- Rename firefox-esr.changes into firefox-esr.changes.txt in order
to trick source_validator because of the two possible package
names "firefox-esr" vs. "MozillaFirefox" (in Leap).
- Firefox Extended Support Release 128.5.1 ESR
* Fixed: Fixed an issue that prevented some websites from
loading when using SSL Inspection. (bmo#1933747)
- Firefox Extended Support Release 128.5.0 ESR
* Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
https://www.mozilla.org/security/advisories/mfsa2024-64
MFSA 2024-64 (boo#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace
Characters
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=24
- Rename firefox-esr.changes into firefox-esr.changes.txt in order
to trick source_validator because of the two possible package
names "firefox-esr" vs. "MozillaFirefox" (in Leap).
- Firefox Extended Support Release 128.5.1 ESR
* Fixed: Fixed an issue that prevented some websites from
loading when using SSL Inspection. (bmo#1933747)
- Firefox Extended Support Release 128.5.0 ESR
* Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
https://www.mozilla.org/security/advisories/mfsa2024-64
MFSA 2024-64 (boo#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace
Characters
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=23
mozilla-bmo1511604.patch
mozilla-bmo1583471.patch
- Added mozilla-bmo1602730.patch to fix another LE<->BE issue (bmo#1602730)
- Mozilla Firefox 68.4.1esr
MFSA 2020-03 (bsc#1160498)
* CVE-2019-17026 (bmo#1607443)
IonMonkey type confusion with StoreElementHole and FallibleStoreElement
- Mozilla Firefox 68.4.0esr
MFSA 2020-02 (bsc#1160305)
* CVE-2019-17015 (bmo#1599005)
Memory corruption in parent process during new content process
initialization on Windows
* CVE-2019-17016 (bmo#1599181)
Bypass of @namespace CSS sanitization during pasting
* CVE-2019-17017 (bmo#1603055)
Type Confusion in XPCVariant.cpp
* CVE-2019-17021 (bmo#1599008)
Heap address disclosure in parent process during content process
initialization on Windows
* CVE-2019-17022 (bmo#1602843)
CSS sanitization does not escape HTML tags
* CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)
Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
------------------------------------------------------------------
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=20
MFSA 2019-37
* CVE-2019-17008 (bmo#1546331)
Use-after-free in worker destruction
* CVE-2019-13722 (bmo#1580156)
Stack corruption due to incorrect number of arguments in WebRTC code
* CVE-2019-11745 (bmo#1586176)
Out of bounds write in NSS when encrypting with a block cipher
* CVE-2019-17009 (bmo#1510494)
Updater temporary files accessible to unprivileged processes
* CVE-2019-17010 (bmo#1581084)
Use-after-free when performing device orientation checks
* CVE-2019-17005 (bmo#1584170)
Buffer overflow in plain text serializer
* CVE-2019-17011 (bmo#1591334)
Use-after-free when retrieving a document in antitracking
* CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
bmo#1580288, bmo#1585760, bmo#1592502)
Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
* Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
-> removed obsolete source-stamp.txt
- changed locale building procedure
* removed obsolete compare-locales.tar.xz
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=17
