- Mozilla Firefox 134.0
https://www.mozilla.org/en-US/firefox/134.0/releasenotes
* Firefox now supports touchpad hold gestures on Linux. This means
that kinetic (momentum) scrolling can now be interrupted by placing
two fingers on the touchpad
* Ecosia's availability has been expanded to all languages in the
German region along with Austria, Belgium, Italy, Netherlands, Spain,
Sweden and Switzerland
MFSA 2025-01 (bsc#1234991)
* CVE-2025-0244 (bmo#1929584)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0245 (bmo#1895342)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-0246 (bmo#1912709)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
OBS-URL: https://build.opensuse.org/request/show/1236666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=445
https://www.mozilla.org/en-US/firefox/134.0/releasenotes
* Firefox now supports touchpad hold gestures on Linux. This means
that kinetic (momentum) scrolling can now be interrupted by placing
two fingers on the touchpad
* Ecosia's availability has been expanded to all languages in the
German region along with Austria, Belgium, Italy, Netherlands, Spain,
Sweden and Switzerland
MFSA 2025-01 (bsc#1234991)
* CVE-2025-0244 (bmo#1929584)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0245 (bmo#1895342)
Lock screen setting bypass in Firefox Focus for Android
* CVE-2025-0246 (bmo#1912709)
Address bar spoofing using an invalid protocol scheme on
Firefox for Android
* CVE-2025-0237 (bmo#1915257)
WebChannel APIs susceptible to confused deputy attack
* CVE-2025-0238 (bmo#1915535)
Use-after-free when breaking lines in text
* CVE-2025-0239 (bmo#1929156)
Alt-Svc ALPN validation failure when redirected
* CVE-2025-0240 (bmo#1929623)
Compartment mismatch when parsing JavaScript JSON module
* CVE-2025-0241 (bmo#1933023)
Memory corruption when using JavaScript Text Segmentation
* CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1195
- Mozilla Firefox 133.0
https://www.mozilla.org/en-US/firefox/133.0/releasenotes
MFSA 2024-63 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11700 (bmo#1836921)
Potential Tapjacking Exploit for Intent Confirmation on Android
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11701 (bmo#1914797)
Misleading Address Bar State During Navigation Interruption
* CVE-2024-11702 (bmo#1918884)
Inadequate Clipboard Protection in Private Browsing Mode on
Android
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11703 (bmo#1928779)
Password access without authentication via PIN bypass on Android
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11704 (bmo#1899402)
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
* CVE-2024-11698 (bmo#1916152)
OBS-URL: https://build.opensuse.org/request/show/1226801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=443
https://www.mozilla.org/en-US/firefox/133.0/releasenotes
MFSA 2024-63 (bsc#1233695)
* CVE-2024-11691 (bmo#1914707, bmo#1924184)
Memory corruption in Apple GPU drivers
* CVE-2024-11700 (bmo#1836921)
Potential Tapjacking Exploit for Intent Confirmation on Android
* CVE-2024-11692 (bmo#1909535)
Select list elements could be shown over another site
* CVE-2024-11701 (bmo#1914797)
Misleading Address Bar State During Navigation Interruption
* CVE-2024-11702 (bmo#1918884)
Inadequate Clipboard Protection in Private Browsing Mode on
Android
* CVE-2024-11693 (bmo#1921458)
Download Protections were bypassed by .library-ms files on
Windows
* CVE-2024-11694 (bmo#1924167)
CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 (bmo#1925496)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11703 (bmo#1928779)
Password access without authentication via PIN bypass on Android
* CVE-2024-11696 (bmo#1929600)
Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 (bmo#1842187)
Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11704 (bmo#1899402)
Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
* CVE-2024-11698 (bmo#1916152)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1191
* CVE-2018-12371 (bmo#1465686)
* modifies the crash protection feature to increase the amount
of time that plugins are allowed to be non-responsive before
* firefox-bug506901.patch
- improve UI colors to be usable with dark themes at all
- added KDE integration patch from llunak@novell.com
(firefox-kde.patch)
* support for knotify, making -kde4-addon obsolete
especially KDE integration:
* added the ability to set the KDE default browser
* MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading
* MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via
* MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method
* MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with
evidence of memory corruption (rv:1.9.0.6) (bmo#452913,
* Make sure the search bar is not put back when resetting the
- Update to stability/security release 3.0.1 (bnc#407573)
+ MFSA 2008-35 Command-line URLs launch multiple tabs when
- Set browser.shell.checkDefaultBrowser to true (bnc#404119)
- fix hardlinks accross partitions
- move last change a bit further in specfile
- Mark a .png file as nonexecutable.
* MFSA 2007-26 Privilege escalation through chrome-loaded
- Fixes bnc #295677
- added unzip to BuildRequires
- updated tango theme
Resuming your browsing session, Previewing and subscribing
Improved Add-ons manager, JavaScript 1.7, Extended search
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1190
- Mozilla Firefox 132.0.2
* Fixed possible errors when playing encrypted media content
through some streaming providers. (bmo#1929491)
* Added a mitigation to help reduce the frequency of duplicated
push notifications reported by some users. (bmo#1928868)
* Fixed hangs when printing from some sites when using the system
print dialog. (bmo#1898184)
* Fixed a crash which could occur when using Microsoft SSO on macOS
(bmo#1929622)
* Fixed a crash in the Network Monitor developer tool which could
occur in some circumstances. (bmo#1924882)
OBS-URL: https://build.opensuse.org/request/show/1224785
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=442
* Fixed possible errors when playing encrypted media content
through some streaming providers. (bmo#1929491)
* Added a mitigation to help reduce the frequency of duplicated
push notifications reported by some users. (bmo#1928868)
* Fixed hangs when printing from some sites when using the system
print dialog. (bmo#1898184)
* Fixed a crash which could occur when using Microsoft SSO on macOS
(bmo#1929622)
* Fixed a crash in the Network Monitor developer tool which could
occur in some circumstances. (bmo#1924882)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1188
- require xdg-desktop-portal (boo#1233166)
- Mozilla Firefox 132.0.1
* Fixed issues causing intermittent video playback problems on
some sites. (bmo#1928484, bmo#1928798)
- remove KDE integration patches
- mozilla-kde.patch
- firefox-kde.patch
on KDE use these settings instead
widget.use-xdg-desktop-portal.file-picker=1
widget.use-xdg-desktop-portal.mime-handler=1
(those are set by the latest branding package as well)
- Mozilla Firefox 132.0
https://www.mozilla.org/en-US/firefox/132.0/releasenotes
MFSA 2024-55 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10468 (bmo#1914982)
OBS-URL: https://build.opensuse.org/request/show/1223284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=441
* Fixed issues causing intermittent video playback problems on
some sites. (bmo#1928484, bmo#1928798)
- remove KDE integration patches
- mozilla-kde.patch
- firefox-kde.patch
on KDE use these settings instead
widget.use-xdg-desktop-portal.file-picker=1
widget.use-xdg-desktop-portal.mime-handler=1
(those are set by the latest branding package as well)
- Mozilla Firefox 132.0
https://www.mozilla.org/en-US/firefox/132.0/releasenotes
MFSA 2024-55 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10468 (bmo#1914982)
Race conditions in IndexedDB
* CVE-2024-10464 (bmo#1913000)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1184
- Mozilla Firefox 131.0.3
* some users could not access the Bill Pay portion of their
bank's site (bmo#1923500)
* some VR180 and 360 videos were not properly rendering on YouTube
(bmo#1922278)
* Fixed a crash that Windows users with Avast or AVG security
software were experiencing when visiting certain sites. (bmo#1919678)
* "List all tabs" button was not able to be moved from the toolbar
(bmo#1918681)
NFSA 2024-53
* CVE-2024-9936 (bmo#1920381)
Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch
OBS-URL: https://build.opensuse.org/request/show/1208839
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=440
* some users could not access the Bill Pay portion of their
bank's site (bmo#1923500)
* some VR180 and 360 videos were not properly rendering on YouTube
(bmo#1922278)
* Fixed a crash that Windows users with Avast or AVG security
software were experiencing when visiting certain sites. (bmo#1919678)
* "List all tabs" button was not able to be moved from the toolbar
(bmo#1918681)
NFSA 2024-53
* CVE-2024-9936 (bmo#1920381)
Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1182
- Firefox 131.0
https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
MFSA 2024-46 (bsc#1230979)
* CVE-2024-9391 (bmo#1892407)
Prevent users from exiting full-screen mode in Firefox Focus
for Android
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-9395 (bmo#1906024)
Specially crafted filename could be used to obscure download type
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
* CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
OBS-URL: https://build.opensuse.org/request/show/1205704
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=438
https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
MFSA 2024-46 (bsc#1230979)
* CVE-2024-9391 (bmo#1892407)
Prevent users from exiting full-screen mode in Firefox Focus
for Android
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-9395 (bmo#1906024)
Specially crafted filename could be used to obscure download type
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
* CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1178
------------------------------------------------------------------
- Firefox 130.0.1 Release
https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes
* Enterprise: Added an enterprise policy to disable the
*Firefox Labs* section in *Settings*. (bmo#1911826)
* Fixed a recent regression causing some UI elements to
be rendered as left-to-right instead of right-to-left for
users of our Saraiki localization. (bmo#1917175)
* Linux: Fixed black rendering of AVIF images when
Firefox is built with GCC. (bmo#1916038)
- removed obsolete patches
mozilla-bmo1916038.patch
- Mozilla Firefox 130.0
https://www.mozilla.org/en-US/firefox/130.0/releasenotes
MFSA 2024-39 (bsc#1229821)
* CVE-2024-8385 (bmo#1911909)
WASM type confusion involving ArrayTypes
* CVE-2024-8381 (bmo#1912715)
Type confusion when looking up a property name in a "with" block
* CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
bmo#1894891, bmo#1897648)
Fullscreen notice on Android could be hidden under various
panels and OS prompts
* CVE-2024-8382 (bmo#1906744)
Internal event interfaces were exposed to web content when
browser EventHandler listener callbacks ran
* CVE-2024-8383 (bmo#1908496)
Firefox did not ask before openings news: links in an
OBS-URL: https://build.opensuse.org/request/show/1202047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=437
- Firefox 130.0.1 Release
* Enterprise: Added an enterprise policy to disable the
*Firefox Labs* section in *Settings*. (bmo#1911826)
* Fixed a recent regression causing some UI elements to
be rendered as left-to-right instead of right-to-left for
users of our Saraiki localization. (bmo#1917175)
* Linux: Fixed black rendering of AVIF images when
Firefox is built with GCC. (bmo#1916038)
- removed obsolete patches
mozilla-bmo1916038.patch
- Mozilla Firefox 130.0
MFSA 2024-39 (bsc#1229821)
* CVE-2024-8385 (bmo#1911909)
WASM type confusion involving ArrayTypes
* CVE-2024-8381 (bmo#1912715)
Type confusion when looking up a property name in a "with" block
* CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
bmo#1894891, bmo#1897648)
Fullscreen notice on Android could be hidden under various
panels and OS prompts
* CVE-2024-8382 (bmo#1906744)
Internal event interfaces were exposed to web content when
browser EventHandler listener callbacks ran
* CVE-2024-8383 (bmo#1908496)
Firefox did not ask before openings news: links in an
external application
* CVE-2024-8384 (bmo#1911288)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1174
------------------------------------------------------------------
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
OBS-URL: https://build.opensuse.org/request/show/1190457
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=433
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1166
- Mozilla Firefox 128.0
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
OBS-URL: https://build.opensuse.org/request/show/1187677
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=431
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1162
- Mozilla Firefox 127.0.2
* Fixed an issue where YouTube playback may experience stalling under
certain conditions (bmo#1900191, bmo#1878510).
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
the primary password prompt (bmo#1901899).
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
to true were experiencing slow audio speeds (bmo#1900972).
* Fixed an issue where, in some circumstances, the Firefox installer
on Windows failed to complete the installation (bmo#1896868).
* Fixed an issue causing Firefox to incorrectly reject cookies
for certain websites (bmo#1901325).
- Fix GNOME search provider (boo#1225278)
OBS-URL: https://build.opensuse.org/request/show/1185336
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=430
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
* Fixed an issue where, in some circumstances, the Firefox installer
* Fixed an issue causing Firefox to incorrectly reject cookies
- Fix GNOME search provider (boo#1225278)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1160
- Mozilla Firefox 127.0.2
* Fixed an issue where YouTube playback may experience stalling under
certain conditions (bmo#1900191, bmo#1878510).
* Fixed an issue where the Private Window icon was displayed in the taskbar
on Windows when browser.privateWindowSeparation.enabled was
set to false (bmo#1901840).
- Mozilla Firefox 127.0.1
* Fixed an issue where users with a primary password set on their profile
could lose their previous session of tabs upon upgrading if they dismissed
the primary password prompt (bmo#1901899).
* Fixed an issue where Linux users with accessibility.monoaudio.enable set
to true were experiencing slow audio speeds (bmo#1900972).
* Fixed an issue where, in some circumstances, the Firefox installer
on Windows failed to complete the installation (bmo#1896868).
* Fixed an issue causing Firefox to incorrectly reject cookies
for certain websites (bmo#1901325).
OBS-URL: https://build.opensuse.org/request/show/1184300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1159
- Mozilla Firefox 127.0
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
OBS-URL: https://build.opensuse.org/request/show/1180696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=429
https://www.mozilla.org/en-US/firefox/127.0/releasenotes
MFSA 2024-25 (bsc#1226027)
* CVE-2024-5687 (bmo#1889066)
An incorrect principal could have been used when opening new tabs
* CVE-2024-5688 (bmo#1895086)
Use-after-free in JavaScript object transplant
* CVE-2024-5689 (bmo#1389707)
User confusion and possible phishing vector via Firefox Screenshots
* CVE-2024-5690 (bmo#1883693)
External protocol handlers leaked by timing attack
* CVE-2024-5691 (bmo#1888695)
Sandboxed iframes were able to bypass sandbox restrictions to
open a new window
* CVE-2024-5692 (bmo#1837514, bmo#1891234)
Bypass of file name restrictions during saving
* CVE-2024-5693 (bmo#1891319)
Cross-Origin Image leak via Offscreen Canvas
* CVE-2024-5694 (bmo#1895055)
Use-after-free in JavaScript Strings
* CVE-2024-5695 (bmo#1895579)
Memory Corruption using allocation using out-of-memory conditions
* CVE-2024-5696 (bmo#1896555)
Memory Corruption in Text Fragments
* CVE-2024-5697 (bmo#1414937)
Website was able to detect when Firefox was taking a
screenshot of them
* CVE-2024-5698 (bmo#1828259)
Data-list could have overlaid address bar
* CVE-2024-5699 (bmo#1891349)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1155
- Mozilla Firefox 126.0.1
* Fixed an issue with reading tagged PDF documents in a screen reader
bmo#1894849
* Fixed not displaying localized text for non-en-US locales in the
Crash Reporter dialog box on macOS. (bmo#1896097)
* Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
* Fixed an issue causing high GPU memory usage on certain versions
of AMD cards. (bmo#1897006)
- Backport upstream patches to fix build on aarch64 - boo#1225460
* mozilla-bmo1886378.patch
OBS-URL: https://build.opensuse.org/request/show/1177453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=428
* Fixed an issue with reading tagged PDF documents in a screen reader
bmo#1894849
* Fixed not displaying localized text for non-en-US locales in the
Crash Reporter dialog box on macOS. (bmo#1896097)
* Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
* Fixed an issue causing high GPU memory usage on certain versions
of AMD cards. (bmo#1897006)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1153
- Mozilla Firefox 126.0
https://www.mozilla.org/en-US/firefox/126.0/releasenotes
MFSA 2024-21 (bsc#1224056)
* CVE-2024-4764 (bmo#1879093)
Use-after-free when audio input connected with multiple consumers
* CVE-2024-4367 (bmo#1893645)
Arbitrary JavaScript execution in PDF.js
* CVE-2024-4765 (bmo#1871109)
Web application manifests could have been overwritten via
hash collision
* CVE-2024-4766 (bmo#1871214, bmo#1871217)
Fullscreen notification could have been obscured on Firefox
for Android
* CVE-2024-4767 (bmo#1878577)
IndexedDB files retained in private browsing mode
* CVE-2024-4768 (bmo#1886082)
Potential permissions request bypass via clickjacking
* CVE-2024-4769 (bmo#1886108)
Cross-origin responses could be distinguished between script
and non-script content-types
* CVE-2024-4770 (bmo#1893270)
Use-after-free could occur when printing to PDF
* CVE-2024-4771 (bmo#1893891)
Failed allocation could lead to use-after-free
* CVE-2024-4772 (bmo#1870579)
Use of insecure rand() function to generate nonce
* CVE-2024-4773 (bmo#1875248)
URL bar could be cleared after network error
* CVE-2024-4774 (bmo#1886598)
Undefined behavior in ShmemCharMapHashEntry()
OBS-URL: https://build.opensuse.org/request/show/1175472
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=427
https://www.mozilla.org/en-US/firefox/126.0/releasenotes
MFSA 2024-21 (bsc#1224056)
* CVE-2024-4764 (bmo#1879093)
Use-after-free when audio input connected with multiple consumers
* CVE-2024-4367 (bmo#1893645)
Arbitrary JavaScript execution in PDF.js
* CVE-2024-4765 (bmo#1871109)
Web application manifests could have been overwritten via
hash collision
* CVE-2024-4766 (bmo#1871214, bmo#1871217)
Fullscreen notification could have been obscured on Firefox
for Android
* CVE-2024-4767 (bmo#1878577)
IndexedDB files retained in private browsing mode
* CVE-2024-4768 (bmo#1886082)
Potential permissions request bypass via clickjacking
* CVE-2024-4769 (bmo#1886108)
Cross-origin responses could be distinguished between script
and non-script content-types
* CVE-2024-4770 (bmo#1893270)
Use-after-free could occur when printing to PDF
* CVE-2024-4771 (bmo#1893891)
Failed allocation could lead to use-after-free
* CVE-2024-4772 (bmo#1870579)
Use of insecure rand() function to generate nonce
* CVE-2024-4773 (bmo#1875248)
URL bar could be cleared after network error
* CVE-2024-4774 (bmo#1886598)
Undefined behavior in ShmemCharMapHashEntry()
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1150
- Mozilla Firefox 125.0.2
* The 125.0 and 125.0.1 releases were skipped due to problems with a
feature that proactively blocked downloads from potentially
untrustworthy URLs
* New: Firefox now supports the AV1 codec for Encrypted Media
Extensions (EME), enabling higher-quality playback from video
streaming providers
* New: The Firefox PDF viewer now supports text highlighting.
* New: Firefox View now displays pinned tabs in the Open tabs
section. Tab indicators have also been added to Open tabs, so
users can do things like see which tabs are playing media and
quickly mute or unmute across windows. Indicators were also
added for bookmarks, tabs with notifications, and more!
their addresses upon submitting an address form, allowing
Firefox to autofill stored address information in the future.
* New: The URL Paste Suggestion feature provides a convenient
way for users to quickly visit URLs copied to the clipboard
in the address bar of Firefox. When the clipboard contains a
URL and the URL bar is focused, an autocomplete result
appears automatically. Activating the clipboard suggestion
will navigate the user to the URL with 1 click.
* New: Users of tab-specific Container add-ons can now search
in the Address Bar for tabs that are open in different
containers. Special thanks to volunteer contributor atararx
for kicking off the work on this feature!
* New: Firefox now provides an option to enable Web Proxy Auto-
Discovery (WPAD) while configured to use system proxy
settings.
* Changed: In a group of radio buttons where no option is
selected, the tab key now only reaches the first option
OBS-URL: https://build.opensuse.org/request/show/1169983
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=425
