forked from pool/MozillaFirefox
317e7b9c84
* supports the new AVIF image format
* PDF viewer now supports filling more forms (XFA-based forms)
* now blocks downloads that rely on insecure connections,
protecting against potentially malicious or unsafe downloads
* Improved web compatibility for privacy protections with SmartBlock 3.0
* Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing
* TLS ciphersuites that use 3DES have been disabled. Such
ciphersuites can only be enabled when deprecated versions of
TLS are also enabled
* The download panel now follows the Firefox visual styles
MFSA 2021-43 (bsc#1191332)
* CVE-2021-38496 (bmo#1725335)
Use-after-free in MessageTask
* CVE-2021-38497 (bmo#1726621)
Validation message could have been overlaid on another origin
* CVE-2021-38498 (bmo#1729642)
Use-after-free of nsLanguageAtomService object
* CVE-2021-32810 (bmo#1729813)
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
Data race in crossbeam-deque
* CVE-2021-38500 (bmo#1725854, bmo#1728321)
Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
* CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
* CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=936
50 lines
2.2 KiB
Diff
50 lines
2.2 KiB
Diff
From: meissner@suse.com, cgrobertson@suse.com
|
|
Subject: allow Firefox to access addtional process information
|
|
References:
|
|
http://bugzilla.suse.com/show_bug.cgi?id=1167132
|
|
bsc#1174284 - Firefox tab just crashed in FIPS mode
|
|
|
|
diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
|
|
--- a/security/sandbox/linux/Sandbox.cpp
|
|
+++ b/security/sandbox/linux/Sandbox.cpp
|
|
@@ -650,16 +650,17 @@ void SetMediaPluginSandbox(const char* a
|
|
SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
|
|
strerror(errno));
|
|
MOZ_CRASH("failed while trying to open the plugin file ");
|
|
}
|
|
|
|
auto files = new SandboxOpenedFiles();
|
|
files->Add(std::move(plugin));
|
|
files->Add("/dev/urandom", SandboxOpenedFile::Dup::YES);
|
|
+ files->Add("/dev/random", SandboxOpenedFile::Dup::YES);
|
|
files->Add("/etc/ld.so.cache"); // Needed for NSS in clearkey.
|
|
files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
|
|
files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
|
|
files->Add("/proc/cpuinfo"); // Info also available via CPUID instruction.
|
|
files->Add("/proc/sys/crypto/fips_enabled"); // Needed for NSS in clearkey.
|
|
#ifdef __i386__
|
|
files->Add("/proc/self/auxv"); // Info also in process's address space.
|
|
#endif
|
|
diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
|
|
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
|
|
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
|
|
@@ -315,16 +315,18 @@ void SandboxBrokerPolicyFactory::InitCon
|
|
policy->AddDir(rdwr, "/dev/dri");
|
|
}
|
|
|
|
// Bug 1575985: WASM library sandbox needs RW access to /dev/null
|
|
policy->AddPath(rdwr, "/dev/null");
|
|
|
|
// Read permissions
|
|
policy->AddPath(rdonly, "/dev/urandom");
|
|
+ policy->AddPath(rdonly, "/dev/random");
|
|
+ policy->AddPath(rdonly, "/proc/sys/crypto/fips_enabled");
|
|
policy->AddPath(rdonly, "/proc/cpuinfo");
|
|
policy->AddPath(rdonly, "/proc/meminfo");
|
|
policy->AddDir(rdonly, "/sys/devices/cpu");
|
|
policy->AddDir(rdonly, "/sys/devices/system/cpu");
|
|
policy->AddDir(rdonly, "/lib");
|
|
policy->AddDir(rdonly, "/lib64");
|
|
policy->AddDir(rdonly, "/usr/lib");
|
|
policy->AddDir(rdonly, "/usr/lib32");
|