Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 1170867
from
Wolfgang Rosenauer (wrosenauer)
(revision 426)
Ana Guerrero (anag+factory)
accepted
request 1169983
from
Wolfgang Rosenauer (wrosenauer)
(revision 425)
- Mozilla Firefox 125.0.2 * The 125.0 and 125.0.1 releases were skipped due to problems with a feature that proactively blocked downloads from potentially untrustworthy URLs * New: Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers * New: The Firefox PDF viewer now supports text highlighting. * New: Firefox View now displays pinned tabs in the Open tabs section. Tab indicators have also been added to Open tabs, so users can do things like see which tabs are playing media and quickly mute or unmute across windows. Indicators were also added for bookmarks, tabs with notifications, and more! their addresses upon submitting an address form, allowing Firefox to autofill stored address information in the future. * New: The URL Paste Suggestion feature provides a convenient way for users to quickly visit URLs copied to the clipboard in the address bar of Firefox. When the clipboard contains a URL and the URL bar is focused, an autocomplete result appears automatically. Activating the clipboard suggestion will navigate the user to the URL with 1 click. * New: Users of tab-specific Container add-ons can now search in the Address Bar for tabs that are open in different containers. Special thanks to volunteer contributor atararx for kicking off the work on this feature! * New: Firefox now provides an option to enable Web Proxy Auto- Discovery (WPAD) while configured to use system proxy settings. * Changed: In a group of radio buttons where no option is selected, the tab key now only reaches the first option
Ana Guerrero (anag+factory)
accepted
request 1164364
from
Wolfgang Rosenauer (wrosenauer)
(revision 424)
- Mozilla Firefox 124.0.2 https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/ * Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (bmo#1884308) * Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (bmo#1883932) * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) * Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (bmo#1884347)
Ana Guerrero (anag+factory)
accepted
request 1160726
from
Wolfgang Rosenauer (wrosenauer)
(revision 423)
- Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free
Dominique Leuenberger (dimstar_suse)
accepted
request 1156327
from
Wolfgang Rosenauer (wrosenauer)
(revision 422)
Ana Guerrero (anag+factory)
accepted
request 1150527
from
Wolfgang Rosenauer (wrosenauer)
(revision 421)
- Mozilla Firefox 123.0 https://www.mozilla.org/en-US/firefox/123.0/releasenotes/ MFSA 2024-05 (bsc#1220048) * CVE-2024-1546 (bmo#1843752) Out-of-bounds memory read in networking channels * CVE-2024-1547 (bmo#1877879) Alert dialog could have been spoofed on another site * CVE-2024-1554 (bmo#1816390) fetch could be used to effect cache poisoning * CVE-2024-1548 (bmo#1832627) Fullscreen Notification could have been hidden by select element * CVE-2024-1549 (bmo#1833814) Custom cursor could obscure the permission dialog * CVE-2024-1550 (bmo#1860065) Mouse cursor re-positioned unexpectedly could have led to unintended permission grants * CVE-2024-1551 (bmo#1864385) Multipart HTTP Responses would accept the Set-Cookie header in response parts * CVE-2024-1555 (bmo#1873223) SameSite cookies were not properly respected when opening a website from an external browser * CVE-2024-1556 (bmo#1870414) Invalid memory access in the built-in profiler * CVE-2024-1552 (bmo#1874502) Incorrect code generation on 32-bit ARM devices * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296, bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080, bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211, bmo#1878286)
Ana Guerrero (anag+factory)
accepted
request 1146565
from
Wolfgang Rosenauer (wrosenauer)
(revision 420)
Ana Guerrero (anag+factory)
accepted
request 1143092
from
Wolfgang Rosenauer (wrosenauer)
(revision 419)
Ana Guerrero (anag+factory)
accepted
request 1142680
from
Wolfgang Rosenauer (wrosenauer)
(revision 418)
Ana Guerrero (anag+factory)
accepted
request 1141490
from
Wolfgang Rosenauer (wrosenauer)
(revision 417)
- Mozilla Firefox 122.0 https://www.mozilla.org/en-US/firefox/122.0/releasenotes/ MFSA 2024-01 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605)
Ana Guerrero (anag+factory)
accepted
request 1138351
from
Wolfgang Rosenauer (wrosenauer)
(revision 416)
Ana Guerrero (anag+factory)
accepted
request 1134603
from
Wolfgang Rosenauer (wrosenauer)
(revision 415)
- Mozilla Firefox 121.0 https://www.mozilla.org/en-US/firefox/121.0/releasenotes MFSA 2023-56 (bsc#1217974) * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6135 (bmo#1853908) NSS susceptible to "Minerva" attack * CVE-2023-6865 (bmo#1864123) Potential exposure of uninitialized data in EncryptingOutputStream * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6866 (bmo#1849037) TypedArrays lack sufficient exception handling * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6867 (bmo#1863863) Clickjacking permission prompts using the popup transition * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6868 (bmo#1865488) WebPush requests on Firefox for Android did not require VAPID key * CVE-2023-6869 (bmo#1799036) Content can paint outside of sandboxed iframe
Dominique Leuenberger (dimstar_suse)
accepted
request 1132165
from
Wolfgang Rosenauer (wrosenauer)
(revision 414)
Ana Guerrero (anag+factory)
accepted
request 1129161
from
Wolfgang Rosenauer (wrosenauer)
(revision 413)
- Mozilla Firefox 120.0 https://www.mozilla.org/en-US/firefox/120.0/releasenotes MFSA 2023-49 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6210 (bmo#1801501) Mixed-content resources not blocked in a javascript: pop-up * CVE-2023-6211 (bmo#1850200) Clickjacking to load insecure pages in HTTPS-only mode * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911) Memory safety bugs fixed in Firefox 120 - rebased patches
Ana Guerrero (anag+factory)
accepted
request 1124746
from
Wolfgang Rosenauer (wrosenauer)
(revision 412)
Ana Guerrero (anag+factory)
accepted
request 1121261
from
Wolfgang Rosenauer (wrosenauer)
(revision 411)
Ana Guerrero (anag+factory)
accepted
request 1114282
from
Wolfgang Rosenauer (wrosenauer)
(revision 410)
- Mozilla Firefox 118.0.1 MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550), Heap buffer overflow in libvpx - Mozilla Firefox 118.0 MFSA 2023-41 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5170 (bmo#1846686) Memory leak from a privileged process * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5172 (bmo#1852218) Memory Corruption in Ion Hints * CVE-2023-5173 (bmo#1823172) Out-of-bounds write in HTTP Alternate Services * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5175 (bmo#1849704) Use-after-free of ImageBitmap during process shutdown * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 - requires NSS 3.93 - add mozilla-bmo1822730.patch - deactivated KDE integration temporarily
Ana Guerrero (anag+factory)
accepted
request 1110687
from
Wolfgang Rosenauer (wrosenauer)
(revision 409)
Ana Guerrero (anag+factory)
accepted
request 1107944
from
Wolfgang Rosenauer (wrosenauer)
(revision 408)
- Mozilla Firefox 117.0 https://www.mozilla.org/en-US/firefox/117.0/releasenotes MFSA 2023-34 (bsc#1214606) * CVE-2023-4573 (bmo#1846687) Memory corruption in IPC CanvasTranslator * CVE-2023-4574 (bmo#1846688) Memory corruption in IPC ColorPickerShownCallback * CVE-2023-4575 (bmo#1846689) Memory corruption in IPC FilePickerShownCallback * CVE-2023-4576 (bmo#1846694) Integer Overflow in RecordedSourceSurfaceCreation * CVE-2023-4577 (bmo#1847397) Memory corruption in JIT UpdateRegExpStatics * CVE-2023-4578 (bmo#1839007) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception * CVE-2023-4579 (bmo#1842766) Persisted search terms were formatted as URLs * CVE-2023-4580 (bmo#1843046) Push notifications saved to disk unencrypted * CVE-2023-4581 (bmo#1843758) XLL file extensions were downloadable without warnings * CVE-2023-4582 (bmo#1773874) Buffer Overflow in WebGL glGetProgramiv * CVE-2023-4583 (bmo#1842030) Browsing Context potentially not cleared when closing Private Window * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Ana Guerrero (anag+factory)
accepted
request 1104464
from
Wolfgang Rosenauer (wrosenauer)
(revision 407)
Displaying revisions 1 - 20 of 426