Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaFirefox

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1169983 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 425) 
- Mozilla Firefox 125.0.2
  * The 125.0 and 125.0.1 releases were skipped due to problems with a
    feature that proactively blocked downloads from potentially
    untrustworthy URLs
  * New: Firefox now supports the AV1 codec for Encrypted Media
    Extensions (EME), enabling higher-quality playback from video
    streaming providers
  * New: The Firefox PDF viewer now supports text highlighting.
  * New: Firefox View now displays pinned tabs in the Open tabs
    section. Tab indicators have also been added to Open tabs, so
    users can do things like see which tabs are playing media and
    quickly mute or unmute across windows. Indicators were also
    added for bookmarks, tabs with notifications, and more!
    their addresses upon submitting an address form, allowing
    Firefox to autofill stored address information in the future.
  * New: The URL Paste Suggestion feature provides a convenient
    way for users to quickly visit URLs copied to the clipboard
    in the address bar of Firefox. When the clipboard contains a
    URL and the URL bar is focused, an autocomplete result
    appears automatically. Activating the clipboard suggestion
    will navigate the user to the URL with 1 click.
  * New: Users of tab-specific Container add-ons can now search
    in the Address Bar for tabs that are open in different
    containers. Special thanks to volunteer contributor atararx
    for kicking off the work on this feature!
  * New: Firefox now provides an option to enable Web Proxy Auto-
    Discovery (WPAD) while configured to use system proxy
    settings.
  * Changed: In a group of radio buttons where no option is
    selected, the tab key now only reaches the first option
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1164364 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 424) 
- Mozilla Firefox 124.0.2
  https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/
  * Fixed an issue where users with a large amount of bookmarks would
    be unable to restore a bookmarks backup. (bmo#1884308)
  * Fixed an issue that would cause open Firefox windows
    to go blank or crash during video playback on sites such as
    Netflix. (bmo#1883932)
  * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
  * Fixed an issue where some users experienced difficulties loading
    webpages due to changes made to the default AppArmor configuration
    shipping in Ubuntu 24.04. (bmo#1884347)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1160726 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 423) 
- Mozilla Firefox 124.0.1
  https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
  MFSA 2024-15 (bsc#1221850)
  * CVE-2024-29943 (bmo#1886849)
    Out-of-bounds access via Range Analysis bypass
  * CVE-2024-29944 (bmo#1886852)
    Privileged JavaScript Execution via Event Handlers
  Mozilla Firefox 124.0
  https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
  MFSA 2024-12 (bsc#1221327)
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2606 (bmo#1879237)
    Mishandling of WASM register values
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1150527 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 421) 
- Mozilla Firefox 123.0
  https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
  MFSA 2024-05 (bsc#1220048)
  * CVE-2024-1546 (bmo#1843752)
    Out-of-bounds memory read in networking channels
  * CVE-2024-1547 (bmo#1877879)
    Alert dialog could have been spoofed on another site
  * CVE-2024-1554 (bmo#1816390)
    fetch could be used to effect cache poisoning
  * CVE-2024-1548 (bmo#1832627)
    Fullscreen Notification could have been hidden by select element
  * CVE-2024-1549 (bmo#1833814)
    Custom cursor could obscure the permission dialog
  * CVE-2024-1550 (bmo#1860065)
    Mouse cursor re-positioned unexpectedly could have led to
    unintended permission grants
  * CVE-2024-1551 (bmo#1864385)
    Multipart HTTP Responses would accept the Set-Cookie header
    in response parts
  * CVE-2024-1555 (bmo#1873223)
    SameSite cookies were not properly respected when opening a
    website from an external browser
  * CVE-2024-1556 (bmo#1870414)
    Invalid memory access in the built-in profiler
  * CVE-2024-1552 (bmo#1874502)
    Incorrect code generation on 32-bit ARM devices
  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
    bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
    bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
    bmo#1878286)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1141490 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 417) 
- Mozilla Firefox 122.0
  https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
  MFSA 2024-01 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-0744 (bmo#1871089)
    Wild pointer dereference in JavaScript
  * CVE-2024-0745 (bmo#1871838)
    Stack buffer overflow in WebAudio
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0748 (bmo#1783504)
    Compromised content process could modify document URI
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0752 (bmo#1866840)
    Use-after-free could occur when applying update on macOS
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0754 (bmo#1871605)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1134603 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 415) 
- Mozilla Firefox 121.0
  https://www.mozilla.org/en-US/firefox/121.0/releasenotes
  MFSA 2023-56 (bsc#1217974)
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6135 (bmo#1853908)
    NSS susceptible to "Minerva" attack
  * CVE-2023-6865 (bmo#1864123)
    Potential exposure of uninitialized data in EncryptingOutputStream
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6866 (bmo#1849037)
    TypedArrays lack sufficient exception handling
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6867 (bmo#1863863)
    Clickjacking permission prompts using the popup transition
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6868 (bmo#1865488)
    WebPush requests on Firefox for Android did not require VAPID key
  * CVE-2023-6869 (bmo#1799036)
    Content can paint outside of sandboxed iframe
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1129161 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 413) 
- Mozilla Firefox 120.0
  https://www.mozilla.org/en-US/firefox/120.0/releasenotes
  MFSA 2023-49 (bsc#1217230)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen
    transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6210 (bmo#1801501)
    Mixed-content resources not blocked in a javascript: pop-up
  * CVE-2023-6211 (bmo#1850200)
    Clickjacking to load insecure pages in HTTPS-only mode
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
    bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
    bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5
  * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
    Memory safety bugs fixed in Firefox 120
- rebased patches
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1114282 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 410) 
- Mozilla Firefox 118.0.1
  MFSA 2023-44 (bsc#1215814)
  * CVE-2023-5217 (bmo#1855550),
    Heap buffer overflow in libvpx

- Mozilla Firefox 118.0
  MFSA 2023-41 (bsc#1215575)
  * CVE-2023-5168 (bmo#1846683)
    Out-of-bounds write in FilterNodeD2D1
  * CVE-2023-5169 (bmo#1846685)
    Out-of-bounds write in PathOps
  * CVE-2023-5170 (bmo#1846686)
    Memory leak from a privileged process
  * CVE-2023-5171 (bmo#1851599)
    Use-after-free in Ion Compiler
  * CVE-2023-5172 (bmo#1852218)
    Memory Corruption in Ion Hints
  * CVE-2023-5173 (bmo#1823172)
    Out-of-bounds write in HTTP Alternate Services
  * CVE-2023-5174 (bmo#1848454)
    Double-free in process spawning on Windows
  * CVE-2023-5175 (bmo#1849704)
    Use-after-free of ImageBitmap during process shutdown
  * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
    bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
    and Thunderbird 115.3
- requires NSS 3.93
- add mozilla-bmo1822730.patch
- deactivated KDE integration temporarily
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1107944 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 408) 
- Mozilla Firefox 117.0
  https://www.mozilla.org/en-US/firefox/117.0/releasenotes
  MFSA 2023-34 (bsc#1214606)
  * CVE-2023-4573 (bmo#1846687)
    Memory corruption in IPC CanvasTranslator
  * CVE-2023-4574 (bmo#1846688)
    Memory corruption in IPC ColorPickerShownCallback
  * CVE-2023-4575 (bmo#1846689)
    Memory corruption in IPC FilePickerShownCallback
  * CVE-2023-4576 (bmo#1846694)
    Integer Overflow in RecordedSourceSurfaceCreation
  * CVE-2023-4577 (bmo#1847397)
    Memory corruption in JIT UpdateRegExpStatics
  * CVE-2023-4578 (bmo#1839007)
    Error reporting methods in SpiderMonkey could have triggered
    an Out of Memory Exception
  * CVE-2023-4579 (bmo#1842766)
    Persisted search terms were formatted as URLs
  * CVE-2023-4580 (bmo#1843046)
    Push notifications saved to disk unencrypted
  * CVE-2023-4581 (bmo#1843758)
    XLL file extensions were downloadable without warnings
  * CVE-2023-4582 (bmo#1773874)
    Buffer Overflow in WebGL glGetProgramiv
  * CVE-2023-4583 (bmo#1842030)
    Browsing Context potentially not cleared when closing Private
    Window
  * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,
    bmo#1846526, bmo#1847529)
    Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1103536 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 406) 
- Mozilla Firefox 116.0.2
  * fixes for other platforms

- Fix OOM when linking on 32-bit

- Mozilla Firefox 116.0.1
  * fixes for other platforms

- ship vaapitest binary for supported archs

- re-enable ppc64le
- ship v4l2test binary for supported archs
- drop obsolete mozilla-bmo1775202.patch

- Mozilla Firefox 116.0
  * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/
  MFSA 2023-29 (bsc#1213746)
  * CVE-2023-4045 (bmo#1833876)
    Offscreen Canvas could have bypassed cross-origin restrictions
  * CVE-2023-4046 (bmo#1837686)
    Incorrect value used during WASM compilation
  * CVE-2023-4047 (bmo#1839073)
    Potential permissions request bypass via clickjacking
  * CVE-2023-4048 (bmo#1841368)
    Crash in DOMParser due to out-of-memory conditions
  * CVE-2023-4049 (bmo#1842658)
    Fix potential race conditions when releasing platform objects
  * CVE-2023-4050 (bmo#1843038)
    Stack buffer overflow in StorageManager
  * CVE-2023-4051 (bmo#1821884)
Displaying revisions 1 - 20 of 425
openSUSE Build Service is sponsored by
Places