1
0
Commit Graph

1213 Commits

Author SHA256 Message Date
Ana Guerrero
58fc7f28bf Accepting request 1199138 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1199138
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=436
2024-09-06 15:17:41 +00:00
Wolfgang Rosenauer
9978f0bae4 - _constraints: increase RAM on s390x to fix the build
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1172
2024-09-06 08:46:31 +00:00
Ana Guerrero
657e9a281d Accepting request 1195695 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1195695
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=435
2024-08-25 10:09:39 +00:00
Wolfgang Rosenauer
c9813ec197 - Mozilla Firefox 129.0.1
* Fixed playback issues on some websites with copyrighted video
    served via digital rights management. (bmo#1911283)
  * Fixed a crash when dragging a video file onto some websites
    (bmo#1910990)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1170
2024-08-16 09:33:53 +00:00
Dominique Leuenberger
8a18bf4d27 Accepting request 1193124 from mozilla:Factory
- Mozilla Firefox 129.0
  https://www.mozilla.org/en-US/firefox/129.0/releasenotes
  MFSA 2024-33 (bsc#1228648))
  * CVE-2024-7518 (bmo#1875354)
    Fullscreen notification dialog can be obscured by document content
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7520 (bmo#1903041)
    Type confusion in WebAssembly
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7523 (bmo#1908344)
    Document content could partially obscure security prompts
  * CVE-2024-7524 (bmo#1909241)
    CSP strict-dynamic bypass using web-compatibility shims
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7528 (bmo#1895951)
    Use-after-free in IndexedDB
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts
  * CVE-2024-7530 (bmo#1904011)
    Use-after-free in JavaScript code coverage collection

OBS-URL: https://build.opensuse.org/request/show/1193124
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=434
2024-08-13 11:21:48 +00:00
Wolfgang Rosenauer
351b951583 - Mozilla Firefox 129.0
https://www.mozilla.org/en-US/firefox/129.0/releasenotes
  MFSA 2024-33 (bsc#1228648))
  * CVE-2024-7518 (bmo#1875354)
    Fullscreen notification dialog can be obscured by document content
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7520 (bmo#1903041)
    Type confusion in WebAssembly
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7523 (bmo#1908344)
    Document content could partially obscure security prompts
  * CVE-2024-7524 (bmo#1909241)
    CSP strict-dynamic bypass using web-compatibility shims
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7528 (bmo#1895951)
    Use-after-free in IndexedDB
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts
  * CVE-2024-7530 (bmo#1904011)
    Use-after-free in JavaScript code coverage collection
  * CVE-2024-7531 (bmo#1905691)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1168
2024-08-10 12:42:53 +00:00
Dominique Leuenberger
59dbe96551 Accepting request 1190457 from mozilla:Factory
------------------------------------------------------------------
- Firefox 128.0.3 Release
  * Fixed: Fixed an issue causing some sites to not load when
    connecting via HTTP/2. (bmo#1908161, bmo#1909666)
  * Fixed: Fixed collapsed table rows not appearing when expected
    in some situations. (bmo#1907789)
  * Fixed: Fixed the Windows on-screen keyboard potentially
    concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
  * Fixed: Fixed an audio echo in video calls on macOS under
    certain conditions. (bmo#1908539)
  * Fixed: Fixed an issue where the Adguard extension popup was
    not displaying. (bmo#1906132)
  * Fixed: Fixed an issue causing some screen readers to fail to
    read when navigating by character in rich text editors. (Bug
    1905021)
  * Fixed: Fixed visual glitches when dark mode is enabled in
    Windows ARM devices. (bmo#1897444)
  * Fixed: Fixed an issue causing NTLM authentication failure.
    (bmo#1908115)
  * Fixed: Fixed an issue where content displayed on mouseover
    was not captured in a screenshot. (bmo#1905468)
  * Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
  to conform with patch structure and naming for the package

OBS-URL: https://build.opensuse.org/request/show/1190457
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=433
2024-07-31 11:28:35 +00:00
Wolfgang Rosenauer
5bbcb979e1 ------------------------------------------------------------------
- Firefox 128.0.3 Release
  * Fixed: Fixed an issue causing some sites to not load when
    connecting via HTTP/2. (bmo#1908161, bmo#1909666)
  * Fixed: Fixed collapsed table rows not appearing when expected
    in some situations. (bmo#1907789)
  * Fixed: Fixed the Windows on-screen keyboard potentially
    concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
  * Fixed: Fixed an audio echo in video calls on macOS under
    certain conditions. (bmo#1908539)
  * Fixed: Fixed an issue where the Adguard extension popup was
    not displaying. (bmo#1906132)
  * Fixed: Fixed an issue causing some screen readers to fail to
    read when navigating by character in rich text editors. (Bug
    1905021)
  * Fixed: Fixed visual glitches when dark mode is enabled in
    Windows ARM devices. (bmo#1897444)
  * Fixed: Fixed an issue causing NTLM authentication failure.
    (bmo#1908115)
  * Fixed: Fixed an issue where content displayed on mouseover
    was not captured in a screenshot. (bmo#1905468)
  * Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
  to conform with patch structure and naming for the package

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1166
2024-07-30 11:20:32 +00:00
Ana Guerrero
2d4ab48832 Accepting request 1188582 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1188582
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=432
2024-07-22 15:14:28 +00:00
Wolfgang Rosenauer
41c367e33f - Add firefox-3781e3117706.patch to fix boo#1227856 aka bmo#1905018
where an incompatible pointer assignment is not accepted in C by
  GCC 14.

If the request is OK, please forward it to Factory soon-ish so that we
can switch the default compiler.  Thanks!.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1164
2024-07-19 09:54:37 +00:00
Ana Guerrero
2ae5300e78 Accepting request 1187677 from mozilla:Factory
- Mozilla Firefox 128.0
  https://www.mozilla.org/en-US/firefox/128.0/releasenotes
  MFSA 2024-29 (bsc#1226316)
  * CVE-2024-6605 (bmo#1836786)
    Firefox Android missed activation delay to prevent tapjacking
  * CVE-2024-6606 (bmo#1902305)
    Out-of-bounds read in clipboard component
  * CVE-2024-6607 (bmo#1694513)
    Leaving pointerlock by pressing the escape key could be
    prevented
  * CVE-2024-6608 (bmo#1743329)
    Cursor could be moved out of the viewport using pointerlock.
  * CVE-2024-6609 (bmo#1839258)
    Memory corruption in NSS
  * CVE-2024-6610 (bmo#1883396)
    Form validation popups could block exiting full-screen mode
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6611 (bmo#1844827)
    Incorrect handling of SameSite cookies
  * CVE-2024-6612 (bmo#1880374)
    CSP violation leakage when using devtools
  * CVE-2024-6613 (bmo#1900523)
    Incorrect listing of stack frames

OBS-URL: https://build.opensuse.org/request/show/1187677
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=431
2024-07-17 13:14:05 +00:00
Wolfgang Rosenauer
3623424b10 - Mozilla Firefox 128.0
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
  MFSA 2024-29 (bsc#1226316)
  * CVE-2024-6605 (bmo#1836786)
    Firefox Android missed activation delay to prevent tapjacking
  * CVE-2024-6606 (bmo#1902305)
    Out-of-bounds read in clipboard component
  * CVE-2024-6607 (bmo#1694513)
    Leaving pointerlock by pressing the escape key could be
    prevented
  * CVE-2024-6608 (bmo#1743329)
    Cursor could be moved out of the viewport using pointerlock.
  * CVE-2024-6609 (bmo#1839258)
    Memory corruption in NSS
  * CVE-2024-6610 (bmo#1883396)
    Form validation popups could block exiting full-screen mode
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6611 (bmo#1844827)
    Incorrect handling of SameSite cookies
  * CVE-2024-6612 (bmo#1880374)
    CSP violation leakage when using devtools
  * CVE-2024-6613 (bmo#1900523)
    Incorrect listing of stack frames

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1162
2024-07-16 07:10:33 +00:00
Ana Guerrero
53ab0a2e0b Accepting request 1185336 from mozilla:Factory
- Mozilla Firefox 127.0.2
  * Fixed an issue where YouTube playback may experience stalling under
    certain conditions (bmo#1900191, bmo#1878510).
  * Fixed an issue where the Private Window icon was displayed in the taskbar
    on Windows when browser.privateWindowSeparation.enabled was
    set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
  * Fixed an issue where users with a primary password set on their profile
    could lose their previous session of tabs upon upgrading if they dismissed
    the primary password prompt (bmo#1901899).
  * Fixed an issue where Linux users with accessibility.monoaudio.enable set
    to true were experiencing slow audio speeds (bmo#1900972).
  * Fixed an issue where, in some circumstances, the Firefox installer
    on Windows failed to complete the installation (bmo#1896868).
  * Fixed an issue causing Firefox to incorrectly reject cookies
    for certain websites (bmo#1901325).

- Fix GNOME search provider (boo#1225278)

OBS-URL: https://build.opensuse.org/request/show/1185336
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=430
2024-07-05 17:44:47 +00:00
Wolfgang Rosenauer
65de930456 * Fixed an issue where YouTube playback may experience stalling under
* Fixed an issue where the Private Window icon was displayed in the taskbar
    on Windows when browser.privateWindowSeparation.enabled was
  * Fixed an issue where users with a primary password set on their profile
    could lose their previous session of tabs upon upgrading if they dismissed
  * Fixed an issue where Linux users with accessibility.monoaudio.enable set
  * Fixed an issue where, in some circumstances, the Firefox installer
  * Fixed an issue causing Firefox to incorrectly reject cookies
- Fix GNOME search provider (boo#1225278)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1160
2024-07-04 08:07:19 +00:00
Wolfgang Rosenauer
e22e1216b1 Accepting request 1184300 from home:develop7:branches:mozilla:Factory
- Mozilla Firefox 127.0.2
  * Fixed an issue where YouTube playback may experience stalling under 
    certain conditions (bmo#1900191, bmo#1878510).
  * Fixed an issue where the Private Window icon was displayed in the taskbar 
    on Windows when browser.privateWindowSeparation.enabled was 
    set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
  * Fixed an issue where users with a primary password set on their profile 
    could lose their previous session of tabs upon upgrading if they dismissed 
    the primary password prompt (bmo#1901899).
  * Fixed an issue where Linux users with accessibility.monoaudio.enable set 
    to true were experiencing slow audio speeds (bmo#1900972).
  * Fixed an issue where, in some circumstances, the Firefox installer 
    on Windows failed to complete the installation (bmo#1896868).
  * Fixed an issue causing Firefox to incorrectly reject cookies 
    for certain websites (bmo#1901325).

OBS-URL: https://build.opensuse.org/request/show/1184300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1159
2024-07-04 08:00:08 +00:00
Wolfgang Rosenauer
ae5669436c Accepting request 1184277 from home:MSirringhaus:branches:mozilla:Factory
- Fix GNOME search provider (boo#1225278)

OBS-URL: https://build.opensuse.org/request/show/1184277
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1158
2024-07-04 07:55:26 +00:00
Ana Guerrero
42cc248788 Accepting request 1180696 from mozilla:Factory
- Mozilla Firefox 127.0
  https://www.mozilla.org/en-US/firefox/127.0/releasenotes
  MFSA 2024-25 (bsc#1226027)
  * CVE-2024-5687 (bmo#1889066)
    An incorrect principal could have been used when opening new tabs
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5689 (bmo#1389707)
    User confusion and possible phishing vector via Firefox Screenshots
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1837514, bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5694 (bmo#1895055)
    Use-after-free in JavaScript Strings
  * CVE-2024-5695 (bmo#1895579)
    Memory Corruption using allocation using out-of-memory conditions
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5697 (bmo#1414937)
    Website was able to detect when Firefox was taking a
    screenshot of them
  * CVE-2024-5698 (bmo#1828259)
    Data-list could have overlaid address bar
  * CVE-2024-5699 (bmo#1891349)

OBS-URL: https://build.opensuse.org/request/show/1180696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=429
2024-06-14 16:57:28 +00:00
Wolfgang Rosenauer
26b5620df4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1156 2024-06-13 13:44:22 +00:00
Wolfgang Rosenauer
8d549ff22f - Mozilla Firefox 127.0
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
  MFSA 2024-25 (bsc#1226027)
  * CVE-2024-5687 (bmo#1889066)
    An incorrect principal could have been used when opening new tabs
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5689 (bmo#1389707)
    User confusion and possible phishing vector via Firefox Screenshots
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1837514, bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5694 (bmo#1895055)
    Use-after-free in JavaScript Strings
  * CVE-2024-5695 (bmo#1895579)
    Memory Corruption using allocation using out-of-memory conditions
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5697 (bmo#1414937)
    Website was able to detect when Firefox was taking a
    screenshot of them
  * CVE-2024-5698 (bmo#1828259)
    Data-list could have overlaid address bar
  * CVE-2024-5699 (bmo#1891349)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
2024-06-12 20:38:41 +00:00
Ana Guerrero
aee654ea3f Accepting request 1177453 from mozilla:Factory
- Mozilla Firefox 126.0.1
  * Fixed an issue with reading tagged PDF documents in a screen reader
    bmo#1894849
  * Fixed not displaying localized text for non-en-US locales in the
    Crash Reporter dialog box on macOS. (bmo#1896097)
  * Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
  * Fixed an issue causing high GPU memory usage on certain versions
    of AMD cards. (bmo#1897006)

- Backport upstream patches to fix build on aarch64 - boo#1225460
  * mozilla-bmo1886378.patch

OBS-URL: https://build.opensuse.org/request/show/1177453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=428
2024-05-30 13:32:10 +00:00
Wolfgang Rosenauer
7548fa49d0 - Mozilla Firefox 126.0.1
* Fixed an issue with reading tagged PDF documents in a screen reader
    bmo#1894849
  * Fixed not displaying localized text for non-en-US locales in the
    Crash Reporter dialog box on macOS. (bmo#1896097)
  * Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
  * Fixed an issue causing high GPU memory usage on certain versions
    of AMD cards. (bmo#1897006)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1153
2024-05-29 07:15:42 +00:00
Wolfgang Rosenauer
ffc2e2a358 Accepting request 1177370 from home:Guillaume_G:branches:mozilla:Factory
- Backport upstream patches to fix build on aarch64 - boo#1225460
  * mozilla-bmo1886378.patch

OBS-URL: https://build.opensuse.org/request/show/1177370
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1152
2024-05-29 07:11:01 +00:00
Ana Guerrero
f2d4ae6b6f Accepting request 1175472 from mozilla:Factory
- Mozilla Firefox 126.0
  https://www.mozilla.org/en-US/firefox/126.0/releasenotes
  MFSA 2024-21 (bsc#1224056)
  * CVE-2024-4764 (bmo#1879093)
    Use-after-free when audio input connected with multiple consumers
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4765 (bmo#1871109)
    Web application manifests could have been overwritten via
    hash collision
  * CVE-2024-4766 (bmo#1871214, bmo#1871217)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4771 (bmo#1893891)
    Failed allocation could lead to use-after-free
  * CVE-2024-4772 (bmo#1870579)
    Use of insecure rand() function to generate nonce
  * CVE-2024-4773 (bmo#1875248)
    URL bar could be cleared after network error
  * CVE-2024-4774 (bmo#1886598)
    Undefined behavior in ShmemCharMapHashEntry()

OBS-URL: https://build.opensuse.org/request/show/1175472
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=427
2024-05-21 16:33:21 +00:00
Wolfgang Rosenauer
5b06ba2de6 - Mozilla Firefox 126.0
https://www.mozilla.org/en-US/firefox/126.0/releasenotes
  MFSA 2024-21 (bsc#1224056)
  * CVE-2024-4764 (bmo#1879093)
    Use-after-free when audio input connected with multiple consumers
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4765 (bmo#1871109)
    Web application manifests could have been overwritten via
    hash collision
  * CVE-2024-4766 (bmo#1871214, bmo#1871217)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4771 (bmo#1893891)
    Failed allocation could lead to use-after-free
  * CVE-2024-4772 (bmo#1870579)
    Use of insecure rand() function to generate nonce
  * CVE-2024-4773 (bmo#1875248)
    URL bar could be cleared after network error
  * CVE-2024-4774 (bmo#1886598)
    Undefined behavior in ShmemCharMapHashEntry()

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1150
2024-05-21 08:22:00 +00:00
Dominique Leuenberger
640c98451f Accepting request 1170867 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1170867
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=426
2024-05-01 12:54:55 +00:00
Wolfgang Rosenauer
072f7b36ed Accepting request 1170864 from home:AndreasStieger:branches:mozilla:Factory
125.0.3

OBS-URL: https://build.opensuse.org/request/show/1170864
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1148
2024-04-29 18:30:27 +00:00
Ana Guerrero
d3c437774c Accepting request 1169983 from mozilla:Factory
- Mozilla Firefox 125.0.2
  * The 125.0 and 125.0.1 releases were skipped due to problems with a
    feature that proactively blocked downloads from potentially
    untrustworthy URLs
  * New: Firefox now supports the AV1 codec for Encrypted Media
    Extensions (EME), enabling higher-quality playback from video
    streaming providers
  * New: The Firefox PDF viewer now supports text highlighting.
  * New: Firefox View now displays pinned tabs in the Open tabs
    section. Tab indicators have also been added to Open tabs, so
    users can do things like see which tabs are playing media and
    quickly mute or unmute across windows. Indicators were also
    added for bookmarks, tabs with notifications, and more!
    their addresses upon submitting an address form, allowing
    Firefox to autofill stored address information in the future.
  * New: The URL Paste Suggestion feature provides a convenient
    way for users to quickly visit URLs copied to the clipboard
    in the address bar of Firefox. When the clipboard contains a
    URL and the URL bar is focused, an autocomplete result
    appears automatically. Activating the clipboard suggestion
    will navigate the user to the URL with 1 click.
  * New: Users of tab-specific Container add-ons can now search
    in the Address Bar for tabs that are open in different
    containers. Special thanks to volunteer contributor atararx
    for kicking off the work on this feature!
  * New: Firefox now provides an option to enable Web Proxy Auto-
    Discovery (WPAD) while configured to use system proxy
    settings.
  * Changed: In a group of radio buttons where no option is
    selected, the tab key now only reaches the first option

OBS-URL: https://build.opensuse.org/request/show/1169983
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=425
2024-04-26 21:26:13 +00:00
Wolfgang Rosenauer
32b276a257 * The 125.0 and 125.0.1 releases were skipped due to problems with a
feature that proactively blocked downloads from potentially
    untrustworthy URLs
    Use-after-free if garbage collection runs during realm initialization
    Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
    Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1146
2024-04-24 07:40:26 +00:00
Wolfgang Rosenauer
3b2b98176a Accepting request 1169748 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 125.0.2

OBS-URL: https://build.opensuse.org/request/show/1169748
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1145
2024-04-23 06:12:35 +00:00
Ana Guerrero
9ba5b17011 Accepting request 1164364 from mozilla:Factory
- Mozilla Firefox 124.0.2
  https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/
  * Fixed an issue where users with a large amount of bookmarks would
    be unable to restore a bookmarks backup. (bmo#1884308)
  * Fixed an issue that would cause open Firefox windows
    to go blank or crash during video playback on sites such as
    Netflix. (bmo#1883932)
  * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
  * Fixed an issue where some users experienced difficulties loading
    webpages due to changes made to the default AppArmor configuration
    shipping in Ubuntu 24.04. (bmo#1884347)

OBS-URL: https://build.opensuse.org/request/show/1164364
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=424
2024-04-04 20:24:08 +00:00
Wolfgang Rosenauer
d592c1b03e * Fixed an issue where users with a large amount of bookmarks would
be unable to restore a bookmarks backup. (bmo#1884308)
  * Fixed an issue that would cause open Firefox windows
    Netflix. (bmo#1883932)
  * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
  * Fixed an issue where some users experienced difficulties loading
    webpages due to changes made to the default AppArmor configuration
    shipping in Ubuntu 24.04. (bmo#1884347)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1143
2024-04-03 13:07:33 +00:00
Wolfgang Rosenauer
32874c1308 Accepting request 1164363 from home:MSirringhaus:branches:mozilla:Factory
- Mozilla Firefox 124.0.2
  https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/
  * Fixed: Fixed an issue where users with a large amount of
    bookmarks would be unable to restore a bookmarks backup. (Bug
    1884308)
  * Fixed: Fixed an issue that would cause open Firefox windows
    to go blank or crash during video playback on sites such as
    Netflix. (Bug 1883932)
  * Fixed: Fixed a crash that affected Linux AArch64 builds.(Bug
    1866396)
  * Fixed: Fixed an issue where some users experienced
    difficulties loading webpages due to changes made to the
    default AppArmor configuration shipping in Ubuntu 24.04. (Bug
    1884347)

OBS-URL: https://build.opensuse.org/request/show/1164363
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1142
2024-04-03 13:05:03 +00:00
Ana Guerrero
23c8d9fe7f Accepting request 1160726 from mozilla:Factory
- Mozilla Firefox 124.0.1
  https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
  MFSA 2024-15 (bsc#1221850)
  * CVE-2024-29943 (bmo#1886849)
    Out-of-bounds access via Range Analysis bypass
  * CVE-2024-29944 (bmo#1886852)
    Privileged JavaScript Execution via Event Handlers
  Mozilla Firefox 124.0
  https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
  MFSA 2024-12 (bsc#1221327)
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2606 (bmo#1879237)
    Mishandling of WASM register values
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free

OBS-URL: https://build.opensuse.org/request/show/1160726
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=423
2024-03-25 20:06:23 +00:00
Wolfgang Rosenauer
90db4db449 - Mozilla Firefox 124.0.1
https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
  MFSA 2024-15 (bsc#1221850)
  * CVE-2024-29943 (bmo#1886849)
    Out-of-bounds access via Range Analysis bypass
  * CVE-2024-29944 (bmo#1886852)
    Privileged JavaScript Execution via Event Handlers
  Mozilla Firefox 124.0
  https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
  MFSA 2024-12 (bsc#1221327)
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2606 (bmo#1879237)
    Mishandling of WASM register values
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1140
2024-03-22 16:21:08 +00:00
Dominique Leuenberger
33f287025d Accepting request 1156327 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1156327
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=422
2024-03-09 19:53:50 +00:00
Wolfgang Rosenauer
cb3e179034 Accepting request 1156314 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 123.0.1

OBS-URL: https://build.opensuse.org/request/show/1156314
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1138
2024-03-08 10:46:33 +00:00
Ana Guerrero
7a05ebf18e Accepting request 1150527 from mozilla:Factory
- Mozilla Firefox 123.0
  https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
  MFSA 2024-05 (bsc#1220048)
  * CVE-2024-1546 (bmo#1843752)
    Out-of-bounds memory read in networking channels
  * CVE-2024-1547 (bmo#1877879)
    Alert dialog could have been spoofed on another site
  * CVE-2024-1554 (bmo#1816390)
    fetch could be used to effect cache poisoning
  * CVE-2024-1548 (bmo#1832627)
    Fullscreen Notification could have been hidden by select element
  * CVE-2024-1549 (bmo#1833814)
    Custom cursor could obscure the permission dialog
  * CVE-2024-1550 (bmo#1860065)
    Mouse cursor re-positioned unexpectedly could have led to
    unintended permission grants
  * CVE-2024-1551 (bmo#1864385)
    Multipart HTTP Responses would accept the Set-Cookie header
    in response parts
  * CVE-2024-1555 (bmo#1873223)
    SameSite cookies were not properly respected when opening a
    website from an external browser
  * CVE-2024-1556 (bmo#1870414)
    Invalid memory access in the built-in profiler
  * CVE-2024-1552 (bmo#1874502)
    Incorrect code generation on 32-bit ARM devices
  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
    bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
    bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
    bmo#1878286)

OBS-URL: https://build.opensuse.org/request/show/1150527
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=421
2024-02-27 21:43:17 +00:00
Wolfgang Rosenauer
672b2847a9 - Mozilla Firefox 123.0
https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
  MFSA 2024-05 (bsc#1220048)
  * CVE-2024-1546 (bmo#1843752)
    Out-of-bounds memory read in networking channels
  * CVE-2024-1547 (bmo#1877879)
    Alert dialog could have been spoofed on another site
  * CVE-2024-1554 (bmo#1816390)
    fetch could be used to effect cache poisoning
  * CVE-2024-1548 (bmo#1832627)
    Fullscreen Notification could have been hidden by select element
  * CVE-2024-1549 (bmo#1833814)
    Custom cursor could obscure the permission dialog
  * CVE-2024-1550 (bmo#1860065)
    Mouse cursor re-positioned unexpectedly could have led to
    unintended permission grants
  * CVE-2024-1551 (bmo#1864385)
    Multipart HTTP Responses would accept the Set-Cookie header
    in response parts
  * CVE-2024-1555 (bmo#1873223)
    SameSite cookies were not properly respected when opening a
    website from an external browser
  * CVE-2024-1556 (bmo#1870414)
    Invalid memory access in the built-in profiler
  * CVE-2024-1552 (bmo#1874502)
    Incorrect code generation on 32-bit ARM devices
  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
    bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
    bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
    bmo#1878286)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1136
2024-02-25 22:15:18 +00:00
Ana Guerrero
d1be093a13 Accepting request 1146565 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1146565
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=420
2024-02-15 19:58:57 +00:00
Wolfgang Rosenauer
d2bb239998 Accepting request 1146484 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 122.0.1

OBS-URL: https://build.opensuse.org/request/show/1146484
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1134
2024-02-14 12:25:21 +00:00
Ana Guerrero
dae9c9db48 Accepting request 1143092 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1143092
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=419
2024-02-01 17:03:42 +00:00
Wolfgang Rosenauer
c4d54d7b75 Accepting request 1142978 from home:MSirringhaus:branches:mozilla:Factory
- Recommend libfido2-udev on codestreams that exist, in order to try
  to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)

OBS-URL: https://build.opensuse.org/request/show/1142978
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1132
2024-01-31 17:28:29 +00:00
Ana Guerrero
0299745734 Accepting request 1142680 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1142680
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=418
2024-01-30 17:24:32 +00:00
Wolfgang Rosenauer
e23269fde0 Accepting request 1142188 from home:Andreas_Schwab:Factory
- Fix file list

OBS-URL: https://build.opensuse.org/request/show/1142188
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1130
2024-01-29 22:24:08 +00:00
Ana Guerrero
fbd6485905 Accepting request 1141490 from mozilla:Factory
- Mozilla Firefox 122.0
  https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
  MFSA 2024-01 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-0744 (bmo#1871089)
    Wild pointer dereference in JavaScript
  * CVE-2024-0745 (bmo#1871838)
    Stack buffer overflow in WebAudio
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0748 (bmo#1783504)
    Compromised content process could modify document URI
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0752 (bmo#1866840)
    Use-after-free could occur when applying update on macOS
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0754 (bmo#1871605)

OBS-URL: https://build.opensuse.org/request/show/1141490
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=417
2024-01-26 21:45:43 +00:00
Wolfgang Rosenauer
3eb8b737e4 - Mozilla Firefox 122.0
https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
  MFSA 2024-01 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-0744 (bmo#1871089)
    Wild pointer dereference in JavaScript
  * CVE-2024-0745 (bmo#1871838)
    Stack buffer overflow in WebAudio
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0748 (bmo#1783504)
    Compromised content process could modify document URI
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0752 (bmo#1866840)
    Use-after-free could occur when applying update on macOS
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0754 (bmo#1871605)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1128
2024-01-25 11:10:30 +00:00
Ana Guerrero
da52efa0fb Accepting request 1138351 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1138351
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=416
2024-01-14 18:01:25 +00:00
Wolfgang Rosenauer
7bf217f6ac Accepting request 1137806 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 121.0.1

OBS-URL: https://build.opensuse.org/request/show/1137806
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1126
2024-01-12 16:07:06 +00:00
Ana Guerrero
9aad02882d Accepting request 1134603 from mozilla:Factory
- Mozilla Firefox 121.0
  https://www.mozilla.org/en-US/firefox/121.0/releasenotes
  MFSA 2023-56 (bsc#1217974)
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6135 (bmo#1853908)
    NSS susceptible to "Minerva" attack
  * CVE-2023-6865 (bmo#1864123)
    Potential exposure of uninitialized data in EncryptingOutputStream
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6866 (bmo#1849037)
    TypedArrays lack sufficient exception handling
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6867 (bmo#1863863)
    Clickjacking permission prompts using the popup transition
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6868 (bmo#1865488)
    WebPush requests on Firefox for Android did not require VAPID key
  * CVE-2023-6869 (bmo#1799036)
    Content can paint outside of sandboxed iframe

OBS-URL: https://build.opensuse.org/request/show/1134603
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=415
2023-12-22 21:41:04 +00:00
Wolfgang Rosenauer
20ffb64e05 - Mozilla Firefox 121.0
https://www.mozilla.org/en-US/firefox/121.0/releasenotes
  MFSA 2023-56 (bsc#1217974)
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6135 (bmo#1853908)
    NSS susceptible to "Minerva" attack
  * CVE-2023-6865 (bmo#1864123)
    Potential exposure of uninitialized data in EncryptingOutputStream
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6866 (bmo#1849037)
    TypedArrays lack sufficient exception handling
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6867 (bmo#1863863)
    Clickjacking permission prompts using the popup transition
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6868 (bmo#1865488)
    WebPush requests on Firefox for Android did not require VAPID key
  * CVE-2023-6869 (bmo#1799036)
    Content can paint outside of sandboxed iframe

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1124
2023-12-22 09:01:08 +00:00