------------------------------------------------------------------
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
OBS-URL: https://build.opensuse.org/request/show/1190457
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=433
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1166
- Mozilla Firefox 128.0
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
OBS-URL: https://build.opensuse.org/request/show/1187677
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=431
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1162
- Mozilla Firefox 127.0.2
* Fixed an issue where YouTube playback may experience stalling under
certain conditions (bmo#1900191, bmo#1878510).
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
the primary password prompt (bmo#1901899).
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
to true were experiencing slow audio speeds (bmo#1900972).
* Fixed an issue where, in some circumstances, the Firefox installer
on Windows failed to complete the installation (bmo#1896868).
* Fixed an issue causing Firefox to incorrectly reject cookies
for certain websites (bmo#1901325).
- Fix GNOME search provider (boo#1225278)
OBS-URL: https://build.opensuse.org/request/show/1185336
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=430
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
* Fixed an issue where, in some circumstances, the Firefox installer
* Fixed an issue causing Firefox to incorrectly reject cookies
- Fix GNOME search provider (boo#1225278)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1160
- Mozilla Firefox 127.0.2
* Fixed an issue where YouTube playback may experience stalling under
certain conditions (bmo#1900191, bmo#1878510).
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
the primary password prompt (bmo#1901899).
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
to true were experiencing slow audio speeds (bmo#1900972).
* Fixed an issue where, in some circumstances, the Firefox installer
on Windows failed to complete the installation (bmo#1896868).
* Fixed an issue causing Firefox to incorrectly reject cookies
for certain websites (bmo#1901325).
OBS-URL: https://build.opensuse.org/request/show/1184300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1159
- Mozilla Firefox 127.0
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
OBS-URL: https://build.opensuse.org/request/show/1180696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=429
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
- Mozilla Firefox 126.0.1
* Fixed an issue with reading tagged PDF documents in a screen reader
bmo#1894849
* Fixed not displaying localized text for non-en-US locales in the
Crash Reporter dialog box on macOS. (bmo#1896097)
* Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
* Fixed an issue causing high GPU memory usage on certain versions
of AMD cards. (bmo#1897006)
- Backport upstream patches to fix build on aarch64 - boo#1225460
* mozilla-bmo1886378.patch
OBS-URL: https://build.opensuse.org/request/show/1177453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=428
* Fixed an issue with reading tagged PDF documents in a screen reader
bmo#1894849
* Fixed not displaying localized text for non-en-US locales in the
Crash Reporter dialog box on macOS. (bmo#1896097)
* Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
* Fixed an issue causing high GPU memory usage on certain versions
of AMD cards. (bmo#1897006)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1153
- Mozilla Firefox 126.0
https://www.mozilla.org/en-US/firefox/126.0/releasenotes
MFSA 2024-21 (bsc#1224056)
* CVE-2024-4764 (bmo#1879093)
Use-after-free when audio input connected with multiple consumers
* CVE-2024-4367 (bmo#1893645)
Arbitrary JavaScript execution in PDF.js
* CVE-2024-4765 (bmo#1871109)
Web application manifests could have been overwritten via
hash collision
* CVE-2024-4766 (bmo#1871214, bmo#1871217)
Fullscreen notification could have been obscured on Firefox
for Android
* CVE-2024-4767 (bmo#1878577)
IndexedDB files retained in private browsing mode
* CVE-2024-4768 (bmo#1886082)
Potential permissions request bypass via clickjacking
* CVE-2024-4769 (bmo#1886108)
Cross-origin responses could be distinguished between script
and non-script content-types
* CVE-2024-4770 (bmo#1893270)
Use-after-free could occur when printing to PDF
* CVE-2024-4771 (bmo#1893891)
Failed allocation could lead to use-after-free
* CVE-2024-4772 (bmo#1870579)
Use of insecure rand() function to generate nonce
* CVE-2024-4773 (bmo#1875248)
URL bar could be cleared after network error
* CVE-2024-4774 (bmo#1886598)
Undefined behavior in ShmemCharMapHashEntry()
OBS-URL: https://build.opensuse.org/request/show/1175472
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=427
https://www.mozilla.org/en-US/firefox/126.0/releasenotes
MFSA 2024-21 (bsc#1224056)
* CVE-2024-4764 (bmo#1879093)
Use-after-free when audio input connected with multiple consumers
* CVE-2024-4367 (bmo#1893645)
Arbitrary JavaScript execution in PDF.js
* CVE-2024-4765 (bmo#1871109)
Web application manifests could have been overwritten via
hash collision
* CVE-2024-4766 (bmo#1871214, bmo#1871217)
Fullscreen notification could have been obscured on Firefox
for Android
* CVE-2024-4767 (bmo#1878577)
IndexedDB files retained in private browsing mode
* CVE-2024-4768 (bmo#1886082)
Potential permissions request bypass via clickjacking
* CVE-2024-4769 (bmo#1886108)
Cross-origin responses could be distinguished between script
and non-script content-types
* CVE-2024-4770 (bmo#1893270)
Use-after-free could occur when printing to PDF
* CVE-2024-4771 (bmo#1893891)
Failed allocation could lead to use-after-free
* CVE-2024-4772 (bmo#1870579)
Use of insecure rand() function to generate nonce
* CVE-2024-4773 (bmo#1875248)
URL bar could be cleared after network error
* CVE-2024-4774 (bmo#1886598)
Undefined behavior in ShmemCharMapHashEntry()
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1150
- Mozilla Firefox 125.0.2
* The 125.0 and 125.0.1 releases were skipped due to problems with a
feature that proactively blocked downloads from potentially
untrustworthy URLs
* New: Firefox now supports the AV1 codec for Encrypted Media
Extensions (EME), enabling higher-quality playback from video
streaming providers
* New: The Firefox PDF viewer now supports text highlighting.
* New: Firefox View now displays pinned tabs in the Open tabs
section. Tab indicators have also been added to Open tabs, so
users can do things like see which tabs are playing media and
quickly mute or unmute across windows. Indicators were also
added for bookmarks, tabs with notifications, and more!
their addresses upon submitting an address form, allowing
Firefox to autofill stored address information in the future.
* New: The URL Paste Suggestion feature provides a convenient
way for users to quickly visit URLs copied to the clipboard
in the address bar of Firefox. When the clipboard contains a
URL and the URL bar is focused, an autocomplete result
appears automatically. Activating the clipboard suggestion
will navigate the user to the URL with 1 click.
* New: Users of tab-specific Container add-ons can now search
in the Address Bar for tabs that are open in different
containers. Special thanks to volunteer contributor atararx
for kicking off the work on this feature!
* New: Firefox now provides an option to enable Web Proxy Auto-
Discovery (WPAD) while configured to use system proxy
settings.
* Changed: In a group of radio buttons where no option is
selected, the tab key now only reaches the first option
OBS-URL: https://build.opensuse.org/request/show/1169983
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=425
feature that proactively blocked downloads from potentially
untrustworthy URLs
Use-after-free if garbage collection runs during realm initialization
Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
Download Protections were bypassed by .xrm-ms files on Windows
* CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359, bmo#1889049)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1146
be unable to restore a bookmarks backup. (bmo#1884308)
* Fixed an issue that would cause open Firefox windows
Netflix. (bmo#1883932)
* Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
* Fixed an issue where some users experienced difficulties loading
webpages due to changes made to the default AppArmor configuration
shipping in Ubuntu 24.04. (bmo#1884347)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1143
- Mozilla Firefox 124.0.1
https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
MFSA 2024-15 (bsc#1221850)
* CVE-2024-29943 (bmo#1886849)
Out-of-bounds access via Range Analysis bypass
* CVE-2024-29944 (bmo#1886852)
Privileged JavaScript Execution via Event Handlers
Mozilla Firefox 124.0
https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
MFSA 2024-12 (bsc#1221327)
* CVE-2024-2605 (bmo#1872920)
Windows Error Reporter could be used as a Sandbox escape vector
* CVE-2024-2606 (bmo#1879237)
Mishandling of WASM register values
* CVE-2024-2607 (bmo#1879939)
JIT code failed to save return registers on Armv7-A
* CVE-2024-2608 (bmo#1880692)
Integer overflow could have led to out of bounds write
* CVE-2023-5388 (bmo#1780432)
NSS susceptible to timing attack against RSA decryption
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-2610 (bmo#1871112)
Improper handling of html and body tags enabled CSP nonce leakage
* CVE-2024-2611 (bmo#1876675)
Clickjacking vulnerability could have led to a user accidentally
granting permissions
* CVE-2024-2612 (bmo#1879444)
Self referencing object could have potentially led to a use-
after-free
OBS-URL: https://build.opensuse.org/request/show/1160726
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=423
https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
MFSA 2024-15 (bsc#1221850)
* CVE-2024-29943 (bmo#1886849)
Out-of-bounds access via Range Analysis bypass
* CVE-2024-29944 (bmo#1886852)
Privileged JavaScript Execution via Event Handlers
Mozilla Firefox 124.0
https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
MFSA 2024-12 (bsc#1221327)
* CVE-2024-2605 (bmo#1872920)
Windows Error Reporter could be used as a Sandbox escape vector
* CVE-2024-2606 (bmo#1879237)
Mishandling of WASM register values
* CVE-2024-2607 (bmo#1879939)
JIT code failed to save return registers on Armv7-A
* CVE-2024-2608 (bmo#1880692)
Integer overflow could have led to out of bounds write
* CVE-2023-5388 (bmo#1780432)
NSS susceptible to timing attack against RSA decryption
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-2610 (bmo#1871112)
Improper handling of html and body tags enabled CSP nonce leakage
* CVE-2024-2611 (bmo#1876675)
Clickjacking vulnerability could have led to a user accidentally
granting permissions
* CVE-2024-2612 (bmo#1879444)
Self referencing object could have potentially led to a use-
after-free
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1140
- Mozilla Firefox 123.0
https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
MFSA 2024-05 (bsc#1220048)
* CVE-2024-1546 (bmo#1843752)
Out-of-bounds memory read in networking channels
* CVE-2024-1547 (bmo#1877879)
Alert dialog could have been spoofed on another site
* CVE-2024-1554 (bmo#1816390)
fetch could be used to effect cache poisoning
* CVE-2024-1548 (bmo#1832627)
Fullscreen Notification could have been hidden by select element
* CVE-2024-1549 (bmo#1833814)
Custom cursor could obscure the permission dialog
* CVE-2024-1550 (bmo#1860065)
Mouse cursor re-positioned unexpectedly could have led to
unintended permission grants
* CVE-2024-1551 (bmo#1864385)
Multipart HTTP Responses would accept the Set-Cookie header
in response parts
* CVE-2024-1555 (bmo#1873223)
SameSite cookies were not properly respected when opening a
website from an external browser
* CVE-2024-1556 (bmo#1870414)
Invalid memory access in the built-in profiler
* CVE-2024-1552 (bmo#1874502)
Incorrect code generation on 32-bit ARM devices
* CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
bmo#1878286)
OBS-URL: https://build.opensuse.org/request/show/1150527
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=421
https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
MFSA 2024-05 (bsc#1220048)
* CVE-2024-1546 (bmo#1843752)
Out-of-bounds memory read in networking channels
* CVE-2024-1547 (bmo#1877879)
Alert dialog could have been spoofed on another site
* CVE-2024-1554 (bmo#1816390)
fetch could be used to effect cache poisoning
* CVE-2024-1548 (bmo#1832627)
Fullscreen Notification could have been hidden by select element
* CVE-2024-1549 (bmo#1833814)
Custom cursor could obscure the permission dialog
* CVE-2024-1550 (bmo#1860065)
Mouse cursor re-positioned unexpectedly could have led to
unintended permission grants
* CVE-2024-1551 (bmo#1864385)
Multipart HTTP Responses would accept the Set-Cookie header
in response parts
* CVE-2024-1555 (bmo#1873223)
SameSite cookies were not properly respected when opening a
website from an external browser
* CVE-2024-1556 (bmo#1870414)
Invalid memory access in the built-in profiler
* CVE-2024-1552 (bmo#1874502)
Incorrect code generation on 32-bit ARM devices
* CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
bmo#1878286)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1136
- Mozilla Firefox 122.0
https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
MFSA 2024-01 (bsc#1218955)
* CVE-2024-0741 (bmo#1864587)
Out of bounds write in ANGLE
* CVE-2024-0742 (bmo#1867152)
Failure to update user input timestamp
* CVE-2024-0743 (bmo#1867408)
Crash in NSS TLS method
* CVE-2024-0744 (bmo#1871089)
Wild pointer dereference in JavaScript
* CVE-2024-0745 (bmo#1871838)
Stack buffer overflow in WebAudio
* CVE-2024-0746 (bmo#1660223)
Crash when listing printers on Linux
* CVE-2024-0747 (bmo#1764343)
Bypass of Content Security Policy when directive unsafe-inline was set
* CVE-2024-0748 (bmo#1783504)
Compromised content process could modify document URI
* CVE-2024-0749 (bmo#1813463)
Phishing site popup could show local origin in address bar
* CVE-2024-0750 (bmo#1863083)
Potential permissions request bypass via clickjacking
* CVE-2024-0751 (bmo#1865689)
Privilege escalation through devtools
* CVE-2024-0752 (bmo#1866840)
Use-after-free could occur when applying update on macOS
* CVE-2024-0753 (bmo#1870262)
HSTS policy on subdomain could bypass policy of upper domain
* CVE-2024-0754 (bmo#1871605)
OBS-URL: https://build.opensuse.org/request/show/1141490
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=417
https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
MFSA 2024-01 (bsc#1218955)
* CVE-2024-0741 (bmo#1864587)
Out of bounds write in ANGLE
* CVE-2024-0742 (bmo#1867152)
Failure to update user input timestamp
* CVE-2024-0743 (bmo#1867408)
Crash in NSS TLS method
* CVE-2024-0744 (bmo#1871089)
Wild pointer dereference in JavaScript
* CVE-2024-0745 (bmo#1871838)
Stack buffer overflow in WebAudio
* CVE-2024-0746 (bmo#1660223)
Crash when listing printers on Linux
* CVE-2024-0747 (bmo#1764343)
Bypass of Content Security Policy when directive unsafe-inline was set
* CVE-2024-0748 (bmo#1783504)
Compromised content process could modify document URI
* CVE-2024-0749 (bmo#1813463)
Phishing site popup could show local origin in address bar
* CVE-2024-0750 (bmo#1863083)
Potential permissions request bypass via clickjacking
* CVE-2024-0751 (bmo#1865689)
Privilege escalation through devtools
* CVE-2024-0752 (bmo#1866840)
Use-after-free could occur when applying update on macOS
* CVE-2024-0753 (bmo#1870262)
HSTS policy on subdomain could bypass policy of upper domain
* CVE-2024-0754 (bmo#1871605)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1128
