Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaFirefox

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1103536 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 406) 
- Mozilla Firefox 116.0.2
  * fixes for other platforms

- Fix OOM when linking on 32-bit

- Mozilla Firefox 116.0.1
  * fixes for other platforms

- ship vaapitest binary for supported archs

- re-enable ppc64le
- ship v4l2test binary for supported archs
- drop obsolete mozilla-bmo1775202.patch

- Mozilla Firefox 116.0
  * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/
  MFSA 2023-29 (bsc#1213746)
  * CVE-2023-4045 (bmo#1833876)
    Offscreen Canvas could have bypassed cross-origin restrictions
  * CVE-2023-4046 (bmo#1837686)
    Incorrect value used during WASM compilation
  * CVE-2023-4047 (bmo#1839073)
    Potential permissions request bypass via clickjacking
  * CVE-2023-4048 (bmo#1841368)
    Crash in DOMParser due to out-of-memory conditions
  * CVE-2023-4049 (bmo#1842658)
    Fix potential race conditions when releasing platform objects
  * CVE-2023-4050 (bmo#1843038)
    Stack buffer overflow in StorageManager
  * CVE-2023-4051 (bmo#1821884)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1098544 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 404) 
- Mozilla Firefox 115.0.2
  * Fixed a bug with displaying a caret in the text editor on some websites
    (bmo#1840804)
  * Fixed a bug with broken audio rendering on some websites (bmo#1841982)
  * Fixed a bug with patternTransform translate using the wrong units
    (bmo#1840746)
  MFSA 2023-26 (bsc#1213230)
  * CVE-2023-3600 (bmo#1839703)
    Use-after-free in workers
Fabian Vogt's avatar Fabian Vogt (favogt_factory) accepted request 1097019 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 402) 
- Mozilla Firefox 115.0
  * Support for importing payment methods saved in Chrome-based browser
  * Hardware video decoding is now enabled for Intel GPUs on Linux
  * The Tab Manager dropdown now features close buttons, so tabs
    can be closed more quickly
  * Streamlined the user interface for importing data in from other browsers
  * Users without platform support for H264 video decoding can now
    fallback to Cisco's OpenH264 plugin for playback.
  * Undo and redo are now available in Password fields
  * Changed: On Linux, middle clicks on the new tab button will
    now open the xclipboard contents in the new tab. If the
    xclipboard content is a URL then that URL is opened, any
    other text is opened with your default search provider.
  * Changed: For users with a Firefox Colorways built-in theme,
    the theme will be automatically migrated to the same theme
    hosted on addons.mozilla.org for Firefox profiles that have
    disabled add-ons auto-updates. This will allow users to keep
    their Colorways theme when they are later removed from
    Firefox installer files.
  * Changed: Certain Firefox users may come across a message in
    the extensions panel indicating that their add-ons are not
    allowed on the site currently open. We have introduced a new
    back-end feature to only allow some extensions monitored by
    Mozilla to run on specific websites for various reasons,
    including security concerns.
  * HTML5: The builtin editor now behaves similarly to other
    browsers with `contenteditable` and `designMode` when
    splitting a node, e.g. typing Enter to split a paragraph, and
    also when joining two nodes, e.g. typing Backspace at the
    start of a paragraph to join the paragraph and the previous
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1085989 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 397) 
- Mozilla Firefox 113.0
  * https://www.mozilla.org/en-US/firefox/113.0/releasenotes
  MFSA 2023-16 (bsc#1211175)
  * CVE-2023-32205 (bmo#1753339, bmo#1753341)
    Browser prompts could have been obscured by popups
  * CVE-2023-32206 (bmo#1824892)
    Crash in RLBox Expat driver
  * CVE-2023-32207 (bmo#1826116)
    Potential permissions request bypass via clickjacking
  * CVE-2023-32208 (bmo#1646034)
    Leak of script base URL in service workers via import()
  * CVE-2023-32209 (bmo#1767194)
    Persistent DoS via favicon image
  * CVE-2023-32210 (bmo#1776755)
    Incorrect principal object ordering
  * CVE-2023-32211 (bmo#1823379)
    Content process crash due to invalid wasm code
  * CVE-2023-32212 (bmo#1826622)
    Potential spoof due to obscured address bar
  * CVE-2023-32213 (bmo#1826666)
    Potential memory corruption in FileReader::DoReadData()
  * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796)
    Race condition in dav1d decoding
  * CVE-2023-32214 (bmo#1828716)
    Potential DoS via exposed protocol handlers
  * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210,
    bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359,
    bmo#1830186)
    Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
  * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987,
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1078521 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 393) 
- Mozilla Firefox 112.0
  * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
  MFSA 2023-13 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
    bmo#1821906, bmo#1822298, bmo#1822305)
    Fullscreen notification could have been obscured on Firefox
    for Android
  * MFSA-TMP-2023-0001 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
    Data Races in font initialization code
  * CVE-2023-29538 (bmo#1685403)
    Directory information could have been leaked to WebExtensions
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29540 (bmo#1790542)
    Iframe sandbox bypass using redirects and sourceMappingUrls
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1077029 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 392) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1070344 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 391) 
- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.

- Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)
- Mozilla Firefox 110.0.1 (boo#1208886)
    Digital ID in Denmark (bmo#1819096)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1059273 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 387) 
- Mozilla Firefox 109.0
  MFSA 2023-01 (bsc#1207119)
  * CVE-2023-23597 (bmo#1538028)
    Logic bug in process allocation allowed to read arbitrary
    files
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23600 (bmo#1787034)
    Notification permissions persisted between Normal and Private
    Browsing on Android
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23604 (bmo#1802346)
    Creation of duplicate <code>SystemPrincipal</code> from less
    secure contexts
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
    bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
    bmo#1804626, bmo#1804971, bmo#1807004)
Displaying revisions 21 - 40 of 426
openSUSE Build Service is sponsored by
Places