pool/firefox-esr
SHA256
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 862d156420 Accepting request 1295157 from mozilla:Factory factory Ana Guerrero 2025-07-23 14:34:19 +00:00
  • bcc32e9bbd - Avoid file conflict with MozillaFirefox regarding firefox-search-provider.ini; assume MozillaFirefox gets installed anyway, so omit traces here. Add Recommends: MozillaFirefox for this. - Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 devel Manfred Hollstein 2025-07-22 16:32:17 +00:00
  • 5082954eb8 - Avoid file conflict with MozillaFirefox regarding firefox-search-provider.ini; assume MozillaFirefox gets installed anyway, so omit traces here. Add Recommends: MozillaFirefox for this. - Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 Manfred Hollstein 2025-07-22 16:24:41 +00:00
  • 151cd0b61b - Avoid file conflict with MozillaFirefox regarding firefox-search-provider.ini; assume MozillaFirefox gets installed anyway, so omit traces here. Add Recommends: MozillaFirefox for this. - Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 Manfred Hollstein 2025-07-22 15:12:40 +00:00
  • 3973fe4ff4 - Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 Manfred Hollstein 2025-07-22 13:04:51 +00:00
  • a0122fb9c7 - Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 Manfred Hollstein 2025-07-22 12:55:21 +00:00
  • 78e8532cd1 - Firefox Extended Support Release 140.1.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 140.1.0 https://www.mozilla.org/security/advisories/mfsa2025-59 MFSA 2025-59 (boo#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 Manfred Hollstein 2025-07-22 12:41:13 +00:00
  • 2e65438f98 Accepting request 1288256 from mozilla:Factory Ana Guerrero 2025-06-24 18:50:34 +00:00
  • 0561a9bd6f - Firefox Extended Support Release 128.12.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.12.0 https://www.mozilla.org/security/advisories/mfsa2025-53 MFSA 2025-53 (boo#1244670) * CVE-2025-6424 (bmo#1966423) Use-after-free in FontFaceSet * CVE-2025-6425 (bmo#1717672) The WebCompat WebExtension shipped with Firefox exposed a persistent UUID * CVE-2025-6426 (bmo#1964385) No warning when opening executable terminal files on macOS * CVE-2025-6429 (bmo#1970658) Incorrect parsing of URLs could have allowed embedding of youtube.com * CVE-2025-6430 (bmo#1971140) Content-Disposition header ignored when a file is included in an embed or object tag Manfred Hollstein 2025-06-24 12:43:07 +00:00
  • a830d0a077 Accepting request 1286404 from mozilla:Factory Ana Guerrero 2025-06-18 13:56:28 +00:00
  • eaa9367184 - Use these tools/versions unconditionally, package won't build on Tumbleweed with new gcc15 otherwise: gcc14, gcc14-c++, cargo1.84, rust1.84 Manfred Hollstein 2025-06-17 15:00:34 +00:00
  • 2ddf7aae09 Accepting request 1284035 from mozilla:Factory Ana Guerrero 2025-06-10 07:07:19 +00:00
  • ae0c95b7f1 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=57 Manfred Hollstein 2025-06-09 09:17:30 +00:00
  • a1f81a750e OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=56 Manfred Hollstein 2025-06-09 09:16:56 +00:00
  • 7ce7e230ac Replace usage of %jobs for reproducible builds (boo#1237231) Manfred Hollstein 2025-06-09 09:15:31 +00:00
  • d66380b284 Accepting request 1280559 from mozilla:Factory Ana Guerrero 2025-05-27 16:43:41 +00:00
  • 60f8704a9b - Firefox Extended Support Release 128.11.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.11.0 https://www.mozilla.org/security/advisories/mfsa2025-44 MFSA 2025-44 (boo#1243353) * CVE-2025-5262 (bmo#1962421) Double-free in libvpx encoder * CVE-2025-5263 (bmo#1960745) Error handling for script execution was incorrectly isolated from web content * CVE-2025-5264 (bmo#1950001) Potential local code execution in “Copy as cURL” command * CVE-2025-5265 (bmo#1962301) Potential local code execution in “Copy as cURL” command * CVE-2025-5266 (bmo#1965628) Script element events leaked cross-origin resource status * CVE-2025-5267 (bmo#1954137) Clickjacking vulnerability could have led to leaking saved payment card details * CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634) Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 * CVE-2025-5269 (bmo#1924108) Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 - create-tar.sh: Remove additional slash from candidates URL, which upstream doesn't like, and protect against wiping the keyfile accidentally. Fix typo. Manfred Hollstein 2025-05-27 12:44:27 +00:00
  • b0f4c4949f Accepting request 1278366 from mozilla:Factory Ana Guerrero 2025-05-20 07:37:58 +00:00
  • edeabc5e71 upstream CVE correction 3b069d0054 Manfred Hollstein 2025-05-19 09:26:30 +00:00
  • 66d1601f46 - create-tar.sh: Update keyring-file, if necessary - Mozilla Firefox ESR 128.10.1 MFSA 2025-37 (boo#1243303) * CVE-2025-4920 (bmo#1966612) Out-of-bounds access when resolving Promise objects * CVE-2025-4921 (bmo#1966614) Out-of-bounds access when optimizing linear sums Manfred Hollstein 2025-05-19 06:33:27 +00:00
  • 2567017e77 Accepting request 1276614 from mozilla:Factory Ana Guerrero 2025-05-12 14:49:39 +00:00
  • 2ddea203b5 - build on s390x needs 14G memory - adjust _constraints Manfred Hollstein 2025-05-11 13:13:14 +00:00
  • b070fb8802 - build on s390x needs 14G memory - adjust _constraints Manfred Hollstein 2025-05-11 13:03:40 +00:00
  • 208c1da48f Accepting request 1273446 from mozilla:Factory Dominique Leuenberger 2025-04-30 17:03:05 +00:00
  • 73e8a25ab7 - Firefox Extended Support Release 128.10.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.10 https://www.mozilla.org/security/advisories/mfsa2025-29 MFSA 2025-29 (boo#1241621) * CVE-2025-2817 (bmo#1917536) Privilege escalation in Firefox Updater * MFSA-RESERVE-2025-1937097 (bmo#1937097) WebGL shader attribute memory corruption in Firefox for macOS * MFSA-RESERVE-2025-1958350 (bmo#1958350) Process isolation bypass using javascript: URI links in cross-origin frames * MFSA-RESERVE-2025-1949994 (bmo#1949994, bmo#1956698, bmo#1960198) Potential local code execution in "copy as cURL" command * MFSA-RESERVE-2025-1952465 (bmo#1952465) Unsafe attribute access during XPath parsing * MFSA-RESERVE-2025-3 (bmo#1951161, bmo#1952105) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 * MFSA-RESERVE-2025-7 (bmo#1894100) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 Manfred Hollstein 2025-04-29 12:55:03 +00:00
  • 1a122d1eb1 Accepting request 1266840 from mozilla:Factory Ana Guerrero 2025-04-03 14:50:43 +00:00
  • 1f1d3624ad - BuildRequires: clang-devel on Tumbleweed/Factory, which works for both clang19-devel as well as clang20-devel Manfred Hollstein 2025-04-03 09:49:09 +00:00
  • 45ed77715a - Firefox Extended Support Release 128.9.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.9.0 https://www.mozilla.org/security/advisories/mfsa2025-22 MFSA 2025-22 (boo#1240083) * CVE-2025-3028 (bmo#1941002) Use-after-free triggered by XSLTProcessor * CVE-2025-3029 (bmo#1952213) URL Bar Spoofing via non-BMP Unicode characters * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551, bmo#1951017, bmo#1951494) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 Manfred Hollstein 2025-04-01 12:39:49 +00:00
  • 4b6dba34df Accepting request 1262703 from mozilla:Factory Ana Guerrero 2025-03-27 21:34:05 +00:00
  • 0a05be1024 - Firefox Extended Support Release 128.8.1 ESR * Fixed: Security fix. - Mozilla Firefox 136.0.4, ESR 128.8.1, ESR 115.21.1 https://www.mozilla.org/security/advisories/mfsa2025-19 MFSA 2025-19 (boo#???????) Manfred Hollstein 2025-03-27 14:54:20 +00:00
  • b40900fa26 Accepting request 1253521 from mozilla:Factory Ana Guerrero 2025-03-17 21:17:08 +00:00
  • ef50e0bc40 - Don't build the various langpacks in parallel. This may be fixing boo#1239446, but will have to be monitored. Manfred Hollstein 2025-03-16 15:09:27 +00:00
  • c6777f317f Accepting request 1250101 from mozilla:Factory Ana Guerrero 2025-03-04 17:33:53 +00:00
  • d93f28db30 - Firefox Extended Support Release 128.8.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.8.0 https://www.mozilla.org/security/advisories/mfsa2025-16 MFSA 2025-16 (boo#1237683) * CVE-2024-43097 (bmo#1945624) Overflow when growing an SkRegion's RunArray * CVE-2025-1930 (bmo#1902309) AudioIPC StreamData could trigger a use-after-free in the Browser process * CVE-2025-1931 (bmo#1944126) Use-after-free in WebTransportChild * CVE-2025-1932 (bmo#1944313) Inconsistent comparator in XSLT sorting led to out-of-bounds access * CVE-2025-1933 (bmo#1946004) JIT corruption of WASM i32 return values on 64-bit CPUs * CVE-2025-1934 (bmo#1942881) Unexpected GC during RegExp bailout processing * CVE-2025-1935 (bmo#1866661) Clickjacking the registerProtocolHandler info-bar * CVE-2025-1936 (bmo#1940027) Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents * CVE-2025-1937 (bmo#1938471, bmo#1940716) Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586, bmo#1943912, bmo#1948111) Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 Manfred Hollstein 2025-03-04 14:43:12 +00:00
  • b690715bbe Accepting request 1243149 from mozilla:Factory Ana Guerrero 2025-02-04 17:14:27 +00:00
  • d9c3f594b3 - Firefox Extended Support Release 128.7.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.7.0 https://www.mozilla.org/security/advisories/mfsa2025-09 MFSA 2025-09 (boo#1236539) * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 Manfred Hollstein 2025-02-04 14:30:57 +00:00
  • de3c4a486a Accepting request 1235674 from mozilla:Factory Ana Guerrero 2025-01-07 19:55:19 +00:00
  • 9b62e72a5a - Firefox Extended Support Release 128.6.0 ESR * Fixed: Various security fixes. - Mozilla Firefox ESR 128.6.0 https://www.mozilla.org/security/advisories/mfsa2025-02 MFSA 2025-02 (boo#1234991) * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 * CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 Manfred Hollstein 2025-01-07 16:21:28 +00:00
  • a58ec43e06 Accepting request 1230315 from mozilla:Factory Ana Guerrero 2024-12-12 20:18:05 +00:00
  • 4d682f771e OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=29 Manfred Hollstein 2024-12-12 10:33:01 +00:00
  • 782a783eb7 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=28 Manfred Hollstein 2024-12-12 09:26:48 +00:00
  • 0d4d17772f - Don't install the gnome-shell search-provider, it conflicts with MozillaFirefox Manfred Hollstein 2024-12-12 09:25:33 +00:00
  • da5a48ebc2 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=26 Manfred Hollstein 2024-12-11 19:24:10 +00:00
  • 9a18f9bfb1 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=25 Manfred Hollstein 2024-12-11 17:23:12 +00:00
  • 4324e796ef - Add MozillaFirefox.changes.txt as a hard link to firefox-esr.changes - Rename firefox-esr.changes into firefox-esr.changes.txt in order to trick source_validator because of the two possible package names "firefox-esr" vs. "MozillaFirefox" (in Leap). Manfred Hollstein 2024-12-11 17:12:36 +00:00
  • 73b9e38bcb - Add MozillaFirefox.changes.txt as a hard link to firefox-esr.changes - Rename firefox-esr.changes into firefox-esr.changes.txt in order to trick source_validator because of the two possible package names "firefox-esr" vs. "MozillaFirefox" (in Leap). Manfred Hollstein 2024-12-11 17:05:12 +00:00
  • 3b2f571f9a osc copypac from project:mozilla package:firefox128esr revision:24 Manfred Hollstein 2024-12-11 16:58:52 +00:00
  • a226d95b0d New development package for openSUSE:Factory Wolfgang Rosenauer 2024-12-11 12:38:50 +00:00
  • d8a78670a6 - Disable/remove patches no longer needed: mozilla-bmo1511604.patch mozilla-bmo1583471.patch - Added mozilla-bmo1602730.patch to fix another LE<->BE issue (bmo#1602730) Wolfgang Rosenauer 2020-01-09 21:31:21 +00:00
  • 25ef0f15a6 - add mozilla-bmo1583471.patch to allow building with rust 1.39 Wolfgang Rosenauer 2019-12-29 19:02:56 +00:00
  • 8f8a49159e OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=18 Wolfgang Rosenauer 2019-12-06 23:33:30 +00:00
  • 9895d20c5d - Mozilla Firefox 68.3.0esr MFSA 2019-37 * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-11745 (bmo#1586176) Out of bounds write in NSS when encrypting with a block cipher * CVE-2019-17009 (bmo#1510494) Updater temporary files accessible to unprivileged processes * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Various updates to improve performance and stability - updated create-tar.sh to cover buildid and origin repo information -> removed obsolete source-stamp.txt - changed locale building procedure * removed obsolete compare-locales.tar.xz Wolfgang Rosenauer 2019-12-06 23:06:28 +00:00
  • 9c9885ff77 - added mozilla-bmo1504834-part4.patch mozilla-bmo849632.patch to fix broken tab-titles on big endian machines - reactivate webRTC for all architectures Wolfgang Rosenauer 2019-11-19 09:21:36 +00:00
  • 3617f1c97f - Ensure %{ff_esr_name} get tested as a string; also, don't compare against an empty string. Wolfgang Rosenauer 2019-11-17 06:21:11 +00:00
  • 688c3dcd33 - Use more portable syntax to check if macro ff_esr_name is defined. Wolfgang Rosenauer 2019-11-15 07:54:34 +00:00
  • 167d6d48ad - Increase disk size in _constraints file from 24 to 25 Gb since the build log is showing a "No space left on device" error when checking for unpackaged files in x86_64. Wolfgang Rosenauer 2019-11-15 07:52:45 +00:00
  • 16a01b7dfd OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=12 Wolfgang Rosenauer 2019-10-22 20:25:15 +00:00
  • 237b9259bd OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=11 Wolfgang Rosenauer 2019-10-22 20:14:20 +00:00
  • abc587e76f MFSA 2019-33 (bsc#1154738) * CVE-2019-15903 (bmo#1584907) Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757 (bmo#1577107) Use-after-free when creating index updates in IndexedDB * CVE-2019-11758 (bmo#1536227) Potentially exploitable crash due to 360 Total Security * CVE-2019-11759 (bmo#1577953) Stack buffer overflow in HKDF output * CVE-2019-11760 (bmo#1577719) Stack buffer overflow in WebRTC networking * CVE-2019-11761 (bmo#1561502) Unintended access to a privileged JSONView object * CVE-2019-11762 (bmo#1582857) document.domain-based origin isolation has same-origin-property violation * CVE-2019-11763 (bmo#1584216) Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223, bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950, bmo#1583463, bmo#1586599) Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 Wolfgang Rosenauer 2019-10-22 19:46:06 +00:00
  • 9ed7dfc5da OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=9 Wolfgang Rosenauer 2019-10-21 20:54:55 +00:00
  • d0d63be38a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=8 Wolfgang Rosenauer 2019-10-21 20:51:13 +00:00
  • 91ee4ba1c3 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=7 Wolfgang Rosenauer 2019-10-21 20:46:46 +00:00
  • 9bf9623ece - added mozilla-sle12-lower-python-requirement.patch to support SLE12 still Wolfgang Rosenauer 2019-10-21 20:41:32 +00:00
  • 69085a7729 - Mozilla Firefox 68.2.0esr - removed obsolete patches mozilla-bmo1573381.patch mozilla-bmo1512162.patch mozilla-bmo1585099.patch Wolfgang Rosenauer 2019-10-21 13:36:41 +00:00
  • 1c69eeca85 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=4 Wolfgang Rosenauer 2019-10-11 12:41:04 +00:00
  • 67b87408b1 - do not build devel subpackage for this variant (not required and creating file conflicts) Wolfgang Rosenauer 2019-10-10 14:11:19 +00:00
  • 9f5300c225 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/firefox-esr?expand=0&rev=2 Wolfgang Rosenauer 2019-10-05 07:06:41 +00:00
  • 4ac53cb2cd osc copypac from project:mozilla package:firefox68 revision:8 Wolfgang Rosenauer 2019-10-03 20:50:15 +00:00