1
0
Commit Graph

1213 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
948218484d Accepting request 1041338 from home:milachew:branches:mozilla:Factory
- added translations to .desktop file.

OBS-URL: https://build.opensuse.org/request/show/1041338
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1023
2022-12-09 09:40:12 +00:00
Dominique Leuenberger
fc347e1056 Accepting request 1039406 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1039406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=383
2022-12-02 12:12:25 +00:00
Wolfgang Rosenauer
8200399c53 Accepting request 1039401 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 107.0.1

OBS-URL: https://build.opensuse.org/request/show/1039401
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1021
2022-12-01 21:39:40 +00:00
Dominique Leuenberger
9488c60e72 Accepting request 1036230 from mozilla:Factory
- Mozilla Firefox 107.0
  MFSA 2022-47 (bsc#1205270)
 * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)

OBS-URL: https://build.opensuse.org/request/show/1036230
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=382
2022-11-17 16:23:52 +00:00
Wolfgang Rosenauer
c9ea1238e9 - Mozilla Firefox 107.0
MFSA 2022-47 (bsc#1205270)
 * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1019
2022-11-16 13:36:59 +00:00
Dominique Leuenberger
091a155ca4 Accepting request 1033697 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1033697
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=381
2022-11-06 11:41:37 +00:00
Wolfgang Rosenauer
1e9f34d721 Accepting request 1033693 from home:AndreasStieger:branches:mozilla:Factory
106.0.5

OBS-URL: https://build.opensuse.org/request/show/1033693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1017
2022-11-05 16:17:24 +00:00
Dominique Leuenberger
1bb45920a5 Accepting request 1032848 from mozilla:Factory
- Mozilla Firefox 106.0.3
  * Fixes for other platforms

OBS-URL: https://build.opensuse.org/request/show/1032848
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=380
2022-11-03 18:13:16 +00:00
Wolfgang Rosenauer
383a39a2f4 - Mozilla Firefox 106.0.3
* Fixes for other platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1015
2022-11-02 07:04:04 +00:00
Dominique Leuenberger
9f69cda729 Accepting request 1031637 from mozilla:Factory
- Mozilla Firefox 106.0.2
  * Fix missing content on some PDF forms (bmo#1794351)
  * Fix column width for the Notification sub-panel in Settings
    (bmo#1793558)
  * Fix a browser freeze with accessibility enabled on some sites
    such as the Proxmox Web UI (bmo#1793748)
  * Fix page reloading not working with Firefox View and not
    refreshing synced data (bmo#1792680, bmo#1794474)

OBS-URL: https://build.opensuse.org/request/show/1031637
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=379
2022-10-28 17:29:32 +00:00
Wolfgang Rosenauer
ecb5748542 - Mozilla Firefox 106.0.2
* Fix missing content on some PDF forms (bmo#1794351)
  * Fix column width for the Notification sub-panel in Settings
    (bmo#1793558)
  * Fix a browser freeze with accessibility enabled on some sites
    such as the Proxmox Web UI (bmo#1793748)
  * Fix page reloading not working with Firefox View and not
    refreshing synced data (bmo#1792680, bmo#1794474)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1013
2022-10-27 21:08:41 +00:00
Dominique Leuenberger
2a6fdd7c5b Accepting request 1030584 from mozilla:Factory
- Mozilla Firefox 106.0.1
  * Addresses a crash experienced by users with AMD Zen 1 CPUs
    (bmo#1796126)

OBS-URL: https://build.opensuse.org/request/show/1030584
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=378
2022-10-23 14:32:45 +00:00
Wolfgang Rosenauer
521232e015 - Mozilla Firefox 106.0.1
* Addresses a crash experienced by users with AMD Zen 1 CPUs
    (bmo#1796126)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1011
2022-10-23 08:53:25 +00:00
Dominique Leuenberger
44f5500b05 Accepting request 1030290 from mozilla:Factory
i686 and aarch64 should be fixed. No idea for ppc64le

- Mozilla Firefox 106.0
  * support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox
- added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
  as it was extended with changes for other archs

OBS-URL: https://build.opensuse.org/request/show/1030290
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=377
2022-10-22 12:12:03 +00:00
Wolfgang Rosenauer
f8be38ac8b - added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
  as it was extended with changes for other archs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1009
2022-10-20 21:12:10 +00:00
Wolfgang Rosenauer
4dd806ea87 - Mozilla Firefox 106.0
* support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1008
2022-10-18 20:10:44 +00:00
Dominique Leuenberger
9c18aa5479 Accepting request 1009258 from mozilla:Factory
- Mozilla Firefox 105.0.3:
  * Fixes for other platforms

- Mozilla Firefox 105.0.2:
  * Fixed poor contrast on various menu items with certain
    themes on Linux systems (bmo#1792063)
  * Fixed the scrollbar appearing on the wrong side of
    `select` elements in right-to-left locales (bmo#1791219)
  * Fixed a possible deadlock when loading some sites in
    Troubleshoot Mode (bmo#1786259)
  * Fixed a bug causing some dynamic appearance changes to
    not appear when expected (bmo#1786521)
  * Fixed a bug causing theme styling to not be properly applied
    to sidebars for some add-ons in Private Browsing Mode
    (bmo#1787543)

- Mozilla Firefox 105.0.1
  * Reverted focus behavior for new windows back to the content
    area instead of the address bar (bmo#1784692)
- added mozilla-i686-build.patch to avoid using avx2

- Mozilla Firefox 105.0
  https://www.mozilla.org/en-US/firefox/105.0/releasenotes
  MFSA 2022-40 (bsc#1203477)
  * CVE-2022-40959 (bmo#1782211)
    Bypassing FeaturePolicy restrictions on transient pages
  * CVE-2022-40960 (bmo#1787633)
    Data-race when parsing non-UTF-8 URLs in threads
  * CVE-2022-40958 (bmo#1779993)
    Bypassing Secure Context restriction for cookies with __Host

OBS-URL: https://build.opensuse.org/request/show/1009258
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=376
2022-10-12 16:22:55 +00:00
Wolfgang Rosenauer
faf5bbda6a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1006 2022-10-09 20:45:53 +00:00
Wolfgang Rosenauer
c23a3695e5 Accepting request 1008938 from home:AndreasStieger:branches:mozilla:Factory
105.0.3

OBS-URL: https://build.opensuse.org/request/show/1008938
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1005
2022-10-09 07:54:20 +00:00
Wolfgang Rosenauer
64f10b5910 Accepting request 1008280 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 105.0.2

OBS-URL: https://build.opensuse.org/request/show/1008280
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1004
2022-10-06 07:14:45 +00:00
Dominique Leuenberger
3fffbcb70d Accepting request 1002272 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1002272
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=375
2022-09-10 18:16:51 +00:00
Wolfgang Rosenauer
5ffc1b196b Accepting request 1002263 from home:Guillaume_G:branches:mozilla:Factory
- Adjust memory requirements to fix build on aarch64

OBS-URL: https://build.opensuse.org/request/show/1002263
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1002
2022-09-09 09:09:55 +00:00
Dominique Leuenberger
e4d9cbf026 Accepting request 1001583 from mozilla:Factory
- Mozilla Firefox 104.0.2 (boo#1203177)
  https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
  * Fixed a bug making it impossible to use touch or a stylus to
    drag the scrollbar on pages (bmo#1787361)
  * Fixed an issue causing some users to crash in out-of-memory
    conditions (bmo#1774155)
  * Fixed an issue that would sometimes affect video & audio playback
    when loaded via a cross-origin iframe src attribute (bmo#1781759)
  * Fixed an issue that would sometimes affect video & audio playback
    when served with Content-Security-Policy: sandbox (bmo#1781063)

- Mozilla Firefox 104.0.1
  * Addresses an issue with Youtube video playback that was
    affecting some users (boo#1203003)

OBS-URL: https://build.opensuse.org/request/show/1001583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=374
2022-09-08 12:21:21 +00:00
Wolfgang Rosenauer
e19b31cbfd - Mozilla Firefox 104.0.2 (boo#1203177)
https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
  * Fixed a bug making it impossible to use touch or a stylus to
    drag the scrollbar on pages (bmo#1787361)
  * Fixed an issue causing some users to crash in out-of-memory
    conditions (bmo#1774155)
  * Fixed an issue that would sometimes affect video & audio playback
    when loaded via a cross-origin iframe src attribute (bmo#1781759)
  * Fixed an issue that would sometimes affect video & audio playback
    when served with Content-Security-Policy: sandbox (bmo#1781063)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1000
2022-09-07 06:58:25 +00:00
Wolfgang Rosenauer
c37c6eba55 - Mozilla Firefox 104.0.1
* Addresses an issue with Youtube video playback that was
    affecting some users (boo#1203003)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=999
2022-09-01 07:15:39 +00:00
Dominique Leuenberger
c156a190a7 Accepting request 999342 from mozilla:Factory
- Mozilla Firefox 104.0
  * https://www.mozilla.org/en-US/firefox/104.0/releasenotes
  MFSA 2022-33 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38474 (bmo#1719511)
    Recording notification not shown when microphone was
    recording on Android
  * CVE-2022-38475 (bmo#1773266)
    Attacker could write a value to a zero-length array
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
    and Firefox ESR 91.13
- requires
  NSPR 4.34.1
  NSS 3.81
  rust 1.62

OBS-URL: https://build.opensuse.org/request/show/999342
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=373
2022-08-27 09:47:52 +00:00
Wolfgang Rosenauer
342949cc96 - Mozilla Firefox 104.0
* https://www.mozilla.org/en-US/firefox/104.0/releasenotes
  MFSA 2022-33 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38474 (bmo#1719511)
    Recording notification not shown when microphone was
    recording on Android
  * CVE-2022-38475 (bmo#1773266)
    Attacker could write a value to a zero-length array
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
    and Firefox ESR 91.13
- requires
  NSPR 4.34.1
  NSS 3.81
  rust 1.62

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=997
2022-08-26 06:35:29 +00:00
Dominique Leuenberger
70ececaf7c Accepting request 994938 from mozilla:Factory
- added mozilla-glibc236.patch (bmo#1782988, boo#1202323)

OBS-URL: https://build.opensuse.org/request/show/994938
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=372
2022-08-15 17:56:18 +00:00
Wolfgang Rosenauer
4275f61fd0 - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=995
2022-08-13 06:27:33 +00:00
Dominique Leuenberger
3170c987ae Accepting request 994312 from mozilla:Factory
- Mozilla Firefox 103.0.2
  * Fixed menu shortcuts for users of the JAWS screen reader
  * Fixed an occasional non-overridable certificate error when
    accessing device configuration pages

- The --disable-elf-hack option only exists on ARM and X86

OBS-URL: https://build.opensuse.org/request/show/994312
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=371
2022-08-11 16:31:26 +00:00
Wolfgang Rosenauer
f68ada67a5 - Mozilla Firefox 103.0.2
* Fixed menu shortcuts for users of the JAWS screen reader
  * Fixed an occasional non-overridable certificate error when
    accessing device configuration pages

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=993
2022-08-10 11:39:04 +00:00
Dominique Leuenberger
9f3db69edb Accepting request 992040 from mozilla:Factory
- Mozilla Firefox 103.0.1
  * Enabled hardware acceleration on newer AMD cards.
  * Fixed a crash on Firefox shutdown caused by a bug in the
    audio manager

- Mozilla Firefox 103.0
  https://www.mozilla.org/en-US/firefox/103.0/releasenotes
  MFSA 2022-28 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36317 (bmo#1759951)
    Long URL would hang Firefox for Android
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL
    parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-36315 (bmo#1762520)
    Preload Cache Bypasses Subresource Integrity
  * CVE-2022-36316 (bmo#1768583)
    Performance API leaked whether a cross-site resource is
    redirecting
  * CVE-2022-36320 (bmo#1759794, bmo#1760998)
    Memory safety bugs fixed in Firefox 103
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Firefox 103 and 102.1
- requires
  NSS >= 3.80
  rust = 1.61

OBS-URL: https://build.opensuse.org/request/show/992040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=370
2022-08-03 19:15:49 +00:00
Wolfgang Rosenauer
7b457de55d - The --disable-elf-hack option only exists on ARM and X86
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=991
2022-08-02 08:06:07 +00:00
Wolfgang Rosenauer
9f1c040444 Accepting request 991957 from home:Andreas_Schwab:Factory
- The --disable-elf-hack option only exists on ARM and X86

OBS-URL: https://build.opensuse.org/request/show/991957
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=990
2022-08-02 08:03:20 +00:00
Wolfgang Rosenauer
c00fa5c822 - Mozilla Firefox 103.0.1
* Enabled hardware acceleration on newer AMD cards.
  * Fixed a crash on Firefox shutdown caused by a bug in the
    audio manager

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=989
2022-08-01 13:53:08 +00:00
Wolfgang Rosenauer
9fb88935cc - Mozilla Firefox 103.0
https://www.mozilla.org/en-US/firefox/103.0/releasenotes
  MFSA 2022-28 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36317 (bmo#1759951)
    Long URL would hang Firefox for Android
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL
    parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-36315 (bmo#1762520)
    Preload Cache Bypasses Subresource Integrity
  * CVE-2022-36316 (bmo#1768583)
    Performance API leaked whether a cross-site resource is
    redirecting
  * CVE-2022-36320 (bmo#1759794, bmo#1760998)
    Memory safety bugs fixed in Firefox 103
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Firefox 103 and 102.1
- requires
  NSS >= 3.80
  rust = 1.61
  rust-cbindgen >= 0.24.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=988
2022-07-27 12:29:45 +00:00
Wolfgang Rosenauer
0ce875e31b Accepting request 991219 from home:Guillaume_G:branches:mozilla:Factory
- Move %limit_build set before mozilla config to actually set the
  value of %jobs to MOZ_MAKE_FLAGS to fix build on aarch64

OBS-URL: https://build.opensuse.org/request/show/991219
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=987
2022-07-27 07:10:26 +00:00
Dominique Leuenberger
8f08890358 Accepting request 988096 from mozilla:Factory
- Firefox 102.0.1:
  * Fixed: Fixed bookmarks sidebar flashing white when opened in
    dark mode (bmo#1776157)
  * Fixed: Fixed multilingual spell checking not working with
    content in both English and a non-Latin alphabet
    (bmo#1773802)
  * Fixed: Developer tools:  Fixed an issue where the console
    output keep getting scrolled to the bottom when the last
    visible message is an evaluation result (bmo#1776262)
  * Fixed: Fixed *Delete cookies and site data when Firefox is
    closed* checkbox getting disabled on startup (bmo#1777419)
  * Fixed: Various stability fixes

- Firefox 102.0
  * You can now disable automatic opening of the download panel
    every time a new download starts
  * Firefox now mitigates query parameter tracking when navigating
    sites in ETP strict mode
  * Improved security by moving audio decoding into a separate
    process with stricter sandboxing, thus improving process isolation
  * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
  MFSA 2022-24 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI

OBS-URL: https://build.opensuse.org/request/show/988096
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=369
2022-07-11 17:07:57 +00:00
Wolfgang Rosenauer
1e472195d6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=985 2022-07-10 10:37:47 +00:00
Wolfgang Rosenauer
9327edeba7 Accepting request 987273 from home:AndreasStieger:branches:mozilla:Factory
102.0.1

OBS-URL: https://build.opensuse.org/request/show/987273
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=984
2022-07-06 19:44:48 +00:00
Wolfgang Rosenauer
a756387aa3 - Firefox 102.0
* You can now disable automatic opening of the download panel
    every time a new download starts
  * Firefox now mitigates query parameter tracking when navigating
    sites in ETP strict mode
  * Improved security by moving audio decoding into a separate
    process with stricter sandboxing, thus improving process isolation
  * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
  MFSA 2022-24 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-34482 (bmo#845880)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34483 (bmo#1335845)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34476 (bmo#1387919)
    ASN.1 parser could have been tricked into accepting malformed ASN.1
  * CVE-2022-34481 (bmo#1483699, bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-34474 (bmo#1677138)
    Sandboxed iframes could redirect to external schemes
  * CVE-2022-34469 (bmo#1721220)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=983
2022-06-29 07:44:18 +00:00
Dominique Leuenberger
d3f7ace283 Accepting request 982081 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/982081
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=368
2022-06-17 19:19:58 +00:00
Wolfgang Rosenauer
f85c2ce39f Accepting request 982080 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 101.0.1

OBS-URL: https://build.opensuse.org/request/show/982080
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=981
2022-06-10 21:00:05 +00:00
Dominique Leuenberger
f66d644831 Accepting request 980191 from mozilla:Factory
- Mozilla Firefox 101.0
  * Reading is now easier with the prefers-contrast media query,
    which allows sites to detect if the user has requested that web
    content is presented with a higher (or lower) contrast
  * All non-configured MIME types can now be assigned a custom
    action upon download completion
  * allows users to use as many microphones as you want, at the
    same time, during video conferencing. The most exciting benefit
    is that you can easily switch your microphones at any time
    (if your conferencing service provider enables this flexibility)
  MFSA 2022-20 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of allowCredential
    entries may have leaked cross-origin information
  * CVE-2022-31743 (bmo#1747388)
    HTML Parsing incorrectly ended HTML comments prematurely
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection

OBS-URL: https://build.opensuse.org/request/show/980191
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=367
2022-06-02 19:53:45 +00:00
Wolfgang Rosenauer
1ec6880184 - Mozilla Firefox 101.0
* Reading is now easier with the prefers-contrast media query,
    which allows sites to detect if the user has requested that web
    content is presented with a higher (or lower) contrast
  * All non-configured MIME types can now be assigned a custom
    action upon download completion
  * allows users to use as many microphones as you want, at the
    same time, during video conferencing. The most exciting benefit
    is that you can easily switch your microphones at any time
    (if your conferencing service provider enables this flexibility)
  MFSA 2022-20 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of allowCredential
    entries may have leaked cross-origin information
  * CVE-2022-31743 (bmo#1747388)
    HTML Parsing incorrectly ended HTML comments prematurely
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=979
2022-05-31 21:18:50 +00:00
Dominique Leuenberger
0f98512910 Accepting request 978314 from mozilla:Factory
- Mozilla Firefox 100.0.2
  MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

- Mozilla Firefox 100.0.1:
  * Fixed: Fixed an issue with subtitles in Picture-in-Picture
    mode while using Netflix (bmo#1768818)
  * Fixed: Fixed an issue where some commands were unavailable in
    the Picture-in-Picture window (bmo#1768201)

OBS-URL: https://build.opensuse.org/request/show/978314
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=366
2022-05-21 17:05:45 +00:00
Wolfgang Rosenauer
9498fa4a6a - Mozilla Firefox 100.0.2
MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=977
2022-05-20 15:13:51 +00:00
Wolfgang Rosenauer
b2497b835b Accepting request 978002 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 100.0.1

OBS-URL: https://build.opensuse.org/request/show/978002
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=976
2022-05-18 20:54:37 +00:00
Dominique Leuenberger
d7f7b04864 Accepting request 974815 from mozilla:Factory
- Mozilla Firefox 100.0
  * subtitle support in PiP
  * spell checking supports multiple languages in parallel
  * more details here
    https://www.mozilla.org/en-US/firefox/100.0/releasenotes
  MFSA 2022-16 (boo#1198970)
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe Sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29910 (bmo#1757138)
    Firefox for Android forgot HTTP Strict Transport Security
    settings
  * CVE-2022-29915 (bmo#1751678)
    Leaking cross-origin redirect through the Performance API
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620, bmo#1764778)
    Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
  * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
    bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
    bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
    Memory safety bugs fixed in Firefox 100
- requires NSS 3.77

OBS-URL: https://build.opensuse.org/request/show/974815
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=365
2022-05-06 16:58:30 +00:00
Wolfgang Rosenauer
67ec5338d7 - Mozilla Firefox 100.0
* subtitle support in PiP
  * spell checking supports multiple languages in parallel
  * more details here
    https://www.mozilla.org/en-US/firefox/100.0/releasenotes
  MFSA 2022-16 (boo#1198970)
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe Sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29910 (bmo#1757138)
    Firefox for Android forgot HTTP Strict Transport Security
    settings
  * CVE-2022-29915 (bmo#1751678)
    Leaking cross-origin redirect through the Performance API
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620, bmo#1764778)
    Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
  * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
    bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
    bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
    Memory safety bugs fixed in Firefox 100
- requires NSS 3.77

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=974
2022-05-04 06:26:46 +00:00