Revisions of firefox115esr
Wolfgang Rosenauer (wrosenauer)
accepted
request 1174125
from
Manfred Hollstein (manfred-h)
(revision 36)
* CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4777 (bmo#1878199, bmo#1893340) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
Wolfgang Rosenauer (wrosenauer)
accepted
request 1173905
from
Manfred Hollstein (manfred-h)
(revision 35)
- Mozilla Firefox ESR 115.11.0 https://www.mozilla.org/security/advisories/mfsa2024-22/ MFSA 2024-22 (boo#???????)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1169327
from
Manfred Hollstein (manfred-h)
(revision 34)
bsc#1222535 added
Wolfgang Rosenauer (wrosenauer)
accepted
request 1168406
from
Manfred Hollstein (manfred-h)
(revision 33)
- Mozilla Firefox ESR 115.10.0 https://www.mozilla.org/security/advisories/mfsa2024-19/ MFSA 2024-19 (boo#???????) * CVE-2024-3852 (bmo#1883542) GetBoundName in the JIT returned the wrong object * CVE-2024-3854 (bmo#1884552) Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857 (bmo#1886683) Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-3859 (bmo#1874489) Integer-overflow led to out-of-bounds-read in the OpenType sanitizer * CVE-2024-3861 (bmo#1883158) Potential use-after-free due to AlignedBuffer self-move * CVE-2024-3863 (bmo#1885855) Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302 (bmo#1881183, bmo#https://kb.cert.org/vuls/id/421644) Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864 (bmo#1888333) Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Wolfgang Rosenauer (wrosenauer)
accepted
request 1167992
from
Manfred Hollstein (manfred-h)
(revision 32)
- Mozilla Firefox ESR 115.10.0 https://www.mozilla.org/security/advisories/mfsa2024-19/ MFSA 2024-19 (boo#???????)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1163478
from
Manfred Hollstein (manfred-h)
(revision 31)
- Mozilla Firefox ESR 115.9.1 https://www.mozilla.org/security/advisories/mfsa2024-16/ MFSA 2024-16 (boo#1221850)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1160722
from
Manfred Hollstein (manfred-h)
(revision 30)
- Mozilla Firefox ESR 115.9.1 https://www.mozilla.org/security/advisories/mfsa2024-16/ MFSA 2024-16 (boo#???????) * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers
Wolfgang Rosenauer (wrosenauer)
accepted
request 1160703
from
Manfred Hollstein (manfred-h)
(revision 29)
- Mozilla Firefox ESR 115.9.1 https://www.mozilla.org/security/advisories/mfsa2024-16/ MFSA 2024-16 (boo#???????)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1159853
from
Manfred Hollstein (manfred-h)
(revision 28)
- LLVM18 breaks building Firefox ESR on Tumbleweed; add * mozilla-fix-issues-with-llvm18.patch - Mozilla Firefox ESR 115.9.0 https://www.mozilla.org/security/advisories/mfsa2024-13/ MFSA 2024-13 (boo#???????) * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2024-2616 (bmo#1846197) Improve handling of out-of-memory conditions in ICU * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Wolfgang Rosenauer (wrosenauer)
accepted
request 1148310
from
Manfred Hollstein (manfred-h)
(revision 27)
- Mozilla Firefox ESR 115.8.0 https://www.mozilla.org/security/advisories/mfsa2024-06/ MFSA 2024-06 (boo#1220048) * CVE-2024-1546 (bmo#1843752) Out-of-bounds memory read in networking channels * CVE-2024-1547 (bmo#1877879) Alert dialog could have been spoofed on another site * CVE-2024-1548 (bmo#1832627) Fullscreen Notification could have been hidden by select element * CVE-2024-1549 (bmo#1833814) Custom cursor could obscure the permission dialog * CVE-2024-1550 (bmo#1860065) Mouse cursor re-positioned unexpectedly could have led to unintended permission grants * CVE-2024-1551 (bmo#1864385) Multipart HTTP Responses would accept the Set-Cookie header in response parts * CVE-2024-1552 (bmo#1874502) Incorrect code generation on 32-bit ARM devices * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296, bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080, bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211, bmo#1878286) Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
Wolfgang Rosenauer (wrosenauer)
accepted
request 1141010
from
Manfred Hollstein (manfred-h)
(revision 26)
- Mozilla Firefox ESR 115.7.0 https://www.mozilla.org/security/advisories/mfsa2024-02/ MFSA 2024-02 (bsc#???????) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe- inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
Wolfgang Rosenauer (wrosenauer)
accepted
request 1140789
from
Manfred Hollstein (manfred-h)
(revision 25)
- Mozilla Firefox ESR 115.7.0 https://www.mozilla.org/security/advisories/mfsa2024-??/ MFSA 2024-?? (bsc#???????)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1134098
from
Manfred Hollstein (manfred-h)
(revision 24)
- Mozilla Firefox ESR 115.6.0 https://www.mozilla.org/security/advisories/mfsa2023-54/ MFSA 2023-54 (bsc#1217974) * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6865 (bmo#1864123) Potential exposure of uninitialized data in EncryptingOutputStream * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6867 (bmo#1863863) Clickjacking permission prompts using the popup transition * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6862 (bmo#1868042) Use-after-free in nsDNSService * CVE-2023-6863 (bmo#1868901) Undefined behavior in ShutdownObserver() * CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328, bmo#1856090, bmo#1858033, bmo#1858509, bmo#1862089, bmo#1862777, bmo#1864015) Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
Wolfgang Rosenauer (wrosenauer)
accepted
request 1133886
from
Manfred Hollstein (manfred-h)
(revision 23)
- Mozilla Firefox ESR 115.6.0 https://www.mozilla.org/security/advisories/mfsa2023-54/ MFSA 2023-54 (bsc#1217974)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1127928
from
Manfred Hollstein (manfred-h)
(revision 22)
- Mozilla Firefox ESR 115.5.0 MFSA 2023-50 (boo#???????) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Wolfgang Rosenauer (wrosenauer)
accepted
request 1127732
from
Manfred Hollstein (manfred-h)
(revision 21)
- Mozilla Firefox ESR 115.5.0 MFSA 2023-?? (boo#???????)
Wolfgang Rosenauer (wrosenauer)
accepted
request 1120021
from
Manfred Hollstein (manfred-h)
(revision 20)
- Mozilla Firefox ESR 115.4.0 MFSA 2023-46 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5732 (bmo#1690979) Address bar spoofing via bidirectional characters * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 - Remove mozilla-bmo1846703.patch as it has been fixed upstream
Wolfgang Rosenauer (wrosenauer)
accepted
request 1119690
from
Manfred Hollstein (manfred-h)
(revision 19)
- Mozilla Firefox ESR 115.4.0 MFSA 2023-?? (bsc#???????) - Remove mozilla-bmo1846703.patch as it has been fixed upstream
Wolfgang Rosenauer (wrosenauer)
accepted
request 1114626
from
Andreas Stieger (AndreasStieger)
(revision 18)
add some bugzilla references
Wolfgang Rosenauer (wrosenauer)
accepted
request 1114148
from
Manfred Hollstein (manfred-h)
(revision 17)
- Mozilla Firefox ESR 115.3.1 MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx - Add mozilla-bmo1846703.patch
Displaying revisions 1 - 20 of 36