firefox-esr

pool/firefox-esr

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Manfred Hollstein	78e8532cd1	- Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=63	2025-07-22 12:41:13 +00:00

Author

SHA256

Message

Date

Manfred Hollstein

78e8532cd1

- Firefox Extended Support Release 140.1.0 ESR

* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
  https://www.mozilla.org/security/advisories/mfsa2025-59
  MFSA 2025-59 (boo#1246664)
  * CVE-2025-8027 (bmo#1968423)
    JavaScript engine only wrote partial return value to stack
  * CVE-2025-8028 (bmo#1971581)
    Large branch table could lead to truncated instruction
  * CVE-2025-8029 (bmo#1928021)
    javascript: URLs executed on object and embed tags
  * CVE-2025-8036 (bmo#1960834)
    DNS rebinding circumvents CORS
  * CVE-2025-8037 (bmo#1964767)
    Nameless cookies shadow secure cookies
  * CVE-2025-8030 (bmo#1968414)
    Potential user-assisted code execution in “Copy as cURL”
    command
  * CVE-2025-8031 (bmo#1971719)
    Incorrect URL stripping in CSP reports
  * CVE-2025-8032 (bmo#1974407)
    XSLT documents could bypass CSP
  * CVE-2025-8038 (bmo#1808979)
    CSP frame-src was not correctly enforced for paths
  * CVE-2025-8039 (bmo#1970997)
    Search terms persisted in URL bar
  * CVE-2025-8033 (bmo#1973990)
    Incorrect JavaScript state machine for generators
  * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
    bmo#1970422)
    Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
    128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
    Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
    bmo#1975998)
    Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
    ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
    Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
    ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
    141 and Thunderbird 141

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=63

2025-07-22 12:41:13 +00:00

1 Commits