2022-11-21 12:43:47 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 18 18:04:53 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 102.5.0:
|
|
|
|
|
+ Various stability, functionality, and security fixes.
|
|
|
|
|
+ CVE-2022-45403: Service Workers might have learned size of
|
|
|
|
|
cross-origin media files.
|
|
|
|
|
+ CVE-2022-45404: Fullscreen notification bypass.
|
|
|
|
|
+ CVE-2022-45405: Use-after-free in InputStream implementation.
|
|
|
|
|
+ CVE-2022-45406: Use-after-free of a JavaScript Realm.
|
|
|
|
|
+ CVE-2022-45408: Fullscreen notification bypass via windowName.
|
|
|
|
|
+ CVE-2022-45409: Use-after-free in Garbage Collection.
|
|
|
|
|
+ CVE-2022-45410: ServiceWorker-intercepted requests bypassed
|
|
|
|
|
SameSite cookie policy.
|
|
|
|
|
+ CVE-2022-45411: Cross-Site Tracing was possible via
|
|
|
|
|
non-standard override headers.
|
|
|
|
|
+ CVE-2022-45412: Symlinks may resolve to partially uninitialized
|
|
|
|
|
buffers.
|
|
|
|
|
+ CVE-2022-45416: Keystroke Side-Channel Leakage.
|
|
|
|
|
+ CVE-2022-45418: Custom mouse cursor could have been drawn over
|
|
|
|
|
browser UI.
|
|
|
|
|
+ CVE-2022-45420: Iframe contents could be rendered outside the
|
|
|
|
|
iframe.
|
|
|
|
|
+ CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and
|
|
|
|
|
Firefox ESR 102.5.
|
|
|
|
|
|
2022-10-19 13:14:56 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 18 14:14:17 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 102.4.0:
|
|
|
|
|
+ Various stability, functionality, and security fixes.
|
|
|
|
|
+ CVE-2022-42927: Same-origin policy violation could have leaked
|
|
|
|
|
cross-origin URLs.
|
|
|
|
|
+ CVE-2022-42928: Memory Corruption in JS Engine.
|
|
|
|
|
+ CVE-2022-42929: Denial of Service via window.print.
|
|
|
|
|
+ CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and
|
|
|
|
|
Firefox ESR 102.4.
|
|
|
|
|
|
2022-09-27 22:19:05 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 27 14:13:15 UTC 2022 - Fabian Vogt <fvogt@suse.com>
|
|
|
|
|
|
|
|
|
|
- Adjust name of ICU data file to fix build on big-endian platforms
|
|
|
|
|
|
2022-09-20 21:32:28 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 20 07:41:19 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
|
|
|
|
|
|
- Update to version 102.3.0:
|
|
|
|
|
+ Various stability, functionality, and security fixes.
|
2022-10-19 13:14:56 +02:00
|
|
|
+ CVE-2022-3266: Out of bounds read when decoding H264.
|
|
|
|
|
+ CVE-2022-40959: Bypassing FeaturePolicy restrictions on
|
|
|
|
|
transient pages.
|
|
|
|
|
+ CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in
|
|
|
|
|
threads.
|
|
|
|
|
+ CVE-2022-40958: Bypassing Secure Context restriction for
|
|
|
|
|
cookies with __Host and __Secure prefix.
|
|
|
|
|
+ CVE-2022-40956: Content-Security-Policy base-uri bypass.
|
|
|
|
|
+ CVE-2022-40957: Incoherent instruction cache when building WASM
|
|
|
|
|
on ARM64.
|
|
|
|
|
+ CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and
|
|
|
|
|
Firefox ESR 102.3.
|
2022-09-20 21:32:28 +02:00
|
|
|
|
2022-09-09 19:53:20 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 26 18:08:37 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
|
|
|
|
|
|
- Initial packaging for openSUSE.
|
