Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 1103536
from
Wolfgang Rosenauer (wrosenauer)
(revision 406)
- Mozilla Firefox 116.0.2 * fixes for other platforms - Fix OOM when linking on 32-bit - Mozilla Firefox 116.0.1 * fixes for other platforms - ship vaapitest binary for supported archs - re-enable ppc64le - ship v4l2test binary for supported archs - drop obsolete mozilla-bmo1775202.patch - Mozilla Firefox 116.0 * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/ MFSA 2023-29 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4051 (bmo#1821884)
Dominique Leuenberger (dimstar_suse)
accepted
request 1101322
from
Wolfgang Rosenauer (wrosenauer)
(revision 405)
Dominique Leuenberger (dimstar_suse)
accepted
request 1098544
from
Wolfgang Rosenauer (wrosenauer)
(revision 404)
- Mozilla Firefox 115.0.2 * Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) * Fixed a bug with broken audio rendering on some websites (bmo#1841982) * Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) MFSA 2023-26 (bsc#1213230) * CVE-2023-3600 (bmo#1839703) Use-after-free in workers
Dominique Leuenberger (dimstar_suse)
accepted
request 1097630
from
Wolfgang Rosenauer (wrosenauer)
(revision 403)
Fabian Vogt (favogt_factory)
accepted
request 1097019
from
Wolfgang Rosenauer (wrosenauer)
(revision 402)
- Mozilla Firefox 115.0 * Support for importing payment methods saved in Chrome-based browser * Hardware video decoding is now enabled for Intel GPUs on Linux * The Tab Manager dropdown now features close buttons, so tabs can be closed more quickly * Streamlined the user interface for importing data in from other browsers * Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback. * Undo and redo are now available in Password fields * Changed: On Linux, middle clicks on the new tab button will now open the xclipboard contents in the new tab. If the xclipboard content is a URL then that URL is opened, any other text is opened with your default search provider. * Changed: For users with a Firefox Colorways built-in theme, the theme will be automatically migrated to the same theme hosted on addons.mozilla.org for Firefox profiles that have disabled add-ons auto-updates. This will allow users to keep their Colorways theme when they are later removed from Firefox installer files. * Changed: Certain Firefox users may come across a message in the extensions panel indicating that their add-ons are not allowed on the site currently open. We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns. * HTML5: The builtin editor now behaves similarly to other browsers with `contenteditable` and `designMode` when splitting a node, e.g. typing Enter to split a paragraph, and also when joining two nodes, e.g. typing Backspace at the start of a paragraph to join the paragraph and the previous
Dominique Leuenberger (dimstar_suse)
accepted
request 1094241
from
Wolfgang Rosenauer (wrosenauer)
(revision 401)
Dominique Leuenberger (dimstar_suse)
accepted
request 1092022
from
Wolfgang Rosenauer (wrosenauer)
(revision 400)
Dominique Leuenberger (dimstar_suse)
accepted
request 1089039
from
Wolfgang Rosenauer (wrosenauer)
(revision 399)
Dominique Leuenberger (dimstar_suse)
accepted
request 1087124
from
Wolfgang Rosenauer (wrosenauer)
(revision 398)
Dominique Leuenberger (dimstar_suse)
accepted
request 1085989
from
Wolfgang Rosenauer (wrosenauer)
(revision 397)
- Mozilla Firefox 113.0 * https://www.mozilla.org/en-US/firefox/113.0/releasenotes MFSA 2023-16 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32208 (bmo#1646034) Leak of script base URL in service workers via import() * CVE-2023-32209 (bmo#1767194) Persistent DoS via favicon image * CVE-2023-32210 (bmo#1776755) Incorrect principal object ordering * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796) Race condition in dav1d decoding * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987,
Dominique Leuenberger (dimstar_suse)
accepted
request 1085402
from
Wolfgang Rosenauer (wrosenauer)
(revision 396)
Dominique Leuenberger (dimstar_suse)
accepted
request 1082809
from
Wolfgang Rosenauer (wrosenauer)
(revision 395)
Dominique Leuenberger (dimstar_suse)
accepted
request 1080954
from
Wolfgang Rosenauer (wrosenauer)
(revision 394)
Dominique Leuenberger (dimstar_suse)
accepted
request 1078521
from
Wolfgang Rosenauer (wrosenauer)
(revision 393)
- Mozilla Firefox 112.0 * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/ MFSA 2023-13 (bsc#1210212) * CVE-2023-29531 (bmo#1794292) Out-of-bound memory access in WebGL on macOS * CVE-2023-29532 (bmo#1806394) Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533 (bmo#1798219, bmo#1814597) Fullscreen notification obscured * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576, bmo#1821906, bmo#1822298, bmo#1822305) Fullscreen notification could have been obscured on Firefox for Android * MFSA-TMP-2023-0001 (bmo#1819244) Double-free in libwebp * CVE-2023-29535 (bmo#1820543) Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536 (bmo#1821959) Invalid free from JavaScript code * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569) Data Races in font initialization code * CVE-2023-29538 (bmo#1685403) Directory information could have been leaked to WebExtensions * CVE-2023-29539 (bmo#1784348) Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29540 (bmo#1790542) Iframe sandbox bypass using redirects and sourceMappingUrls * CVE-2023-29541 (bmo#1810191) Files with malicious extensions could have been downloaded
Dominique Leuenberger (dimstar_suse)
accepted
request 1077029
from
Factory Maintainer (factory-maintainer)
(revision 392)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 1070344
from
Wolfgang Rosenauer (wrosenauer)
(revision 391)
- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch. - Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch) - Mozilla Firefox 110.0.1 (boo#1208886) Digital ID in Denmark (bmo#1819096)
Dominique Leuenberger (dimstar_suse)
accepted
request 1069866
from
Wolfgang Rosenauer (wrosenauer)
(revision 390)
Dominique Leuenberger (dimstar_suse)
accepted
request 1069444
from
Wolfgang Rosenauer (wrosenauer)
(revision 389)
Dominique Leuenberger (dimstar_suse)
accepted
request 1062544
from
Wolfgang Rosenauer (wrosenauer)
(revision 388)
Dominique Leuenberger (dimstar_suse)
accepted
request 1059273
from
Wolfgang Rosenauer (wrosenauer)
(revision 387)
- Mozilla Firefox 109.0 MFSA 2023-01 (bsc#1207119) * CVE-2023-23597 (bmo#1538028) Logic bug in process allocation allowed to read arbitrary files * CVE-2023-23598 (bmo#1800425) Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599 (bmo#1777800) Malicious command could be hidden in devtools output on Windows * CVE-2023-23600 (bmo#1787034) Notification permissions persisted between Normal and Private Browsing on Android * CVE-2023-23601 (bmo#1794268) URL being dragged from cross-origin iframe into same tab triggers navigation * CVE-2023-23602 (bmo#1800890) Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers * CVE-2023-23603 (bmo#1800832) Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive * CVE-2023-23604 (bmo#1802346) Creation of duplicate <code>SystemPrincipal</code> from less secure contexts * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974) Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201, bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393, bmo#1804626, bmo#1804971, bmo#1807004)
Displaying revisions 21 - 40 of 426