openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaFirefox

Dominique Leuenberger (dimstar_suse) accepted request 923417 from

Wolfgang Rosenauer (wrosenauer) over 2 years ago (revision 346)

- Mozilla Firefox 93.0
  * supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

Dominique Leuenberger (dimstar_suse) accepted request 921893 from

Wolfgang Rosenauer (wrosenauer) over 2 years ago (revision 345)

Dominique Leuenberger (dimstar_suse) accepted request 917452 from

Wolfgang Rosenauer (wrosenauer) over 2 years ago (revision 344)

- Mozilla Firefox 92.0
  * More secure connections: Firefox can now automatically upgrade to
    HTTPS using HTTPS RR as Alt-Svc headers
  * Full-range color levels are now supported for video playback on
    many systems
  MFSA 2021-38 (bsc#1190269)
  * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
    bmo#1712242, bmo#1729259)
    Handling custom intents could lead to crashes and UI spoofs
  * CVE-2021-38491 (bmo#1551886)
    Mixed-Content-Blocking was unable to check opaque origins
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
    Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
    Firefox ESR 91.1
  * CVE-2021-38494 (bmo#1723920, bmo#1725638)
    Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  (does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
  run post-build-checks everywhere again
- requires NSS 3.69.1

- Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly
  repositioned due to rounding errors when font scaling != 1
  (bmo#1708709); patch taken from upstream bug report and rebased
  to apply cleanly against current version.

Dominique Leuenberger (dimstar_suse) accepted request 914799 from

Wolfgang Rosenauer (wrosenauer) over 2 years ago (revision 343)

Richard Brown (RBrownSUSE) accepted request 912837 from

Wolfgang Rosenauer (wrosenauer) over 2 years ago (revision 342)

superseding the 91.0 version as another security and hotfix release

- Mozilla Firefox 91.0.1
  * Fixed an issue causing buttons on the tab bar to be resized when
    loading certain websites (bmo#1704404)
  * Fixed an issue which caused tabs from private windows to be
    visible in non-private windows when viewing switch-to-tab results
    in the address bar panel (bmo#1720369)
  * Various stability fixes
  MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

- Mozilla Firefox 91.0
  MFSA 2021-33 (bsc#1188891)
  * CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29981 (bmo#1707774)
    Live range splitting could have led to conflicting
    assignments in the JIT
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29983 (bmo#1719088)
    Firefox for Android could get stuck in fullscreen mode
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29987 (bmo#1716129)
    Users could have been tricked into accepting unwanted

Dominique Leuenberger (dimstar_suse) accepted request 908075 from

Wolfgang Rosenauer (wrosenauer) almost 3 years ago (revision 341)

Dominique Leuenberger (dimstar_suse) accepted request 907201 from

Wolfgang Rosenauer (wrosenauer) almost 3 years ago (revision 340)

- Mozilla Firefox 90.0.1 (boo#1188480):
  * Fixed: Fixed busy looping processing some HTTP3 responses
    (bmo#1720079)
  * Fixed: Fixed transient errors authenticating with some smart
    cards (bmo#1715325)
  * Fixed: Fixed a rare crash on shutdown (bmo#1707057)
  * Fixed: Fixed a race on startup that caused about:support to
    end up empty after upgrade (bmo#1717894, boo#1188330)

Dominique Leuenberger (dimstar_suse) accepted request 906586 from

Wolfgang Rosenauer (wrosenauer) almost 3 years ago (revision 339)

- Mozilla Firefox 90.0
  MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

Dominique Leuenberger (dimstar_suse) accepted request 901588 from

Wolfgang Rosenauer (wrosenauer) almost 3 years ago (revision 338)

- Mozilla Firefox 89.0.2 (boo#1187648):
  * Fix occasional hangs with Software WebRender on Linux (bmo#1708224)

- Mozilla Firefox 89.0.1 (boo#1187475):
  * Updated translations, including full Spanish (Mexico)
    localization and other improvements (bmo#1714946)
  * Fix various font related regressions (bmo#1694174)
  * Linux: Fix performance and stability regressions with
    WebRender (bmo#1715895, bmo#1715902)
  * Enterprise: Fix for the `DisableDeveloperTools` policy not
    having effect anymore (bmo#1715777)
  * Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
  * Various stability fixes

Dominique Leuenberger (dimstar_suse) accepted request 897726 from

Wolfgang Rosenauer (wrosenauer) almost 3 years ago (revision 337)

- Mozilla Firefox 89.0
  * UI redesign
  * The Event Timing API is now supported
  * The CSS forced-colors media query is now supported
  MFSA 2021-23 (bsc#1186696)
  * CVE-2021-29965 (bmo#1709257)
    Password Manager on Firefox for Android susceptible to domain
    spoofing
  * CVE-2021-29960 (bmo#1675965)
    Filenames printed from private browsing mode incorrectly
    retained in preferences
  * CVE-2021-29961 (bmo#1700235)
    Firefox UI spoof using `<select>` elements and CSS scaling
  * CVE-2021-29963 (bmo#1705068)
    Shared cookies for search suggestions in private browsing mode
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29959 (bmo#1395819)
    Devices could be re-enabled without additional permission prompt
  * CVE-2021-29962 (bmo#1701673)
    No rate-limiting for popups on Firefox for Android
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
  * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
    Memory safety bugs fixed in Firefox 89
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

Dominique Leuenberger (dimstar_suse) accepted request 892688 from

Factory Maintainer (factory-maintainer) almost 3 years ago (revision 336)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 890833 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 335)

Dominique Leuenberger (dimstar_suse) accepted request 889851 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 334)

- add compatibility for libavcodec58_134

Dominique Leuenberger (dimstar_suse) accepted request 886904 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 333)

- Mozilla Firefox 88.0
  * New: PDF forms now support JavaScript embedded in PDF files.
    Some PDF forms use JavaScript for validation and other
    interactive features
  * New: Print updates: Margin units are now localized
  * New: Smooth pinch-zooming using a touchpad is now supported
    on Linux
  * New: To protect against cross-site privacy leaks, Firefox now
    isolates window.name data to the website that created it.
    Learn more
  * Changed: Firefox will not prompt for access to your
    microphone or camera if you’ve already granted access to the
    same device on the same site in the same tab within the past
    50 seconds. This new grace period reduces the number of times
    you’re prompted to grant device access
  * Changed: The ‘Take a Screenshot’ feature was removed from the
    Page Actions menu in the url bar. To take a screenshot,
    right-click to open the context menu. You can also add a
    screenshots shortcut directly to your toolbar via the
    Customize menu. Open the Firefox menu and select Customize…
  * Changed: FTP support has been disabled, and its full removal
    is planned for an upcoming release. Addressing this security
    risk reduces the likelihood of an attack while also removing
    support for a non-encrypted protocol
  * Developer: Introduced a new toggle button in the Network
    panel for switching between JSON formatted HTTP response and
    raw data (as received over the wire).
    !enter image description here
  * Enterprise: Various bug fixes and new policies have been
    implemented in the latest version of Firefox. You can see

Richard Brown (RBrownSUSE) accepted request 881766 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 332)

- Switch to clang_build globally; just on TW/x86_64 it does not work
  due to unreolved externals `__rust_probestack' - disable clang_build
  then.
- useccache: Add conditionals to enable/disable ccache.

- Mozilla Firefox 87.0
  * requires NSS 3.62
  * removed obsolete BigEndian ICU build workaround
  * rebased patches
  MFSA 2021-10 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23983 (bmo#1692684)
    Transitions for invalid ::marker properties resulted in memory
    corruption
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23985 (bmo#1659129)
    Devtools remote debugging feature could have been enabled
    without indication to the user
  * CVE-2021-23986 (bmo#1692623)
    A malicious extension could have performed credential-less
    same origin policy violations
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

Richard Brown (RBrownSUSE) accepted request 878728 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 331)

Richard Brown (RBrownSUSE) accepted request 874847 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 330)

- Mozilla Firefox 86.0
  * requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

Richard Brown (RBrownSUSE) accepted request 873231 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 329)

Dominique Leuenberger (dimstar_suse) accepted request 870519 from

Wolfgang Rosenauer (wrosenauer) about 3 years ago (revision 328)

Dominique Leuenberger (dimstar_suse) accepted request 867008 from

Wolfgang Rosenauer (wrosenauer) over 3 years ago (revision 327)

- Mozilla Firefox 85.0
  * Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

Displaying revisions 81 - 100 of 426

Places

Revisions of MozillaFirefox

Places