Revisions of MozillaFirefox
Björn Bidar (Thaodan)
committed
(revision 43)
- Mozilla Firefox 125.0.3
* Fixed: Fixed an extra blank tab with an address of
`https://0.0.0.1` sometimes appearing when attempting to
launch Firefox when it is already running (bmo#1892612).
* Fixed: Fixed an issue that could cause incorrect font
selection in some situations for users with the Japanese
locale set (bmo#1892363).
* Fixed: Fixed text corruption when dragging text containing
unicode characters on Linux systems (bmo#1888202).
* Fixed: Fixed a correctness error when checking
`arguments.length` (and not using arguments otherwise) inside
of a generator or async function (bmo#1892699).
* Fixed: Fixed an issue that could lead to inconsistent focus
handling of `<select>` elements when opened (bmo#1893177).
- Fix build on Leap by requiring gcc13 which has been made available
as an update.
- Mozilla Firefox 125.0.2
* The 125.0 and 125.0.1 releases were skipped due to problems
with a feature that proactively blocked downloads from
potentially untrustworthy URLs.
* New: Firefox now supports the AV1 codec for Encrypted Media
Extensions (EME), enabling higher-quality playback from video
streaming providers
* New: The Firefox PDF viewer now supports text highlighting.
* New: Firefox View now displays pinned tabs in the Open tabs
section. Tab indicators have also been added to Open tabs, so
users can do things like see which tabs are playing media and
quickly mute or unmute across windows. Indicators were also
added for bookmarks, tabs with notifications, and more!
their addresses upon submitting an address form, allowing
Firefox to autofill stored address information in the future.
* New: The URL Paste Suggestion feature provides a convenient
way for users to quickly visit URLs copied to the clipboard
in the address bar of Firefox. When the clipboard contains a
URL and the URL bar is focused, an autocomplete result
appears automatically. Activating the clipboard suggestion
will navigate the user to the URL with 1 click.
* New: Users of tab-specific Container add-ons can now search
in the Address Bar for tabs that are open in different
containers. Special thanks to volunteer contributor atararx
for kicking off the work on this feature!
* New: Firefox now provides an option to enable Web Proxy Auto-
Discovery (WPAD) while configured to use system proxy
settings.
* Changed: In a group of radio buttons where no option is
selected, the tab key now only reaches the first option
rather than cycling through all available options. The arrow
keys navigate between options as they do when there is a
selected option. This makes keyboard navigation more
efficient and consistent
* HTML5: Firefox now supports the `popover` global attribute
used for designating an element as a popover element. The
element won't be rendered until it is made visible, after
which it will appear on top of other page content.
* HTML5: WebAssembly multi-memory is now enabled by default.
Wasm multi-memory allows wasm modules to use and import
multiple independent linear memories. This enables more
efficient interoperability between modules and provides
better polyfills for upcoming wasm standards, such as the
component model.
* HTML5: Added support for Unicode Text Segmentation to
JavaScript.
* HTML5: Added support for `contextlost` and `contextrestored`
events on HTMLCanvasElement and OffscreenCanvas to allow user
code to recover from context loss with hardware accelerated
2d canvas.
* HTML5: Firefox now supports the
`navigator.clipboard.readText()` web API. A paste context
menu will appear for the user to confirm when attempting to
read clipboard data not provided by the same-origin page.
* HTML5: Added support for the `content-box` and `stroke-box`
keywords of the `transform-box` CSS property.
* HTML5: The `align-content` property now works in block
layout, allowing block direction alignment without needing a
flex or grid container.
* HTML5: Support for `SVGAElement.text` was removed in favor of
the more widely-implemented `SVGAElement.textContent` method.
* Developer: Following several requests, we have reintroduced
the option to disable the Pause Debugger Overlay
(`devtools.debugger.features.overlay`). This overlay appears
over the page content when the debugger pauses JavaScript
execution. In certain scenarios, the overlay can be
intrusive, making it challenging to interact with the page,
for instance, evaluating shades of color underneath.
* Developer: We've added a new drop-down menu button at the
bottom of the source view in the Debugger panel, specifically
designed for Source Map related actions. Users can now easily
disable or enable Source Maps support, open the Source Map
file in a new tab, switch between the original source and the
generated bundle, toggle the "open original source by
default" option, and view the Source Map status such as
errors, loading status, etc.
MFSA 2024-18 (bsc#1221327)
* CVE-2024-3852 (bmo#1883542)
GetBoundName in the JIT returned the wrong object
* CVE-2024-3853 (bmo#1884427)
Use-after-free if garbage collection runs during realm
initialization
* CVE-2024-3854 (bmo#1884552)
Out-of-bounds-read after mis-optimized switch statement
* CVE-2024-3855 (bmo#1885828)
Incorrect JIT optimization of MSubstr leads to out-of-bounds
reads
* CVE-2024-3856 (bmo#1885829)
Use-after-free in WASM garbage collection
* CVE-2024-3857 (bmo#1886683)
Incorrect JITting of arguments led to use-after-free during
garbage collection
* CVE-2024-3858 (bmo#1888892)
Corrupt pointer dereference in
js::CheckTracedThing<js::Shape>
* CVE-2024-3859 (bmo#1874489)
Integer-overflow led to out-of-bounds-read in the OpenType
sanitizer
* CVE-2024-3860 (bmo#1881417)
Crash when tracing empty shape lists
* CVE-2024-3861 (bmo#1883158)
Potential use-after-free due to AlignedBuffer self-move
* CVE-2024-3862 (bmo#1884457)
Potential use of uninitialized memory in MarkStack assignment
operator on self-assignment
* CVE-2024-3863 (bmo#1885855)
Download Protections were bypassed by .xrm-ms files on
Windows
* CVE-2024-3302 (bmo#1881183,
bmo#https://kb.cert.org/vuls/id/421644)
Denial of Service using HTTP/2 CONTINUATION frames
* CVE-2024-3864 (bmo#1888333)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10
* CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359,
bmo#1889049)
Memory safety bugs fixed in Firefox 125
- requires
NSS 3.99
rust 1.76
- add mozilla-libproxy-fix.patch to fix with-libproxy build variant
- Mozilla Firefox 124.0.2
https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/
* Fixed an issue where users with a large amount of bookmarks would
be unable to restore a bookmarks backup. (bmo#1884308)
* Fixed an issue that would cause open Firefox windows
to go blank or crash during video playback on sites such as
Netflix. (bmo#1883932)
* Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
* Fixed an issue where some users experienced difficulties loading
webpages due to changes made to the default AppArmor configuration
shipping in Ubuntu 24.04. (bmo#1884347)
Björn Bidar (Thaodan)
committed
(revision 41)
- Mozilla Firefox 124.0.1
https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
MFSA 2024-15 (bsc#1221850)
* CVE-2024-29943 (bmo#1886849)
Out-of-bounds access via Range Analysis bypass
* CVE-2024-29944 (bmo#1886852)
Privileged JavaScript Execution via Event Handlers
Mozilla Firefox 124.0
https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
MFSA 2024-12 (bsc#1221327)
* CVE-2024-2605 (bmo#1872920)
Windows Error Reporter could be used as a Sandbox escape vector
* CVE-2024-2606 (bmo#1879237)
Mishandling of WASM register values
* CVE-2024-2607 (bmo#1879939)
JIT code failed to save return registers on Armv7-A
* CVE-2024-2608 (bmo#1880692)
Integer overflow could have led to out of bounds write
* CVE-2023-5388 (bmo#1780432)
NSS susceptible to timing attack against RSA decryption
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-2610 (bmo#1871112)
Improper handling of html and body tags enabled CSP nonce leakage
* CVE-2024-2611 (bmo#1876675)
Clickjacking vulnerability could have led to a user accidentally
granting permissions
* CVE-2024-2612 (bmo#1879444)
Self referencing object could have potentially led to a use-
after-free
* CVE-2024-2613 (bmo#1875701)
Improper handling of QUIC ACK frame data could have led to OOM
* CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
and Thunderbird 115.9
* CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438)
Memory safety bugs fixed in Firefox 124
- requires
NSS = 3.98
rust-cbindgen >= 0.26
Björn Bidar (Thaodan)
committed
(revision 38)
- Mozilla Firefox 123.0.1
* Fixed the *Firefox Translation* language indicator in the
address bar displaying a colored square icon instead of the
language code icon. (bmo#1879415)
* Fixed a regression with the `onChange` event not firing when
clearing the value of a `textarea` HTML field.
(bmo#1881457)
* Fixed a regression in the JavaScript JIT engine incorrectly
inlining strings in some cases. (bmo#1882386)
* Fixed: Fixed low contrast of text when selecting rows in the
Developer tools' Storage panel. (bmo#1877090)
- Mozilla Firefox 123.0
https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
MFSA 2024-05 (bsc#1220048)
* CVE-2024-1546 (bmo#1843752)
Out-of-bounds memory read in networking channels
* CVE-2024-1547 (bmo#1877879)
Alert dialog could have been spoofed on another site
* CVE-2024-1554 (bmo#1816390)
fetch could be used to effect cache poisoning
* CVE-2024-1548 (bmo#1832627)
Fullscreen Notification could have been hidden by select element
* CVE-2024-1549 (bmo#1833814)
Custom cursor could obscure the permission dialog
* CVE-2024-1550 (bmo#1860065)
Mouse cursor re-positioned unexpectedly could have led to
unintended permission grants
* CVE-2024-1551 (bmo#1864385)
Multipart HTTP Responses would accept the Set-Cookie header
in response parts
* CVE-2024-1555 (bmo#1873223)
SameSite cookies were not properly respected when opening a
website from an external browser
* CVE-2024-1556 (bmo#1870414)
Invalid memory access in the built-in profiler
* CVE-2024-1552 (bmo#1874502)
Incorrect code generation on 32-bit ARM devices
* CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
bmo#1878286)
Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8,
and Thunderbird 115.8
* CVE-2024-1557 (bmo#1746471, bmo#1848829, bmo#1864011, bmo#1869175,
bmo#1869455, bmo#1869938, bmo#1871606)
Memory safety bugs fixed in Firefox 123
- requires NSS 3.97
- Mozilla Firefox 122.0.1
https://www.mozilla.org/en-US/firefox/122.0.1/releasenotes/
* Fixed the Library and Sidebar context menus only displaying
Multi-Account Containers icons in the "Open in New Container
Tab" menu. (bmo#1876518)
* Fixed an issue when clicking the Dismiss button in
notification pop-ups on Windows causing a webpage in a new tab.
(bmo#1848801)
* Fixed the yaru-remix system theme not applying correctly on
Linux. (bmo#1877002)
* Fixed adding an extra new line to a rule in the Developer
Tools' Inspector when copying it to the clipboard.
(bmo#1876220)
* Rolled back a keyboard behavior change made to the Developer
Tools' Rules view when validating a property name or input with
the Enter key.
This moves the focus to the next input, as was the behavior
in Firefox 121. (bmo#1877457)
- Recommend libfido2-udev on codestreams that exist, in order to try
to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)
- Fix file list
- Mozilla Firefox 122.0
https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
MFSA 2024-01 (bsc#1218955)
* CVE-2024-0741 (bmo#1864587)
Out of bounds write in ANGLE
* CVE-2024-0742 (bmo#1867152)
Failure to update user input timestamp
* CVE-2024-0743 (bmo#1867408)
Crash in NSS TLS method
* CVE-2024-0744 (bmo#1871089)
Wild pointer dereference in JavaScript
* CVE-2024-0745 (bmo#1871838)
Stack buffer overflow in WebAudio
* CVE-2024-0746 (bmo#1660223)
Crash when listing printers on Linux
* CVE-2024-0747 (bmo#1764343)
Bypass of Content Security Policy when directive unsafe-inline was set
* CVE-2024-0748 (bmo#1783504)
Compromised content process could modify document URI
* CVE-2024-0749 (bmo#1813463)
Phishing site popup could show local origin in address bar
* CVE-2024-0750 (bmo#1863083)
Potential permissions request bypass via clickjacking
* CVE-2024-0751 (bmo#1865689)
Privilege escalation through devtools
* CVE-2024-0752 (bmo#1866840)
Use-after-free could occur when applying update on macOS
* CVE-2024-0753 (bmo#1870262)
HSTS policy on subdomain could bypass policy of upper domain
* CVE-2024-0754 (bmo#1871605)
Crash when using some WASM files in devtools
* CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
and Thunderbird 115.7
- requires NSS 3.96.1
- rebased patches
- Mozilla Firefox 121.0.1
* Fixed unexpected line wrapping in some CJK contexts caused by
changes in ideographic space handling. bmo#1870973)
* Fixed a hang when loading sites containing column-based
layouts under some circumstances. bmo#1867784)
* Fixed missing rounded corners for videos playing over another
video. bmo#1869994)
* Fixed Firefox not closing properly and other applications being
unable to use a USB security key after being previously used
during a Firefox session. bmo#1863135)
Björn Bidar (Thaodan)
committed
(revision 36)
- Mozilla Firefox 121.0
https://www.mozilla.org/en-US/firefox/121.0/releasenotes
MFSA 2023-56 (bsc#1217974)
* CVE-2023-6856 (bmo#1843782)
Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
* CVE-2023-6135 (bmo#1853908)
NSS susceptible to "Minerva" attack
* CVE-2023-6865 (bmo#1864123)
Potential exposure of uninitialized data in EncryptingOutputStream
* CVE-2023-6857 (bmo#1796023)
Symlinks may resolve to smaller than expected buffers
* CVE-2023-6858 (bmo#1826791)
Heap buffer overflow in nsTextFragment
* CVE-2023-6859 (bmo#1840144)
Use-after-free in PR_GetIdentitiesLayer
* CVE-2023-6866 (bmo#1849037)
TypedArrays lack sufficient exception handling
* CVE-2023-6860 (bmo#1854669)
Potential sandbox escape due to VideoBridge lack of texture
validation
* CVE-2023-6867 (bmo#1863863)
Clickjacking permission prompts using the popup transition
* CVE-2023-6861 (bmo#1864118)
Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
* CVE-2023-6868 (bmo#1865488)
WebPush requests on Firefox for Android did not require VAPID key
* CVE-2023-6869 (bmo#1799036)
Content can paint outside of sandboxed iframe
* CVE-2023-6870 (bmo#1823316)
Android Toast notifications may obscure fullscreen event
notifications
* CVE-2023-6871 (bmo#1828334)
Lack of protocol handler warning in some instances
* CVE-2023-6872 (bmo#1849186)
Browsing history leaked to syslogs via GNOME
* CVE-2023-6863 (bmo#1868901)
Undefined behavior in ShutdownObserver()
* CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328, bmo#1856090,
bmo#1858033, bmo#1858509, bmo#1862777, bmo#1864015)
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
and Thunderbird 115.6
* CVE-2023-6873 (bmo#1855327, bmo#1862089, bmo#1862723)
Memory safety bugs fixed in Firefox 121
- requires NSS 3.95
Björn Bidar (Thaodan)
committed
(revision 32)
- Mozilla Firefox 120.0.1 (boo#1217910)
* Fixed a bug that was causing persistent startup slowdowns
(bmo#1867095)
* Fixed an issue that was causing 100% CPU usage on sites such as
Google Maps. (bmo#1866409)
* Fixed an issue that was causing YouTube videos to show a green
screen when hardware acceleration was enabled. (bmo#1865928)
* Fixed an issue where the status bar was still visible when
viewing fullscreen video. (bmo#1853896)
* Fixed a startup crash affecting Linux users on some aarch64
systems with page sizes other than 4KB. (bmo#1866025)
- Mozilla Firefox 120.0
https://www.mozilla.org/en-US/firefox/120.0/releasenotes
MFSA 2023-49 (bsc#1217230)
* CVE-2023-6204 (bmo#1841050)
Out-of-bound memory access in WebGL2 blitFramebuffer
* CVE-2023-6205 (bmo#1854076)
Use-after-free in MessagePort::Entangled
* CVE-2023-6206 (bmo#1857430)
Clickjacking permission prompts using the fullscreen
transition
* CVE-2023-6207 (bmo#1861344)
Use-after-free in ReadableByteStreamQueueEntry::Buffer
* CVE-2023-6208 (bmo#1855345)
Using Selection API would copy contents into X11 primary
selection.
* CVE-2023-6209 (bmo#1858570)
Incorrect parsing of relative URLs starting with "///"
* CVE-2023-6210 (bmo#1801501)
Mixed-content resources not blocked in a javascript: pop-up
* CVE-2023-6211 (bmo#1850200)
Clickjacking to load insecure pages in HTTPS-only mode
* CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
bmo#1862782)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
and Thunderbird 115.5
* CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
Memory safety bugs fixed in Firefox 120
- rebased patches
- Mozilla Firefox 119.0.1
* Fixed a bug causing colors in the <select> HTML element to not
be applied to dropdown menu arrows (bmo#1861253)
* Fixed a bug with the <input> HTML element state not changing
when dynamically updating the `disabled` attribute on an
ancestor <fieldset> (bmo#1861027)
* Fixed a bug causing elements with the indeterminate CSS
selector in a radio group to not update (bmo#1861346)
Björn Bidar (Thaodan)
committed
(revision 31)
generate patches, add script to generate patches from git
Björn Bidar (Thaodan)
committed
(revision 30)
- Mozilla Firefox 118.0.2
* Fix games not loading on betsoft.com (bmo#1856145)
* Fix printing issues for some SVG images (bmo#1853727)
* Fix CORS XHR with authentication no longer working (bmo#1855650)
* Fix h264 WebRTC video not working in some contexts (bmo#1855636)
* Fix Firefox Translations not working on some pages
(bmo#1841656, bmo#1855307)
* Stability fixes (bmo#1851991, bmo#1799326, bmo#1856637)
- Activate KDE integration again, included rebased and updated patches
(upstream removed special files handling for preferences but that
has no effect since we haven't shipped obsolete kde.js for a while)
(boo#1216027)
Björn Bidar (Thaodan)
committed
(revision 28)
- Mozilla Firefox 118.0.1
MFSA 2023-44 (bsc#1215814)
* CVE-2023-5217 (bmo#1855550),
Heap buffer overflow in libvpx
- Mozilla Firefox 118.0
MFSA 2023-41 (bsc#1215575)
* CVE-2023-5168 (bmo#1846683)
Out-of-bounds write in FilterNodeD2D1
* CVE-2023-5169 (bmo#1846685)
Out-of-bounds write in PathOps
* CVE-2023-5170 (bmo#1846686)
Memory leak from a privileged process
* CVE-2023-5171 (bmo#1851599)
Use-after-free in Ion Compiler
* CVE-2023-5172 (bmo#1852218)
Memory Corruption in Ion Hints
* CVE-2023-5173 (bmo#1823172)
Out-of-bounds write in HTTP Alternate Services
* CVE-2023-5174 (bmo#1848454)
Double-free in process spawning on Windows
* CVE-2023-5175 (bmo#1849704)
Use-after-free of ImageBitmap during process shutdown
* CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
and Thunderbird 115.3
- requires NSS 3.93
- deactivated KDE integration temporarily
(removed mozilla-kde.patch and firefox-kde.patch for now)
Björn Bidar (Thaodan)
committed
(revision 27)
Automaticly detect if code cacheing is enabled in the builder
Displaying revisions 1 - 20 of 43
