- Firefox Extended Support Release 128.5.1 ESR
  * Fixed: Fixed an issue that prevented some websites from
    loading when using SSL Inspection. (bmo#1933747)

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.5.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
  https://www.mozilla.org/security/advisories/mfsa2024-64
  MFSA 2024-64 (boo#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Memory corruption in Apple GPU drivers
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on
    Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace
    Characters
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation
    Dialog
  * CVE-2024-11698 (bmo#1916152)
    Fullscreen Lock-Up When Modal Dialog Interrupts Transition on
    macOS
  * CVE-2024-11699 (bmo#1880582, bmo#1929911)
    Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5,
    and Thunderbird 128.5

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.5.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
  https://www.mozilla.org/security/advisories/mfsa2024-64
  MFSA 2024-64 (boo#1233695)

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.5.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.5.0
  https://www.mozilla.org/security/advisories/mfsa2024-64
  MFSA 2024-64 (boo#1233695)

• Files Changed
• Browse Source

Fucking OBS resolver logic - had to move firefox115esr out of my mozilla:esr to ensure firefox128esr uses rust-cbindgen-0.26 :-(

• Files Changed
• Browse Source

Properly define rust-cbindgen version.

• Files Changed
• Browse Source

- Add "mozilla-fix-cmath-issues.patch" to fix math issues on TW/i586

• Files Changed
• Browse Source

- Remove old, unneeded patches:
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1822730.patch
  * mozilla-bmo531915.patch
  * mozilla-fix-aarch64-libopus.patch
  * mozilla-partial-revert-1768632.patch

• Files Changed
• Browse Source

- require xdg-desktop-portal (boo#1233166)
- remove KDE integration patches
  - mozilla-kde.patch
  - firefox-kde.patch
  on KDE use these settings instead
  widget.use-xdg-desktop-portal.file-picker=1
  widget.use-xdg-desktop-portal.mime-handler=1
  (those are set by the latest branding package as well)

• Files Changed
• Browse Source

- Sync firefox-esr.spec with MozillaFirefox.spec from project "mozilla"
- Don't use clang-devel >= 19 on Tumbleweed! For this to work, one has
  to use the llvm18 packages from
    home:manfred-h:devel:languages:rust

• Files Changed
• Browse Source

- Ensure this package is always called "firefox-esr" on Tumbleweed
  and Slowroll. Use the ff_esr_name macro to override the default
  name "MozillaFirefox" on SLE and Leap.
  This allows parallel installation of firefox-esr and the
  default version of MozillaFirefox.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.4.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.4.0
  https://www.mozilla.org/security/advisories/mfsa2024-56
  MFSA 2024-56 (boo#???????)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler
    prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394,
    bmo#1904059, bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4
- Remove obsolete patch mozilla-rust-disable-future-incompat.patch

• Files Changed
• Browse Source

Update VUL-0 bugzilla ID.

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.3.1 ESR
  * Fixed: Security fix.
- Mozilla Firefox ESR 128.3.1
  https://www.mozilla.org/security/advisories/mfsa2024-51
  MFSA 2024-51 (boo#???????)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.3.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.3.0
  https://www.mozilla.org/security/advisories/mfsa2024-47
  MFSA 2024-47 (boo#???????)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart
    responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart
    responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain
    objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation
  * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317,
    bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
    Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
  * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317,
    bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963,
    bmo#1915008, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
    Thunderbird 131, and Thunderbird 128.3

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.3.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.3.0
  https://www.mozilla.org/security/advisories/mfsa2024-??
  MFSA 2024-?? (boo#???????)

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.2.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.2.0
  https://www.mozilla.org/security/advisories/mfsa2024-40
  MFSA 2024-40 (boo#???????)
  * CVE-2024-8385 (bmo#1911909)
    WASM type confusion involving ArrayTypes
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a
    "with" block
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8383 (bmo#1908496)
    Firefox did not ask before openings news: links in an
    external application
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions
  * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529)
    SelectElements could be shown over another site if popups are
    allowed
  * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009)
    Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
    and Thunderbird 128.2
- Remove mozilla-bmo1898476.patch and mozilla-bmo1907511.patch,
  implemented upstream.

• Files Changed
• Browse Source

- Firefox Extended Support Release 128.1.0 ESR
  * Fixed: Various security fixes and other quality improvements.
- Mozilla Firefox ESR 128.1.0
  https://www.mozilla.org/security/advisories/mfsa2024-35
  MFSA 2024-35 (boo#???????)
  * CVE-2024-7518 (bmo#1875354)
    Fullscreen notification dialog can be obscured by document
    content
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory
    handling
  * CVE-2024-7520 (bmo#1903041)
    Type confusion in WebAssembly
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7524 (bmo#1909241)
    CSP strict-dynamic bypass using web-compatibility shims
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7528 (bmo#1895951)
    Use-after-free in IndexedDB
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts
  * CVE-2024-7531 (bmo#1905691)
    PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
    Sandy Bridge machines

• Files Changed
• Browse Source

- add wayland upstream fixes (bmo#1907511, bmo#1898476)
  (mozilla-bmo1898476.patch and mozilla-bmo1907511.patch)

• Files Changed
• Browse Source