- Mozilla Firefox 108.0.1 (boo#1206507)
* Fixes the default search engine being reset on upgrade for
profiles which were previously copied from a different location
- Mozilla Firefox 108.0
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
MFSA 2022-51 (bsc#1206242)
* CVE-2022-46871 (bmo#1795697)
libusrsctp library out of date
* CVE-2022-46872 (bmo#1799156)
Arbitrary file read from a compromised content process
* CVE-2022-46873 (bmo#1644790)
Firefox did not implement the CSP directive unsafe-hashes
* CVE-2022-46874 (bmo#1746139)
Drag and Dropped Filenames could have been truncated to
malicious extensions
* CVE-2022-46875 (bmo#1786188)
Download Protections were bypassed by .atloc and .ftploc
files on Mac OS
* CVE-2022-46877 (bmo#1795139)
Fullscreen notification bypass
* CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
bmo#1801102, bmo#1801315, bmo#1802395)
Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
* CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
Memory safety bugs fixed in Firefox 108
- requires
NSS >= 3.85
rustc/cargo 1.65
OBS-URL: https://build.opensuse.org/request/show/1043934
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=384
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
MFSA 2022-51 (bsc#1206242)
* CVE-2022-46871 (bmo#1795697)
libusrsctp library out of date
* CVE-2022-46872 (bmo#1799156)
Arbitrary file read from a compromised content process
* CVE-2022-46873 (bmo#1644790)
Firefox did not implement the CSP directive unsafe-hashes
* CVE-2022-46874 (bmo#1746139)
Drag and Dropped Filenames could have been truncated to
malicious extensions
* CVE-2022-46875 (bmo#1786188)
Download Protections were bypassed by .atloc and .ftploc
files on Mac OS
* CVE-2022-46877 (bmo#1795139)
Fullscreen notification bypass
* CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
bmo#1801102, bmo#1801315, bmo#1802395)
Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
* CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
Memory safety bugs fixed in Firefox 108
- requires
NSS >= 3.85
rustc/cargo 1.65
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1024
- Mozilla Firefox 107.0
MFSA 2022-47 (bsc#1205270)
* CVE-2022-45403 (bmo#1762078)
Service Workers might have learned size of cross-origin media files
* CVE-2022-45404 (bmo#1790815)
Fullscreen notification bypass
* CVE-2022-45405 (bmo#1791314)
Use-after-free in InputStream implementation
* CVE-2022-45406 (bmo#1791975)
Use-after-free of a JavaScript Realm
* CVE-2022-45407 (bmo#1793314)
Loading fonts on workers was not thread-safe
* CVE-2022-45408 (bmo#1793829)
Fullscreen notification bypass via windowName
* CVE-2022-45409 (bmo#1796901)
Use-after-free in Garbage Collection
* CVE-2022-45410 (bmo#1658869)
ServiceWorker-intercepted requests bypassed SameSite cookie policy
* CVE-2022-45411 (bmo#1790311)
Cross-Site Tracing was possible via non-standard override headers
* CVE-2022-45412 (bmo#1791029)
Symlinks may resolve to partially uninitialized buffers
* CVE-2022-45413 (bmo#1791201)
SameSite=Strict cookies could have been sent cross-site via
intent URLs
* CVE-2022-40674 (bmo#1791598)
Use-after-free vulnerability in expat
* CVE-2022-45415 (bmo#1793551)
Downloaded file may have been saved with malicious extension
* CVE-2022-45416 (bmo#1793676)
OBS-URL: https://build.opensuse.org/request/show/1036230
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=382
MFSA 2022-47 (bsc#1205270)
* CVE-2022-45403 (bmo#1762078)
Service Workers might have learned size of cross-origin media files
* CVE-2022-45404 (bmo#1790815)
Fullscreen notification bypass
* CVE-2022-45405 (bmo#1791314)
Use-after-free in InputStream implementation
* CVE-2022-45406 (bmo#1791975)
Use-after-free of a JavaScript Realm
* CVE-2022-45407 (bmo#1793314)
Loading fonts on workers was not thread-safe
* CVE-2022-45408 (bmo#1793829)
Fullscreen notification bypass via windowName
* CVE-2022-45409 (bmo#1796901)
Use-after-free in Garbage Collection
* CVE-2022-45410 (bmo#1658869)
ServiceWorker-intercepted requests bypassed SameSite cookie policy
* CVE-2022-45411 (bmo#1790311)
Cross-Site Tracing was possible via non-standard override headers
* CVE-2022-45412 (bmo#1791029)
Symlinks may resolve to partially uninitialized buffers
* CVE-2022-45413 (bmo#1791201)
SameSite=Strict cookies could have been sent cross-site via
intent URLs
* CVE-2022-40674 (bmo#1791598)
Use-after-free vulnerability in expat
* CVE-2022-45415 (bmo#1793551)
Downloaded file may have been saved with malicious extension
* CVE-2022-45416 (bmo#1793676)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1019
* Fix missing content on some PDF forms (bmo#1794351)
* Fix column width for the Notification sub-panel in Settings
(bmo#1793558)
* Fix a browser freeze with accessibility enabled on some sites
such as the Proxmox Web UI (bmo#1793748)
* Fix page reloading not working with Firefox View and not
refreshing synced data (bmo#1792680, bmo#1794474)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1013
i686 and aarch64 should be fixed. No idea for ppc64le
- Mozilla Firefox 106.0
* support editing of PDFs
* introduced Firefox View
* major WebRTC update
- Better screen sharing for Windows and Linux Wayland users
- RTP performance and reliability improvements
- Richer statistics
- Cross-browser and service compatibility improvements
* detailed releasenotes
https://www.mozilla.org/en-US/firefox/106.0/releasenotes
MFSA 2022-44 (bsc#1204421)
* CVE-2022-42927 (bmo#1789128)
Same-origin policy violation could have leaked cross-origin URLs
* CVE-2022-42928 (bmo#1791520)
Memory Corruption in JS Engine
* CVE-2022-42929 (bmo#1789439)
Denial of Service via window.print
* CVE-2022-42930 (bmo#1789503)
Race condition in DOM Workers
* CVE-2022-42931 (bmo#1780571)
Username saved to a plaintext file on disk
* CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
Memory safety bugs fixed in Firefox
- added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
as it was extended with changes for other archs
OBS-URL: https://build.opensuse.org/request/show/1030290
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=377
* support editing of PDFs
* introduced Firefox View
* major WebRTC update
- Better screen sharing for Windows and Linux Wayland users
- RTP performance and reliability improvements
- Richer statistics
- Cross-browser and service compatibility improvements
* detailed releasenotes
https://www.mozilla.org/en-US/firefox/106.0/releasenotes
MFSA 2022-44 (bsc#1204421)
* CVE-2022-42927 (bmo#1789128)
Same-origin policy violation could have leaked cross-origin URLs
* CVE-2022-42928 (bmo#1791520)
Memory Corruption in JS Engine
* CVE-2022-42929 (bmo#1789439)
Denial of Service via window.print
* CVE-2022-42930 (bmo#1789503)
Race condition in DOM Workers
* CVE-2022-42931 (bmo#1780571)
Username saved to a plaintext file on disk
* CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
Memory safety bugs fixed in Firefox
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1008
- Mozilla Firefox 105.0.3:
* Fixes for other platforms
- Mozilla Firefox 105.0.2:
* Fixed poor contrast on various menu items with certain
themes on Linux systems (bmo#1792063)
* Fixed the scrollbar appearing on the wrong side of
`select` elements in right-to-left locales (bmo#1791219)
* Fixed a possible deadlock when loading some sites in
Troubleshoot Mode (bmo#1786259)
* Fixed a bug causing some dynamic appearance changes to
not appear when expected (bmo#1786521)
* Fixed a bug causing theme styling to not be properly applied
to sidebars for some add-ons in Private Browsing Mode
(bmo#1787543)
- Mozilla Firefox 105.0.1
* Reverted focus behavior for new windows back to the content
area instead of the address bar (bmo#1784692)
- added mozilla-i686-build.patch to avoid using avx2
- Mozilla Firefox 105.0
https://www.mozilla.org/en-US/firefox/105.0/releasenotes
MFSA 2022-40 (bsc#1203477)
* CVE-2022-40959 (bmo#1782211)
Bypassing FeaturePolicy restrictions on transient pages
* CVE-2022-40960 (bmo#1787633)
Data-race when parsing non-UTF-8 URLs in threads
* CVE-2022-40958 (bmo#1779993)
Bypassing Secure Context restriction for cookies with __Host
OBS-URL: https://build.opensuse.org/request/show/1009258
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=376
- Mozilla Firefox 104.0.2 (boo#1203177)
https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
* Fixed a bug making it impossible to use touch or a stylus to
drag the scrollbar on pages (bmo#1787361)
* Fixed an issue causing some users to crash in out-of-memory
conditions (bmo#1774155)
* Fixed an issue that would sometimes affect video & audio playback
when loaded via a cross-origin iframe src attribute (bmo#1781759)
* Fixed an issue that would sometimes affect video & audio playback
when served with Content-Security-Policy: sandbox (bmo#1781063)
- Mozilla Firefox 104.0.1
* Addresses an issue with Youtube video playback that was
affecting some users (boo#1203003)
OBS-URL: https://build.opensuse.org/request/show/1001583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=374
https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
* Fixed a bug making it impossible to use touch or a stylus to
drag the scrollbar on pages (bmo#1787361)
* Fixed an issue causing some users to crash in out-of-memory
conditions (bmo#1774155)
* Fixed an issue that would sometimes affect video & audio playback
when loaded via a cross-origin iframe src attribute (bmo#1781759)
* Fixed an issue that would sometimes affect video & audio playback
when served with Content-Security-Policy: sandbox (bmo#1781063)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1000
- Firefox 102.0.1:
* Fixed: Fixed bookmarks sidebar flashing white when opened in
dark mode (bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with
content in both English and a non-Latin alphabet
(bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last
visible message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is
closed* checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
- Firefox 102.0
* You can now disable automatic opening of the download panel
every time a new download starts
* Firefox now mitigates query parameter tracking when navigating
sites in ETP strict mode
* Improved security by moving audio decoding into a separate
process with stricter sandboxing, thus improving process isolation
* https://www.mozilla.org/en-US/firefox/102.0/releasenotes
MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
OBS-URL: https://build.opensuse.org/request/show/988096
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=369
* You can now disable automatic opening of the download panel
every time a new download starts
* Firefox now mitigates query parameter tracking when navigating
sites in ETP strict mode
* Improved security by moving audio decoding into a separate
process with stricter sandboxing, thus improving process isolation
* https://www.mozilla.org/en-US/firefox/102.0/releasenotes
MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34483 (bmo#1335845)
Drag and drop of malicious image could have led to malicious
executable and potential code execution
* CVE-2022-34476 (bmo#1387919)
ASN.1 parser could have been tricked into accepting malformed ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246)
Potential integer overflow in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138)
Sandboxed iframes could redirect to external schemes
* CVE-2022-34469 (bmo#1721220)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=983