MozillaFirefox/tar_stamps

PRODUCT="firefox"
CHANNEL="release"
VERSION="113.0"
VERSION_SUFFIX=""
PREV_VERSION="112.0.2"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
RELEASE_TAG="484eaf4a955245421f5b6a29a4f7cf28a2a2dc1d"
RELEASE_TIMESTAMP="20230504192738"
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`PRODUCT="firefox"`
- Mozilla Firefox 69.0 * Enhanced Tracking Protection (ETP) for stronger privacy protections * Block Autoplay feature is enhanced to give users the option to block any video * Users in the US or using the en-US browser, can get a new “New Tab” page experience connecting to the best of Pocket's content. * Support for the Web Authentication HmacSecret extension via Windows Hello introduced. * Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. - requires * rust/cargo >= 1.35 * rust-cbindgen >= 0.9.0 * mozilla-nss >= 3.45 - rebased patches * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765 2019-09-09 08:28:12 +02:00			`CHANNEL="release"`
- Mozilla Firefox 113.0 * https://www.mozilla.org/en-US/firefox/113.0/releasenotes MFSA 2023-16 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32208 (bmo#1646034) Leak of script base URL in service workers via import() * CVE-2023-32209 (bmo#1767194) Persistent DoS via favicon image * CVE-2023-32210 (bmo#1776755) Incorrect principal object ordering * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796) Race condition in dav1d decoding * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1059 2023-05-10 08:26:50 +02:00			`VERSION="113.0"`
- Mozilla Firefox 69.0 * Enhanced Tracking Protection (ETP) for stronger privacy protections * Block Autoplay feature is enhanced to give users the option to block any video * Users in the US or using the en-US browser, can get a new “New Tab” page experience connecting to the best of Pocket's content. * Support for the Web Authentication HmacSecret extension via Windows Hello introduced. * Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. - requires * rust/cargo >= 1.35 * rust-cbindgen >= 0.9.0 * mozilla-nss >= 3.45 - rebased patches * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765 2019-09-09 08:28:12 +02:00			`VERSION_SUFFIX=""`
- Mozilla Firefox 113.0 * https://www.mozilla.org/en-US/firefox/113.0/releasenotes MFSA 2023-16 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32208 (bmo#1646034) Leak of script base URL in service workers via import() * CVE-2023-32209 (bmo#1767194) Persistent DoS via favicon image * CVE-2023-32210 (bmo#1776755) Incorrect principal object ordering * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796) Race condition in dav1d decoding * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1059 2023-05-10 08:26:50 +02:00			`PREV_VERSION="112.0.2"`
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`PREV_VERSION_SUFFIX=""`
			`#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation`
- Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=789 2019-12-09 08:58:52 +01:00			`RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"`
- Mozilla Firefox 113.0 * https://www.mozilla.org/en-US/firefox/113.0/releasenotes MFSA 2023-16 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32208 (bmo#1646034) Leak of script base URL in service workers via import() * CVE-2023-32209 (bmo#1767194) Persistent DoS via favicon image * CVE-2023-32210 (bmo#1776755) Incorrect principal object ordering * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796) Race condition in dav1d decoding * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1059 2023-05-10 08:26:50 +02:00			`RELEASE_TAG="484eaf4a955245421f5b6a29a4f7cf28a2a2dc1d"`
			`RELEASE_TIMESTAMP="20230504192738"`