MozillaFirefox

pool/MozillaFirefox

SHA256

Fork 1

a756387aa3 - Firefox 102.0 * You can now disable automatic opening of the download panel every time a new download starts * Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode * Improved security by moving audio decoding into a separate process with stricter sandboxing, thus improving process isolation * https://www.mozilla.org/en-US/firefox/102.0/releasenotes MFSA 2022-24 (bsc#1200793) * CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way to overlay the address bar with web content * CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory * CVE-2022-34468 (bmo#1768537) CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI * CVE-2022-34482 (bmo#845880) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34483 (bmo#1335845) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34476 (bmo#1387919) ASN.1 parser could have been tricked into accepting malformed ASN.1 * CVE-2022-34481 (bmo#1483699, bmo#1497246) Potential integer overflow in ReplaceElementsAt * CVE-2022-34474 (bmo#1677138) Sandboxed iframes could redirect to external schemes * CVE-2022-34469 (bmo#1721220) Wolfgang Rosenauer 2022-06-29 07:44:18 +0000
d3f7ace283 Accepting request 982081 from mozilla:Factory Dominique Leuenberger 2022-06-17 19:19:58 +0000
f85c2ce39f Accepting request 982080 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-06-10 21:00:05 +0000
f66d644831 Accepting request 980191 from mozilla:Factory Dominique Leuenberger 2022-06-02 19:53:45 +0000
1ec6880184 - Mozilla Firefox 101.0 * Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast * All non-configured MIME types can now be assigned a custom action upon download completion * allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility) MFSA 2022-20 (bsc#1200027) * CVE-2022-31736 (bmo#1735923) Cross-Origin resource's length leaked * CVE-2022-31737 (bmo#1743767) Heap buffer overflow in WebGL * CVE-2022-31738 (bmo#1756388) Browser window spoof using fullscreen mode * CVE-2022-31739 (bmo#1765049) Attacker-influenced path traversal when saving downloaded files * CVE-2022-31740 (bmo#1766806) Register allocation problem in WASM on arm64 * CVE-2022-31741 (bmo#1767590) Uninitialized variable leads to invalid memory read * CVE-2022-31742 (bmo#1730434) Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information * CVE-2022-31743 (bmo#1747388) HTML Parsing incorrectly ended HTML comments prematurely * CVE-2022-31744 (bmo#1757604) CSP bypass enabling stylesheet injection Wolfgang Rosenauer 2022-05-31 21:18:50 +0000
0f98512910 Accepting request 978314 from mozilla:Factory Dominique Leuenberger 2022-05-21 17:05:45 +0000
9498fa4a6a - Mozilla Firefox 100.0.2 MFSA 2022-19 (bsc#1199768) * CVE-2022-1802 (bmo#1770137) Prototype pollution in Top-Level Await implementation * CVE-2022-1529 (bmo#1770048) Untrusted input used in JavaScript object indexing, leading to prototype pollution Wolfgang Rosenauer 2022-05-20 15:13:51 +0000
b2497b835b Accepting request 978002 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-05-18 20:54:37 +0000
d7f7b04864 Accepting request 974815 from mozilla:Factory Dominique Leuenberger 2022-05-06 16:58:30 +0000
67ec5338d7 - Mozilla Firefox 100.0 * subtitle support in PiP * spell checking supports multiple languages in parallel * more details here https://www.mozilla.org/en-US/firefox/100.0/releasenotes MFSA 2022-16 (boo#1198970) * CVE-2022-29914 (bmo#1746448) Fullscreen notification bypass using popups * CVE-2022-29909 (bmo#1755081) Bypassing permission prompt in nested browsing contexts * CVE-2022-29916 (bmo#1760674) Leaking browser history with CSS variables * CVE-2022-29911 (bmo#1761981) iframe Sandbox bypass * CVE-2022-29912 (bmo#1692655) Reader mode bypassed SameSite cookies * CVE-2022-29910 (bmo#1757138) Firefox for Android forgot HTTP Strict Transport Security settings * CVE-2022-29915 (bmo#1751678) Leaking cross-origin redirect through the Performance API * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620, bmo#1764778) Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535, bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477, bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771) Memory safety bugs fixed in Firefox 100 - requires NSS 3.77 Wolfgang Rosenauer 2022-05-04 06:26:46 +0000
3b2fbef8dc Accepting request 969574 from mozilla:Factory Dominique Leuenberger 2022-04-15 22:13:26 +0000
add9b31d7d Accepting request 969555 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-04-12 21:29:52 +0000
30aa10520a Accepting request 967154 from mozilla:Factory Dominique Leuenberger 2022-04-07 22:26:53 +0000
da3e0c974f - Mozilla Firefox 99.0 * You can now toggle Narrate in ReaderMode with the keyboard shortcut "n." * You can find added support for search—with or without diacritics—in the PDF viewer. * The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11). * Firefox now supports credit card autofill and capture in Germany and France. MFSA 2022-13 (bsc#1197903) * CVE-2022-1097 (bmo#1745667) Use-after-free in NSSToken objects * CVE-2022-28281 (bmo#1755621) Out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-28282 (bmo#1751609) Use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28283 (bmo#1754066) Missing security checks for fetching sourceMapURL * CVE-2022-28284 (bmo#1754522) Script could be executed via svg's use element * CVE-2022-28285 (bmo#1756957) Incorrect AliasSet used in JIT Codegen * CVE-2022-28286 (bmo#1735265) iframe contents could be rendered outside the border * CVE-2022-28287 (bmo#1741515) Text Selection could crash Firefox * CVE-2022-24713 (bmo#1758509) Denial of Service via complex regular expressions * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508, bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776) Wolfgang Rosenauer 2022-04-05 20:51:21 +0000
9161b661cd Accepting request 964778 from mozilla:Factory Dominique Leuenberger 2022-03-28 14:59:45 +0000
9ce6769347 Accepting request 964729 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-03-24 22:14:52 +0000
eb06ba482c Accepting request 964625 from home:DarkWav Wolfgang Rosenauer 2022-03-24 22:11:50 +0000
e338663852 Accepting request 963933 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2022-03-24 22:10:34 +0000
412d94f808 Accepting request 962488 from home:dirkmueller:Factory Wolfgang Rosenauer 2022-03-17 22:01:16 +0000
e9b727c942 Accepting request 962436 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2022-03-17 12:01:47 +0000
9cd520ec95 Accepting request 960656 from mozilla:Factory Dominique Leuenberger 2022-03-13 19:24:17 +0000
8a33a9d65f - add mozilla-bmo1756347.patch to fix i586 build Wolfgang Rosenauer 2022-03-09 22:00:20 +0000
b0ba7186c6 - Mozilla Firefox 98.0 * Firefox has a new optimized download flow * other changes as documented here https://www.mozilla.org/en-US/firefox/98.0/releasenotes MFSA 2022-10 (bsc#1196900) * CVE-2022-26383 (bmo#1742421) Browser window spoof using fullscreen mode * CVE-2022-26384 (bmo#1744352) iframe allow-scripts sandbox bypass * CVE-2022-26387 (bmo#1752979) Time-of-check time-of-use bug when verifying add-on signatures * CVE-2022-26381 (bmo#1736243) Use-after-free in text reflows * CVE-2022-26382 (bmo#1741888) Autofill Text could be exfiltrated via side-channel attacks * CVE-2022-26385 (bmo#1747526) Use-after-free in thread shutdown * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214, bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612, bmo#1754508) Memory safety bugs fixed in Firefox 98 - requires NSS 3.75 Wolfgang Rosenauer 2022-03-09 09:44:23 +0000
5614e0ad85 Accepting request 954372 from home:luc14n0:branches:mozilla:Factory Wolfgang Rosenauer 2022-02-27 10:00:32 +0000
2e4eeec7cd Accepting request 955949 from mozilla:Factory Dominique Leuenberger 2022-02-21 16:45:57 +0000
1aa3604ee4 Accepting request 955943 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-02-18 21:48:06 +0000
59553e4ce4 Accepting request 952887 from mozilla:Factory Dominique Leuenberger 2022-02-10 22:11:36 +0000
4e431c39c0 - Mozilla Firefox 97.0 MFSA 2022-04 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22755 (bmo#1309630) XSL could have allowed JavaScript execution after a tab was closed * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22757 (bmo#1720098) Remote Agent did not prevent local websites from connecting * CVE-2022-22758 (bmo#1728742) tel: links could have sent USSD codes to the dialer on Firefox for Android * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22762 (bmo#1743931) JavaScript Dialogs could have been displayed over other domains on Firefox for Android * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, bmo#1748210, bmo#1748279) Wolfgang Rosenauer 2022-02-08 14:33:04 +0000
2764c59751 Accepting request 952269 from home:dirkmueller:Factory Wolfgang Rosenauer 2022-02-08 08:38:01 +0000
9162c87eb4 Accepting request 951346 from home:dirkmueller:branches:mozilla:Factory Wolfgang Rosenauer 2022-02-03 17:24:14 +0000
299ea7a00e Accepting request 949716 from mozilla:Factory Dominique Leuenberger 2022-02-01 13:02:32 +0000
f2fb960d33 - Mozilla Firefox 96.0.3 (bsc#1195230) * Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry (bmo#1752317) Wolfgang Rosenauer 2022-01-28 15:33:21 +0000
9179663693 Accepting request 948332 from mozilla:Factory Dominique Leuenberger 2022-01-26 20:26:30 +0000
81795c233e Accepting request 948330 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2022-01-24 08:24:06 +0000
3ed41c23b7 Accepting request 947863 from mozilla:Factory Dominique Leuenberger 2022-01-23 11:15:08 +0000
68541949af Accepting request 947794 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-01-21 07:26:07 +0000
a2243d4df8 Accepting request 946473 from mozilla:Factory Dominique Leuenberger 2022-01-15 20:45:12 +0000
ab7bde2994 Accepting request 946472 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2022-01-14 17:14:41 +0000
e950884a22 Accepting request 945699 from mozilla:Factory Dominique Leuenberger 2022-01-12 23:22:14 +0000
abe4d87b4e - Mozilla Firefox 96.0 * https://www.mozilla.org/en-US/firefox/96.0/releasenotes MFSA 2022-01 (bsc#1194547) * CVE-2022-22746 (bmo#1735071) Calling into reportValidity could have lead to fullscreen window spoof * CVE-2022-22743 (bmo#1739220) Browser window spoof using fullscreen mode * CVE-2022-22742 (bmo#1739923) Out-of-bounds memory access when inserting text in edit mode * CVE-2022-22741 (bmo#1740389) Browser window spoof using fullscreen mode * CVE-2022-22740 (bmo#1742334) Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22738 (bmo#1742382) Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22737 (bmo#1745874) Race condition when playing audio files * CVE-2021-4140 (bmo#1746720) Iframe sandbox bypass with XSLT * CVE-2022-22750 (bmo#1566608) IPC passing of resource handles could have lead to sandbox bypass * CVE-2022-22749 (bmo#1705094) Lack of URL restrictions when scanning QR codes * CVE-2022-22748 (bmo#1705211) Spoofed origin on external protocol launch dialog * CVE-2022-22745 (bmo#1735856) Leaking cross-origin URLs through securitypolicyviolation event Wolfgang Rosenauer 2022-01-11 22:06:33 +0000
2f267289f4 Accepting request 943041 from mozilla:Factory Dominique Leuenberger 2021-12-30 14:55:28 +0000
2942ef5aaf - Mozilla Firefox 95.0.2 * Addresses frequent crashes experienced by users with C/E/Z-Series "Bobcat" CPUs running on Windows 7, 8, and 8.1. - updated constraints for ppc and x86-64 Wolfgang Rosenauer 2021-12-29 10:25:00 +0000
b18fda39cd Accepting request 943030 from home:iznogood:branches:mozilla:Factory Wolfgang Rosenauer 2021-12-29 09:38:41 +0000
d77c0d569f Accepting request 941230 from mozilla:Factory Dominique Leuenberger 2021-12-18 19:29:25 +0000
f6424d435d - Mozilla Firefox 95.0.1 (bsc#1193845) * Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains (bmo#1745600) * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956) * Fix for a frequent Windows shutdown crash (bmo#1738984) * Fix websites contrast issues for some Linux users with Dark mode set at OS level (bmo#1740518) Wolfgang Rosenauer 2021-12-17 14:07:38 +0000
d51a26c5ed Accepting request 936364 from mozilla:Factory Dominique Leuenberger 2021-12-11 23:56:09 +0000
79dbc14d01 - Mozilla Firefox 95.0 * You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. * To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users. * https://www.mozilla.org/en-US/firefox/95.0/releasenotes MFSA 2021-52 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * MOZ-2021-0010 (bmo#1735852) Use-after-free in fullscreen objects on MacOS * CVE-2021-43540 (bmo#1636629) WebExtensions could have installed persistent ServiceWorkers * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43544 (bmo#1739934) Wolfgang Rosenauer 2021-12-07 21:12:25 +0000
0d5bac4eb8 Accepting request 935283 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-12-02 21:24:56 +0000
a4862dbb50 Accepting request 934031 from home:iznogood:branches:mozilla:Factory Wolfgang Rosenauer 2021-11-30 07:53:04 +0000
cbeaa1a7c6 Accepting request 933355 from mozilla:Factory Dominique Leuenberger 2021-11-26 23:50:35 +0000
4e8a9f546c Accepting request 933349 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-11-23 22:50:02 +0000
577f513dd4 Accepting request 929844 from mozilla:Factory Dominique Leuenberger 2021-11-08 16:24:08 +0000
e36ee00a57 Accepting request 929747 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-11-06 10:32:26 +0000
8739ae12dd - Mozilla Firefox 94.0 * https://www.mozilla.org/en-US/firefox/94.0/releasenotes MFSA 2021-48 (bsc#1192250) * CVE-2021-38503 (bmo#1729517) iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504 (bmo#1730156) Use-after-free in file picker dialog * CVE-2021-38505 (bmo#1730194) Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506 (bmo#1730750) Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507 (bmo#1730935) Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * MOZ-2021-0003 (bmo#1736886) Universal XSS in Firefox for Android via QR Code URLs * CVE-2021-38508 (bmo#1366818) Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * MOZ-2021-0004 (bmo#1659155) Web Extensions could access pre-redirect URL when their context menu was triggered by a user * CVE-2021-38509 (bmo#1718571) Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510 (bmo#1731779) Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0005 (bmo#1719203) 'Copy Image Link' context menu action could have been abused Wolfgang Rosenauer 2021-11-02 13:51:34 +0000
1221141379 Accepting request 927811 from mozilla:Factory Dominique Leuenberger 2021-10-29 20:33:08 +0000
151a4b1f05 - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires - (re-)enable LTO on Tumbleweed sandbox containment, to be able to open /proc/sys/crypto/fips_enabled - Add patch to fix build on aarch64 (bmo#1729124) Wolfgang Rosenauer 2021-10-27 15:33:17 +0000
ae15405da4 Accepting request 927437 from home:iznogood:branches:mozilla:Factory Wolfgang Rosenauer 2021-10-27 15:31:55 +0000
7f5ab49250 Accepting request 927257 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2021-10-27 15:31:17 +0000
07e2068a94 Accepting request 926488 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2021-10-21 06:51:24 +0000
53dc001d8c Accepting request 926026 from mozilla:Factory Dominique Leuenberger 2021-10-20 18:23:50 +0000
d9fccc7f41 Accepting request 926012 from home:Guillaume_G:branches:openSUSE:Factory:ARM Wolfgang Rosenauer 2021-10-18 14:39:26 +0000
da443c7a7f Accepting request 923417 from mozilla:Factory Dominique Leuenberger 2021-10-12 19:48:11 +0000
317e7b9c84 - Mozilla Firefox 93.0 * supports the new AVIF image format * PDF viewer now supports filling more forms (XFA-based forms) * now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads * Improved web compatibility for privacy protections with SmartBlock 3.0 * Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing * TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can only be enabled when deprecated versions of TLS are also enabled * The download panel now follows the Firefox visual styles MFSA 2021-43 (bsc#1191332) * CVE-2021-38496 (bmo#1725335) Use-after-free in MessageTask * CVE-2021-38497 (bmo#1726621) Validation message could have been overlaid on another origin * CVE-2021-38498 (bmo#1729642) Use-after-free of nsLanguageAtomService object * CVE-2021-32810 (bmo#1729813) https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw) Data race in crossbeam-deque * CVE-2021-38500 (bmo#1725854, bmo#1728321) Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364) Memory safety bugs fixed in Firefox 93 - removed obsolete mozilla-bmo1708709.patch Wolfgang Rosenauer 2021-10-06 07:02:07 +0000
c0180c6ed8 Accepting request 921893 from mozilla:Factory Dominique Leuenberger 2021-09-30 21:43:12 +0000
d7bcd62a7b Accepting request 921886 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-09-27 20:21:10 +0000
42948fee05 Accepting request 917452 from mozilla:Factory Dominique Leuenberger 2021-09-13 14:24:11 +0000
655acc0f45 - Mozilla Firefox 92.0 * More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers * Full-range color levels are now supported for video playback on many systems MFSA 2021-38 (bsc#1190269) * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240, bmo#1712242, bmo#1729259) Handling custom intents could lead to crashes and UI spoofs * CVE-2021-38491 (bmo#1551886) Mixed-Content-Blocking was unable to check opaque origins * CVE-2021-38492 (bmo#1721107) Navigating to mk: URL scheme could load Internet Explorer * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107) Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 * CVE-2021-38494 (bmo#1723920, bmo#1725638) Memory safety bugs fixed in Firefox 92 - updated appdata - remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch (does not apply anymore; unclear if obsolete) - bring back mozilla-silence-no-return-type.patch and run post-build-checks everywhere again - requires NSS 3.69.1 Wolfgang Rosenauer 2021-09-07 19:29:05 +0000
f4576c611e Accepting request 914799 from mozilla:Factory Dominique Leuenberger 2021-09-03 19:25:43 +0000
5dfb50213d Accepting request 915209 from home:badshah400:branches:mozilla:Factory Wolfgang Rosenauer 2021-09-02 06:57:55 +0000
7ec3a08d55 - Bump using with GCC (tested locally). Wolfgang Rosenauer 2021-08-29 14:46:22 +0000
13628da26b Accepting request 913358 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2021-08-29 14:45:03 +0000
b349085c8c Accepting request 914701 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-08-28 14:28:05 +0000
8987d4f394 Accepting request 912837 from mozilla:Factory Richard Brown 2021-08-19 08:00:42 +0000
08f2bc94ea * Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bmo#1704404) * Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to-tab results in the address bar panel (bmo#1720369) * Various stability fixes Wolfgang Rosenauer 2021-08-18 06:44:45 +0000
d4f253eebc - Mozilla Firefox 91.0.1 MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Wolfgang Rosenauer 2021-08-18 06:41:08 +0000
efa14df02c MFSA 2021-33 (bsc#1188891) * CVE-2021-29986 (bmo#1696138) Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981 (bmo#1707774) Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988 (bmo#1717922) Memory corruption as a result of incorrect style treatment * CVE-2021-29983 (bmo#1719088) Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984 (bmo#1720031) Incorrect instruction reordering during JIT optimization * CVE-2021-29980 (bmo#1722204) Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987 (bmo#1716129) Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985 (bmo#1722083) Use-after-free media channels * CVE-2021-29982 (bmo#1715318) Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178, bmo#1719998, bmo#1720568) Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778, bmo#1719319, bmo#1722073) Memory safety bugs fixed in Firefox 91 Wolfgang Rosenauer 2021-08-13 21:34:50 +0000
4da575923b - Mozilla Firefox 91.0 MFSA 2021-?? (boo#1188891) - requires * rustc/cargo >= 1.51 * NSPR >= 4.32 * NSS >= 3.68 - force-disable webrender on BE platforms Wolfgang Rosenauer 2021-08-11 20:19:19 +0000
0de0e1650d Accepting request 908075 from mozilla:Factory Dominique Leuenberger 2021-07-29 19:30:54 +0000
788b177a3e Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-07-24 09:18:43 +0000
7ad9d4bfc8 Accepting request 907201 from mozilla:Factory Dominique Leuenberger 2021-07-22 20:42:34 +0000
e3d947378c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=924 Wolfgang Rosenauer 2021-07-19 22:17:11 +0000
8b6bd667de Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-07-19 21:56:47 +0000
c3583042a6 Accepting request 906586 from mozilla:Factory Dominique Leuenberger 2021-07-17 21:36:28 +0000
1ef79265b6 - Mozilla Firefox 90.0 MFSA 2021-28 (bsc#1188275) * CVE-2021-29970 (bmo#1709976) Use-after-free in accessibility features of a document * CVE-2021-29971 (bmo#1713638) Granted permissions only compared host; omitting scheme and port on Android * CVE-2021-30547 (bmo#1715766) Out of bounds write in ANGLE * CVE-2021-29972 (bmo#1696816) Use of out-of-date library included use-after-free vulnerability * CVE-2021-29973 (bmo#1701932) Password autofill on HTTP websites was enabled without user interaction on Android * CVE-2021-29974 (bmo#1704843) HSTS errors could be overridden when network partitioning was enabled * CVE-2021-29975 (bmo#1713259) Text message could be overlaid on top of another website * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391) Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316, bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357, bmo#1714066) Memory safety bugs fixed in Firefox 90 - requires NSPR 4.31 NSS 3.66 Wolfgang Rosenauer 2021-07-15 21:12:05 +0000
2e029c0b71 Accepting request 901588 from mozilla:Factory Dominique Leuenberger 2021-06-25 13:01:12 +0000
e05ce7eaa9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=921 Wolfgang Rosenauer 2021-06-23 19:59:17 +0000
51a90989f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=920 Wolfgang Rosenauer 2021-06-23 19:58:06 +0000
ab800db342 Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-06-23 19:56:32 +0000
537d85fe11 Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-06-19 15:20:27 +0000
7032e55b60 Accepting request 897726 from mozilla:Factory Dominique Leuenberger 2021-06-11 20:29:58 +0000
006265e486 - switched TW/x86_64 to clang as the last platform due to https://bugs.gentoo.org/792705 - but LTO with clang is broken in TW so disable LTO for it https://bugs.llvm.org/show_bug.cgi?id=47872 Wolfgang Rosenauer 2021-06-05 11:13:48 +0000
7b9642bf40 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=915 Wolfgang Rosenauer 2021-06-05 07:34:47 +0000
cc06761f2f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=914 Wolfgang Rosenauer 2021-06-05 07:08:44 +0000
b1df184d28 * UI redesign * The Event Timing API is now supported * The CSS forced-colors media query is now supported MFSA 2021-23 (bsc#1186696) * CVE-2021-29965 (bmo#1709257) Password Manager on Firefox for Android susceptible to domain spoofing * CVE-2021-29960 (bmo#1675965) Filenames printed from private browsing mode incorrectly retained in preferences * CVE-2021-29961 (bmo#1700235) Firefox UI spoof using <select> elements and CSS scaling * CVE-2021-29963 (bmo#1705068) Shared cookies for search suggestions in private browsing mode * CVE-2021-29964 (bmo#1706501) Out of bounds-read when parsing a WM_COPYDATA message * CVE-2021-29959 (bmo#1395819) Devices could be re-enabled without additional permission prompt * CVE-2021-29962 (bmo#1701673) No rate-limiting for popups on Firefox for Android * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760, bmo#1704722, bmo#1706041) Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124) Memory safety bugs fixed in Firefox 89 Wolfgang Rosenauer 2021-06-01 13:45:38 +0000
f3c1fa05f9 - Mozilla Firefox 89.0 - require NSS >= 3.64 rust-cbindgen >= 0.19.0 - do not rely on nodejs10 packagename anymore Wolfgang Rosenauer 2021-06-01 13:39:35 +0000
c316645e00 Accepting request 892688 from mozilla:Factory Dominique Leuenberger 2021-05-15 21:15:58 +0000
eb1266408f Accepting request 891041 from home:Guillaume_G:branches:openSUSE:Factory:ARM Wolfgang Rosenauer 2021-05-11 14:17:04 +0000
1292ed2ad8 Accepting request 890833 from mozilla:Factory Dominique Leuenberger 2021-05-08 20:06:59 +0000
39e811e051 Accepting request 890804 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-05-05 21:12:50 +0000
29f5ec3123 Accepting request 889851 from mozilla:Factory Dominique Leuenberger 2021-05-05 18:39:06 +0000

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory