Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 1056394
from
Wolfgang Rosenauer (wrosenauer)
(revision 386)
Dominique Leuenberger (dimstar_suse)
accepted
request 1044163
from
Wolfgang Rosenauer (wrosenauer)
(revision 385)
- add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)
Dominique Leuenberger (dimstar_suse)
accepted
request 1043934
from
Wolfgang Rosenauer (wrosenauer)
(revision 384)
- Mozilla Firefox 108.0.1 (boo#1206507) * Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location - Mozilla Firefox 108.0 https://www.mozilla.org/en-US/firefox/108.0/releasenotes/ MFSA 2022-51 (bsc#1206242) * CVE-2022-46871 (bmo#1795697) libusrsctp library out of date * CVE-2022-46872 (bmo#1799156) Arbitrary file read from a compromised content process * CVE-2022-46873 (bmo#1644790) Firefox did not implement the CSP directive unsafe-hashes * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46875 (bmo#1786188) Download Protections were bypassed by .atloc and .ftploc files on Mac OS * CVE-2022-46877 (bmo#1795139) Fullscreen notification bypass * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, bmo#1801102, bmo#1801315, bmo#1802395) Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845, bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479) Memory safety bugs fixed in Firefox 108 - requires NSS >= 3.85 rustc/cargo 1.65
Dominique Leuenberger (dimstar_suse)
accepted
request 1039406
from
Wolfgang Rosenauer (wrosenauer)
(revision 383)
Dominique Leuenberger (dimstar_suse)
accepted
request 1036230
from
Wolfgang Rosenauer (wrosenauer)
(revision 382)
- Mozilla Firefox 107.0 MFSA 2022-47 (bsc#1205270) * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45407 (bmo#1793314) Loading fonts on workers was not thread-safe * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45413 (bmo#1791201) SameSite=Strict cookies could have been sent cross-site via intent URLs * CVE-2022-40674 (bmo#1791598) Use-after-free vulnerability in expat * CVE-2022-45415 (bmo#1793551) Downloaded file may have been saved with malicious extension * CVE-2022-45416 (bmo#1793676)
Dominique Leuenberger (dimstar_suse)
accepted
request 1033697
from
Wolfgang Rosenauer (wrosenauer)
(revision 381)
Dominique Leuenberger (dimstar_suse)
accepted
request 1032848
from
Wolfgang Rosenauer (wrosenauer)
(revision 380)
- Mozilla Firefox 106.0.3 * Fixes for other platforms
Dominique Leuenberger (dimstar_suse)
accepted
request 1031637
from
Wolfgang Rosenauer (wrosenauer)
(revision 379)
- Mozilla Firefox 106.0.2 * Fix missing content on some PDF forms (bmo#1794351) * Fix column width for the Notification sub-panel in Settings (bmo#1793558) * Fix a browser freeze with accessibility enabled on some sites such as the Proxmox Web UI (bmo#1793748) * Fix page reloading not working with Firefox View and not refreshing synced data (bmo#1792680, bmo#1794474)
Dominique Leuenberger (dimstar_suse)
accepted
request 1030584
from
Wolfgang Rosenauer (wrosenauer)
(revision 378)
- Mozilla Firefox 106.0.1 * Addresses a crash experienced by users with AMD Zen 1 CPUs (bmo#1796126)
Dominique Leuenberger (dimstar_suse)
accepted
request 1030290
from
Wolfgang Rosenauer (wrosenauer)
(revision 377)
i686 and aarch64 should be fixed. No idea for ppc64le - Mozilla Firefox 106.0 * support editing of PDFs * introduced Firefox View * major WebRTC update - Better screen sharing for Windows and Linux Wayland users - RTP performance and reliability improvements - Richer statistics - Cross-browser and service compatibility improvements * detailed releasenotes https://www.mozilla.org/en-US/firefox/106.0/releasenotes MFSA 2022-44 (bsc#1204421) * CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine * CVE-2022-42929 (bmo#1789439) Denial of Service via window.print * CVE-2022-42930 (bmo#1789503) Race condition in DOM Workers * CVE-2022-42931 (bmo#1780571) Username saved to a plaintext file on disk * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety bugs fixed in Firefox - added -msse2 flag to fix i386 build and workaround bmo#1795993 - fixed used buildflags - renamed mozilla-i686-build.patch to mozilla-buildfixes.patch as it was extended with changes for other archs
Dominique Leuenberger (dimstar_suse)
accepted
request 1009258
from
Wolfgang Rosenauer (wrosenauer)
(revision 376)
- Mozilla Firefox 105.0.3: * Fixes for other platforms - Mozilla Firefox 105.0.2: * Fixed poor contrast on various menu items with certain themes on Linux systems (bmo#1792063) * Fixed the scrollbar appearing on the wrong side of `select` elements in right-to-left locales (bmo#1791219) * Fixed a possible deadlock when loading some sites in Troubleshoot Mode (bmo#1786259) * Fixed a bug causing some dynamic appearance changes to not appear when expected (bmo#1786521) * Fixed a bug causing theme styling to not be properly applied to sidebars for some add-ons in Private Browsing Mode (bmo#1787543) - Mozilla Firefox 105.0.1 * Reverted focus behavior for new windows back to the content area instead of the address bar (bmo#1784692) - added mozilla-i686-build.patch to avoid using avx2 - Mozilla Firefox 105.0 https://www.mozilla.org/en-US/firefox/105.0/releasenotes MFSA 2022-40 (bsc#1203477) * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host
Dominique Leuenberger (dimstar_suse)
accepted
request 1002272
from
Wolfgang Rosenauer (wrosenauer)
(revision 375)
Dominique Leuenberger (dimstar_suse)
accepted
request 1001583
from
Wolfgang Rosenauer (wrosenauer)
(revision 374)
- Mozilla Firefox 104.0.2 (boo#1203177) https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/ * Fixed a bug making it impossible to use touch or a stylus to drag the scrollbar on pages (bmo#1787361) * Fixed an issue causing some users to crash in out-of-memory conditions (bmo#1774155) * Fixed an issue that would sometimes affect video & audio playback when loaded via a cross-origin iframe src attribute (bmo#1781759) * Fixed an issue that would sometimes affect video & audio playback when served with Content-Security-Policy: sandbox (bmo#1781063) - Mozilla Firefox 104.0.1 * Addresses an issue with Youtube video playback that was affecting some users (boo#1203003)
Dominique Leuenberger (dimstar_suse)
accepted
request 999342
from
Wolfgang Rosenauer (wrosenauer)
(revision 373)
- Mozilla Firefox 104.0 * https://www.mozilla.org/en-US/firefox/104.0/releasenotes MFSA 2022-33 (bsc#1202645) * CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error handling * CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have inherited the parent's permissions * CVE-2022-38474 (bmo#1719511) Recording notification not shown when microphone was recording on Android * CVE-2022-38475 (bmo#1773266) Attacker could write a value to a zero-length array * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363) Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 * CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 - requires NSPR 4.34.1 NSS 3.81 rust 1.62
Dominique Leuenberger (dimstar_suse)
accepted
request 994938
from
Wolfgang Rosenauer (wrosenauer)
(revision 372)
- added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
Dominique Leuenberger (dimstar_suse)
accepted
request 994312
from
Wolfgang Rosenauer (wrosenauer)
(revision 371)
- Mozilla Firefox 103.0.2 * Fixed menu shortcuts for users of the JAWS screen reader * Fixed an occasional non-overridable certificate error when accessing device configuration pages - The --disable-elf-hack option only exists on ARM and X86
Dominique Leuenberger (dimstar_suse)
accepted
request 992040
from
Wolfgang Rosenauer (wrosenauer)
(revision 370)
- Mozilla Firefox 103.0.1 * Enabled hardware acceleration on newer AMD cards. * Fixed a crash on Firefox shutdown caused by a bug in the audio manager - Mozilla Firefox 103.0 https://www.mozilla.org/en-US/firefox/103.0/releasenotes MFSA 2022-28 (bsc#1201758) * CVE-2022-36319 (bmo#1737722) Mouse Position spoofing with CSS transforms * CVE-2022-36317 (bmo#1759951) Long URL would hang Firefox for Android * CVE-2022-36318 (bmo#1771774) Directory indexes for bundled resources reflected URL parameters * CVE-2022-36314 (bmo#1773894) Opening local <code>.lnk</code> files could cause unexpected network loads * CVE-2022-36315 (bmo#1762520) Preload Cache Bypasses Subresource Integrity * CVE-2022-36316 (bmo#1768583) Performance API leaked whether a cross-site resource is redirecting * CVE-2022-36320 (bmo#1759794, bmo#1760998) Memory safety bugs fixed in Firefox 103 * CVE-2022-2505 (bmo#1769739, bmo#1772824) Memory safety bugs fixed in Firefox 103 and 102.1 - requires NSS >= 3.80 rust = 1.61
Dominique Leuenberger (dimstar_suse)
accepted
request 988096
from
Wolfgang Rosenauer (wrosenauer)
(revision 369)
- Firefox 102.0.1: * Fixed: Fixed bookmarks sidebar flashing white when opened in dark mode (bmo#1776157) * Fixed: Fixed multilingual spell checking not working with content in both English and a non-Latin alphabet (bmo#1773802) * Fixed: Developer tools: Fixed an issue where the console output keep getting scrolled to the bottom when the last visible message is an evaluation result (bmo#1776262) * Fixed: Fixed *Delete cookies and site data when Firefox is closed* checkbox getting disabled on startup (bmo#1777419) * Fixed: Various stability fixes - Firefox 102.0 * You can now disable automatic opening of the download panel every time a new download starts * Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode * Improved security by moving audio decoding into a separate process with stricter sandboxing, thus improving process isolation * https://www.mozilla.org/en-US/firefox/102.0/releasenotes MFSA 2022-24 (bsc#1200793) * CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way to overlay the address bar with web content * CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory * CVE-2022-34468 (bmo#1768537) CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
Dominique Leuenberger (dimstar_suse)
accepted
request 982081
from
Wolfgang Rosenauer (wrosenauer)
(revision 368)
Dominique Leuenberger (dimstar_suse)
accepted
request 980191
from
Wolfgang Rosenauer (wrosenauer)
(revision 367)
- Mozilla Firefox 101.0 * Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast * All non-configured MIME types can now be assigned a custom action upon download completion * allows users to use as many microphones as you want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility) MFSA 2022-20 (bsc#1200027) * CVE-2022-31736 (bmo#1735923) Cross-Origin resource's length leaked * CVE-2022-31737 (bmo#1743767) Heap buffer overflow in WebGL * CVE-2022-31738 (bmo#1756388) Browser window spoof using fullscreen mode * CVE-2022-31739 (bmo#1765049) Attacker-influenced path traversal when saving downloaded files * CVE-2022-31740 (bmo#1766806) Register allocation problem in WASM on arm64 * CVE-2022-31741 (bmo#1767590) Uninitialized variable leads to invalid memory read * CVE-2022-31742 (bmo#1730434) Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information * CVE-2022-31743 (bmo#1747388) HTML Parsing incorrectly ended HTML comments prematurely * CVE-2022-31744 (bmo#1757604) CSP bypass enabling stylesheet injection
Displaying revisions 41 - 60 of 426