aaafca3081
Accepting request 1333385 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1333385
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=28
2026-02-17 15:46:04 +00:00
65780b3d08
- Firefox Extended Support Release 140.7.1 ESR
...
* Fixed: Security fix.
- Mozilla Firefox ESR 140.7.1
https://www.mozilla.org/security/advisories/mfsa2026-10
MFSA 2026-10 (boo#???????)
* CVE-2026-2447 (bmo#2014390)
Heap buffer overflow in libvpx
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=94
2026-02-16 15:29:01 +00:00
2ee6850a42
Accepting request 1331870 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1331870
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=27
2026-02-09 10:43:33 +00:00
8dc21e9deb
Accepting request 1331869 from mozilla
...
- Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed
build.
OBS-URL: https://build.opensuse.org/request/show/1331869
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=92
2026-02-08 13:39:48 +00:00
a2757b2c81
Accepting request 1327021 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1327021
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=26
2026-01-13 20:35:22 +00:00
c1d844d80b
Accepting request 1327020 from mozilla
...
- Firefox Extended Support Release 140.7.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.7
https://www.mozilla.org/security/advisories/mfsa2026-03
MFSA 2026-03 (boo#1256340)
* CVE-2026-0877 (bmo#1999257)
Mitigation bypass in the DOM: Security component
* CVE-2026-0878 (bmo#2003989)
Sandbox escape due to incorrect boundary conditions in the
Graphics: CanvasWebGL component
* CVE-2026-0879 (bmo#2004602)
Sandbox escape due to incorrect boundary conditions in the
Graphics component
* CVE-2026-0880 (bmo#2005014)
Sandbox escape due to integer overflow in the Graphics
component
* CVE-2026-0882 (bmo#1924125)
Use-after-free in the IPC component
* CVE-2025-14327 (bmo#1970743)
Spoofing issue in the Downloads Panel component
* CVE-2026-0883 (bmo#1989340)
Information disclosure in the Networking component
* CVE-2026-0884 (bmo#2003588)
Use-after-free in the JavaScript Engine component
* CVE-2026-0885 (bmo#2003607)
Use-after-free in the JavaScript: GC component
* CVE-2026-0886 (bmo#2005658)
Incorrect boundary conditions in the Graphics component
* CVE-2026-0887 (bmo#2006500)
Clickjacking issue, information disclosure in the PDF Viewer
component
* CVE-2026-0890 (bmo#2005081)
Spoofing issue in the DOM: Copy & Paste and Drag & Drop
component
* CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100,
bmo#2003278)
Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird
ESR 140.7, Firefox 147 and Thunderbird 147
OBS-URL: https://build.opensuse.org/request/show/1327020
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=90
2026-01-13 14:10:08 +00:00
2b704b3d20
Accepting request 1322275 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1322275
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=25
2025-12-12 20:41:27 +00:00
2b4138a915
Accepting request 1322274 from mozilla
...
* Remove the Build1 tag from the last changes entry; no other change *
- Firefox Extended Support Release 140.6.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.6
https://www.mozilla.org/security/advisories/mfsa2025-94
MFSA 2025-94 (boo#1254551)
* CVE-2025-14321 (bmo#1992760)
Use-after-free in the WebRTC: Signaling component
* CVE-2025-14322 (bmo#1996473)
Sandbox escape due to incorrect boundary conditions in the
Graphics: CanvasWebGL component
* CVE-2025-14323 (bmo#1996555)
Privilege escalation in the DOM: Notifications component
* CVE-2025-14324 (bmo#1996840)
JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14325 (bmo#1998050)
JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14328 (bmo#1996761)
Privilege escalation in the Netmonitor component
* CVE-2025-14329 (bmo#1997018)
Privilege escalation in the Netmonitor component
* CVE-2025-14330 (bmo#1997503)
JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14331 (bmo#2000218)
Same-origin policy bypass in the Request Handling component
* CVE-2025-14333 (bmo#1966501, bmo#1997639)
Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird
ESR 140.6, Firefox 146 and Thunderbird 146
- BuildRequires: cargo1.86 and rust1.86
- BuildRequires: clang19-devel on Leap 15.6
OBS-URL: https://build.opensuse.org/request/show/1322274
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=88
2025-12-11 21:05:05 +00:00
529ada3281
Accepting request 1321776 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1321776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=24
2025-12-10 14:32:08 +00:00
1088408e3f
Accepting request 1321775 from mozilla
...
- Firefox Extended Support Release 140.6.0 ESR Build1
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.6
https://www.mozilla.org/security/advisories/mfsa2025-94
MFSA 2025-94 (boo#1254551)
* CVE-2025-14321 (bmo#1992760)
Use-after-free in the WebRTC: Signaling component
* CVE-2025-14322 (bmo#1996473)
Sandbox escape due to incorrect boundary conditions in the
Graphics: CanvasWebGL component
* CVE-2025-14323 (bmo#1996555)
Privilege escalation in the DOM: Notifications component
* CVE-2025-14324 (bmo#1996840)
JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14325 (bmo#1998050)
JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14328 (bmo#1996761)
Privilege escalation in the Netmonitor component
* CVE-2025-14329 (bmo#1997018)
Privilege escalation in the Netmonitor component
* CVE-2025-14330 (bmo#1997503)
JIT miscompilation in the JavaScript Engine: JIT component
* CVE-2025-14331 (bmo#2000218)
Same-origin policy bypass in the Request Handling component
* CVE-2025-14333 (bmo#1966501, bmo#1997639)
Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird
ESR 140.6, Firefox 146 and Thunderbird 146
- BuildRequires: cargo1.86 and rust1.86
- BuildRequires: clang19-devel on Leap 15.6
OBS-URL: https://build.opensuse.org/request/show/1321775
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=86
2025-12-09 13:54:44 +00:00
6fb787b09e
Accepting request 1317544 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1317544
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=23
2025-11-13 16:28:26 +00:00
f9c7944948
Accepting request 1317543 from mozilla
...
- Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed
build.
OBS-URL: https://build.opensuse.org/request/show/1317543
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=84
2025-11-13 10:00:28 +00:00
277a4b1052
Accepting request 1317100 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1317100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=22
2025-11-11 18:21:47 +00:00
df5131f5b4
Accepting request 1317099 from mozilla
...
- Firefox Extended Support Release 140.5.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.5
https://www.mozilla.org/security/advisories/mfsa2025-88
MFSA 2025-88 (boo#1253188)
* MFSA-RESERVE-2025-1991458 (bmo#1991458)
Race condition in the Graphics component
* MFSA-RESERVE-2025-1992130 (bmo#1992130)
Incorrect boundary conditions in the JavaScript: WebAssembly
component
* MFSA-RESERVE-2025-1980904 (bmo#1980904)
Same-origin policy bypass in the DOM: Notifications component
* MFSA-RESERVE-2025-1984940 (bmo#1984940)
Mitigation bypass in the DOM: Security component
* MFSA-RESERVE-2025-1988412 (bmo#1988412)
Same-origin policy bypass in the DOM: Workers component
* MFSA-RESERVE-2025-1991945 (bmo#1991945)
Mitigation bypass in the DOM: Core & HTML component
* MFSA-RESERVE-2025-1995686 (bmo#1995686)
Use-after-free in the WebRTC: Audio/Video component
* MFSA-RESERVE-2025-1994241 (bmo#1994241)
Use-after-free in the Audio/Video component
* MFSA-RESERVE-2025-1994164 (bmo#1994164)
Spoofing issue in Firefox
OBS-URL: https://build.opensuse.org/request/show/1317099
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=82
2025-11-11 13:44:40 +00:00
e0a15f0dd4
Accepting request 1311487 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1311487
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=21
2025-10-16 15:38:22 +00:00
5b925b4c12
Accepting request 1311486 from mozilla
...
- Run the "desktop file" actions only on non Leap/SLE distributions.
OBS-URL: https://build.opensuse.org/request/show/1311486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=80
2025-10-15 11:23:49 +00:00
79c6015b41
Accepting request 1311372 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1311372
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=20
2025-10-14 16:11:30 +00:00
40d7f159f0
Accepting request 1311371 from mozilla
...
- Firefox Extended Support Release 140.4.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.4
https://www.mozilla.org/security/advisories/mfsa2025-83
MFSA 2025-83 (boo#1251263)
* CVE-2025-11708 (bmo#1988931)
Use-after-free in MediaTrackGraphImpl::GetInstance()
* CVE-2025-11709 (bmo#1989127)
Out of bounds read/write in a privileged process triggered by
WebGL textures
* CVE-2025-11710 (bmo#1989899)
Cross-process information leaked due to malicious IPC
messages
* CVE-2025-11711 (bmo#1989978)
Some non-writable Object properties could be modified
* CVE-2025-11712 (bmo#1979536)
An OBJECT tag type attribute overrode browser behavior on web
resources without a content-type
* CVE-2025-11713 (bmo#1986142)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970,
bmo#1991040, bmo#1992113)
Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244,
bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899)
Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
ESR 140.4, Firefox 144 and Thunderbird 144
OBS-URL: https://build.opensuse.org/request/show/1311371
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=78
2025-10-14 12:57:10 +00:00
a152a0f331
Accepting request 1306784 from mozilla:Factory
...
- Firefox Extended Support Release 140.3.1 ESR
* Fixed: Improved reliability when HTTP/3 connections fail:
Firefox no longer forces HTTP/2 during fallback, allowing the
server to choose the protocol and preventing stalls on some
sites. (bmo#1980812)
- Firefox Extended Support Release 140.3.1 ESR
* Fixed: Improved reliability when HTTP/3 connections fail:
Firefox no longer forces HTTP/2 during fallback, allowing the
server to choose the protocol and preventing stalls on some
sites. (bmo#1980812)
OBS-URL: https://build.opensuse.org/request/show/1306784
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=19
2025-09-24 13:23:57 +00:00
af095e895a
Accepting request 1306783 from mozilla
...
- Firefox Extended Support Release 140.3.1 ESR
* Fixed: Improved reliability when HTTP/3 connections fail:
Firefox no longer forces HTTP/2 during fallback, allowing the
server to choose the protocol and preventing stalls on some
sites. (bmo#1980812)
OBS-URL: https://build.opensuse.org/request/show/1306783
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=76
2025-09-23 17:06:42 +00:00
f01c1ae3a7
Accepting request 1305194 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1305194
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=18
2025-09-16 16:19:49 +00:00
bc44ddb39a
Accepting request 1305193 from mozilla
...
- Firefox Extended Support Release 140.3.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.3.0
https://www.mozilla.org/security/advisories/mfsa2025-75
MFSA 2025-75 (boo#1249391)
* CVE-2025-10527 (bmo#1984825)
Sandbox escape due to use-after-free in the Graphics:
Canvas2D component
* CVE-2025-10528 (bmo#1986185)
Sandbox escape due to undefined behavior, invalid pointer in
the Graphics: Canvas2D component
* CVE-2025-10529 (bmo#1970490)
Same-origin policy bypass in the Layout component
* CVE-2025-10532 (bmo#1979502)
Incorrect boundary conditions in the JavaScript: GC component
* CVE-2025-10533 (bmo#1980788)
Integer overflow in the SVG component
* CVE-2025-10536 (bmo#1981502)
Information disclosure in the Networking: Cache component
* CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
bmo#1981283, bmo#1984505, bmo#1985067)
Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
ESR 140.3, Firefox 143 and Thunderbird 143
OBS-URL: https://build.opensuse.org/request/show/1305193
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=74
2025-09-16 13:07:59 +00:00
8303dc0b34
Accepting request 1302903 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1302903
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=17
2025-09-05 19:44:04 +00:00
d1e3550cd5
Accepting request 1302902 from mozilla
...
- Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed
build.
OBS-URL: https://build.opensuse.org/request/show/1302902
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=72
2025-09-05 10:36:57 +00:00
a87c52b329
Accepting request 1300348 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1300348
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=16
2025-08-20 11:25:48 +00:00
6e18284f2e
Accepting request 1300347 from mozilla
...
- Firefox Extended Support Release 140.2.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.2.0
https://www.mozilla.org/security/advisories/mfsa2025-67
MFSA 2025-67 (boo#1248162)
* CVE-2025-9179 (bmo#1979527)
Sandbox escape due to invalid pointer in the Audio/Video: GMP
component
* CVE-2025-9180 (bmo#1979782)
Same-origin policy bypass in the Graphics: Canvas2D component
* CVE-2025-9181 (bmo#1977130)
Uninitialized memory in the JavaScript Engine component
* CVE-2025-9182 (bmo#1975837)
Denial-of-service due to out-of-memory in the Graphics:
WebRender component
* CVE-2025-9183 (bmo#1976102)
Spoofing issue in the Address Bar component
* CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
bmo#1979955)
Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
ESR 140.2, Firefox 142 and Thunderbird 142
* CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166)
Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
OBS-URL: https://build.opensuse.org/request/show/1300347
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=70
2025-08-19 18:24:20 +00:00
ca2f910ec0
Accepting request 1295157 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1295157
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=15
2025-07-23 14:34:19 +00:00
8c9d3834d3
Accepting request 1295156 from mozilla
...
- Avoid file conflict with MozillaFirefox regarding
firefox-search-provider.ini; assume MozillaFirefox gets installed
anyway, so omit traces here. Add Recommends: MozillaFirefox for
this.
- Firefox Extended Support Release 140.1.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
https://www.mozilla.org/security/advisories/mfsa2025-59
MFSA 2025-59 (boo#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
OBS-URL: https://build.opensuse.org/request/show/1295156
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=68
2025-07-22 16:32:17 +00:00
ed2eab8e93
Accepting request 1295153 from mozilla
...
- Avoid file conflict with MozillaFirefox regarding
firefox-search-provider.ini; assume MozillaFirefox gets installed
anyway, so omit traces here. Add Recommends: MozillaFirefox for
this.
- Firefox Extended Support Release 140.1.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
https://www.mozilla.org/security/advisories/mfsa2025-59
MFSA 2025-59 (boo#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
OBS-URL: https://build.opensuse.org/request/show/1295153
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=67
2025-07-22 16:24:41 +00:00
e70bac7976
Accepting request 1295139 from mozilla
...
- Avoid file conflict with MozillaFirefox regarding
firefox-search-provider.ini; assume MozillaFirefox gets installed
anyway, so omit traces here. Add Recommends: MozillaFirefox for
this.
- Firefox Extended Support Release 140.1.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
https://www.mozilla.org/security/advisories/mfsa2025-59
MFSA 2025-59 (boo#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
OBS-URL: https://build.opensuse.org/request/show/1295139
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=66
2025-07-22 15:12:40 +00:00
5391c3b884
Accepting request 1295099 from mozilla
...
- Firefox Extended Support Release 140.1.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
https://www.mozilla.org/security/advisories/mfsa2025-59
MFSA 2025-59 (boo#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
OBS-URL: https://build.opensuse.org/request/show/1295099
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=65
2025-07-22 13:04:51 +00:00
ffa545f5fc
Accepting request 1295094 from mozilla
...
- Firefox Extended Support Release 140.1.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
https://www.mozilla.org/security/advisories/mfsa2025-59
MFSA 2025-59 (boo#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
OBS-URL: https://build.opensuse.org/request/show/1295094
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=64
2025-07-22 12:55:21 +00:00
6c3cd57c8c
Accepting request 1295087 from mozilla
...
- Firefox Extended Support Release 140.1.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 140.1.0
https://www.mozilla.org/security/advisories/mfsa2025-59
MFSA 2025-59 (boo#1246664)
* CVE-2025-8027 (bmo#1968423)
JavaScript engine only wrote partial return value to stack
* CVE-2025-8028 (bmo#1971581)
Large branch table could lead to truncated instruction
* CVE-2025-8029 (bmo#1928021)
javascript: URLs executed on object and embed tags
* CVE-2025-8036 (bmo#1960834)
DNS rebinding circumvents CORS
* CVE-2025-8037 (bmo#1964767)
Nameless cookies shadow secure cookies
* CVE-2025-8030 (bmo#1968414)
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-8031 (bmo#1971719)
Incorrect URL stripping in CSP reports
* CVE-2025-8032 (bmo#1974407)
XSLT documents could bypass CSP
* CVE-2025-8038 (bmo#1808979)
CSP frame-src was not correctly enforced for paths
* CVE-2025-8039 (bmo#1970997)
Search terms persisted in URL bar
* CVE-2025-8033 (bmo#1973990)
Incorrect JavaScript state machine for generators
* CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
bmo#1970422)
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
bmo#1975998)
Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141
* CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
141 and Thunderbird 141
OBS-URL: https://build.opensuse.org/request/show/1295087
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=63
2025-07-22 12:41:13 +00:00
0cbd35fcaa
Accepting request 1288256 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1288256
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=14
2025-06-24 18:50:34 +00:00
fdf60d07a4
Accepting request 1288255 from mozilla
...
- Firefox Extended Support Release 128.12.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 128.12.0
https://www.mozilla.org/security/advisories/mfsa2025-53
MFSA 2025-53 (boo#1244670)
* CVE-2025-6424 (bmo#1966423)
Use-after-free in FontFaceSet
* CVE-2025-6425 (bmo#1717672)
The WebCompat WebExtension shipped with Firefox exposed a
persistent UUID
* CVE-2025-6426 (bmo#1964385)
No warning when opening executable terminal files on macOS
* CVE-2025-6429 (bmo#1970658)
Incorrect parsing of URLs could have allowed embedding of
youtube.com
* CVE-2025-6430 (bmo#1971140)
Content-Disposition header ignored when a file is included in
an embed or object tag
OBS-URL: https://build.opensuse.org/request/show/1288255
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=61
2025-06-24 12:43:07 +00:00
a25d485d43
Accepting request 1286404 from mozilla:Factory
...
- Use these tools/versions unconditionally, package won't build on
Tumbleweed with new gcc15 otherwise:
gcc14, gcc14-c++, cargo1.84, rust1.84
OBS-URL: https://build.opensuse.org/request/show/1286404
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=13
2025-06-18 13:56:28 +00:00
d7058e2640
- Use these tools/versions unconditionally, package won't build on
...
Tumbleweed with new gcc15 otherwise:
gcc14, gcc14-c++, cargo1.84, rust1.84
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=59
2025-06-17 15:00:34 +00:00
f8d5bea9e0
Accepting request 1284035 from mozilla:Factory
...
- Replace usage of %jobs for reproducible builds (boo#1237231)
OBS-URL: https://build.opensuse.org/request/show/1284035
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=12
2025-06-10 07:07:19 +00:00
823ccf14dc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=57
2025-06-09 09:17:30 +00:00
22b8bdd34e
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=56
2025-06-09 09:16:56 +00:00
e808fab20a
Accepting request 1283964 from home:bmwiedemann:branches:mozilla:Factory
...
Replace usage of %jobs for reproducible builds (boo#1237231)
OBS-URL: https://build.opensuse.org/request/show/1283964
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=55
2025-06-09 09:15:31 +00:00
5ffda3e987
Accepting request 1280559 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1280559
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=11
2025-05-27 16:43:41 +00:00
0676b05600
Accepting request 1280558 from mozilla
...
- Firefox Extended Support Release 128.11.0 ESR
* Fixed: Various security fixes.
- Mozilla Firefox ESR 128.11.0
https://www.mozilla.org/security/advisories/mfsa2025-44
MFSA 2025-44 (boo#1243353)
* CVE-2025-5262 (bmo#1962421)
Double-free in libvpx encoder
* CVE-2025-5263 (bmo#1960745)
Error handling for script execution was incorrectly isolated
from web content
* CVE-2025-5264 (bmo#1950001)
Potential local code execution in “Copy as cURL” command
* CVE-2025-5265 (bmo#1962301)
Potential local code execution in “Copy as cURL” command
* CVE-2025-5266 (bmo#1965628)
Script element events leaked cross-origin resource status
* CVE-2025-5267 (bmo#1954137)
Clickjacking vulnerability could have led to leaking saved
payment card details
* CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499,
bmo#1962634)
Memory safety bugs fixed in Firefox 139, Thunderbird 139,
Firefox ESR 128.11, and Thunderbird 128.11
* CVE-2025-5269 (bmo#1924108)
Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird
128.11
- create-tar.sh: Remove additional slash from candidates URL, which
upstream doesn't like, and protect against wiping the keyfile
accidentally. Fix typo.
OBS-URL: https://build.opensuse.org/request/show/1280558
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=53
2025-05-27 12:44:27 +00:00
1aa4ad365b
Accepting request 1278366 from mozilla:Factory
...
- create-tar.sh: Update keyring-file, if necessary
- Mozilla Firefox ESR 128.10.1
MFSA 2025-37 (boo#1243303)
* CVE-2025-4918 (bmo#1966612)
Out-of-bounds access when resolving Promise objects
* CVE-2025-4919 (bmo#1966614)
Out-of-bounds access when optimizing linear sums
OBS-URL: https://build.opensuse.org/request/show/1278366
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=10
2025-05-20 07:37:58 +00:00
6e62744113
Accepting request 1278364 from mozilla
...
upstream CVE correction
3b069d0054https://build.opensuse.org/request/show/1278364
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=51
2025-05-19 09:26:30 +00:00
8493020afc
Accepting request 1278309 from mozilla
...
- create-tar.sh: Update keyring-file, if necessary
- Mozilla Firefox ESR 128.10.1
MFSA 2025-37 (boo#1243303)
* CVE-2025-4920 (bmo#1966612)
Out-of-bounds access when resolving Promise objects
* CVE-2025-4921 (bmo#1966614)
Out-of-bounds access when optimizing linear sums
OBS-URL: https://build.opensuse.org/request/show/1278309
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=50
2025-05-19 06:33:27 +00:00
d09ba97eaa
Accepting request 1276614 from mozilla:Factory
...
- build on s390x needs 14G memory - adjust _constraints
OBS-URL: https://build.opensuse.org/request/show/1276614
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=9
2025-05-12 14:49:39 +00:00
2ab1f2d585
Accepting request 1276613 from mozilla
...
- build on s390x needs 14G memory - adjust _constraints
OBS-URL: https://build.opensuse.org/request/show/1276613
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=48
2025-05-11 13:13:14 +00:00
708ca6afef
Accepting request 1276502 from home:cboltz:branches:mozilla:Factory
...
- build on s390x needs 14G memory - adjust _constraints
OBS-URL: https://build.opensuse.org/request/show/1276502
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=47
2025-05-11 13:03:40 +00:00
a4e96945ae
Accepting request 1273446 from mozilla:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1273446
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firefox-esr?expand=0&rev=8
2025-04-30 17:03:05 +00:00
