1
0
Commit Graph

774 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
df4a0a1c4b - Mozilla Firefox 112.0
* https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
  MFSA 2023-13 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
    bmo#1821906, bmo#1822298, bmo#1822305)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
    Data Races in font initialization code
  * CVE-2023-29538 (bmo#1685403)
    Directory information could have been leaked to WebExtensions
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29540 (bmo#1790542)
    Iframe sandbox bypass using redirects and sourceMappingUrls
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1051
2023-04-11 21:09:55 +00:00
Wolfgang Rosenauer
01aefd0ce5 - exclude i586/i686 once again because it fails to link libxul due
to its size

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1049
2023-03-27 15:18:05 +00:00
Wolfgang Rosenauer
28f1396420 - Mozilla Firefox 111.0.1 (boo#1209688)
* Fixed a crash on macOS while pinch-zooming under some circumstances
    (bmo#1658986)
  * Fixed a bug causing Firefox to freeze on startup for some
    Windows users (bmo#1823159)
- fix build on Tumbleweed (mozilla-bmo1807652.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1048
2023-03-26 17:00:08 +00:00
Wolfgang Rosenauer
708d958a66 Accepting request 1072979 from home:Thaodan:branches:mozilla:Factory
Packaging cleanup
- Reomve obsolote checks that unused now
- Escape macros inside comments from dead code or plain comments
- Make -devel package noarch, it doesn't contain any architecture specific files

OBS-URL: https://build.opensuse.org/request/show/1072979
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1047
2023-03-20 07:47:31 +00:00
Wolfgang Rosenauer
38ab2454d8 - Mozilla Firefox 111.0
* https://www.mozilla.org/en-US/firefox/111.0/releasenotes
  MFSA 2023-09 (bsc#1209173)
  * CVE-2023-28159 (bmo#1783561)
    Fullscreen Notification could have been hidden by download
    popups on Android
  * CVE-2023-25748 (bmo#1798798)
    Fullscreen Notification could have been hidden by window
    prompts on Android
  * CVE-2023-25749 (bmo#1810705)
    Firefox for Android may have opened third-party apps without
    a prompt
  * CVE-2023-25750 (bmo#1814733)
    Potential ServiceWorker cache leak during private browsing mode
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28160 (bmo#1802385)
    Redirect to Web Extension files may have leaked local path
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28161 (bmo#1811181)
    One-time permissions granted to a local file were extended to
    other local files loaded in the same tab
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1046
2023-03-15 08:38:02 +00:00
Wolfgang Rosenauer
7506067808 - Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)
- Mozilla Firefox 110.0.1 (boo#1208886)
    Digital ID in Denmark (bmo#1819096)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1043
2023-03-07 10:04:24 +00:00
Wolfgang Rosenauer
1886b3b7c9 Accepting request 1069880 from home:marxin:branches:mozilla:Factory
- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.

OBS-URL: https://build.opensuse.org/request/show/1069880
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1042
2023-03-07 10:01:14 +00:00
Wolfgang Rosenauer
5e3b24dd6a Accepting request 1069865 from openSUSE:Factory:RISCV
- Limit memory use on riscv64

OBS-URL: https://build.opensuse.org/request/show/1069865
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1041
2023-03-07 08:46:06 +00:00
Wolfgang Rosenauer
4161893523 Accepting request 1069419 from home:AndreasStieger:branches:mozilla:Factory
Fix 32 bit build

OBS-URL: https://build.opensuse.org/request/show/1069419
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1039
2023-03-05 06:01:08 +00:00
Wolfgang Rosenauer
a0299253b8 Accepting request 1069272 from home:AndreasStieger:branches:mozilla:Factory
110.0.1

OBS-URL: https://build.opensuse.org/request/show/1069272
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1038
2023-03-03 22:24:28 +00:00
Wolfgang Rosenauer
8c7db35439 - Mozilla Firefox 110.0
* https://www.mozilla.org/en-US/firefox/110.0/releasenotes
  MFSA 2023-05 (bsc#1208144)
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-25743 (bmo#1800203)
    Fullscreen notification not shown in Firefox Focus
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Firefox with some
    device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25740 (bmo#1812354)
    Opening local .scf files could cause unexpected network loads
  * CVE-2023-25731 (bmo#1801542)
    Prototype pollution when rendering URLPreview

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1037
2023-02-15 21:11:31 +00:00
Wolfgang Rosenauer
7938696dc2 Accepting request 1062535 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 109.0.1

OBS-URL: https://build.opensuse.org/request/show/1062535
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1035
2023-02-01 20:43:46 +00:00
Wolfgang Rosenauer
b45fd771cd - Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1033
2023-01-18 07:21:07 +00:00
Wolfgang Rosenauer
6767b9f284 Accepting request 1056391 from home:luc14n0:branches:mozilla:Factory
Update to version 108.0.2.

OBS-URL: https://build.opensuse.org/request/show/1056391
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1031
2023-01-06 12:39:34 +00:00
Wolfgang Rosenauer
58f0d1e270 - add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1029
2022-12-21 16:08:13 +00:00
Wolfgang Rosenauer
1045a27659 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1027 2022-12-20 15:28:29 +00:00
Wolfgang Rosenauer
1498efd183 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1026 2022-12-20 15:27:14 +00:00
Wolfgang Rosenauer
ec5a29f477 - Mozilla Firefox 108.0.1 (boo#1206507)
* Fixes the default search engine being reset on upgrade for
    profiles which were previously copied from a different location

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1025
2022-12-20 08:04:12 +00:00
Wolfgang Rosenauer
1c9c2f3dd5 - Mozilla Firefox 108.0
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
  MFSA 2022-51 (bsc#1206242)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46873 (bmo#1644790)
    Firefox did not implement the CSP directive unsafe-hashes
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
  * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
    bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
    Memory safety bugs fixed in Firefox 108
- requires
  NSS >= 3.85
  rustc/cargo 1.65

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1024
2022-12-13 21:48:56 +00:00
Wolfgang Rosenauer
948218484d Accepting request 1041338 from home:milachew:branches:mozilla:Factory
- added translations to .desktop file.

OBS-URL: https://build.opensuse.org/request/show/1041338
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1023
2022-12-09 09:40:12 +00:00
Wolfgang Rosenauer
8200399c53 Accepting request 1039401 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 107.0.1

OBS-URL: https://build.opensuse.org/request/show/1039401
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1021
2022-12-01 21:39:40 +00:00
Wolfgang Rosenauer
c9ea1238e9 - Mozilla Firefox 107.0
MFSA 2022-47 (bsc#1205270)
 * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45407 (bmo#1793314)
    Loading fonts on workers was not thread-safe
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45413 (bmo#1791201)
    SameSite=Strict cookies could have been sent cross-site via
    intent URLs
  * CVE-2022-40674 (bmo#1791598)
    Use-after-free vulnerability in expat
  * CVE-2022-45415 (bmo#1793551)
    Downloaded file may have been saved with malicious extension
  * CVE-2022-45416 (bmo#1793676)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1019
2022-11-16 13:36:59 +00:00
Wolfgang Rosenauer
1e9f34d721 Accepting request 1033693 from home:AndreasStieger:branches:mozilla:Factory
106.0.5

OBS-URL: https://build.opensuse.org/request/show/1033693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1017
2022-11-05 16:17:24 +00:00
Wolfgang Rosenauer
383a39a2f4 - Mozilla Firefox 106.0.3
* Fixes for other platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1015
2022-11-02 07:04:04 +00:00
Wolfgang Rosenauer
ecb5748542 - Mozilla Firefox 106.0.2
* Fix missing content on some PDF forms (bmo#1794351)
  * Fix column width for the Notification sub-panel in Settings
    (bmo#1793558)
  * Fix a browser freeze with accessibility enabled on some sites
    such as the Proxmox Web UI (bmo#1793748)
  * Fix page reloading not working with Firefox View and not
    refreshing synced data (bmo#1792680, bmo#1794474)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1013
2022-10-27 21:08:41 +00:00
Wolfgang Rosenauer
521232e015 - Mozilla Firefox 106.0.1
* Addresses a crash experienced by users with AMD Zen 1 CPUs
    (bmo#1796126)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1011
2022-10-23 08:53:25 +00:00
Wolfgang Rosenauer
f8be38ac8b - added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
  as it was extended with changes for other archs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1009
2022-10-20 21:12:10 +00:00
Wolfgang Rosenauer
4dd806ea87 - Mozilla Firefox 106.0
* support editing of PDFs
  * introduced Firefox View
  * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
  * detailed releasenotes
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes
  MFSA 2022-44 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42930 (bmo#1789503)
    Race condition in DOM Workers
  * CVE-2022-42931 (bmo#1780571)
    Username saved to a plaintext file on disk
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Firefox

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1008
2022-10-18 20:10:44 +00:00
Wolfgang Rosenauer
faf5bbda6a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1006 2022-10-09 20:45:53 +00:00
Wolfgang Rosenauer
c23a3695e5 Accepting request 1008938 from home:AndreasStieger:branches:mozilla:Factory
105.0.3

OBS-URL: https://build.opensuse.org/request/show/1008938
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1005
2022-10-09 07:54:20 +00:00
Wolfgang Rosenauer
64f10b5910 Accepting request 1008280 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 105.0.2

OBS-URL: https://build.opensuse.org/request/show/1008280
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1004
2022-10-06 07:14:45 +00:00
Wolfgang Rosenauer
5ffc1b196b Accepting request 1002263 from home:Guillaume_G:branches:mozilla:Factory
- Adjust memory requirements to fix build on aarch64

OBS-URL: https://build.opensuse.org/request/show/1002263
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1002
2022-09-09 09:09:55 +00:00
Wolfgang Rosenauer
e19b31cbfd - Mozilla Firefox 104.0.2 (boo#1203177)
https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
  * Fixed a bug making it impossible to use touch or a stylus to
    drag the scrollbar on pages (bmo#1787361)
  * Fixed an issue causing some users to crash in out-of-memory
    conditions (bmo#1774155)
  * Fixed an issue that would sometimes affect video & audio playback
    when loaded via a cross-origin iframe src attribute (bmo#1781759)
  * Fixed an issue that would sometimes affect video & audio playback
    when served with Content-Security-Policy: sandbox (bmo#1781063)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1000
2022-09-07 06:58:25 +00:00
Wolfgang Rosenauer
c37c6eba55 - Mozilla Firefox 104.0.1
* Addresses an issue with Youtube video playback that was
    affecting some users (boo#1203003)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=999
2022-09-01 07:15:39 +00:00
Wolfgang Rosenauer
342949cc96 - Mozilla Firefox 104.0
* https://www.mozilla.org/en-US/firefox/104.0/releasenotes
  MFSA 2022-33 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38474 (bmo#1719511)
    Recording notification not shown when microphone was
    recording on Android
  * CVE-2022-38475 (bmo#1773266)
    Attacker could write a value to a zero-length array
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
    Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
    and Firefox ESR 91.13
- requires
  NSPR 4.34.1
  NSS 3.81
  rust 1.62

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=997
2022-08-26 06:35:29 +00:00
Wolfgang Rosenauer
4275f61fd0 - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=995
2022-08-13 06:27:33 +00:00
Wolfgang Rosenauer
f68ada67a5 - Mozilla Firefox 103.0.2
* Fixed menu shortcuts for users of the JAWS screen reader
  * Fixed an occasional non-overridable certificate error when
    accessing device configuration pages

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=993
2022-08-10 11:39:04 +00:00
Wolfgang Rosenauer
7b457de55d - The --disable-elf-hack option only exists on ARM and X86
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=991
2022-08-02 08:06:07 +00:00
Wolfgang Rosenauer
9f1c040444 Accepting request 991957 from home:Andreas_Schwab:Factory
- The --disable-elf-hack option only exists on ARM and X86

OBS-URL: https://build.opensuse.org/request/show/991957
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=990
2022-08-02 08:03:20 +00:00
Wolfgang Rosenauer
c00fa5c822 - Mozilla Firefox 103.0.1
* Enabled hardware acceleration on newer AMD cards.
  * Fixed a crash on Firefox shutdown caused by a bug in the
    audio manager

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=989
2022-08-01 13:53:08 +00:00
Wolfgang Rosenauer
9fb88935cc - Mozilla Firefox 103.0
https://www.mozilla.org/en-US/firefox/103.0/releasenotes
  MFSA 2022-28 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36317 (bmo#1759951)
    Long URL would hang Firefox for Android
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL
    parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-36315 (bmo#1762520)
    Preload Cache Bypasses Subresource Integrity
  * CVE-2022-36316 (bmo#1768583)
    Performance API leaked whether a cross-site resource is
    redirecting
  * CVE-2022-36320 (bmo#1759794, bmo#1760998)
    Memory safety bugs fixed in Firefox 103
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Firefox 103 and 102.1
- requires
  NSS >= 3.80
  rust = 1.61
  rust-cbindgen >= 0.24.3

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=988
2022-07-27 12:29:45 +00:00
Wolfgang Rosenauer
0ce875e31b Accepting request 991219 from home:Guillaume_G:branches:mozilla:Factory
- Move %limit_build set before mozilla config to actually set the
  value of %jobs to MOZ_MAKE_FLAGS to fix build on aarch64

OBS-URL: https://build.opensuse.org/request/show/991219
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=987
2022-07-27 07:10:26 +00:00
Wolfgang Rosenauer
1e472195d6 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=985 2022-07-10 10:37:47 +00:00
Wolfgang Rosenauer
9327edeba7 Accepting request 987273 from home:AndreasStieger:branches:mozilla:Factory
102.0.1

OBS-URL: https://build.opensuse.org/request/show/987273
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=984
2022-07-06 19:44:48 +00:00
Wolfgang Rosenauer
a756387aa3 - Firefox 102.0
* You can now disable automatic opening of the download panel
    every time a new download starts
  * Firefox now mitigates query parameter tracking when navigating
    sites in ETP strict mode
  * Improved security by moving audio decoding into a separate
    process with stricter sandboxing, thus improving process isolation
  * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
  MFSA 2022-24 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-34482 (bmo#845880)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34483 (bmo#1335845)
    Drag and drop of malicious image could have led to malicious
    executable and potential code execution
  * CVE-2022-34476 (bmo#1387919)
    ASN.1 parser could have been tricked into accepting malformed ASN.1
  * CVE-2022-34481 (bmo#1483699, bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-34474 (bmo#1677138)
    Sandboxed iframes could redirect to external schemes
  * CVE-2022-34469 (bmo#1721220)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=983
2022-06-29 07:44:18 +00:00
Wolfgang Rosenauer
f85c2ce39f Accepting request 982080 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 101.0.1

OBS-URL: https://build.opensuse.org/request/show/982080
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=981
2022-06-10 21:00:05 +00:00
Wolfgang Rosenauer
1ec6880184 - Mozilla Firefox 101.0
* Reading is now easier with the prefers-contrast media query,
    which allows sites to detect if the user has requested that web
    content is presented with a higher (or lower) contrast
  * All non-configured MIME types can now be assigned a custom
    action upon download completion
  * allows users to use as many microphones as you want, at the
    same time, during video conferencing. The most exciting benefit
    is that you can easily switch your microphones at any time
    (if your conferencing service provider enables this flexibility)
  MFSA 2022-20 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of allowCredential
    entries may have leaked cross-origin information
  * CVE-2022-31743 (bmo#1747388)
    HTML Parsing incorrectly ended HTML comments prematurely
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=979
2022-05-31 21:18:50 +00:00
Wolfgang Rosenauer
9498fa4a6a - Mozilla Firefox 100.0.2
MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=977
2022-05-20 15:13:51 +00:00
Wolfgang Rosenauer
b2497b835b Accepting request 978002 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 100.0.1

OBS-URL: https://build.opensuse.org/request/show/978002
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=976
2022-05-18 20:54:37 +00:00
Wolfgang Rosenauer
67ec5338d7 - Mozilla Firefox 100.0
* subtitle support in PiP
  * spell checking supports multiple languages in parallel
  * more details here
    https://www.mozilla.org/en-US/firefox/100.0/releasenotes
  MFSA 2022-16 (boo#1198970)
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe Sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29910 (bmo#1757138)
    Firefox for Android forgot HTTP Strict Transport Security
    settings
  * CVE-2022-29915 (bmo#1751678)
    Leaking cross-origin redirect through the Performance API
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620, bmo#1764778)
    Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
  * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
    bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
    bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
    Memory safety bugs fixed in Firefox 100
- requires NSS 3.77

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=974
2022-05-04 06:26:46 +00:00