forked from pool/MozillaFirefox
* The 125.0 and 125.0.1 releases were skipped due to problems with a
feature that proactively blocked downloads from potentially untrustworthy URLs Use-after-free if garbage collection runs during realm initialization Incorrect JIT optimization of MSubstr leads to out-of-bounds reads Corrupt pointer dereference in js::CheckTracedThing<js::Shape> Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1146
This commit is contained in:
parent
3b2b98176a
commit
32b276a257
@ -2,9 +2,9 @@
|
|||||||
Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
|
Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||||
|
|
||||||
- Mozilla Firefox 125.0.2
|
- Mozilla Firefox 125.0.2
|
||||||
* The 125.0 and 125.0.1 releases were skipped due to problems
|
* The 125.0 and 125.0.1 releases were skipped due to problems with a
|
||||||
with a feature that proactively blocked downloads from
|
feature that proactively blocked downloads from potentially
|
||||||
potentially untrustworthy URLs.
|
untrustworthy URLs
|
||||||
* New: Firefox now supports the AV1 codec for Encrypted Media
|
* New: Firefox now supports the AV1 codec for Encrypted Media
|
||||||
Extensions (EME), enabling higher-quality playback from video
|
Extensions (EME), enabling higher-quality playback from video
|
||||||
streaming providers
|
streaming providers
|
||||||
@ -81,21 +81,18 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
|
|||||||
* CVE-2024-3852 (bmo#1883542)
|
* CVE-2024-3852 (bmo#1883542)
|
||||||
GetBoundName in the JIT returned the wrong object
|
GetBoundName in the JIT returned the wrong object
|
||||||
* CVE-2024-3853 (bmo#1884427)
|
* CVE-2024-3853 (bmo#1884427)
|
||||||
Use-after-free if garbage collection runs during realm
|
Use-after-free if garbage collection runs during realm initialization
|
||||||
initialization
|
|
||||||
* CVE-2024-3854 (bmo#1884552)
|
* CVE-2024-3854 (bmo#1884552)
|
||||||
Out-of-bounds-read after mis-optimized switch statement
|
Out-of-bounds-read after mis-optimized switch statement
|
||||||
* CVE-2024-3855 (bmo#1885828)
|
* CVE-2024-3855 (bmo#1885828)
|
||||||
Incorrect JIT optimization of MSubstr leads to out-of-bounds
|
Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
|
||||||
reads
|
|
||||||
* CVE-2024-3856 (bmo#1885829)
|
* CVE-2024-3856 (bmo#1885829)
|
||||||
Use-after-free in WASM garbage collection
|
Use-after-free in WASM garbage collection
|
||||||
* CVE-2024-3857 (bmo#1886683)
|
* CVE-2024-3857 (bmo#1886683)
|
||||||
Incorrect JITting of arguments led to use-after-free during
|
Incorrect JITting of arguments led to use-after-free during
|
||||||
garbage collection
|
garbage collection
|
||||||
* CVE-2024-3858 (bmo#1888892)
|
* CVE-2024-3858 (bmo#1888892)
|
||||||
Corrupt pointer dereference in
|
Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
|
||||||
js::CheckTracedThing<js::Shape>
|
|
||||||
* CVE-2024-3859 (bmo#1874489)
|
* CVE-2024-3859 (bmo#1874489)
|
||||||
Integer-overflow led to out-of-bounds-read in the OpenType
|
Integer-overflow led to out-of-bounds-read in the OpenType
|
||||||
sanitizer
|
sanitizer
|
||||||
@ -107,16 +104,14 @@ Sun Apr 21 04:49:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
|
|||||||
Potential use of uninitialized memory in MarkStack assignment
|
Potential use of uninitialized memory in MarkStack assignment
|
||||||
operator on self-assignment
|
operator on self-assignment
|
||||||
* CVE-2024-3863 (bmo#1885855)
|
* CVE-2024-3863 (bmo#1885855)
|
||||||
Download Protections were bypassed by .xrm-ms files on
|
Download Protections were bypassed by .xrm-ms files on Windows
|
||||||
Windows
|
|
||||||
* CVE-2024-3302 (bmo#1881183,
|
* CVE-2024-3302 (bmo#1881183,
|
||||||
bmo#https://kb.cert.org/vuls/id/421644)
|
bmo#https://kb.cert.org/vuls/id/421644)
|
||||||
Denial of Service using HTTP/2 CONTINUATION frames
|
Denial of Service using HTTP/2 CONTINUATION frames
|
||||||
* CVE-2024-3864 (bmo#1888333)
|
* CVE-2024-3864 (bmo#1888333)
|
||||||
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
|
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
|
||||||
and Thunderbird 115.10
|
and Thunderbird 115.10
|
||||||
* CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359,
|
* CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049)
|
||||||
bmo#1889049)
|
|
||||||
Memory safety bugs fixed in Firefox 125
|
Memory safety bugs fixed in Firefox 125
|
||||||
- requires
|
- requires
|
||||||
NSS 3.99
|
NSS 3.99
|
||||||
|
Loading…
Reference in New Issue
Block a user