Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 907201
from
Wolfgang Rosenauer (wrosenauer)
(revision 340)
- Mozilla Firefox 90.0.1 (boo#1188480):
* Fixed: Fixed busy looping processing some HTTP3 responses
(bmo#1720079)
* Fixed: Fixed transient errors authenticating with some smart
cards (bmo#1715325)
* Fixed: Fixed a rare crash on shutdown (bmo#1707057)
* Fixed: Fixed a race on startup that caused about:support to
end up empty after upgrade (bmo#1717894, boo#1188330)
Dominique Leuenberger (dimstar_suse)
accepted
request 906586
from
Wolfgang Rosenauer (wrosenauer)
(revision 339)
- Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
* CVE-2021-29970 (bmo#1709976)
Use-after-free in accessibility features of a document
* CVE-2021-29971 (bmo#1713638)
Granted permissions only compared host; omitting scheme and
port on Android
* CVE-2021-30547 (bmo#1715766)
Out of bounds write in ANGLE
* CVE-2021-29972 (bmo#1696816)
Use of out-of-date library included use-after-free
vulnerability
* CVE-2021-29973 (bmo#1701932)
Password autofill on HTTP websites was enabled without user
interaction on Android
* CVE-2021-29974 (bmo#1704843)
HSTS errors could be overridden when network partitioning was
enabled
* CVE-2021-29975 (bmo#1713259)
Text message could be overlaid on top of another website
* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
bmo#1711576, bmo#1714391)
Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
* CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
bmo#1714066)
Memory safety bugs fixed in Firefox 90
- requires
NSPR 4.31
NSS 3.66
Dominique Leuenberger (dimstar_suse)
accepted
request 901588
from
Wolfgang Rosenauer (wrosenauer)
(revision 338)
- Mozilla Firefox 89.0.2 (boo#1187648):
* Fix occasional hangs with Software WebRender on Linux (bmo#1708224)
- Mozilla Firefox 89.0.1 (boo#1187475):
* Updated translations, including full Spanish (Mexico)
localization and other improvements (bmo#1714946)
* Fix various font related regressions (bmo#1694174)
* Linux: Fix performance and stability regressions with
WebRender (bmo#1715895, bmo#1715902)
* Enterprise: Fix for the `DisableDeveloperTools` policy not
having effect anymore (bmo#1715777)
* Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
* Various stability fixes
Dominique Leuenberger (dimstar_suse)
accepted
request 897726
from
Wolfgang Rosenauer (wrosenauer)
(revision 337)
- Mozilla Firefox 89.0
* UI redesign
* The Event Timing API is now supported
* The CSS forced-colors media query is now supported
MFSA 2021-23 (bsc#1186696)
* CVE-2021-29965 (bmo#1709257)
Password Manager on Firefox for Android susceptible to domain
spoofing
* CVE-2021-29960 (bmo#1675965)
Filenames printed from private browsing mode incorrectly
retained in preferences
* CVE-2021-29961 (bmo#1700235)
Firefox UI spoof using `<select>` elements and CSS scaling
* CVE-2021-29963 (bmo#1705068)
Shared cookies for search suggestions in private browsing mode
* CVE-2021-29964 (bmo#1706501)
Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29959 (bmo#1395819)
Devices could be re-enabled without additional permission prompt
* CVE-2021-29962 (bmo#1701673)
No rate-limiting for popups on Firefox for Android
* CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
bmo#1704722, bmo#1706041)
Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
* CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
Memory safety bugs fixed in Firefox 89
- require
NSS >= 3.64
rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore
Dominique Leuenberger (dimstar_suse)
accepted
request 892688
from
Factory Maintainer (factory-maintainer)
(revision 336)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 890833
from
Wolfgang Rosenauer (wrosenauer)
(revision 335)
Dominique Leuenberger (dimstar_suse)
accepted
request 889851
from
Wolfgang Rosenauer (wrosenauer)
(revision 334)
- add compatibility for libavcodec58_134
Dominique Leuenberger (dimstar_suse)
accepted
request 886904
from
Wolfgang Rosenauer (wrosenauer)
(revision 333)
- Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features
* New: Print updates: Margin units are now localized
* New: Smooth pinch-zooming using a touchpad is now supported
on Linux
* New: To protect against cross-site privacy leaks, Firefox now
isolates window.name data to the website that created it.
Learn more
* Changed: Firefox will not prompt for access to your
microphone or camera if you’ve already granted access to the
same device on the same site in the same tab within the past
50 seconds. This new grace period reduces the number of times
you’re prompted to grant device access
* Changed: The ‘Take a Screenshot’ feature was removed from the
Page Actions menu in the url bar. To take a screenshot,
right-click to open the context menu. You can also add a
screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize…
* Changed: FTP support has been disabled, and its full removal
is planned for an upcoming release. Addressing this security
risk reduces the likelihood of an attack while also removing
support for a non-encrypted protocol
* Developer: Introduced a new toggle button in the Network
panel for switching between JSON formatted HTTP response and
raw data (as received over the wire).
!enter image description here
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. You can see
Richard Brown (RBrownSUSE)
accepted
request 881766
from
Wolfgang Rosenauer (wrosenauer)
(revision 332)
- Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
then.
- useccache: Add conditionals to enable/disable ccache.
- Mozilla Firefox 87.0
* requires NSS 3.62
* removed obsolete BigEndian ICU build workaround
* rebased patches
MFSA 2021-10 (bsc#1183942)
* CVE-2021-23981 (bmo#1692832)
Texture upload into an unbound backing buffer resulted in an
out-of-bound read
* CVE-2021-23982 (bmo#1677046)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2021-23983 (bmo#1692684)
Transitions for invalid ::marker properties resulted in memory
corruption
* CVE-2021-23984 (bmo#1693664)
Malicious extensions could have spoofed popup information
* CVE-2021-23985 (bmo#1659129)
Devtools remote debugging feature could have been enabled
without indication to the user
* CVE-2021-23986 (bmo#1692623)
A malicious extension could have performed credential-less
same origin policy violations
* CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
bmo#1690718)
Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
Richard Brown (RBrownSUSE)
accepted
request 878728
from
Wolfgang Rosenauer (wrosenauer)
(revision 331)
Richard Brown (RBrownSUSE)
accepted
request 874847
from
Wolfgang Rosenauer (wrosenauer)
(revision 330)
- Mozilla Firefox 86.0
* requires NSS >= 3.61
* requires rust-cbindgen >= 0.16.0
* Firefox now supports simultaneously watching multiple videos in
Picture-in-Picture.
* Total Cookie Protection to Strict Mode
* https://www.mozilla.org/en-US/firefox/86.0/releasenotes
MSFA 2021-07 (bsc#1182614)
* CVE-2021-23969 (bmo#1542194)
Content Security Policy violation report could have contained
the destination of a redirect
* CVE-2021-23970 (bmo#1681724)
Multithreaded WASM triggered assertions validating separation
of script domains
* CVE-2021-23968 (bmo#1687342)
Content Security Policy violation report could have contained
the destination of a redirect
* CVE-2021-23974 (bmo#1528997, bmo#1683627)
noscript elements could have led to an HTML Sanitizer bypass
* CVE-2021-23971 (bmo#1678545)
A website's Referrer-Policy could have been be overridden,
potentially resulting in the full URL being sent as a Referrer
* CVE-2021-23976 (bmo#1684627)
Local spoofing of web manifests for arbitrary pages in
Firefox for Android
* CVE-2021-23977 (bmo#1684761)
Malicious application could read sensitive data from Firefox
for Android's application directories
* CVE-2021-23972 (bmo#1683536)
HTTP Auth phishing warning was omitted when a redirect is
Richard Brown (RBrownSUSE)
accepted
request 873231
from
Wolfgang Rosenauer (wrosenauer)
(revision 329)
Dominique Leuenberger (dimstar_suse)
accepted
request 870519
from
Wolfgang Rosenauer (wrosenauer)
(revision 328)
Dominique Leuenberger (dimstar_suse)
accepted
request 867008
from
Wolfgang Rosenauer (wrosenauer)
(revision 327)
- Mozilla Firefox 85.0
* Adobe Flash is completely history
* supercookie protection
* new bookmark handling and features
MFSA 2021-03 (bsc#1181414)
* CVE-2021-23953 (bmo#1683940)
Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954 (bmo#1684020)
Type confusion when using logical assignment operators in
JavaScript switch statements
* CVE-2021-23955 (bmo#1684837)
Clickjacking across tabs through misusing requestPointerLock
* CVE-2021-23956 (bmo#1338637)
File picker dialog could have been used to disclose a
complete directory
* CVE-2021-23957 (bmo#1584582)
Iframe sandbox could have been bypassed on Android via the
intent URL scheme
* CVE-2021-23958 (bmo#1642747)
Screen sharing permission leaked across tabs
* CVE-2021-23959 (bmo#1659035)
Cross-Site Scripting in error pages on Firefox for Android
* CVE-2021-23960 (bmo#1675755)
Use-after-poison for incorrectly redeclared JavaScript
variables during GC
* CVE-2021-23961 (bmo#1677940)
More internal network hosts could have been probed by a
malicious webpage
* CVE-2021-23962 (bmo#1677194)
Use-after-poison in
Dominique Leuenberger (dimstar_suse)
accepted
request 862423
from
Wolfgang Rosenauer (wrosenauer)
(revision 326)
Dominique Leuenberger (dimstar_suse)
accepted
request 861466
from
Wolfgang Rosenauer (wrosenauer)
(revision 325)
Dominique Leuenberger (dimstar_suse)
accepted
request 859835
from
Wolfgang Rosenauer (wrosenauer)
(revision 324)
- Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
with certain third-party PKCS11 modules and smartcards installed
(bmo#1682881) (fixed in NSS 3.59.1)
* Fixed a bug causing some Unity JS games to not load on Apple
Silicon devices due to improper detection of the OS version
(bmo#1680516)
- requires NSS 3.59.1
Dominique Leuenberger (dimstar_suse)
accepted
request 856849
from
Wolfgang Rosenauer (wrosenauer)
(revision 323)
- Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
* WebRender is enabled by default when run on GNOME-based X11
Linux desktops
MFSA 2020-54 (bsc#1180039))
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26972 (bmo#1671382)
Use-After-Free in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26975 (bmo#1661071)
Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
* CVE-2020-26976 (bmo#1674343)
HTTPS pages could have been intercepted by a registered
service worker when they should not have been
* CVE-2020-26977 (bmo#1676311)
URL spoofing via unresponsive port in Firefox for Android
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-26979 (bmo#1641287, bmo#1673299)
When entering an address in the address or search bars, a
Dominique Leuenberger (dimstar_suse)
accepted
request 849574
from
Wolfgang Rosenauer (wrosenauer)
(revision 322)
- Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
* optional HTTPS-Only mode
* more improvements
https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
MFSA 2020-50 (bsc#1178824))
* CVE-2020-26951 (bmo#1667113)
Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
* CVE-2020-26952 (bmo#1667685)
Out of memory handling of JITed, inlined functions could lead
to a memory corruption
* CVE-2020-16012 (bmo#1642028)
Variable time processing of cross-origin images during
drawImage calls
* CVE-2020-26953 (bmo#1656741)
Fullscreen could be enabled without displaying the security UI
* CVE-2020-26954 (bmo#1657026)
Local spoofing of web manifests for arbitrary pages in
Firefox for Android
* CVE-2020-26955 (bmo#1663261)
Cookies set during file downloads are shared between normal
and Private Browsing Mode in Firefox for Android
* CVE-2020-26956 (bmo#1666300)
XSS through paste (manual and clipboard API)
* CVE-2020-26957 (bmo#1667179)
OneCRL was not working in Firefox for Android
* CVE-2020-26958 (bmo#1669355)
Requests intercepted through ServiceWorkers lacked MIME type
restrictions
Dominique Leuenberger (dimstar_suse)
accepted
request 847338
from
Wolfgang Rosenauer (wrosenauer)
(revision 321)
- Mozilla Firefox 82.0.3
MSFA 2020-49
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted for
- Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions
Displaying revisions 101 - 120 of 440
