1
0
Commit Graph

734 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
08f2bc94ea * Fixed an issue causing buttons on the tab bar to be resized when
loading certain websites (bmo#1704404)
  * Fixed an issue which caused tabs from private windows to be
    visible in non-private windows when viewing switch-to-tab results
    in the address bar panel (bmo#1720369)
  * Various stability fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=929
2021-08-18 06:44:45 +00:00
Wolfgang Rosenauer
d4f253eebc - Mozilla Firefox 91.0.1
MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=928
2021-08-18 06:41:08 +00:00
Wolfgang Rosenauer
efa14df02c MFSA 2021-33 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29981 (bmo#1707774)
    Live range splitting could have led to conflicting
    assignments in the JIT
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29983 (bmo#1719088)
    Firefox for Android could get stuck in fullscreen mode
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29987 (bmo#1716129)
    Users could have been tricked into accepting unwanted
    permissions on Linux
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29982 (bmo#1715318)
    Single bit data leak due to incorrect JIT optimization and
    type confusion
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
  * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
    bmo#1719319, bmo#1722073)
    Memory safety bugs fixed in Firefox 91

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=927
2021-08-13 21:34:50 +00:00
Wolfgang Rosenauer
4da575923b - Mozilla Firefox 91.0
MFSA 2021-?? (boo#1188891)
- requires
  * rustc/cargo >= 1.51
  * NSPR >= 4.32
  * NSS >= 3.68
- force-disable webrender on BE platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=926
2021-08-11 20:19:19 +00:00
Wolfgang Rosenauer
788b177a3e Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 90.0.2

OBS-URL: https://build.opensuse.org/request/show/908072
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=925
2021-07-24 09:18:43 +00:00
Wolfgang Rosenauer
e3d947378c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=924 2021-07-19 22:17:11 +00:00
Wolfgang Rosenauer
8b6bd667de Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory
90.0.1

OBS-URL: https://build.opensuse.org/request/show/907190
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=923
2021-07-19 21:56:47 +00:00
Wolfgang Rosenauer
1ef79265b6 - Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=922
2021-07-15 21:12:05 +00:00
Wolfgang Rosenauer
e05ce7eaa9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=921 2021-06-23 19:59:17 +00:00
Wolfgang Rosenauer
51a90989f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=920 2021-06-23 19:58:06 +00:00
Wolfgang Rosenauer
ab800db342 Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 89.0.1 (boo#1187648):
  * Fixed: Fix occasional hangs with Software WebRender on Linux
    (bmo#1708224)

OBS-URL: https://build.opensuse.org/request/show/901577
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=919
2021-06-23 19:56:32 +00:00
Wolfgang Rosenauer
537d85fe11 Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 89.0.1

OBS-URL: https://build.opensuse.org/request/show/900942
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=918
2021-06-19 15:20:27 +00:00
Wolfgang Rosenauer
006265e486 - switched TW/x86_64 to clang as the last platform due to
https://bugs.gentoo.org/792705
- but LTO with clang is broken in TW so disable LTO for it
  https://bugs.llvm.org/show_bug.cgi?id=47872

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=916
2021-06-05 11:13:48 +00:00
Wolfgang Rosenauer
7b9642bf40 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=915 2021-06-05 07:34:47 +00:00
Wolfgang Rosenauer
cc06761f2f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=914 2021-06-05 07:08:44 +00:00
Wolfgang Rosenauer
b1df184d28 * UI redesign
* The Event Timing API is now supported
  * The CSS forced-colors media query is now supported
  MFSA 2021-23 (bsc#1186696)
  * CVE-2021-29965 (bmo#1709257)
    Password Manager on Firefox for Android susceptible to domain
    spoofing
  * CVE-2021-29960 (bmo#1675965)
    Filenames printed from private browsing mode incorrectly
    retained in preferences
  * CVE-2021-29961 (bmo#1700235)
    Firefox UI spoof using `<select>` elements and CSS scaling
  * CVE-2021-29963 (bmo#1705068)
    Shared cookies for search suggestions in private browsing mode
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29959 (bmo#1395819)
    Devices could be re-enabled without additional permission prompt
  * CVE-2021-29962 (bmo#1701673)
    No rate-limiting for popups on Firefox for Android
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
  * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
    Memory safety bugs fixed in Firefox 89

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=913
2021-06-01 13:45:38 +00:00
Wolfgang Rosenauer
f3c1fa05f9 - Mozilla Firefox 89.0
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=912
2021-06-01 13:39:35 +00:00
Wolfgang Rosenauer
eb1266408f Accepting request 891041 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Relax RAM and disk constraints for aarch64

OBS-URL: https://build.opensuse.org/request/show/891041
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=910
2021-05-11 14:17:04 +00:00
Wolfgang Rosenauer
39e811e051 Accepting request 890804 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 88.0.1
bsc#1185633
boo#1185658

OBS-URL: https://build.opensuse.org/request/show/890804
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=908
2021-05-05 21:12:50 +00:00
Wolfgang Rosenauer
3870f9c6b6 - add compatibility for libavcodec58_134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=906
2021-05-02 19:03:42 +00:00
Wolfgang Rosenauer
9b2c9b32ce - Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
    Some PDF forms use JavaScript for validation and other
    interactive features
  * New: Print updates: Margin units are now localized
  * New: Smooth pinch-zooming using a touchpad is now supported
    on Linux
  * New: To protect against cross-site privacy leaks, Firefox now
    isolates window.name data to the website that created it.
    Learn more
  * Changed: Firefox will not prompt for access to your
    microphone or camera if you’ve already granted access to the
    same device on the same site in the same tab within the past
    50 seconds. This new grace period reduces the number of times
    you’re prompted to grant device access
  * Changed: The ‘Take a Screenshot’ feature was removed from the
    Page Actions menu in the url bar. To take a screenshot,
    right-click to open the context menu. You can also add a
    screenshots shortcut directly to your toolbar via the
    Customize menu. Open the Firefox menu and select Customize…
  * Changed: FTP support has been disabled, and its full removal
    is planned for an upcoming release. Addressing this security
    risk reduces the likelihood of an attack while also removing
    support for a non-encrypted protocol
  * Developer: Introduced a new toggle button in the Network
    panel for switching between JSON formatted HTTP response and
    raw data (as received over the wire).
    !enter image description here
  * Enterprise: Various bug fixes and new policies have been
    implemented in the latest version of Firefox. You can see

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 07:57:25 +00:00
Wolfgang Rosenauer
106ed5cb05 - Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
  then.
- useccache: Add conditionals to enable/disable ccache.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=902
2021-03-27 14:02:10 +00:00
Wolfgang Rosenauer
d51fd4059a - Mozilla Firefox 87.0
* requires NSS 3.62
  * removed obsolete BigEndian ICU build workaround
  * rebased patches
  MFSA 2021-10 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23983 (bmo#1692684)
    Transitions for invalid ::marker properties resulted in memory
    corruption
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23985 (bmo#1659129)
    Devtools remote debugging feature could have been enabled
    without indication to the user
  * CVE-2021-23986 (bmo#1692623)
    A malicious extension could have performed credential-less
    same origin policy violations
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  * CVE-2021-23988 (bmo#1684994, bmo#1686653)
    Memory safety bugs fixed in Firefox 87

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=901
2021-03-25 21:32:32 +00:00
Wolfgang Rosenauer
598016be52 Accepting request 879494 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/879494
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=900
2021-03-17 08:41:08 +00:00
Wolfgang Rosenauer
c538f7d283 Accepting request 878726 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 86.0.1

OBS-URL: https://build.opensuse.org/request/show/878726
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=898
2021-03-13 09:26:25 +00:00
Wolfgang Rosenauer
b4482da8fa OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=896 2021-02-24 12:21:26 +00:00
Wolfgang Rosenauer
e8a1c7a40b - Mozilla Firefox 86.0
* requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00
Wolfgang Rosenauer
326240ab1d Accepting request 873214 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.2

OBS-URL: https://build.opensuse.org/request/show/873214
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=893
2021-02-17 21:15:35 +00:00
Wolfgang Rosenauer
2d0a314ecf Accepting request 873173 from home:michel_mno:branches:mozilla:Factory
- Use %limit_build macros for PowerPC to avoid oom build failure

OBS-URL: https://build.opensuse.org/request/show/873173
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=892
2021-02-17 21:14:36 +00:00
Wolfgang Rosenauer
1744f2efc7 Accepting request 870516 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.1

OBS-URL: https://build.opensuse.org/request/show/870516
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=890
2021-02-09 12:40:21 +00:00
Wolfgang Rosenauer
ee9c609811 - Mozilla Firefox 85.0
* Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=888
2021-01-26 21:38:39 +00:00
Wolfgang Rosenauer
3269619cc2 Accepting request 862420 from home:Mailaender:branches:mozilla:Factory
Fixed the screenshot links.

OBS-URL: https://build.opensuse.org/request/show/862420
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=886
2021-01-11 18:42:03 +00:00
Wolfgang Rosenauer
fbf027988a Accepting request 861463 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 84.0.2
  MFSA 2021-01 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

OBS-URL: https://build.opensuse.org/request/show/861463
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=884
2021-01-07 20:33:44 +00:00
Wolfgang Rosenauer
17c9d3e87b - Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
    with certain third-party PKCS11 modules and smartcards installed
    (bmo#1682881) (fixed in NSS 3.59.1)
  * Fixed a bug causing some Unity JS games to not load on Apple
    Silicon devices due to improper detection of the OS version
    (bmo#1680516)
- requires NSS 3.59.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=882
2021-01-02 09:24:42 +00:00
Wolfgang Rosenauer
70fb53e62e - Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
  * WebRender is enabled by default when run on GNOME-based X11
    Linux desktops
  MFSA 2020-54 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26972 (bmo#1671382)
    Use-After-Free in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26975 (bmo#1661071)
    Malicious applications on Android could have induced Firefox
    for Android into sending arbitrary attacker-specified headers
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2020-26977 (bmo#1676311)
    URL spoofing via unresponsive port in Firefox for Android
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
    When entering an address in the address or search bars, a

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 22:40:17 +00:00
Wolfgang Rosenauer
1a48836fb2 Accepting request 854531 from home:marxin:branches:mozilla:Factory
- PGO is still broken as can be seen here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1680306

OBS-URL: https://build.opensuse.org/request/show/854531
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=879
2020-12-10 12:07:53 +00:00
Wolfgang Rosenauer
ae9afbb746 Accepting request 853750 from home:marxin:branches:mozilla:Factory
- Add fix-gcc-pgo.patch and enable PGO again.

OBS-URL: https://build.opensuse.org/request/show/853750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=878
2020-12-08 10:41:13 +00:00
Wolfgang Rosenauer
850afd3a6f Accepting request 852867 from home:marxin:branches:mozilla:Factory
- Enable again LTO as gcc10 package is fixed.

Fixed gcc10 is in devel project and is approaching openSUSE:Factory
in a staging project.

OBS-URL: https://build.opensuse.org/request/show/852867
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=877
2020-12-03 17:48:21 +00:00
Wolfgang Rosenauer
c7f8f5880d - Add/Enable GNOME search provider
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=875
2020-11-21 08:13:23 +00:00
Wolfgang Rosenauer
200347945f Accepting request 845404 from home:kkirill:branches:mozilla:Factory
Enable GNOME Shell search provider akin to Fedora by
- providing firefox-search-provider.ini file for GNOME Shell search provider (copy from Fedora)
- setting the browser.gnome-search-provider.enabled to true

OBS-URL: https://build.opensuse.org/request/show/845404
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=874
2020-11-21 08:10:39 +00:00
Wolfgang Rosenauer
74592d9c27 - disable LTO on TW because of ICEs in gcc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=873
2020-11-20 06:19:02 +00:00
Wolfgang Rosenauer
75f3df970c - switch to build with clang (as gcc produces only ICEs on TW)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=872
2020-11-19 22:03:00 +00:00
Wolfgang Rosenauer
695b9a520a - Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
  * optional HTTPS-Only mode
  * more improvements
    https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
  MFSA 2020-50 (bsc#1178824))
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-26952 (bmo#1667685)
    Out of memory handling of JITed, inlined functions could lead
    to a memory corruption
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26954 (bmo#1657026)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2020-26955 (bmo#1663261)
    Cookies set during file downloads are shared between normal
    and Private Browsing Mode in Firefox for Android
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26957 (bmo#1667179)
    OneCRL was not working in Firefox for Android
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=871
2020-11-19 13:09:37 +00:00
Wolfgang Rosenauer
baf1e862b5 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=869 2020-11-09 18:18:26 +00:00
Wolfgang Rosenauer
cc6291512a - Mozilla Firefox 82.0.3
MSFA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=868
2020-11-09 16:14:06 +00:00
Wolfgang Rosenauer
a33735930f - Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=867
2020-11-02 09:07:47 +00:00
Wolfgang Rosenauer
07ba0d6bad MFSA 2020-45 (bsc#1177872)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=865
2020-10-21 20:15:44 +00:00
Wolfgang Rosenauer
9d0a0f0165 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
MFSA 2020-45 (bsc#1177872)
  * CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15254 (bmo#1668514)
    Undefined behavior in bounded channel of crossbeam rust crate
  * CVE-2020-15680 (bmo#1658881)
    Presence of external protocol handlers could be determined
    through image tags
  * CVE-2020-15681 (bmo#1666568)
    Multiple WASM threads may have overwritten each others' stub
    table entries
  * CVE-2020-15682 (bmo#1636654)
    The domain associated with the prompt to open an external
    protocol could be spoofed to display the incorrect origin
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
  * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
    bmo#1664257)
    Memory safety bugs fixed in Firefox 82

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=864
2020-10-21 09:43:59 +00:00
Wolfgang Rosenauer
3505fbb031 - Mozilla Firefox 82.0
- requires
  * NSPR 4.29
  * NSS 3.57

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=863
2020-10-19 20:37:04 +00:00
Wolfgang Rosenauer
2032051695 - Mozilla Firefox 81.0.1
* https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
- remove obsolete python2 build requires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=861
2020-10-01 20:03:49 +00:00