MozillaFirefox/tar_stamps

PRODUCT="firefox"
CHANNEL="release"
VERSION="119.0"
VERSION_SUFFIX=""
PREV_VERSION="118.0.2"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"
RELEASE_TAG="6a78abe63b7e7aa191341b42ef4f2168bdf0fc89"
RELEASE_TIMESTAMP="20231019122658"
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`PRODUCT="firefox"`
- Mozilla Firefox 69.0 * Enhanced Tracking Protection (ETP) for stronger privacy protections * Block Autoplay feature is enhanced to give users the option to block any video * Users in the US or using the en-US browser, can get a new “New Tab” page experience connecting to the best of Pocket's content. * Support for the Web Authentication HmacSecret extension via Windows Hello introduced. * Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. - requires * rust/cargo >= 1.35 * rust-cbindgen >= 0.9.0 * mozilla-nss >= 3.45 - rebased patches * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765 2019-09-09 08:28:12 +02:00			`CHANNEL="release"`
- Mozilla Firefox 119.0 https://www.mozilla.org/en-US/firefox/119.0/releasenotes MFSA 2023-45 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5722 (bmo#1738426) Cross-Origin size and header leakage * CVE-2023-5723 (bmo#1802057) Invalid cookie characters could have led to unexpected errors * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5729 (bmo#1823720) Fullscreen notification dialog could have been obscured by WebAuthn prompts * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1115 2023-10-27 09:18:39 +02:00			`VERSION="119.0"`
- Mozilla Firefox 69.0 * Enhanced Tracking Protection (ETP) for stronger privacy protections * Block Autoplay feature is enhanced to give users the option to block any video * Users in the US or using the en-US browser, can get a new “New Tab” page experience connecting to the best of Pocket's content. * Support for the Web Authentication HmacSecret extension via Windows Hello introduced. * Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients. - requires * rust/cargo >= 1.35 * rust-cbindgen >= 0.9.0 * mozilla-nss >= 3.45 - rebased patches * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE) * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765 2019-09-09 08:28:12 +02:00			`VERSION_SUFFIX=""`
- Mozilla Firefox 119.0 https://www.mozilla.org/en-US/firefox/119.0/releasenotes MFSA 2023-45 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5722 (bmo#1738426) Cross-Origin size and header leakage * CVE-2023-5723 (bmo#1802057) Invalid cookie characters could have led to unexpected errors * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5729 (bmo#1823720) Fullscreen notification dialog could have been obscured by WebAuthn prompts * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1115 2023-10-27 09:18:39 +02:00			`PREV_VERSION="118.0.2"`
- Mozilla Firefox 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748 2019-07-09 23:21:11 +02:00			`PREV_VERSION_SUFFIX=""`
			`#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation`
- Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=789 2019-12-09 08:58:52 +01:00			`RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"`
- Mozilla Firefox 119.0 https://www.mozilla.org/en-US/firefox/119.0/releasenotes MFSA 2023-45 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5722 (bmo#1738426) Cross-Origin size and header leakage * CVE-2023-5723 (bmo#1802057) Invalid cookie characters could have led to unexpected errors * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5729 (bmo#1823720) Fullscreen notification dialog could have been obscured by WebAuthn prompts * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1115 2023-10-27 09:18:39 +02:00			`RELEASE_TAG="6a78abe63b7e7aa191341b42ef4f2168bdf0fc89"`
			`RELEASE_TIMESTAMP="20231019122658"`