.0.1 * Fixed issues causing intermittent video playback problems on some sites. (bmo#1928484, bmo#1928798) - remove KDE integration patches - mozilla-kde.patch - firefox-kde.patch on KDE use these settings instead widget.use-xdg-desktop-portal.file-picker=1 widget.use-xdg-desktop-portal.mime-handler=1 (those are set by the latest branding package as well) Wolfgang Rosenauer 2024-11-05 10:48:26 +0000
446a0e7696 Accepting request 1208839 from mozilla:Factory Ana Guerrero 2024-10-20 08:13:22 +0000
46b65f8c49 - Mozilla Firefox 131.0.3 * some users could not access the Bill Pay portion of their bank's site (bmo#1923500) * some VR180 and 360 videos were not properly rendering on YouTube (bmo#1922278) * Fixed a crash that Windows users with Avast or AVG security software were experiencing when visiting certain sites. (bmo#1919678) * "List all tabs" button was not able to be moved from the toolbar (bmo#1918681) NFSA 2024-53 * CVE-2024-9936 (bmo#1920381) Undefined behavior in selection node cache - remove obsolete mozilla-rust-disable-future-incompat.patch Wolfgang Rosenauer 2024-10-18 10:29:37 +0000
51bca241c8 Accepting request 1206551 from mozilla:Factory Ana Guerrero 2024-10-11 15:01:08 +0000
fe2ab4d47d - Mozilla Firefox 131.0.2 MFSA 2024-51 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline Wolfgang Rosenauer 2024-10-09 14:55:13 +0000
b292b641fd Accepting request 1205704 from mozilla:Factory Ana Guerrero 2024-10-06 15:51:24 +0000
d873e57e81 - Firefox 131.0 https://www.mozilla.org/en-US/firefox/131.0/releasenotes/ MFSA 2024-46 (bsc#1230979) * CVE-2024-9391 (bmo#1892407) Prevent users from exiting full-screen mode in Firefox Focus for Android * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-9395 (bmo#1906024) Specially crafted filename could be used to obscure download type * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) Wolfgang Rosenauer 2024-10-04 13:15:49 +0000
e21c4e6bf7 Accepting request 1202047 from mozilla:Factory Ana Guerrero 2024-09-22 09:05:23 +0000
4ad63c96a3 - Update dependency on clang-devel from LLVM15 to LLVM18 Wolfgang Rosenauer 2024-09-19 20:06:25 +0000
1b43cd3da8 https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes https://www.mozilla.org/en-US/firefox/130.0/releasenotes Wolfgang Rosenauer 2024-09-19 16:55:30 +0000
f2f6b49a7f ------------------------------------------------------------------ - Firefox 130.0.1 Release * Enterprise: Added an enterprise policy to disable the *Firefox Labs* section in *Settings*. (bmo#1911826) * Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (bmo#1917175) * Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (bmo#1916038) - removed obsolete patches mozilla-bmo1916038.patch Wolfgang Rosenauer 2024-09-19 16:43:14 +0000
58fc7f28bf Accepting request 1199138 from mozilla:Factory Ana Guerrero 2024-09-06 15:17:41 +0000
9978f0bae4 - _constraints: increase RAM on s390x to fix the build Wolfgang Rosenauer 2024-09-06 08:46:31 +0000
657e9a281d Accepting request 1195695 from mozilla:Factory Ana Guerrero 2024-08-25 10:09:39 +0000
c9813ec197 - Mozilla Firefox 129.0.1 * Fixed playback issues on some websites with copyrighted video served via digital rights management. (bmo#1911283) * Fixed a crash when dragging a video file onto some websites (bmo#1910990) Wolfgang Rosenauer 2024-08-16 09:33:53 +0000
8a18bf4d27 Accepting request 1193124 from mozilla:Factory Dominique Leuenberger 2024-08-13 11:21:48 +0000
351b951583 - Mozilla Firefox 129.0 https://www.mozilla.org/en-US/firefox/129.0/releasenotes MFSA 2024-33 (bsc#1228648)) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7523 (bmo#1908344) Document content could partially obscure security prompts * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7530 (bmo#1904011) Use-after-free in JavaScript code coverage collection * CVE-2024-7531 (bmo#1905691) Wolfgang Rosenauer 2024-08-10 12:42:53 +0000
59dbe96551 Accepting request 1190457 from mozilla:Factory Dominique Leuenberger 2024-07-31 11:28:35 +0000
5bbcb979e1 ------------------------------------------------------------------ - Firefox 128.0.3 Release * Fixed: Fixed an issue causing some sites to not load when connecting via HTTP/2. (bmo#1908161, bmo#1909666) * Fixed: Fixed collapsed table rows not appearing when expected in some situations. (bmo#1907789) * Fixed: Fixed the Windows on-screen keyboard potentially concealing the webpage when displayed. (bmo#1907766) - Firefox 128.0.2 Release * Fixed: Fixed an audio echo in video calls on macOS under certain conditions. (bmo#1908539) * Fixed: Fixed an issue where the Adguard extension popup was not displaying. (bmo#1906132) * Fixed: Fixed an issue causing some screen readers to fail to read when navigating by character in rich text editors. (Bug 1905021) * Fixed: Fixed visual glitches when dark mode is enabled in Windows ARM devices. (bmo#1897444) * Fixed: Fixed an issue causing NTLM authentication failure. (bmo#1908115) * Fixed: Fixed an issue where content displayed on mouseover was not captured in a screenshot. (bmo#1905468) * Fixed: Various stability fixes. - renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch to conform with patch structure and naming for the package Wolfgang Rosenauer 2024-07-30 11:20:32 +0000
2d4ab48832 Accepting request 1188582 from mozilla:Factory Ana Guerrero 2024-07-22 15:14:28 +0000
41c367e33f - Add firefox-3781e3117706.patch to fix boo#1227856 aka bmo#1905018 where an incompatible pointer assignment is not accepted in C by GCC 14. Wolfgang Rosenauer 2024-07-19 09:54:37 +0000
2ae5300e78 Accepting request 1187677 from mozilla:Factory Ana Guerrero 2024-07-17 13:14:05 +0000
3623424b10 - Mozilla Firefox 128.0 https://www.mozilla.org/en-US/firefox/128.0/releasenotes MFSA 2024-29 (bsc#1226316) * CVE-2024-6605 (bmo#1836786) Firefox Android missed activation delay to prevent tapjacking * CVE-2024-6606 (bmo#1902305) Out-of-bounds read in clipboard component * CVE-2024-6607 (bmo#1694513) Leaving pointerlock by pressing the escape key could be prevented * CVE-2024-6608 (bmo#1743329) Cursor could be moved out of the viewport using pointerlock. * CVE-2024-6609 (bmo#1839258) Memory corruption in NSS * CVE-2024-6610 (bmo#1883396) Form validation popups could block exiting full-screen mode * CVE-2024-6600 (bmo#1888340) Memory corruption in WebGL API * CVE-2024-6601 (bmo#1890748) Race condition in permission assignment * CVE-2024-6602 (bmo#1895032) Memory corruption in NSS * CVE-2024-6603 (bmo#1895081) Memory corruption in thread creation * CVE-2024-6611 (bmo#1844827) Incorrect handling of SameSite cookies * CVE-2024-6612 (bmo#1880374) CSP violation leakage when using devtools * CVE-2024-6613 (bmo#1900523) Incorrect listing of stack frames Wolfgang Rosenauer 2024-07-16 07:10:33 +0000
53ab0a2e0b Accepting request 1185336 from mozilla:Factory Ana Guerrero 2024-07-05 17:44:47 +0000
65de930456 * Fixed an issue where YouTube playback may experience stalling under * Fixed an issue where the Private Window icon was displayed in the taskbar on Windows when browser.privateWindowSeparation.enabled was * Fixed an issue where users with a primary password set on their profile could lose their previous session of tabs upon upgrading if they dismissed * Fixed an issue where Linux users with accessibility.monoaudio.enable set * Fixed an issue where, in some circumstances, the Firefox installer * Fixed an issue causing Firefox to incorrectly reject cookies - Fix GNOME search provider (boo#1225278) Wolfgang Rosenauer 2024-07-04 08:07:19 +0000
e22e1216b1 Accepting request 1184300 from home:develop7:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 08:00:08 +0000
ae5669436c Accepting request 1184277 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 07:55:26 +0000
42cc248788 Accepting request 1180696 from mozilla:Factory Ana Guerrero 2024-06-14 16:57:28 +0000
26b5620df4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1156 Wolfgang Rosenauer 2024-06-13 13:44:22 +0000
8d549ff22f - Mozilla Firefox 127.0 https://www.mozilla.org/en-US/firefox/127.0/releasenotes MFSA 2024-25 (bsc#1226027) * CVE-2024-5687 (bmo#1889066) An incorrect principal could have been used when opening new tabs * CVE-2024-5688 (bmo#1895086) Use-after-free in JavaScript object transplant * CVE-2024-5689 (bmo#1389707) User confusion and possible phishing vector via Firefox Screenshots * CVE-2024-5690 (bmo#1883693) External protocol handlers leaked by timing attack * CVE-2024-5691 (bmo#1888695) Sandboxed iframes were able to bypass sandbox restrictions to open a new window * CVE-2024-5692 (bmo#1837514, bmo#1891234) Bypass of file name restrictions during saving * CVE-2024-5693 (bmo#1891319) Cross-Origin Image leak via Offscreen Canvas * CVE-2024-5694 (bmo#1895055) Use-after-free in JavaScript Strings * CVE-2024-5695 (bmo#1895579) Memory Corruption using allocation using out-of-memory conditions * CVE-2024-5696 (bmo#1896555) Memory Corruption in Text Fragments * CVE-2024-5697 (bmo#1414937) Website was able to detect when Firefox was taking a screenshot of them * CVE-2024-5698 (bmo#1828259) Data-list could have overlaid address bar * CVE-2024-5699 (bmo#1891349) Wolfgang Rosenauer 2024-06-12 20:38:41 +0000
aee654ea3f Accepting request 1177453 from mozilla:Factory Ana Guerrero 2024-05-30 13:32:10 +0000
7548fa49d0 - Mozilla Firefox 126.0.1 * Fixed an issue with reading tagged PDF documents in a screen reader bmo#1894849 * Fixed not displaying localized text for non-en-US locales in the Crash Reporter dialog box on macOS. (bmo#1896097) * Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115) * Fixed an issue causing high GPU memory usage on certain versions of AMD cards. (bmo#1897006) Wolfgang Rosenauer 2024-05-29 07:15:42 +0000
ffc2e2a358 Accepting request 1177370 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2024-05-29 07:11:01 +0000
f2d4ae6b6f Accepting request 1175472 from mozilla:Factory Ana Guerrero 2024-05-21 16:33:21 +0000
5b06ba2de6 - Mozilla Firefox 126.0 https://www.mozilla.org/en-US/firefox/126.0/releasenotes MFSA 2024-21 (bsc#1224056) * CVE-2024-4764 (bmo#1879093) Use-after-free when audio input connected with multiple consumers * CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4765 (bmo#1871109) Web application manifests could have been overwritten via hash collision * CVE-2024-4766 (bmo#1871214, bmo#1871217) Fullscreen notification could have been obscured on Firefox for Android * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4771 (bmo#1893891) Failed allocation could lead to use-after-free * CVE-2024-4772 (bmo#1870579) Use of insecure rand() function to generate nonce * CVE-2024-4773 (bmo#1875248) URL bar could be cleared after network error * CVE-2024-4774 (bmo#1886598) Undefined behavior in ShmemCharMapHashEntry() Wolfgang Rosenauer 2024-05-21 08:22:00 +0000
640c98451f Accepting request 1170867 from mozilla:Factory Dominique Leuenberger 2024-05-01 12:54:55 +0000
072f7b36ed Accepting request 1170864 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-29 18:30:27 +0000
d3c437774c Accepting request 1169983 from mozilla:Factory Ana Guerrero 2024-04-26 21:26:13 +0000
32b276a257 * The 125.0 and 125.0.1 releases were skipped due to problems with a feature that proactively blocked downloads from potentially untrustworthy URLs Use-after-free if garbage collection runs during realm initialization Incorrect JIT optimization of MSubstr leads to out-of-bounds reads Corrupt pointer dereference in js::CheckTracedThing<js::Shape> Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) Wolfgang Rosenauer 2024-04-24 07:40:26 +0000
3b2b98176a Accepting request 1169748 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-23 06:12:35 +0000
9ba5b17011 Accepting request 1164364 from mozilla:Factory Ana Guerrero 2024-04-04 20:24:08 +0000
d592c1b03e * Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (bmo#1884308) * Fixed an issue that would cause open Firefox windows Netflix. (bmo#1883932) * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) * Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (bmo#1884347) Wolfgang Rosenauer 2024-04-03 13:07:33 +0000
32874c1308 Accepting request 1164363 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-04-03 13:05:03 +0000
23c8d9fe7f Accepting request 1160726 from mozilla:Factory Ana Guerrero 2024-03-25 20:06:23 +0000
90db4db449 - Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free Wolfgang Rosenauer 2024-03-22 16:21:08 +0000
33f287025d Accepting request 1156327 from mozilla:Factory Dominique Leuenberger 2024-03-09 19:53:50 +0000
cb3e179034 Accepting request 1156314 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-03-08 10:46:33 +0000
7a05ebf18e Accepting request 1150527 from mozilla:Factory Ana Guerrero 2024-02-27 21:43:17 +0000
672b2847a9 - Mozilla Firefox 123.0 https://www.mozilla.org/en-US/firefox/123.0/releasenotes/ MFSA 2024-05 (bsc#1220048) * CVE-2024-1546 (bmo#1843752) Out-of-bounds memory read in networking channels * CVE-2024-1547 (bmo#1877879) Alert dialog could have been spoofed on another site * CVE-2024-1554 (bmo#1816390) fetch could be used to effect cache poisoning * CVE-2024-1548 (bmo#1832627) Fullscreen Notification could have been hidden by select element * CVE-2024-1549 (bmo#1833814) Custom cursor could obscure the permission dialog * CVE-2024-1550 (bmo#1860065) Mouse cursor re-positioned unexpectedly could have led to unintended permission grants * CVE-2024-1551 (bmo#1864385) Multipart HTTP Responses would accept the Set-Cookie header in response parts * CVE-2024-1555 (bmo#1873223) SameSite cookies were not properly respected when opening a website from an external browser * CVE-2024-1556 (bmo#1870414) Invalid memory access in the built-in profiler * CVE-2024-1552 (bmo#1874502) Incorrect code generation on 32-bit ARM devices * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296, bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080, bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211, bmo#1878286) Wolfgang Rosenauer 2024-02-25 22:15:18 +0000
d1be093a13 Accepting request 1146565 from mozilla:Factory Ana Guerrero 2024-02-15 19:58:57 +0000
d2bb239998 Accepting request 1146484 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-02-14 12:25:21 +0000
dae9c9db48 Accepting request 1143092 from mozilla:Factory Ana Guerrero 2024-02-01 17:03:42 +0000
c4d54d7b75 Accepting request 1142978 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-01-31 17:28:29 +0000
0299745734 Accepting request 1142680 from mozilla:Factory Ana Guerrero 2024-01-30 17:24:32 +0000
e23269fde0 Accepting request 1142188 from home:Andreas_Schwab:Factory Wolfgang Rosenauer 2024-01-29 22:24:08 +0000
fbd6485905 Accepting request 1141490 from mozilla:Factory Ana Guerrero 2024-01-26 21:45:43 +0000
3eb8b737e4 - Mozilla Firefox 122.0 https://www.mozilla.org/en-US/firefox/122.0/releasenotes/ MFSA 2024-01 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605) Wolfgang Rosenauer 2024-01-25 11:10:30 +0000
da52efa0fb Accepting request 1138351 from mozilla:Factory Ana Guerrero 2024-01-14 18:01:25 +0000
7bf217f6ac Accepting request 1137806 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-01-12 16:07:06 +0000
9aad02882d Accepting request 1134603 from mozilla:Factory Ana Guerrero 2023-12-22 21:41:04 +0000
20ffb64e05 - Mozilla Firefox 121.0 https://www.mozilla.org/en-US/firefox/121.0/releasenotes MFSA 2023-56 (bsc#1217974) * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6135 (bmo#1853908) NSS susceptible to "Minerva" attack * CVE-2023-6865 (bmo#1864123) Potential exposure of uninitialized data in EncryptingOutputStream * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6866 (bmo#1849037) TypedArrays lack sufficient exception handling * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6867 (bmo#1863863) Clickjacking permission prompts using the popup transition * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6868 (bmo#1865488) WebPush requests on Firefox for Android did not require VAPID key * CVE-2023-6869 (bmo#1799036) Content can paint outside of sandboxed iframe Wolfgang Rosenauer 2023-12-22 09:01:08 +0000
710f8bf00b Accepting request 1132165 from mozilla:Factory Dominique Leuenberger 2023-12-09 21:49:34 +0000
3c65948f42 Accepting request 1132141 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-12-08 21:21:52 +0000
a2e18a8139 Accepting request 1129161 from mozilla:Factory Ana Guerrero 2023-11-27 21:42:07 +0000
9a9faccc26 - Mozilla Firefox 120.0 https://www.mozilla.org/en-US/firefox/120.0/releasenotes MFSA 2023-49 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6210 (bmo#1801501) Mixed-content resources not blocked in a javascript: pop-up * CVE-2023-6211 (bmo#1850200) Clickjacking to load insecure pages in HTTPS-only mode * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911) Memory safety bugs fixed in Firefox 120 - rebased patches Wolfgang Rosenauer 2023-11-27 14:33:21 +0000
6430926302 Accepting request 1124746 from mozilla:Factory Ana Guerrero 2023-11-13 21:15:56 +0000
0682eecc12 Accepting request 1124728 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-11-09 21:23:49 +0000
94af17d03a Accepting request 1121261 from mozilla:Factory Ana Guerrero 2023-10-31 19:24:50 +0000
fba3ce914b Accepting request 1121257 from home:iznogood:factory Wolfgang Rosenauer 2023-10-30 17:34:27 +0000
ea5dd3dbee - Mozilla Firefox 119.0 https://www.mozilla.org/en-US/firefox/119.0/releasenotes MFSA 2023-45 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5722 (bmo#1738426) Cross-Origin size and header leakage * CVE-2023-5723 (bmo#1802057) Invalid cookie characters could have led to unexpected errors * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5729 (bmo#1823720) Fullscreen notification dialog could have been obscured by WebAuthn prompts * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068) Wolfgang Rosenauer 2023-10-27 07:18:39 +0000
d3e0fd0201 (boo#1216027) Wolfgang Rosenauer 2023-10-14 14:32:42 +0000
3e7afa6df6 - Activate KDE integration again, included rebased and updated patches (upstream removed special files handling for preferences but that has no effect since we haven't shipped obsolete kde.js for a while) Wolfgang Rosenauer 2023-10-14 12:04:21 +0000
93544be53d Accepting request 1114576 from home:Thaodan:branches:mozilla:Factory Wolfgang Rosenauer 2023-10-14 12:01:14 +0000
865d7485c2 Accepting request 1117058 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-10-12 08:10:17 +0000
3d079c76d1 Accepting request 1114282 from mozilla:Factory Ana Guerrero 2023-09-29 09:43:11 +0000
f56b5528a7 (removed mozilla-kde.patch and firefox-kde.patch for now) Wolfgang Rosenauer 2023-09-29 08:34:10 +0000
aeb0620d41 - Mozilla Firefox 118.0.1 MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550), Heap buffer overflow in libvpx Wolfgang Rosenauer 2023-09-29 08:31:52 +0000
24d80f3612 - add mozilla-bmo1822730.patch Wolfgang Rosenauer 2023-09-23 07:29:59 +0000
226302d631 Accepting request 1113090 from home:biggestsonicfan:branches:mozilla:Factory Wolfgang Rosenauer 2023-09-23 07:28:40 +0000
bf59babbb3 Accepting request 1110687 from mozilla:Factory Ana Guerrero 2023-09-13 18:43:34 +0000
202b7e7c4a Accepting request 1110680 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-09-12 17:59:40 +0000
16d69b154b Accepting request 1107944 from mozilla:Factory Ana Guerrero 2023-08-30 08:18:38 +0000
bbbb712787 - Mozilla Firefox 117.0 https://www.mozilla.org/en-US/firefox/117.0/releasenotes MFSA 2023-34 (bsc#1214606) * CVE-2023-4573 (bmo#1846687) Memory corruption in IPC CanvasTranslator * CVE-2023-4574 (bmo#1846688) Memory corruption in IPC ColorPickerShownCallback * CVE-2023-4575 (bmo#1846689) Memory corruption in IPC FilePickerShownCallback * CVE-2023-4576 (bmo#1846694) Integer Overflow in RecordedSourceSurfaceCreation * CVE-2023-4577 (bmo#1847397) Memory corruption in JIT UpdateRegExpStatics * CVE-2023-4578 (bmo#1839007) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception * CVE-2023-4579 (bmo#1842766) Persisted search terms were formatted as URLs * CVE-2023-4580 (bmo#1843046) Push notifications saved to disk unencrypted * CVE-2023-4581 (bmo#1843758) XLL file extensions were downloadable without warnings * CVE-2023-4582 (bmo#1773874) Buffer Overflow in WebGL glGetProgramiv * CVE-2023-4583 (bmo#1842030) Browsing Context potentially not cleared when closing Private Window * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Wolfgang Rosenauer 2023-08-29 12:55:43 +0000
5112b91bbf Accepting request 1104464 from mozilla:Factory Ana Guerrero 2023-08-18 17:27:10 +0000
42f90b08c5 Accepting request 1104460 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-08-17 19:11:10 +0000
afd2ed8433 Accepting request 1104036 from home:adamm:ldbug Wolfgang Rosenauer 2023-08-15 21:01:22 +0000
062ac2aed4 Accepting request 1103590 from home:adamm:ldbug Wolfgang Rosenauer 2023-08-12 20:13:40 +0000
2d4931ecd0 Accepting request 1103536 from mozilla:Factory Dominique Leuenberger 2023-08-12 13:06:14 +0000

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory