Revisions of MozillaFirefox
Sergey Kondakov (X0F)
committed
(revision 792)
- require xdg-desktop-portal (boo#1233166)
- Mozilla Firefox 132.0.1
* Fixed issues causing intermittent video playback problems on
some sites. (bmo#1928484, bmo#1928798)
- remove KDE integration patches
- mozilla-kde.patch
- firefox-kde.patch
on KDE use these settings instead
widget.use-xdg-desktop-portal.file-picker=1
widget.use-xdg-desktop-portal.mime-handler=1
(those are set by the latest branding package as well)
- Mozilla Firefox 132.0
https://www.mozilla.org/en-US/firefox/132.0/releasenotes
MFSA 2024-55 (bsc#1231879)
* CVE-2024-10458 (bmo#1921733)
Permission leak via embed or object elements
* CVE-2024-10459 (bmo#1919087)
Use-after-free in layout with accessibility
* CVE-2024-10460 (bmo#1912537)
Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 (bmo#1914521)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
* CVE-2024-10462 (bmo#1920423)
Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 (bmo#1920800)
Cross origin video frame leak
* CVE-2024-10468 (bmo#1914982)
Sergey Kondakov (X0F)
committed
(revision 791)
- Mozilla Firefox 131.0.3
* some users could not access the Bill Pay portion of their
bank's site (bmo#1923500)
* some VR180 and 360 videos were not properly rendering on YouTube
(bmo#1922278)
* Fixed a crash that Windows users with Avast or AVG security
software were experiencing when visiting certain sites. (bmo#1919678)
* "List all tabs" button was not able to be moved from the toolbar
(bmo#1918681)
NFSA 2024-53
* CVE-2024-9936 (bmo#1920381)
Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch
- Mozilla Firefox 131.0.2
MFSA 2024-51 (bsc#1231413)
* CVE-2024-9680 (bmo#1923344)
Use-after-free in Animation timeline
- Firefox 131.0
https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
MFSA 2024-46 (bsc#1230979)
* CVE-2024-9391 (bmo#1892407)
Prevent users from exiting full-screen mode in Firefox Focus
for Android
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Sergey Kondakov (X0F)
committed
(revision 790)
Sergey Kondakov (X0F)
committed
(revision 789)
Sergey Kondakov (X0F)
committed
(revision 788)
Sergey Kondakov (X0F)
committed
(revision 787)
- Mozilla Firefox 129.0
https://www.mozilla.org/en-US/firefox/129.0/releasenotes
MFSA 2024-33 (bsc#1228648))
* CVE-2024-7518 (bmo#1875354)
Fullscreen notification dialog can be obscured by document content
* CVE-2024-7519 (bmo#1902307)
Out of bounds memory access in graphics shared memory handling
* CVE-2024-7520 (bmo#1903041)
Type confusion in WebAssembly
* CVE-2024-7521 (bmo#1904644)
Incomplete WebAssembly exception handing
* CVE-2024-7522 (bmo#1906727)
Out of bounds read in editor component
* CVE-2024-7523 (bmo#1908344)
Document content could partially obscure security prompts
* CVE-2024-7524 (bmo#1909241)
CSP strict-dynamic bypass using web-compatibility shims
* CVE-2024-7525 (bmo#1909298)
Missing permission check when creating a StreamFilter
* CVE-2024-7526 (bmo#1910306)
Uninitialized memory used by WebGL
* CVE-2024-7527 (bmo#1871303)
Use-after-free in JavaScript garbage collection
* CVE-2024-7528 (bmo#1895951)
Use-after-free in IndexedDB
* CVE-2024-7529 (bmo#1903187)
Document content could partially obscure security prompts
* CVE-2024-7530 (bmo#1904011)
Use-after-free in JavaScript code coverage collection
* CVE-2024-7531 (bmo#1905691)
Sergey Kondakov (X0F)
committed
(revision 786)
------------------------------------------------------------------
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
Sergey Kondakov (X0F)
committed
(revision 785)
- Add firefox-3781e3117706.patch to fix boo#1227856 aka bmo#1905018
where an incompatible pointer assignment is not accepted in C by
GCC 14.
- Mozilla Firefox 128.0
https://www.mozilla.org/en-US/firefox/128.0/releasenotes
MFSA 2024-29 (bsc#1226316)
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
Sergey Kondakov (X0F)
committed
(revision 784)
Sergey Kondakov (X0F)
committed
(revision 783)
Sergey Kondakov (X0F)
committed
(revision 782)
Sergey Kondakov (X0F)
committed
(revision 781)
Sergey Kondakov (X0F)
committed
(revision 780)
Sergey Kondakov (X0F)
committed
(revision 779)
Sergey Kondakov (X0F)
committed
(revision 778)
Sergey Kondakov (X0F)
committed
(revision 777)
- Mozilla Firefox 125.0.2
* The 125.0 and 125.0.1 releases were skipped due to problems
with a feature that proactively blocked downloads from
potentially untrustworthy URLs.
* New: Firefox now supports the AV1 codec for Encrypted Media
Extensions (EME), enabling higher-quality playback from video
streaming providers
* New: The Firefox PDF viewer now supports text highlighting.
* New: Firefox View now displays pinned tabs in the Open tabs
section. Tab indicators have also been added to Open tabs, so
users can do things like see which tabs are playing media and
quickly mute or unmute across windows. Indicators were also
added for bookmarks, tabs with notifications, and more!
their addresses upon submitting an address form, allowing
Firefox to autofill stored address information in the future.
* New: The URL Paste Suggestion feature provides a convenient
way for users to quickly visit URLs copied to the clipboard
in the address bar of Firefox. When the clipboard contains a
URL and the URL bar is focused, an autocomplete result
appears automatically. Activating the clipboard suggestion
will navigate the user to the URL with 1 click.
* New: Users of tab-specific Container add-ons can now search
in the Address Bar for tabs that are open in different
containers. Special thanks to volunteer contributor atararx
for kicking off the work on this feature!
* New: Firefox now provides an option to enable Web Proxy Auto-
Discovery (WPAD) while configured to use system proxy
settings.
* Changed: In a group of radio buttons where no option is
selected, the tab key now only reaches the first option
Sergey Kondakov (X0F)
committed
(revision 776)
- Mozilla Firefox 124.0.1
https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
MFSA 2024-15 (bsc#1221850)
* CVE-2024-29943 (bmo#1886849)
Out-of-bounds access via Range Analysis bypass
* CVE-2024-29944 (bmo#1886852)
Privileged JavaScript Execution via Event Handlers
Mozilla Firefox 124.0
https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
MFSA 2024-12 (bsc#1221327)
* CVE-2024-2605 (bmo#1872920)
Windows Error Reporter could be used as a Sandbox escape vector
* CVE-2024-2606 (bmo#1879237)
Mishandling of WASM register values
* CVE-2024-2607 (bmo#1879939)
JIT code failed to save return registers on Armv7-A
* CVE-2024-2608 (bmo#1880692)
Integer overflow could have led to out of bounds write
* CVE-2023-5388 (bmo#1780432)
NSS susceptible to timing attack against RSA decryption
* CVE-2024-2609 (bmo#1866100)
Permission prompt input delay could expire when not in focus
* CVE-2024-2610 (bmo#1871112)
Improper handling of html and body tags enabled CSP nonce leakage
* CVE-2024-2611 (bmo#1876675)
Clickjacking vulnerability could have led to a user accidentally
granting permissions
* CVE-2024-2612 (bmo#1879444)
Self referencing object could have potentially led to a use-
after-free
Sergey Kondakov (X0F)
committed
(revision 775)
Sergey Kondakov (X0F)
committed
(revision 774)
Sergey Kondakov (X0F)
committed
(revision 773)
- Mozilla Firefox 123.0.1
* Fixed the *Firefox Translation* language indicator in the
address bar displaying a colored square icon instead of the
language code icon. (bmo#1879415)
* Fixed a regression with the `onChange` event not firing when
clearing the value of a `textarea` HTML field.
(bmo#1881457)
* Fixed a regression in the JavaScript JIT engine incorrectly
inlining strings in some cases. (bmo#1882386)
* Fixed: Fixed low contrast of text when selecting rows in the
Developer tools' Storage panel. (bmo#1877090)
Displaying revisions 1 - 20 of 792
