1
0
Commit Graph

97 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
1c9c2f3dd5 - Mozilla Firefox 108.0
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
  MFSA 2022-51 (bsc#1206242)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46873 (bmo#1644790)
    Firefox did not implement the CSP directive unsafe-hashes
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
  * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
    bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
    Memory safety bugs fixed in Firefox 108
- requires
  NSS >= 3.85
  rustc/cargo 1.65

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1024
2022-12-13 21:48:56 +00:00
Wolfgang Rosenauer
8200399c53 Accepting request 1039401 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 107.0.1

OBS-URL: https://build.opensuse.org/request/show/1039401
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1021
2022-12-01 21:39:40 +00:00
Wolfgang Rosenauer
c9ea1238e9 - Mozilla Firefox 107.0
MFSA 2022-47 (bsc#1205270)
 * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1019
2022-11-16 13:36:59 +00:00
Wolfgang Rosenauer
1e9f34d721 Accepting request 1033693 from home:AndreasStieger:branches:mozilla:Factory
106.0.5

OBS-URL: https://build.opensuse.org/request/show/1033693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1017
2022-11-05 16:17:24 +00:00
Wolfgang Rosenauer
383a39a2f4 - Mozilla Firefox 106.0.3
* Fixes for other platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1015
2022-11-02 07:04:04 +00:00
Wolfgang Rosenauer
ecb5748542 - Mozilla Firefox 106.0.2
* Fix missing content on some PDF forms (bmo#1794351)
  * Fix column width for the Notification sub-panel in Settings
    (bmo#1793558)
  * Fix a browser freeze with accessibility enabled on some sites
    such as the Proxmox Web UI (bmo#1793748)
  * Fix page reloading not working with Firefox View and not
    refreshing synced data (bmo#1792680, bmo#1794474)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1013
2022-10-27 21:08:41 +00:00
Wolfgang Rosenauer
521232e015 - Mozilla Firefox 106.0.1
* Addresses a crash experienced by users with AMD Zen 1 CPUs
    (bmo#1796126)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1011
2022-10-23 08:53:25 +00:00
Wolfgang Rosenauer
4dd806ea87 - Mozilla Firefox 106.0
* support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1008
2022-10-18 20:10:44 +00:00
Wolfgang Rosenauer
c23a3695e5 Accepting request 1008938 from home:AndreasStieger:branches:mozilla:Factory
105.0.3

OBS-URL: https://build.opensuse.org/request/show/1008938
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1005
2022-10-09 07:54:20 +00:00
Wolfgang Rosenauer
64f10b5910 Accepting request 1008280 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 105.0.2

OBS-URL: https://build.opensuse.org/request/show/1008280
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1004
2022-10-06 07:14:45 +00:00
Wolfgang Rosenauer
e19b31cbfd - Mozilla Firefox 104.0.2 (boo#1203177)
https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
  * Fixed a bug making it impossible to use touch or a stylus to
    drag the scrollbar on pages (bmo#1787361)
  * Fixed an issue causing some users to crash in out-of-memory
    conditions (bmo#1774155)
  * Fixed an issue that would sometimes affect video & audio playback
    when loaded via a cross-origin iframe src attribute (bmo#1781759)
  * Fixed an issue that would sometimes affect video & audio playback
    when served with Content-Security-Policy: sandbox (bmo#1781063)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1000
2022-09-07 06:58:25 +00:00
Wolfgang Rosenauer
c37c6eba55 - Mozilla Firefox 104.0.1
* Addresses an issue with Youtube video playback that was
    affecting some users (boo#1203003)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=999
2022-09-01 07:15:39 +00:00
Wolfgang Rosenauer
342949cc96 - Mozilla Firefox 104.0
* https://www.mozilla.org/en-US/firefox/104.0/releasenotes
  MFSA 2022-33 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38474 (bmo#1719511)
    Recording notification not shown when microphone was
    recording on Android
  * CVE-2022-38475 (bmo#1773266)
    Attacker could write a value to a zero-length array
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
    and Firefox ESR 91.13
- requires
  NSPR 4.34.1
  NSS 3.81
  rust 1.62

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=997
2022-08-26 06:35:29 +00:00
Wolfgang Rosenauer
f68ada67a5 - Mozilla Firefox 103.0.2
* Fixed menu shortcuts for users of the JAWS screen reader
  * Fixed an occasional non-overridable certificate error when
    accessing device configuration pages

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=993
2022-08-10 11:39:04 +00:00
Wolfgang Rosenauer
c00fa5c822 - Mozilla Firefox 103.0.1
* Enabled hardware acceleration on newer AMD cards.
  * Fixed a crash on Firefox shutdown caused by a bug in the
    audio manager

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=989
2022-08-01 13:53:08 +00:00
Wolfgang Rosenauer
9fb88935cc - Mozilla Firefox 103.0
https://www.mozilla.org/en-US/firefox/103.0/releasenotes
  MFSA 2022-28 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36317 (bmo#1759951)
    Long URL would hang Firefox for Android
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL
    parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-36315 (bmo#1762520)
    Preload Cache Bypasses Subresource Integrity
  * CVE-2022-36316 (bmo#1768583)
    Performance API leaked whether a cross-site resource is
    redirecting
  * CVE-2022-36320 (bmo#1759794, bmo#1760998)
    Memory safety bugs fixed in Firefox 103
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Firefox 103 and 102.1
- requires
  NSS >= 3.80
  rust = 1.61
  rust-cbindgen >= 0.24.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=988
2022-07-27 12:29:45 +00:00
Wolfgang Rosenauer
9327edeba7 Accepting request 987273 from home:AndreasStieger:branches:mozilla:Factory
102.0.1

OBS-URL: https://build.opensuse.org/request/show/987273
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=984
2022-07-06 19:44:48 +00:00
Wolfgang Rosenauer
a756387aa3 - Firefox 102.0
* You can now disable automatic opening of the download panel
    every time a new download starts
  * Firefox now mitigates query parameter tracking when navigating
    sites in ETP strict mode
  * Improved security by moving audio decoding into a separate
    process with stricter sandboxing, thus improving process isolation
  * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
  MFSA 2022-24 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-34482 (bmo#845880)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34483 (bmo#1335845)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34476 (bmo#1387919)
    ASN.1 parser could have been tricked into accepting malformed ASN.1
  * CVE-2022-34481 (bmo#1483699, bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-34474 (bmo#1677138)
    Sandboxed iframes could redirect to external schemes
  * CVE-2022-34469 (bmo#1721220)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=983
2022-06-29 07:44:18 +00:00
Wolfgang Rosenauer
f85c2ce39f Accepting request 982080 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 101.0.1

OBS-URL: https://build.opensuse.org/request/show/982080
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=981
2022-06-10 21:00:05 +00:00
Wolfgang Rosenauer
1ec6880184 - Mozilla Firefox 101.0
* Reading is now easier with the prefers-contrast media query,
    which allows sites to detect if the user has requested that web
    content is presented with a higher (or lower) contrast
  * All non-configured MIME types can now be assigned a custom
    action upon download completion
  * allows users to use as many microphones as you want, at the
    same time, during video conferencing. The most exciting benefit
    is that you can easily switch your microphones at any time
    (if your conferencing service provider enables this flexibility)
  MFSA 2022-20 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of allowCredential
    entries may have leaked cross-origin information
  * CVE-2022-31743 (bmo#1747388)
    HTML Parsing incorrectly ended HTML comments prematurely
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=979
2022-05-31 21:18:50 +00:00
Wolfgang Rosenauer
9498fa4a6a - Mozilla Firefox 100.0.2
MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=977
2022-05-20 15:13:51 +00:00
Wolfgang Rosenauer
b2497b835b Accepting request 978002 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 100.0.1

OBS-URL: https://build.opensuse.org/request/show/978002
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=976
2022-05-18 20:54:37 +00:00
Wolfgang Rosenauer
67ec5338d7 - Mozilla Firefox 100.0
* subtitle support in PiP
  * spell checking supports multiple languages in parallel
  * more details here
    https://www.mozilla.org/en-US/firefox/100.0/releasenotes
  MFSA 2022-16 (boo#1198970)
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe Sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29910 (bmo#1757138)
    Firefox for Android forgot HTTP Strict Transport Security
    settings
  * CVE-2022-29915 (bmo#1751678)
    Leaking cross-origin redirect through the Performance API
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620, bmo#1764778)
    Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
  * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
    bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
    bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
    Memory safety bugs fixed in Firefox 100
- requires NSS 3.77

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=974
2022-05-04 06:26:46 +00:00
Wolfgang Rosenauer
add9b31d7d Accepting request 969555 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 99.0.1

OBS-URL: https://build.opensuse.org/request/show/969555
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=972
2022-04-12 21:29:52 +00:00
Wolfgang Rosenauer
da3e0c974f - Mozilla Firefox 99.0
* You can now toggle Narrate in ReaderMode with the keyboard
    shortcut "n."
  * You can find added support for search—with or without
    diacritics—in the PDF viewer.
  * The Linux sandbox has been strengthened: processes exposed to web
    content no longer have access to the X Window system (X11).
  * Firefox now supports credit card autofill and capture in
    Germany and France.
  MFSA 2022-13 (bsc#1197903)
  * CVE-2022-1097 (bmo#1745667)
    Use-after-free in NSSToken objects
  * CVE-2022-28281 (bmo#1755621)
    Out of bounds write due to unexpected WebAuthN Extensions
  * CVE-2022-28282 (bmo#1751609)
    Use-after-free in DocumentL10n::TranslateDocument
  * CVE-2022-28283 (bmo#1754066)
    Missing security checks for fetching sourceMapURL
  * CVE-2022-28284 (bmo#1754522)
    Script could be executed via svg's use element
  * CVE-2022-28285 (bmo#1756957)
    Incorrect AliasSet used in JIT Codegen
  * CVE-2022-28286 (bmo#1735265)
    iframe contents could be rendered outside the border
  * CVE-2022-28287 (bmo#1741515)
    Text Selection could crash Firefox
  * CVE-2022-24713 (bmo#1758509)
    Denial of Service via complex regular expressions
  * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
    bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=970
2022-04-05 20:51:21 +00:00
Wolfgang Rosenauer
9ce6769347 Accepting request 964729 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 98.0.2

OBS-URL: https://build.opensuse.org/request/show/964729
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=968
2022-03-24 22:14:52 +00:00
Wolfgang Rosenauer
b0ba7186c6 - Mozilla Firefox 98.0
* Firefox has a new optimized download flow
  * other changes as documented here
    https://www.mozilla.org/en-US/firefox/98.0/releasenotes
  MFSA 2022-10 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26382 (bmo#1741888)
    Autofill Text could be exfiltrated via side-channel attacks
  * CVE-2022-26385 (bmo#1747526)
    Use-after-free in thread shutdown
  * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
    bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
    bmo#1754508)
    Memory safety bugs fixed in Firefox 98
- requires NSS 3.75

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=961
2022-03-09 09:44:23 +00:00
Wolfgang Rosenauer
1aa3604ee4 Accepting request 955943 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 97.0.1

OBS-URL: https://build.opensuse.org/request/show/955943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=959
2022-02-18 21:48:06 +00:00
Wolfgang Rosenauer
4e431c39c0 - Mozilla Firefox 97.0
MFSA 2022-04 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during update
  * CVE-2022-22755 (bmo#1309630)
    XSL could have allowed JavaScript execution after a tab was closed
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22757 (bmo#1720098)
    Remote Agent did not prevent local websites from connecting
  * CVE-2022-22758 (bmo#1728742)
    tel: links could have sent USSD codes to the dialer on
    Firefox for Android
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22762 (bmo#1743931)
    JavaScript Dialogs could have been displayed over other
    domains on Firefox for Android
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=958
2022-02-08 14:33:04 +00:00
Wolfgang Rosenauer
f2fb960d33 - Mozilla Firefox 96.0.3 (bsc#1195230)
* Fixed an issue that allowed unexpected data to be submitted in
    some of our search telemetry (bmo#1752317)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=955
2022-01-28 15:33:21 +00:00
Wolfgang Rosenauer
68541949af Accepting request 947794 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.2

OBS-URL: https://build.opensuse.org/request/show/947794
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=953
2022-01-21 07:26:07 +00:00
Wolfgang Rosenauer
ab7bde2994 Accepting request 946472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.1 boo#1194677

OBS-URL: https://build.opensuse.org/request/show/946472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=952
2022-01-14 17:14:41 +00:00
Wolfgang Rosenauer
abe4d87b4e - Mozilla Firefox 96.0
* https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=951
2022-01-11 22:06:33 +00:00
Wolfgang Rosenauer
2942ef5aaf - Mozilla Firefox 95.0.2
* Addresses frequent crashes experienced by users with C/E/Z-Series
    "Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=950
2021-12-29 10:25:00 +00:00
Wolfgang Rosenauer
f6424d435d - Mozilla Firefox 95.0.1 (bsc#1193845)
* Fixed frequent
    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
    messages when trying to connect to various microsoft.com
    domains (bmo#1745600)
  * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
  * Fix for a frequent Windows shutdown crash (bmo#1738984)
  * Fix websites contrast issues for some Linux users with
    Dark mode set at OS level (bmo#1740518)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=948
2021-12-17 14:07:38 +00:00
Wolfgang Rosenauer
79dbc14d01 - Mozilla Firefox 95.0
* You can now move the Picture-in-Picture toggle button to the
    opposite side of the video. Simply look for the new context menu
    option Move Picture-in-Picture Toggle to Left (Right) Side.
  * To better protect Firefox users against side-channel attacks such
    as Spectre, Site Isolation is now enabled for all Firefox 95 users.
  * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
  MFSA 2021-52 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * MOZ-2021-0010 (bmo#1735852)
    Use-after-free in fullscreen objects on MacOS
  * CVE-2021-43540 (bmo#1636629)
    WebExtensions could have installed persistent ServiceWorkers
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43544 (bmo#1739934)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947
2021-12-07 21:12:25 +00:00
Wolfgang Rosenauer
4e8a9f546c Accepting request 933349 from home:AndreasStieger:branches:mozilla:Factory
94.0.2 boo#1193014

OBS-URL: https://build.opensuse.org/request/show/933349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=944
2021-11-23 22:50:02 +00:00
Wolfgang Rosenauer
e36ee00a57 Accepting request 929747 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 94.0.1

OBS-URL: https://build.opensuse.org/request/show/929747
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=943
2021-11-06 10:32:26 +00:00
Wolfgang Rosenauer
8739ae12dd - Mozilla Firefox 94.0
* https://www.mozilla.org/en-US/firefox/94.0/releasenotes
  MFSA 2021-48 (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Firefox could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0003 (bmo#1736886)
    Universal XSS in Firefox for Android via QR Code URLs
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * MOZ-2021-0004 (bmo#1659155)
    Web Extensions could access pre-redirect URL when their
    context menu was triggered by a user
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0005 (bmo#1719203)
    'Copy Image Link' context menu action could have been abused

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=942
2021-11-02 13:51:34 +00:00
Wolfgang Rosenauer
317e7b9c84 - Mozilla Firefox 93.0
* supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=936
2021-10-06 07:02:07 +00:00
Wolfgang Rosenauer
d7bcd62a7b Accepting request 921886 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 92.0.1
  * Fixed: Fixes an issue where audio playback was not working on
    some Linux systems (bmo#1730499)
  * Fixed: Fixes issues with the findbar close button on
    different operating systems (bmo#1728368)

OBS-URL: https://build.opensuse.org/request/show/921886
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=935
2021-09-27 20:21:10 +00:00
Wolfgang Rosenauer
655acc0f45 - Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to
    HTTPS using HTTPS RR as Alt-Svc headers
  * Full-range color levels are now supported for video playback on
    many systems
  MFSA 2021-38 (bsc#1190269)
  * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
    bmo#1712242, bmo#1729259)
    Handling custom intents could lead to crashes and UI spoofs
  * CVE-2021-38491 (bmo#1551886)
    Mixed-Content-Blocking was unable to check opaque origins
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
    Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
    Firefox ESR 91.1
  * CVE-2021-38494 (bmo#1723920, bmo#1725638)
    Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  (does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
  run post-build-checks everywhere again
- requires NSS 3.69.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=934
2021-09-07 19:29:05 +00:00
Wolfgang Rosenauer
b349085c8c Accepting request 914701 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 91.0.2

OBS-URL: https://build.opensuse.org/request/show/914701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=930
2021-08-28 14:28:05 +00:00
Wolfgang Rosenauer
d4f253eebc - Mozilla Firefox 91.0.1
MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=928
2021-08-18 06:41:08 +00:00
Wolfgang Rosenauer
4da575923b - Mozilla Firefox 91.0
MFSA 2021-?? (boo#1188891)
- requires
  * rustc/cargo >= 1.51
  * NSPR >= 4.32
  * NSS >= 3.68
- force-disable webrender on BE platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=926
2021-08-11 20:19:19 +00:00
Wolfgang Rosenauer
788b177a3e Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 90.0.2

OBS-URL: https://build.opensuse.org/request/show/908072
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=925
2021-07-24 09:18:43 +00:00
Wolfgang Rosenauer
8b6bd667de Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory
90.0.1

OBS-URL: https://build.opensuse.org/request/show/907190
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=923
2021-07-19 21:56:47 +00:00
Wolfgang Rosenauer
1ef79265b6 - Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=922
2021-07-15 21:12:05 +00:00
Wolfgang Rosenauer
ab800db342 Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 89.0.1 (boo#1187648):
  * Fixed: Fix occasional hangs with Software WebRender on Linux
    (bmo#1708224)

OBS-URL: https://build.opensuse.org/request/show/901577
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=919
2021-06-23 19:56:32 +00:00
Wolfgang Rosenauer
537d85fe11 Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 89.0.1

OBS-URL: https://build.opensuse.org/request/show/900942
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=918
2021-06-19 15:20:27 +00:00