1
0
Commit Graph

1092 Commits

Author SHA256 Message Date
Dominique Leuenberger
258ef68e59 Accepting request 1078521 from mozilla:Factory
- Mozilla Firefox 112.0
  * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
  MFSA 2023-13 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
    bmo#1821906, bmo#1822298, bmo#1822305)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
    Data Races in font initialization code
  * CVE-2023-29538 (bmo#1685403)
    Directory information could have been leaked to WebExtensions
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29540 (bmo#1790542)
    Iframe sandbox bypass using redirects and sourceMappingUrls
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded

OBS-URL: https://build.opensuse.org/request/show/1078521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=393
2023-04-13 12:09:31 +00:00
Wolfgang Rosenauer
df4a0a1c4b - Mozilla Firefox 112.0
* https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
  MFSA 2023-13 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
    bmo#1821906, bmo#1822298, bmo#1822305)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
    Data Races in font initialization code
  * CVE-2023-29538 (bmo#1685403)
    Directory information could have been leaked to WebExtensions
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29540 (bmo#1790542)
    Iframe sandbox bypass using redirects and sourceMappingUrls
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1051
2023-04-11 21:09:55 +00:00
Dominique Leuenberger
808948fb2b Accepting request 1077029 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1077029
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=392
2023-04-04 19:17:24 +00:00
Wolfgang Rosenauer
01aefd0ce5 - exclude i586/i686 once again because it fails to link libxul due
to its size

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1049
2023-03-27 15:18:05 +00:00
Wolfgang Rosenauer
28f1396420 - Mozilla Firefox 111.0.1 (boo#1209688)
* Fixed a crash on macOS while pinch-zooming under some circumstances
    (bmo#1658986)
  * Fixed a bug causing Firefox to freeze on startup for some
    Windows users (bmo#1823159)
- fix build on Tumbleweed (mozilla-bmo1807652.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1048
2023-03-26 17:00:08 +00:00
Wolfgang Rosenauer
708d958a66 Accepting request 1072979 from home:Thaodan:branches:mozilla:Factory
Packaging cleanup
- Reomve obsolote checks that unused now
- Escape macros inside comments from dead code or plain comments
- Make -devel package noarch, it doesn't contain any architecture specific files

OBS-URL: https://build.opensuse.org/request/show/1072979
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1047
2023-03-20 07:47:31 +00:00
Wolfgang Rosenauer
38ab2454d8 - Mozilla Firefox 111.0
* https://www.mozilla.org/en-US/firefox/111.0/releasenotes
  MFSA 2023-09 (bsc#1209173)
  * CVE-2023-28159 (bmo#1783561)
    Fullscreen Notification could have been hidden by download
    popups on Android
  * CVE-2023-25748 (bmo#1798798)
    Fullscreen Notification could have been hidden by window
    prompts on Android
  * CVE-2023-25749 (bmo#1810705)
    Firefox for Android may have opened third-party apps without
    a prompt
  * CVE-2023-25750 (bmo#1814733)
    Potential ServiceWorker cache leak during private browsing mode
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28160 (bmo#1802385)
    Redirect to Web Extension files may have leaked local path
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28161 (bmo#1811181)
    One-time permissions granted to a local file were extended to
    other local files loaded in the same tab
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1046
2023-03-15 08:38:02 +00:00
Dominique Leuenberger
348a85f8c0 Accepting request 1070344 from mozilla:Factory
- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.

- Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)
- Mozilla Firefox 110.0.1 (boo#1208886)
    Digital ID in Denmark (bmo#1819096)

OBS-URL: https://build.opensuse.org/request/show/1070344
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=391
2023-03-11 17:22:13 +00:00
Dominique Leuenberger
0cc95b3368 Accepting request 1069866 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1069866
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=390
2023-03-08 13:51:33 +00:00
Wolfgang Rosenauer
7506067808 - Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)
- Mozilla Firefox 110.0.1 (boo#1208886)
    Digital ID in Denmark (bmo#1819096)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1043
2023-03-07 10:04:24 +00:00
Wolfgang Rosenauer
1886b3b7c9 Accepting request 1069880 from home:marxin:branches:mozilla:Factory
- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.

OBS-URL: https://build.opensuse.org/request/show/1069880
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1042
2023-03-07 10:01:14 +00:00
Wolfgang Rosenauer
5e3b24dd6a Accepting request 1069865 from openSUSE:Factory:RISCV
- Limit memory use on riscv64

OBS-URL: https://build.opensuse.org/request/show/1069865
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1041
2023-03-07 08:46:06 +00:00
Dominique Leuenberger
abe3bb20b2 Accepting request 1069444 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1069444
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=389
2023-03-06 17:54:05 +00:00
Wolfgang Rosenauer
4161893523 Accepting request 1069419 from home:AndreasStieger:branches:mozilla:Factory
Fix 32 bit build

OBS-URL: https://build.opensuse.org/request/show/1069419
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1039
2023-03-05 06:01:08 +00:00
Wolfgang Rosenauer
a0299253b8 Accepting request 1069272 from home:AndreasStieger:branches:mozilla:Factory
110.0.1

OBS-URL: https://build.opensuse.org/request/show/1069272
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1038
2023-03-03 22:24:28 +00:00
Wolfgang Rosenauer
8c7db35439 - Mozilla Firefox 110.0
* https://www.mozilla.org/en-US/firefox/110.0/releasenotes
  MFSA 2023-05 (bsc#1208144)
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-25743 (bmo#1800203)
    Fullscreen notification not shown in Firefox Focus
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Firefox with some
    device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25740 (bmo#1812354)
    Opening local .scf files could cause unexpected network loads
  * CVE-2023-25731 (bmo#1801542)
    Prototype pollution when rendering URLPreview

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1037
2023-02-15 21:11:31 +00:00
Dominique Leuenberger
32850f782e Accepting request 1062544 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1062544
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=388
2023-02-02 17:07:47 +00:00
Wolfgang Rosenauer
7938696dc2 Accepting request 1062535 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 109.0.1

OBS-URL: https://build.opensuse.org/request/show/1062535
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1035
2023-02-01 20:43:46 +00:00
Dominique Leuenberger
953b85891d Accepting request 1059273 from mozilla:Factory
- Mozilla Firefox 109.0
  MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)

OBS-URL: https://build.opensuse.org/request/show/1059273
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=387
2023-01-20 16:36:31 +00:00
Wolfgang Rosenauer
b45fd771cd - Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 07:21:07 +00:00
Dominique Leuenberger
30792c4d34 Accepting request 1056394 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1056394
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=386
2023-01-07 16:16:07 +00:00
Wolfgang Rosenauer
6767b9f284 Accepting request 1056391 from home:luc14n0:branches:mozilla:Factory
Update to version 108.0.2.

OBS-URL: https://build.opensuse.org/request/show/1056391
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1031
2023-01-06 12:39:34 +00:00
Dominique Leuenberger
47e33a892c Accepting request 1044163 from mozilla:Factory
- add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)

OBS-URL: https://build.opensuse.org/request/show/1044163
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=385
2022-12-23 09:20:48 +00:00
Wolfgang Rosenauer
58f0d1e270 - add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1029
2022-12-21 16:08:13 +00:00
Dominique Leuenberger
7d1196d8c6 Accepting request 1043934 from mozilla:Factory
- Mozilla Firefox 108.0.1 (boo#1206507)
  * Fixes the default search engine being reset on upgrade for
    profiles which were previously copied from a different location

- Mozilla Firefox 108.0
  https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
  MFSA 2022-51 (bsc#1206242)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46873 (bmo#1644790)
    Firefox did not implement the CSP directive unsafe-hashes
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
  * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
    bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
    Memory safety bugs fixed in Firefox 108
- requires
  NSS >= 3.85
  rustc/cargo 1.65

OBS-URL: https://build.opensuse.org/request/show/1043934
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=384
2022-12-21 15:05:48 +00:00
Wolfgang Rosenauer
1045a27659 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1027 2022-12-20 15:28:29 +00:00
Wolfgang Rosenauer
1498efd183 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1026 2022-12-20 15:27:14 +00:00
Wolfgang Rosenauer
ec5a29f477 - Mozilla Firefox 108.0.1 (boo#1206507)
* Fixes the default search engine being reset on upgrade for
    profiles which were previously copied from a different location

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1025
2022-12-20 08:04:12 +00:00
Wolfgang Rosenauer
1c9c2f3dd5 - Mozilla Firefox 108.0
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
  MFSA 2022-51 (bsc#1206242)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46873 (bmo#1644790)
    Firefox did not implement the CSP directive unsafe-hashes
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
  * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
    bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
    Memory safety bugs fixed in Firefox 108
- requires
  NSS >= 3.85
  rustc/cargo 1.65

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1024
2022-12-13 21:48:56 +00:00
Wolfgang Rosenauer
948218484d Accepting request 1041338 from home:milachew:branches:mozilla:Factory
- added translations to .desktop file.

OBS-URL: https://build.opensuse.org/request/show/1041338
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1023
2022-12-09 09:40:12 +00:00
Dominique Leuenberger
fc347e1056 Accepting request 1039406 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1039406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=383
2022-12-02 12:12:25 +00:00
Wolfgang Rosenauer
8200399c53 Accepting request 1039401 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 107.0.1

OBS-URL: https://build.opensuse.org/request/show/1039401
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1021
2022-12-01 21:39:40 +00:00
Dominique Leuenberger
9488c60e72 Accepting request 1036230 from mozilla:Factory
- Mozilla Firefox 107.0
  MFSA 2022-47 (bsc#1205270)
 * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)

OBS-URL: https://build.opensuse.org/request/show/1036230
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=382
2022-11-17 16:23:52 +00:00
Wolfgang Rosenauer
c9ea1238e9 - Mozilla Firefox 107.0
MFSA 2022-47 (bsc#1205270)
 * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1019
2022-11-16 13:36:59 +00:00
Dominique Leuenberger
091a155ca4 Accepting request 1033697 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1033697
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=381
2022-11-06 11:41:37 +00:00
Wolfgang Rosenauer
1e9f34d721 Accepting request 1033693 from home:AndreasStieger:branches:mozilla:Factory
106.0.5

OBS-URL: https://build.opensuse.org/request/show/1033693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1017
2022-11-05 16:17:24 +00:00
Dominique Leuenberger
1bb45920a5 Accepting request 1032848 from mozilla:Factory
- Mozilla Firefox 106.0.3
  * Fixes for other platforms

OBS-URL: https://build.opensuse.org/request/show/1032848
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=380
2022-11-03 18:13:16 +00:00
Wolfgang Rosenauer
383a39a2f4 - Mozilla Firefox 106.0.3
* Fixes for other platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1015
2022-11-02 07:04:04 +00:00
Dominique Leuenberger
9f69cda729 Accepting request 1031637 from mozilla:Factory
- Mozilla Firefox 106.0.2
  * Fix missing content on some PDF forms (bmo#1794351)
  * Fix column width for the Notification sub-panel in Settings
    (bmo#1793558)
  * Fix a browser freeze with accessibility enabled on some sites
    such as the Proxmox Web UI (bmo#1793748)
  * Fix page reloading not working with Firefox View and not
    refreshing synced data (bmo#1792680, bmo#1794474)

OBS-URL: https://build.opensuse.org/request/show/1031637
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=379
2022-10-28 17:29:32 +00:00
Wolfgang Rosenauer
ecb5748542 - Mozilla Firefox 106.0.2
* Fix missing content on some PDF forms (bmo#1794351)
  * Fix column width for the Notification sub-panel in Settings
    (bmo#1793558)
  * Fix a browser freeze with accessibility enabled on some sites
    such as the Proxmox Web UI (bmo#1793748)
  * Fix page reloading not working with Firefox View and not
    refreshing synced data (bmo#1792680, bmo#1794474)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1013
2022-10-27 21:08:41 +00:00
Dominique Leuenberger
2a6fdd7c5b Accepting request 1030584 from mozilla:Factory
- Mozilla Firefox 106.0.1
  * Addresses a crash experienced by users with AMD Zen 1 CPUs
    (bmo#1796126)

OBS-URL: https://build.opensuse.org/request/show/1030584
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=378
2022-10-23 14:32:45 +00:00
Wolfgang Rosenauer
521232e015 - Mozilla Firefox 106.0.1
* Addresses a crash experienced by users with AMD Zen 1 CPUs
    (bmo#1796126)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1011
2022-10-23 08:53:25 +00:00
Dominique Leuenberger
44f5500b05 Accepting request 1030290 from mozilla:Factory
i686 and aarch64 should be fixed. No idea for ppc64le

- Mozilla Firefox 106.0
  * support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox
- added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
  as it was extended with changes for other archs

OBS-URL: https://build.opensuse.org/request/show/1030290
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=377
2022-10-22 12:12:03 +00:00
Wolfgang Rosenauer
f8be38ac8b - added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
  as it was extended with changes for other archs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1009
2022-10-20 21:12:10 +00:00
Wolfgang Rosenauer
4dd806ea87 - Mozilla Firefox 106.0
* support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1008
2022-10-18 20:10:44 +00:00
Dominique Leuenberger
9c18aa5479 Accepting request 1009258 from mozilla:Factory
- Mozilla Firefox 105.0.3:
  * Fixes for other platforms

- Mozilla Firefox 105.0.2:
  * Fixed poor contrast on various menu items with certain
    themes on Linux systems (bmo#1792063)
  * Fixed the scrollbar appearing on the wrong side of
    `select` elements in right-to-left locales (bmo#1791219)
  * Fixed a possible deadlock when loading some sites in
    Troubleshoot Mode (bmo#1786259)
  * Fixed a bug causing some dynamic appearance changes to
    not appear when expected (bmo#1786521)
  * Fixed a bug causing theme styling to not be properly applied
    to sidebars for some add-ons in Private Browsing Mode
    (bmo#1787543)

- Mozilla Firefox 105.0.1
  * Reverted focus behavior for new windows back to the content
    area instead of the address bar (bmo#1784692)
- added mozilla-i686-build.patch to avoid using avx2

- Mozilla Firefox 105.0
  https://www.mozilla.org/en-US/firefox/105.0/releasenotes
  MFSA 2022-40 (bsc#1203477)
  * CVE-2022-40959 (bmo#1782211)
    Bypassing FeaturePolicy restrictions on transient pages
  * CVE-2022-40960 (bmo#1787633)
    Data-race when parsing non-UTF-8 URLs in threads
  * CVE-2022-40958 (bmo#1779993)
    Bypassing Secure Context restriction for cookies with __Host

OBS-URL: https://build.opensuse.org/request/show/1009258
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=376
2022-10-12 16:22:55 +00:00
Wolfgang Rosenauer
faf5bbda6a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1006 2022-10-09 20:45:53 +00:00
Wolfgang Rosenauer
c23a3695e5 Accepting request 1008938 from home:AndreasStieger:branches:mozilla:Factory
105.0.3

OBS-URL: https://build.opensuse.org/request/show/1008938
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1005
2022-10-09 07:54:20 +00:00
Wolfgang Rosenauer
64f10b5910 Accepting request 1008280 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 105.0.2

OBS-URL: https://build.opensuse.org/request/show/1008280
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1004
2022-10-06 07:14:45 +00:00
Dominique Leuenberger
3fffbcb70d Accepting request 1002272 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1002272
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=375
2022-09-10 18:16:51 +00:00