<revisionlist>
<revision rev="1" vrev="41">
<srcmd5>2232a66f032294441727d84ad61ec263</srcmd5>
<version>2.0</version>
<time>1168255398</time>
<user>unknown</user>
</revision>
<revision rev="2" vrev="42">
<srcmd5>e967717d0f219d0d078f3507094d6bce</srcmd5>
<version>2.0</version>
<time>1168447986</time>
<user>unknown</user>
</revision>
<revision rev="3" vrev="43">
<srcmd5>21c89396458f5ac45e6079f8fee546b1</srcmd5>
<version>2.0</version>
<time>1169165661</time>
<user>unknown</user>
</revision>
<revision rev="4" vrev="44">
<srcmd5>3fd58250c029a499b549a39b2f78e49d</srcmd5>
<version>2.0</version>
<time>1169769476</time>
<user>unknown</user>
</revision>
<revision rev="5" vrev="1">
<srcmd5>7d9d8e3f4336682f1d10c73527f6f8a0</srcmd5>
<version>2.0.0.2</version>
<time>1172442776</time>
<user>unknown</user>
</revision>
<revision rev="6" vrev="4">
<srcmd5>c4c1f8095cb9faf55ac4b2c9ba475326</srcmd5>
<version>2.0.0.2</version>
<time>1173743930</time>
<user>unknown</user>
</revision>
<revision rev="7" vrev="11">
<srcmd5>d48f55360d061f4b27d2ad5cb8ac9c2e</srcmd5>
<version>2.0.0.2</version>
<time>1176914143</time>
<user>unknown</user>
</revision>
<revision rev="8" vrev="16">
<srcmd5>d6b0eb985b12d2fdaac6ae49e8ef1016</srcmd5>
<version>2.0.0.2</version>
<time>1177944701</time>
<user>unknown</user>
</revision>
<revision rev="9" vrev="1">
<srcmd5>962309ad94c8884971e9586f5bbad9fa</srcmd5>
<version>2.0.0.4</version>
<time>1181030484</time>
<user>unknown</user>
</revision>
<revision rev="10" vrev="2">
<srcmd5>0fdaa1ee72c8ae021c4f723c59628221</srcmd5>
<version>2.0.0.4</version>
<time>1181053901</time>
<user>unknown</user>
</revision>
<revision rev="11" vrev="9">
<srcmd5>e91e1d2a472169d8736a3063235e8a23</srcmd5>
<version>2.0.0.4</version>
<time>1182205182</time>
<user>unknown</user>
</revision>
<revision rev="12" vrev="10">
<srcmd5>0dca1b99925a55f88a8a096d2b03fbb8</srcmd5>
<version>2.0.0.4</version>
<time>1182458640</time>
<user>unknown</user>
</revision>
<revision rev="13" vrev="1">
<srcmd5>23bd48eb98571aaa4a8836c276da6075</srcmd5>
<version>2.0.0.5</version>
<time>1185254033</time>
<user>unknown</user>
</revision>
<revision rev="14" vrev="13">
<srcmd5>600cac77105daf6a947e79fdb21bdff3</srcmd5>
<version>2.0.0.5</version>
<time>1187266772</time>
<user>unknown</user>
</revision>
<revision rev="15" vrev="14">
<srcmd5>fb18698f0e5e8ac416c1299ffcf051eb</srcmd5>
<version>2.0.0.5</version>
<time>1187267178</time>
<user>unknown</user>
</revision>
<revision rev="16" vrev="15">
<srcmd5>75b95057b4d1b607986501b13ab25601</srcmd5>
<version>2.0.0.5</version>
<time>1187281191</time>
<user>unknown</user>
</revision>
<revision rev="17" vrev="1">
<srcmd5>eecc6fb0172cb6ef301342b5571ee963</srcmd5>
<version>2.0.0.6</version>
<time>1188227501</time>
<user>unknown</user>
</revision>
<revision rev="18" vrev="3">
<srcmd5>25bb03740805bcb34ef1b58de17fdf3c</srcmd5>
<version>2.0.0.6</version>
<time>1188321352</time>
<user>unknown</user>
</revision>
<revision rev="19" vrev="6">
<srcmd5>5ca016836344e368b95e18cd956136c1</srcmd5>
<version>2.0.0.6</version>
<time>1188578567</time>
<user>unknown</user>
</revision>
<revision rev="20" vrev="8">
<srcmd5>5437b999d9b34fc10761a1e0ce9159bb</srcmd5>
<version>2.0.0.6</version>
<time>1188851628</time>
<user>unknown</user>
</revision>
<revision rev="21" vrev="12">
<srcmd5>50248aaadf174dc053cc0d53edccef65</srcmd5>
<version>2.0.0.6</version>
<time>1189420947</time>
<user>unknown</user>
</revision>
<revision rev="22" vrev="15">
<srcmd5>e18603fd9551ba2ac72dcc1e84aaf5a8</srcmd5>
<version>2.0.0.6</version>
<time>1189608901</time>
<user>unknown</user>
</revision>
<revision rev="23" vrev="18">
<srcmd5>01d42857e3d87ccaa7c6241d9c33d4f0</srcmd5>
<version>2.0.0.6</version>
<time>1189850761</time>
<user>unknown</user>
</revision>
<revision rev="24" vrev="24">
<srcmd5>3b5997c8cadf2d77e63e28747e580e39</srcmd5>
<version>2.0.0.6</version>
<time>1190653231</time>
<user>unknown</user>
</revision>
<revision rev="25" vrev="1">
<srcmd5>527904cd1478529daefd369aec54b960</srcmd5>
<version>2.0.0.8</version>
<time>1192782680</time>
<user>unknown</user>
</revision>
<revision rev="26" vrev="16">
<srcmd5>e4d4a1d28fd0b2e393261c2ebbb70fe0</srcmd5>
<version>2.0.0.8</version>
<time>1194985399</time>
<user>unknown</user>
</revision>
<revision rev="27" vrev="22">
<srcmd5>28e302c920a4352477d1d35954f9fa67</srcmd5>
<version>2.0.0.8</version>
<time>1196108908</time>
<user>unknown</user>
</revision>
<revision rev="28" vrev="1">
<srcmd5>8d98b300c3fc5f49435c6057cf765731</srcmd5>
<version>2.0.0.10</version>
<time>1196357124</time>
<user>unknown</user>
</revision>
<revision rev="29" vrev="16">
<srcmd5>ed1a35a21851f9320a80d223c96f82b2</srcmd5>
<version>2.0.0.10</version>
<time>1200610286</time>
<user>unknown</user>
</revision>
<revision rev="30" vrev="1">
<srcmd5>3ee3c4b68041d953a98e76a74ebd3669</srcmd5>
<version>2.0.0.12</version>
<time>1203036338</time>
<user>unknown</user>
</revision>
<revision rev="31" vrev="2">
<srcmd5>af1793b7bdd6a1b29db64ade5074381d</srcmd5>
<version>2.9.94</version>
<time>1206543714</time>
<user>unknown</user>
</revision>
<revision rev="32" vrev="1">
<srcmd5>278dd071126d4f601a5787281045b050</srcmd5>
<version>2.9.95</version>
<time>1207184166</time>
<user>unknown</user>
</revision>
<revision rev="33" vrev="13">
<srcmd5>757f9670ab1ece8844b2eef9349eb1d6</srcmd5>
<version>2.9.95</version>
<time>1209941881</time>
<user>unknown</user>
</revision>
<revision rev="34" vrev="19">
<srcmd5>dc12529ddb4ed4539c71487152bc4f3c</srcmd5>
<version>2.9.95</version>
<time>1210855628</time>
<user>unknown</user>
</revision>
<revision rev="35" vrev="1">
<srcmd5>5771ab0ca1bf4bec0367061bf5991c89</srcmd5>
<version>3.0</version>
<time>1214257185</time>
<user>unknown</user>
</revision>
<revision rev="36" vrev="1">
<srcmd5>f42f24c777ffd004878e06ed1cd603e7</srcmd5>
<version>3.0.1</version>
<time>1217803111</time>
<user>unknown</user>
</revision>
<revision rev="37" vrev="14">
<srcmd5>c03e5ff0ebb77348750d30b9bf816e95</srcmd5>
<version>3.0.1</version>
<time>1219359219</time>
<user>unknown</user>
</revision>
<revision rev="38" vrev="1">
<srcmd5>bb5ff1cf136842320e2c303c1f4b54cd</srcmd5>
<version>3.0.2</version>
<time>1222440780</time>
<user>unknown</user>
</revision>
<revision rev="39" vrev="1">
<srcmd5>27990ddc4e4e0e43b0a5c21b19be886d</srcmd5>
<version>3.0.3</version>
<time>1222733380</time>
<user>unknown</user>
</revision>
<revision rev="40" vrev="2">
<srcmd5>d4700dd315e67693242e839952b190cf</srcmd5>
<version>3.0.3</version>
<time>1223307264</time>
<user>unknown</user>
</revision>
<revision rev="41" vrev="3">
<srcmd5>f1b6d8fc3c2bb90d9c72d33e36283aea</srcmd5>
<version>3.0.3</version>
<time>1224794122</time>
<user>unknown</user>
</revision>
<revision rev="42" vrev="4">
<srcmd5>37d71b664ba03a8acc094916ee7ddf50</srcmd5>
<version>3.0.3</version>
<time>1225711680</time>
<user>unknown</user>
</revision>
<revision rev="43" vrev="5">
<srcmd5>d06418d12941679eea54ea3448a395ab</srcmd5>
<version>3.0.3</version>
<time>1226273640</time>
<user>unknown</user>
</revision>
<revision rev="44" vrev="1">
<srcmd5>ace89d84968066ec1a2ae38173aa60b7</srcmd5>
<version>3.0.4</version>
<time>1226939295</time>
<user>unknown</user>
</revision>
<revision rev="45" vrev="2">
<srcmd5>b96ad099dbe8b37ce3541d6dfb330e2d</srcmd5>
<version>3.0.4</version>
<time>1227278160</time>
<user>unknown</user>
</revision>
<revision rev="46" vrev="3">
<srcmd5>2d2f58804ae3c7d2816643e7470acd92</srcmd5>
<version>3.0.4</version>
<time>1227279977</time>
<user>unknown</user>
</revision>
<revision rev="47" vrev="4">
<srcmd5>497c93291804454f0935f2cf63244511</srcmd5>
<version>3.0.4</version>
<time>1227626498</time>
<user>unknown</user>
</revision>
<revision rev="48" vrev="1">
<srcmd5>82563b492c0e573e4aefed780e5cab29</srcmd5>
<version>3.0.5</version>
<time>1229609741</time>
<user>unknown</user>
</revision>
<revision rev="49" vrev="2">
<srcmd5>e0fa42ec45eec8d6c37ae053c8ffe877</srcmd5>
<version>3.0.5</version>
<time>1232674051</time>
<user>unknown</user>
</revision>
<revision rev="50" vrev="2">
<srcmd5>0ea4628d49f2454554e0006951e427f9</srcmd5>
<version>3.0.6</version>
<time>1234172371</time>
<user>unknown</user>
</revision>
<revision rev="51" vrev="1">
<srcmd5>58dd53ca0644dc3429292cf2459c49df</srcmd5>
<version>3.0.7</version>
<time>1236554789</time>
<user>unknown</user>
</revision>
<revision rev="52" vrev="1">
<srcmd5>f4dcc9700a1a93d253d7b8acdfdf7a25</srcmd5>
<version>3.0.8</version>
<time>1238689836</time>
<user>unknown</user>
</revision>
<revision rev="53" vrev="1">
<srcmd5>0663b1e03913c56dfae102573166b8ea</srcmd5>
<version>3.0.10</version>
<time>1240966036</time>
<user>unknown</user>
</revision>
<revision rev="54" vrev="1">
<srcmd5>80cc5e5ca8a37ab08b0adcd05b8fb90d</srcmd5>
<version>3.5b4</version>
<time>1241454521</time>
<user>unknown</user>
</revision>
<revision rev="55" vrev="2">
<srcmd5>8c525f7a4df75dcd79b4b4fc15496e25</srcmd5>
<version>3.5b4</version>
<time>1242999315</time>
<user>unknown</user>
</revision>
<revision rev="56" vrev="1">
<srcmd5>71447b76f3533a06b972a2c7c76a53b5</srcmd5>
<version>3.5b99</version>
<time>1244562284</time>
<user>unknown</user>
</revision>
<revision rev="57" vrev="2">
<srcmd5>03c62407cc0c24695252b3e543b9ad0d</srcmd5>
<version>3.5b99</version>
<time>1245365741</time>
<user>unknown</user>
</revision>
<revision rev="58" vrev="1">
<srcmd5>2879754e4eaff442a9c534e398364479</srcmd5>
<version>3.5.0</version>
<time>1245459744</time>
<user>unknown</user>
</revision>
<revision rev="59" vrev="2">
<srcmd5>8674817afdf9afe416487bf3e8ff2e8a</srcmd5>
<version>3.5.0</version>
<time>1245831646</time>
<user>unknown</user>
</revision>
<revision rev="60" vrev="3">
<srcmd5>455b30f46da2114d3f14f0eb04519d5d</srcmd5>
<version>3.5.0</version>
<time>1246707011</time>
<user>unknown</user>
</revision>
<revision rev="61" vrev="4">
<srcmd5>ab1b7d8ebfa4d54e21c39055e979f4e0</srcmd5>
<version>3.5.0</version>
<time>1247087056</time>
<user>unknown</user>
</revision>
<revision rev="62" vrev="1">
<srcmd5>ac5d50f2b2ec2a0c6692aeac709859ef</srcmd5>
<version>3.5.1</version>
<time>1248170862</time>
<user>unknown</user>
</revision>
<revision rev="63" vrev="2">
<srcmd5>d6b82c3ea46030cf81c115199c65df40</srcmd5>
<version>3.5.1</version>
<time>1248871911</time>
<user>unknown</user>
</revision>
<revision rev="64" vrev="1">
<srcmd5>64ad0ec5b069a4a93deea3cc690986fd</srcmd5>
<version>3.5.2</version>
<time>1249576676</time>
<user>unknown</user>
</revision>
<revision rev="65" vrev="2">
<srcmd5>f27f4cb1785e00d9f2b2e6b493d6ad13</srcmd5>
<version>3.5.2</version>
<time>1249940091</time>
<user>unknown</user>
</revision>
<revision rev="66" vrev="3">
<srcmd5>aceaa56f65f0a0069944a7e1f7763c12</srcmd5>
<version>3.5.2</version>
<time>1250869121</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 18344 from user wrosenauer
</comment>
</revision>
<revision rev="67" vrev="1">
<srcmd5>e9cad66bdb53b04356747f12c6416548</srcmd5>
<version>3.5.3</version>
<time>1253140805</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 20525 from user wrosenauer
</comment>
</revision>
<revision rev="68" vrev="2">
<srcmd5>8c270db1128ae6beb8eb211aad995787</srcmd5>
<version>3.5.3</version>
<time>1254788249</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 21627 from user wrosenauer
</comment>
</revision>
<revision rev="69" vrev="3">
<srcmd5>03acd9e12c670cca740e9314f55fbdd9</srcmd5>
<version>3.5.3</version>
<time>1255343024</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 22141 from user wrosenauer
</comment>
</revision>
<revision rev="70" vrev="5">
<srcmd5>03acd9e12c670cca740e9314f55fbdd9</srcmd5>
<version>3.5.3</version>
<time>1255343024</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 22141 from user wrosenauer
</comment>
</revision>
<revision rev="71" vrev="1">
<srcmd5>d5f87e3a1a857ea6f884cca095452e7f</srcmd5>
<version>3.5.4</version>
<time>1256301673</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 22615 from user wrosenauer
</comment>
</revision>
<revision rev="72" vrev="1">
<srcmd5>2316aaac3dabd6fc6121cfd8235a8abd</srcmd5>
<version>3.5.5</version>
<time>1257846577</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 24081 from user wrosenauer
</comment>
</revision>
<revision rev="73" vrev="2">
<srcmd5>da241c166b7cd043bd43d34f09c878ec</srcmd5>
<version>3.5.5</version>
<time>1259157574</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 24938 from user wrosenauer
</comment>
</revision>
<revision rev="74" vrev="1">
<srcmd5>4cb186653166f278d0f257d0215a221e</srcmd5>
<version>3.5.6</version>
<time>1260961943</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 26722 from user wrosenauer
</comment>
</revision>
<revision rev="75" vrev="2">
<srcmd5>ffe1d51cb1bd4faf26f9a1c4af2e8b23</srcmd5>
<version>3.5.6</version>
<time>1261400656</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 27196 from user wrosenauer
</comment>
</revision>
<revision rev="76" vrev="1">
<srcmd5>cace7374f5171a5b07815fc0aa398003</srcmd5>
<version>3.5.7</version>
<time>1262865288</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 28033 from user wrosenauer
</comment>
</revision>
<revision rev="77" vrev="1">
<srcmd5>0abc44de3be5ed8e108d32a7a16a8bdd</srcmd5>
<version>3.6rc1</version>
<time>1262910763</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 28267 from user wrosenauer
</comment>
</revision>
<revision rev="78" vrev="1">
<srcmd5>2af80c1fa55970906918c6e985f9d1e5</srcmd5>
<version>3.6.0</version>
<time>1264072205</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 29988 from user wrosenauer
</comment>
</revision>
<revision rev="79" vrev="2">
<srcmd5>854bc84be24b3d2c82b637db72c5f786</srcmd5>
<version>3.6.0</version>
<time>1268922743</time>
<user>autobuild</user>
</revision>
<revision rev="80" vrev="1">
<srcmd5>4c7ced52ed308b5def09894916e8b15b</srcmd5>
<version>3.6.2</version>
<time>1269565790</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 35585 from user wrosenauer
</comment>
<requestid>35585</requestid>
</revision>
<revision rev="81" vrev="1">
<srcmd5>d392072e919b3e7ddac742ae025102ad</srcmd5>
<version>3.6.3</version>
<time>1270374784</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 36868 from user wrosenauer
</comment>
<requestid>36868</requestid>
</revision>
<revision rev="82" vrev="1">
<srcmd5>6ed582d093b6ade2c4ff569027f828f5</srcmd5>
<version>3.6.4</version>
<time>1272317427</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 38784 from user wrosenauer
</comment>
<requestid>38784</requestid>
</revision>
<revision rev="83" vrev="2">
<srcmd5>82a8660802117e889b8660a4ffd1b141</srcmd5>
<version>3.6.4</version>
<time>1276099198</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 41202 from user wrosenauer
</comment>
<requestid>41202</requestid>
</revision>
<revision rev="84" vrev="3">
<srcmd5>e5b867265b65b058df6e7e1f6e69315e</srcmd5>
<version>3.6.4</version>
<time>1277718201</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 41982 from user wrosenauer
</comment>
<requestid>41982</requestid>
</revision>
<revision rev="85" vrev="1">
<srcmd5>9b988c81bf976a7c946f25e2db59d50e</srcmd5>
<version>3.6.6</version>
<time>1277887394</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 42294 from user wrosenauer
</comment>
<requestid>42294</requestid>
</revision>
<revision rev="86" vrev="2">
<srcmd5>9b988c81bf976a7c946f25e2db59d50e</srcmd5>
<version>3.6.6</version>
<time>1278667369</time>
<user>autobuild</user>
<comment>release number sync</comment>
</revision>
<revision rev="87" vrev="3">
<srcmd5>9b988c81bf976a7c946f25e2db59d50e</srcmd5>
<version>3.6.6</version>
<time>1278678598</time>
<user>autobuild</user>
<comment>release number sync</comment>
</revision>
<revision rev="88" vrev="1">
<srcmd5>a6697759fef53b02f3d0df0341b48371</srcmd5>
<version>3.6.8</version>
<time>1280675854</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 44271 from user wrosenauer
</comment>
<requestid>44271</requestid>
</revision>
<revision rev="89" vrev="2">
<srcmd5>4e82ed3d99436afa21a695c99d25963f</srcmd5>
<version>unknown</version>
<time>1284125284</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 47528 from user wrosenauer
</comment>
<requestid>47528</requestid>
</revision>
<revision rev="90" vrev="3">
<srcmd5>274e15536294cbae38283be0d9ac81de</srcmd5>
<version>3.6.10</version>
<time>1284764199</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaFirefox based on submit request 48363 from user wrosenauer
</comment>
<requestid>48363</requestid>
</revision>
<revision rev="91" vrev="1">
<srcmd5>b55834c477236de302b67ac44974ea42</srcmd5>
<version>3.6.11</version>
<time>1287676467</time>
<user>oertel</user>
<comment>Accepted submit request 51185 from user wrosenauer
</comment>
<requestid>51185</requestid>
</revision>
<revision rev="92" vrev="1">
<srcmd5>dfb277f3dc32f9c1fc1faf74bdb9b47b</srcmd5>
<version>3.6.12</version>
<time>1288701178</time>
<user>oertel</user>
<comment>Accepted submit request 51634 from user wrosenauer
</comment>
<requestid>51634</requestid>
</revision>
<revision rev="93" vrev="1">
<srcmd5>765553c55d0632c8f97922d3c6110cc2</srcmd5>
<version>4.0b</version>
<time>1291221244</time>
<user>darix</user>
<comment>Accepted submit request 54204 from user wrosenauer
</comment>
<requestid>54204</requestid>
</revision>
<revision rev="94" vrev="2">
<srcmd5>7bd037bce8f4c635e9aaa20cfb438ac4</srcmd5>
<version>4.0b</version>
<time>1291221250</time>
<user>darix</user>
<comment>Autobuild autoformatter for 54204
</comment>
</revision>
<revision rev="95" vrev="3">
<srcmd5>9390ff8a66d797ca6e23e0dbbfb311e0</srcmd5>
<version>4.0b</version>
<time>1293576738</time>
<user>oertel</user>
<comment>Accepted submit request 56563 from user wrosenauer
</comment>
<requestid>56563</requestid>
</revision>
<revision rev="96" vrev="4">
<srcmd5>9597e594c71c0622556ea3ecfc3bba4d</srcmd5>
<version>4.0b</version>
<time>1293576750</time>
<user>oertel</user>
<comment>Autobuild autoformatter for 56563
</comment>
</revision>
<revision rev="97" vrev="5">
<srcmd5>45e5ccce6668133ba5d983cfc1f6fb5b</srcmd5>
<version>4.0b</version>
<time>1294399613</time>
<user>azouhr</user>
<comment>Accepted submit request 57036 from user wrosenauer
</comment>
<requestid>57036</requestid>
</revision>
<revision rev="98" vrev="6">
<srcmd5>62faa12c4531f34f4eb8153e1322c192</srcmd5>
<version>4.0b</version>
<time>1294399624</time>
<user>azouhr</user>
<comment>Autobuild autoformatter for 57036
</comment>
</revision>
<revision rev="99" vrev="1">
<srcmd5>93b074e055e122afab81a6203254e00e</srcmd5>
<version>4.0b9</version>
<time>1294968416</time>
<user>darix</user>
<comment>Accepted submit request 58061 from user wrosenauer
</comment>
<requestid>58061</requestid>
</revision>
<revision rev="100" vrev="2">
<srcmd5>007f3af86b918fae61ec937546aefab9</srcmd5>
<version>4.0b9</version>
<time>1294968428</time>
<user>darix</user>
<comment>Autobuild autoformatter for 58061
</comment>
</revision>
<revision rev="101" vrev="1">
<srcmd5>c2d4dd21470c47687fe8fc030f4e8010</srcmd5>
<version>4.0b10</version>
<time>1295942423</time>
<user>lrupp</user>
<comment>Accepted submit request 59072 from user wrosenauer
</comment>
<requestid>59072</requestid>
</revision>
<revision rev="102" vrev="2">
<srcmd5>5c1307dd4503d2deceb54067c2f5ef5b</srcmd5>
<version>4.0b10</version>
<time>1295942434</time>
<user>lrupp</user>
<comment>Autobuild autoformatter for 59072
</comment>
</revision>
<revision rev="103" vrev="3">
<srcmd5>21c31e116d845ed09627018e6a0978c1</srcmd5>
<version>4.0b10</version>
<time>1296607725</time>
<user>oertel</user>
<comment>Accepted submit request 59447 from user wrosenauer
</comment>
<requestid>59447</requestid>
</revision>
<revision rev="104" vrev="4">
<srcmd5>612fd25c8f1a080bac2d774fa4e4e7cf</srcmd5>
<version>4.0b10</version>
<time>1296607737</time>
<user>oertel</user>
<comment>Autobuild autoformatter for 59447
</comment>
</revision>
<revision rev="105" vrev="1">
<srcmd5>8b9204c537471657b754d82f22ff58dd</srcmd5>
<version>4.0b11</version>
<time>1297384831</time>
<user>oertel</user>
<comment>Accepted submit request 60369 from user wrosenauer
</comment>
<requestid>60369</requestid>
</revision>
<revision rev="106" vrev="2">
<srcmd5>d451efdb92a9a4c9463b3daa7a017407</srcmd5>
<version>4.0b11</version>
<time>1297384839</time>
<user>oertel</user>
<comment>Autobuild autoformatter for 60369
</comment>
</revision>
<revision rev="107" vrev="5">
<srcmd5>d451efdb92a9a4c9463b3daa7a017407</srcmd5>
<version>4.0b11</version>
<time>1297941524</time>
<user>autobuild</user>
<comment>11.4 source split</comment>
</revision>
<revision rev="108" vrev="1">
<srcmd5>800c258b7d54ee6d329af10030f7f1fd</srcmd5>
<version>4.0b12</version>
<time>1298641471</time>
<user>saschpe</user>
<comment>Accepted submit request 62802 from user wrosenauer
</comment>
<requestid>62802</requestid>
</revision>
<revision rev="109" vrev="2">
<srcmd5>d482f917248648335022ba2c0f1bbf88</srcmd5>
<version>4.0b12</version>
<time>1298641481</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 62802
</comment>
</revision>
<revision rev="110" vrev="1">
<srcmd5>022d3693dd9098e67264b82ed461ee72</srcmd5>
<version>4.0.0</version>
<time>1300960053</time>
<user>saschpe</user>
<comment>Accepted submit request 64915 from user coolo
</comment>
<requestid>64915</requestid>
</revision>
<revision rev="111" vrev="2">
<srcmd5>c2b166597d10883cc5756974b03d3a84</srcmd5>
<version>4.0.0</version>
<time>1300960069</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 64915
</comment>
</revision>
<revision rev="112" vrev="3">
<srcmd5>2e736af20cfb743b54dc7a45aac2c412</srcmd5>
<version>4.0.0</version>
<time>1301563800</time>
<user>saschpe</user>
<comment>Accepted submit request 65604 from user coolo
</comment>
<requestid>65604</requestid>
</revision>
<revision rev="113" vrev="4">
<srcmd5>f2831fdee694ee956921e5035da63b59</srcmd5>
<version>4.0.0</version>
<time>1301563809</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 65604
</comment>
</revision>
<revision rev="114" vrev="1">
<srcmd5>b4df68fc0db6bca1670d9a64e709b2bb</srcmd5>
<version>4.0.1</version>
<time>1304336003</time>
<user>saschpe</user>
<comment></comment>
<requestid>68987</requestid>
</revision>
<revision rev="115" vrev="2">
<srcmd5>6e89f3180abdbebc6e533f8646814eec</srcmd5>
<version>4.0.1</version>
<time>1304336023</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 68987
</comment>
</revision>
<revision rev="116" vrev="1">
<srcmd5>8c3d154b31da850859a62f581d95bad2</srcmd5>
<version>4.99</version>
<time>1307370874</time>
<user>saschpe</user>
<comment></comment>
<requestid>72376</requestid>
</revision>
<revision rev="117" vrev="2">
<srcmd5>42ae289399fbc11b3e6a3ff767dd451e</srcmd5>
<version>4.99</version>
<time>1307370894</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 72376
</comment>
</revision>
<revision rev="118" vrev="3">
<srcmd5>8cb2057f55c33df925f494b812255f70</srcmd5>
<version>4.99</version>
<time>1308212247</time>
<user>saschpe</user>
<comment></comment>
<requestid>73787</requestid>
</revision>
<revision rev="119" vrev="4">
<srcmd5>95cc76b42a63416b96f40224280b65fa</srcmd5>
<version>4.99</version>
<time>1308212267</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 73787
</comment>
</revision>
<revision rev="120" vrev="5">
<srcmd5>1e496da024ec2d01c59bc645e34bbe0b</srcmd5>
<version>4.99</version>
<time>1308573398</time>
<user>saschpe</user>
<comment>fix build</comment>
<requestid>74180</requestid>
</revision>
<revision rev="121" vrev="6">
<srcmd5>3cd918e0864868458cfa21b0990dd183</srcmd5>
<version>4.99</version>
<time>1308573415</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 74180
</comment>
</revision>
<revision rev="122" vrev="1">
<srcmd5>6a2ce41721982e74b8eb9bd2898670be</srcmd5>
<version>5.0</version>
<time>1309765371</time>
<user>saschpe</user>
<comment></comment>
<requestid>75065</requestid>
</revision>
<revision rev="123" vrev="2">
<srcmd5>64298e3e638552903c1792b7d94e319a</srcmd5>
<version>5.0</version>
<time>1309765389</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 75065
</comment>
</revision>
<revision rev="124" vrev="1">
<srcmd5>ff47d3a5c3e053f679505c6b133b6fb0</srcmd5>
<version>5.99</version>
<time>1311758759</time>
<user>saschpe</user>
<comment></comment>
<requestid>77148</requestid>
</revision>
<revision rev="125" vrev="2">
<srcmd5>e4a86a3ecae38ad893ed48b018245719</srcmd5>
<version>5.99</version>
<time>1311758774</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 77148
</comment>
</revision>
<revision rev="126" vrev="1">
<srcmd5>d47fab711c8440a600d8460f4f9d77b0</srcmd5>
<version>6.0</version>
<time>1313410448</time>
<user>saschpe</user>
<comment></comment>
<requestid>78861</requestid>
</revision>
<revision rev="127" vrev="2">
<srcmd5>6f58ef6ec63d94c171f84f5e4093993d</srcmd5>
<version>6.0</version>
<time>1313410468</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 78861
</comment>
</revision>
<revision rev="128" vrev="1">
<srcmd5>ecd1990dbfbed4938094f1775d90893f</srcmd5>
<version>6.0.2</version>
<time>1315559038</time>
<user>saschpe</user>
<comment>security update to Firefox 6.0.2 - bnc#714931</comment>
<requestid>81394</requestid>
</revision>
<revision rev="129" vrev="2">
<srcmd5>c370d4168504d584df7f9f569d6cae03</srcmd5>
<version>6.0.2</version>
<time>1315760514</time>
<user>saschpe</user>
<comment>- recreated source archive to get correct source-stamp.txt</comment>
<requestid>81758</requestid>
</revision>
<revision rev="130" vrev="3">
<srcmd5>7fd633627bc1c0461e9bb6998419cc62</srcmd5>
<version>6.0.2</version>
<time>1315760527</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 81758
</comment>
</revision>
<revision rev="131" vrev="4">
<srcmd5>096017154887e5e699988577ea8501ab</srcmd5>
<version>6.0.2</version>
<time>1316080516</time>
<user>saschpe</user>
<comment></comment>
<requestid>82116</requestid>
</revision>
<revision rev="132" vrev="5">
<srcmd5>cc81a00558d518f1609e6cc8d608fb38</srcmd5>
<version>6.0.2</version>
<time>1316080526</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 82116
</comment>
</revision>
<revision rev="133" vrev="1">
<srcmd5>5154d53c13c602812b037213c40e09fc</srcmd5>
<version>7.0</version>
<time>1317211283</time>
<user>saschpe</user>
<comment>- update to Firefox 7 (bnc#720264)
including
* Improve Responsiveness with Memory Reductions
* Instant Sync
* WebSocket protocol 8
- removed obsolete mozilla-cairo-lcd.patch
- rebased patches
- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
mozilla.sh.in (bnc#680758)
- fixed loading of kde.js under KDE (bnc#718311)</comment>
<requestid>85281</requestid>
</revision>
<revision rev="134" vrev="1">
<srcmd5>e2d7548d9cee71e17119e8d6187260ea</srcmd5>
<version>7.0.1</version>
<time>1317541508</time>
<user>lrupp</user>
<comment></comment>
<requestid>85866</requestid>
</revision>
<revision rev="135" vrev="3">
<srcmd5>e2d7548d9cee71e17119e8d6187260ea</srcmd5>
<version>7.0.1</version>
<time>1319181752</time>
<user>adrianSuSE</user>
</revision>
<revision rev="136" vrev="1">
<srcmd5>26717906d2f76854217cf521ab241aa0</srcmd5>
<version>8.0</version>
<time>1320936866</time>
<user>coolo</user>
<comment>- update to Firefox 8 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
Code execution via NoWaiverWrapper
- rebased patches
- enable telemetry prompt
- set intl.locale.matchOS=true in the base package as it causes
too much confusion when it's only available with branding-openSUSE</comment>
<requestid>90807</requestid>
</revision>
<revision rev="137" vrev="2">
<srcmd5>43155ef6c8a80f1a5264900cdca54fa1</srcmd5>
<version>8.0</version>
<time>1321273041</time>
<user>coolo</user>
<comment></comment>
<requestid>91117</requestid>
</revision>
<revision rev="138" vrev="3">
<srcmd5>3e8b72ef8c38534f70e79dc33ec4ae40</srcmd5>
<version>8.0</version>
<time>1323192584</time>
<user>coolo</user>
<comment>replace license with spdx.org variant</comment>
</revision>
<revision rev="139" vrev="1">
<srcmd5>a35b3d28df7c6a8c35ba2b0aa4beef26</srcmd5>
<version>9.0</version>
<time>1324458088</time>
<user>coolo</user>
<comment>- fix arm build, don't package crashreporter there
- update to Firefox 9 (bnc#737533)
* MFSA 2011-53/CVE-2011-3660
Miscellaneous memory safety hazards (rv:9.0)
* MFSA 2011-54/CVE-2011-3661 (bmo#691299)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access
* MFSA 2011-56/CVE-2011-3663 (bmo#704482)
Key detection without JavaScript via SVG animation
* MFSA 2011-58/VE-2011-3665 (bmo#701259)
Crash scaling <video> to extreme sizes
- Fix accessibility under GNOME 3 (bnc#732898)</comment>
<requestid>97351</requestid>
</revision>
<revision rev="140" vrev="1">
<srcmd5>ef3a0e8643049e31c38fe66b2c61ab6d</srcmd5>
<version>9.0.1</version>
<time>1324831012</time>
<user>coolo</user>
<comment>- update to Firefox 9.0.1
* (strongparent) parentNode of element gets lost (bmo#335998)</comment>
<requestid>98123</requestid>
</revision>
<revision rev="141" vrev="1">
<srcmd5>892e16a33c7e9b913ced8293ec4c84aa</srcmd5>
<version>10.0</version>
<time>1328201886</time>
<user>coolo</user>
<comment>- update to Firefox 10.0 (bnc#744275)
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)
<iframe> element exposed across domains via name attribute
* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes
* MFSA 2012-05/CVE-2012-0446 (bmo#705651)
Frame scripts calling into untrusted objects bypass security
checks
* MFSA 2012-06/CVE-2012-0447 (bmo#710079)
Uninitialized memory appended when encoding icon images may
cause information disclosure
* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets
- KDE integration has been disabled since it needs refactoring
- removed obsolete ppc64 patch
- Disable neon for arm as it doesn't build correctly</comment>
<requestid>102411</requestid>
</revision>
<revision rev="142" vrev="2">
<srcmd5>76b6a6aa0bfd081cfa149482358a571a</srcmd5>
<version>10.0</version>
<time>1328717943</time>
<user>coolo</user>
<comment>- Use YARR interpreter instead of PCRE on platforms where YARR JIT
is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)</comment>
<requestid>103184</requestid>
</revision>
<revision rev="143" vrev="1">
<srcmd5>2d7f35e3e7118eb7d0daf38b1f01f7fd</srcmd5>
<version>10.0.1</version>
<time>1329242617</time>
<user>coolo</user>
<comment>- update to Firefox 10.0.1 (bnc#746616)
* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
use after free in nsXBLDocumentInfo::ReadPrototypeBindings</comment>
<requestid>104183</requestid>
</revision>
<revision rev="144" vrev="1">
<srcmd5>37c7bfe06b07b71018cc289c82ce048c</srcmd5>
<version>10.0.2</version>
<time>1329477453</time>
<user>coolo</user>
<comment>- update to Firefox 10.0.2 (bnc#747328)
* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow</comment>
<requestid>105422</requestid>
</revision>
<revision rev="145" vrev="1">
<srcmd5>4f9733096d819d00315b8b8c76ad4861</srcmd5>
<version>10.99</version>
<time>1331627815</time>
<user>coolo</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>108974</requestid>
</revision>
<revision rev="146" vrev="1">
<srcmd5>45b899faebc40abab7166bbde5283029</srcmd5>
<version>11.0</version>
<time>1331900294</time>
<user>coolo</user>
<comment>- update to Firefox 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
XSS with multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
Crash when accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards
- ported and reenabled KDE integration (bnc#746591)
- explicitely build-require X libs
- add Provides: browser(npapi) FATE#313084</comment>
<requestid>109208</requestid>
</revision>
<revision rev="147" vrev="1">
<srcmd5>79f79db5413e5fb4c622ed9213ac6731</srcmd5>
<version>12.0</version>
<time>1335190300</time>
<user>coolo</user>
<comment>- update to Firefox 12.0 (bnc#758408)
* rebased patches
- added mozilla-libnotify.patch to allow fallback from libnotify
to xul based events if no notification-daemon is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory
- recommend libcanberra0 for proper sound notifications</comment>
<requestid>114913</requestid>
</revision>
<revision rev="148" vrev="2">
<srcmd5>d2f52b1d9fd79c30a46d50d063afec1b</srcmd5>
<version>12.0</version>
<time>1336452404</time>
<user>coolo</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>116230</requestid>
</revision>
<revision rev="149" vrev="3">
<srcmd5>c2fcda28a7d4825f34ea20f1dadcca54</srcmd5>
<version>12.0</version>
<time>1337195305</time>
<user>coolo</user>
<comment></comment>
<requestid>121179</requestid>
</revision>
<revision rev="150" vrev="4">
<srcmd5>6948322c58c83f32cacd2402e69068ca</srcmd5>
<version>12.0</version>
<time>1338017231</time>
<user>coolo</user>
<comment>fix ARM build (reportedly)</comment>
<requestid>122243</requestid>
</revision>
<revision rev="151" vrev="1">
<srcmd5>d24cf04bf5ffcd27da8598393e8c4aa9</srcmd5>
<version>13.0</version>
<time>1338991712</time>
<user>coolo</user>
<comment>- update to Firefox 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix sound notifications when filename/path contains a whitespace
(bmo#749739)</comment>
<requestid>123736</requestid>
</revision>
<revision rev="152" vrev="1">
<srcmd5>4b21fc352448a736f939a9f8e51a0b99</srcmd5>
<version>13.0.1</version>
<time>1340033505</time>
<user>coolo</user>
<comment>- update to Firefox 13.0.1
* bugfix release
- obsolete libproxy's mozjs pacrunner (bnc#759123)</comment>
<requestid>125186</requestid>
</revision>
<revision rev="153" vrev="3">
<srcmd5>4b21fc352448a736f939a9f8e51a0b99</srcmd5>
<version>13.0.1</version>
<time>1340183152</time>
<user>adrianSuSE</user>
<comment>branched from openSUSE:Factory</comment>
</revision>
<revision rev="154" vrev="1">
<srcmd5>a71069c7c6752eb947e75df11fb57ebb</srcmd5>
<version>14.0.1</version>
<time>1342772286</time>
<user>coolo</user>
<comment>- update to 14.0.1 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
Miscellaneous memory safety hazards
* MFSA 2012-43/CVE-2012-1950
Incorrect URL displayed in addressbar through drag and drop
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
Spoofing issue with location
* MFSA 2012-46/CVE-2012-1966 (bmo#734076)
XSS through data: URLs
* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
Improper filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
use-after-free in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
Out of bounds read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
X-Frame-Options header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results in memory
corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
Content Security Policy 1.0 implementation errors cause data
leakage
* MFSA 2012-55/CVE-2012-1965 (bmo#758990)
feed: URLs with an innerURI inherit security context of page
* MFSA 2012-56/CVE-2012-1967 (bmo#758344)</comment>
<requestid>128272</requestid>
</revision>
<revision rev="155" vrev="2">
<srcmd5>1032c3e3fd9ae2cec97880aaad5091de</srcmd5>
<version>14.0.1</version>
<time>1343639837</time>
<user>namtrac</user>
<comment>Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) (forwarded request 129204 from a_jaeger)</comment>
<requestid>129207</requestid>
</revision>
<revision rev="156" vrev="1">
<srcmd5>11d4a90c3f68d7a45bd0b9af507de815</srcmd5>
<version>15.0</version>
<time>1346399098</time>
<user>coolo</user>
<comment>- update to Firefox 15.0 (bnc#777588)
* MFSA 2012-57/CVE-2012-1970
Miscellaneous memory safety hazards
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
Use-after-free issues found using Address Sanitizer
* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
Location object can be shadowed using Object.defineProperty
* MFSA 2012-60/CVE-2012-3965 (bmo#769108)
Escalation of privilege through about:newtab
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
Memory corruption with bitmap format images with negative height
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
WebGL use-after-free and memory corruption
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
SVG buffer overflow and use-after-free issues
* MFSA 2012-64/CVE-2012-3971
Graphite 2 memory corruption
* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
Out-of-bounds read in format-number in XSLT
* MFSA 2012-66/CVE-2012-3973 (bmo#757128)
HTTPMonitor extension allows for remote debugging without explicit
activation
* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
DOMParser loads linked resources in extensions when parsing
text/html
* MFSA 2012-69/CVE-2012-3976 (bmo#768568)
Incorrect site SSL certificate data display
* MFSA 2012-70/CVE-2012-3978 (bmo#770429)</comment>
<requestid>131904</requestid>
</revision>
<revision rev="157" vrev="1">
<srcmd5>8ac22bb7fe610d1d5c81df7fee357ced</srcmd5>
<version>15.0.1</version>
<time>1347487501</time>
<user>namtrac</user>
<comment>- update to Firefox 15.0.1 (bnc#779936)
* Sites visited while in Private Browsing mode could be found
through manual browser cache inspection (bmo#787743)</comment>
<requestid>133769</requestid>
</revision>
<revision rev="158" vrev="1">
<srcmd5>a7840df43dfe0b151b749292cb249ad7</srcmd5>
<version>16.0</version>
<time>1349853632</time>
<user>coolo</user>
<comment>- update to Firefox 16.0 (bnc#783533)
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
Miscellaneous memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
select element persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
Continued access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
Some DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
DOS and crash with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
Crash with invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
GetProperty function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
top object and location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
Chrome Object Wrapper (COW) does not disallow acces to privileged
functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
Spoofing and script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read issues
found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188
Heap memory corruption issues found using Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)</comment>
<requestid>137662</requestid>
</revision>
<revision rev="159" vrev="1">
<srcmd5>0ae2225b7bcf752043c65cddce7701a8</srcmd5>
<version>16.0.1</version>
<time>1350364205</time>
<user>coolo</user>
<comment></comment>
<requestid>137938</requestid>
</revision>
<revision rev="160" vrev="1">
<srcmd5>1c5e6e76350106820889a68b418c39d4</srcmd5>
<version>16.0.2</version>
<time>1351337036</time>
<user>coolo</user>
<comment>- update to Firefox 16.0.2 (bnc#786522)
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
(bmo#800666, bmo#793121, bmo#802557)
Fixes for Location object issues
- bring back Obsoletes for libproxy's mozjs plugin for distributions
before 12.2 to avoid crashes</comment>
<requestid>139507</requestid>
</revision>
<revision rev="161" vrev="1">
<srcmd5>fb857284956bef9de030c1f605e4917b</srcmd5>
<version>17.0</version>
<time>1353599206</time>
<user>coolo</user>
<comment>- update to Firefox 17.0 (bnc#790140)
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
Miscellaneous memory safety hazards
* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
Buffer overflow while rendering GIF images
* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
evalInSanbox location context incorrectly applied
* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
Crash when combining SVG text on path with CSS
* MFSA 2012-95/CVE-2012-4203 (bmo#765628)
Javascript: URLs run in privileged context on New Tab page
* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
Memory corruption in str_unescape
* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
XMLHttpRequest inherits incorrect principal within sandbox
* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
XrayWrappers exposes chrome-only properties when not in chrome
compartment
* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
Improper security filtering for cross-origin wrappers
* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
Improper character decoding in HZ-GB-2312 charset
* MFSA 2012-102/CVE-2012-5837 (bmo#800363)
Script entered into Developer Toolbar runs with chrome privileges
* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
Frames can shadow top.location
* MFSA 2012-104/CVE-2012-4210 (bmo#796866)
CSS and HTML injection through Style Inspector
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/</comment>
<requestid>142205</requestid>
</revision>
<revision rev="162" vrev="1">
<srcmd5>8cf33e536282acae8304017efc56f85e</srcmd5>
<version>17.0.1</version>
<time>1354527668</time>
<user>coolo</user>
<comment>- update to Firefox 17.0.1
* revert some useragent changes introduced in 17.0
* leaving private browsing with social enabled doesn't reset all
social components (bmo#815042)
- fix KDE integration for file dialogs</comment>
<requestid>143652</requestid>
</revision>
<revision rev="163" vrev="1">
<srcmd5>5543e5781da73339034ece87612309cf</srcmd5>
<version>18.0</version>
<time>1357821109</time>
<user>coolo</user>
<comment>- update to Firefox 18.0 (bnc#796895)
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
Buffer Overflow in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
URL spoofing in addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
Use-after-free when displaying table with many columns and column groups
* MFSA 2013-06/CVE-2013-0751 (bmo#790454)
Touch events are shared across iframes
* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
Crash due to handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
Compartment mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
Event manipulation in plugin handler to bypass same-origin policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
Address space layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
Buffer overflow in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
Memory corruption in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
Chrome Object Wrapper (COW) bypass through changing prototype</comment>
<requestid>147596</requestid>
</revision>
<revision rev="164" vrev="1">
<srcmd5>e1e6eddaaf77dfec83d736a6c5eb6d17</srcmd5>
<version>18.0.1</version>
<time>1359102850</time>
<user>coolo</user>
<comment>- update to Firefox 18.0.1
* blocklist updates
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions
- Fix WebRTC to build on powerpc</comment>
<requestid>149304</requestid>
</revision>
<revision rev="165" vrev="3">
<srcmd5>e1e6eddaaf77dfec83d736a6c5eb6d17</srcmd5>
<version>18.0.1</version>
<time>1359108619</time>
<user>adrianSuSE</user>
<comment>Split 12.3 from Factory</comment>
</revision>
<revision rev="166" vrev="1">
<srcmd5>f203dd8ad8a4b8db8795b872de7949e9</srcmd5>
<version>18.0.2</version>
<time>1360401216</time>
<user>coolo</user>
<comment>stability update; could be put into 12.3 but does not need to be (FF19 sec update will be released in 10 days anyway)</comment>
<requestid>154952</requestid>
</revision>
<revision rev="167" vrev="1">
<srcmd5>8b353643b2e06b39e7e34caadf7583c0</srcmd5>
<version>19.0</version>
<time>1361349098</time>
<user>coolo</user>
<comment>- update to Firefox 19.0 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783/2013-0784
Miscellaneous memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366)
Out-of-bounds read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614)
Wrapped WebIDL objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
Web content bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
Privacy leak in JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
Use-after-free in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
Phishing on HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow issues
found using Address Sanitizer
- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch
- added patch to fix session restore window order (bmo#712763)</comment>
<requestid>155861</requestid>
</revision>
<revision rev="168" vrev="1">
<srcmd5>0251bb519fdad8c02f0c1cbfa0fc92b8</srcmd5>
<version>19.0.2</version>
<time>1362900535</time>
<user>coolo</user>
<comment>- update to Firefox 19.0.2 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
Use-after-free in HTML Editor
- update to Firefox 19.0.1
* blocklist updates</comment>
<requestid>158061</requestid>
</revision>
<revision rev="169" vrev="2">
<srcmd5>f52bdb962b13064598ac218b282e090c</srcmd5>
<version>19.0.2</version>
<time>1363340522</time>
<user>coolo</user>
<comment>- build fixes for armv7hl:
* disable debug build as armv7hl does not have enough memory
* disable webrtc on armv7hl as it is non-compiling (forwarded request 158795 from dirkmueller)</comment>
<requestid>159297</requestid>
</revision>
<revision rev="170" vrev="1">
<srcmd5>beb17b9785d29e555e3d306c78021f29</srcmd5>
<version>20.0</version>
<time>1365231488</time>
<user>coolo</user>
<comment>- update to Firefox 20.0 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* mozilla-webrtc-ppc.patch included upstream
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)</comment>
<requestid>162345</requestid>
</revision>
<revision rev="171" vrev="2">
<srcmd5>d22a7c429f5b5e609c4a97f5f2f94148</srcmd5>
<version>20.0</version>
<time>1365337419</time>
<user>coolo</user>
<comment>- Explicitly disable WebRTC support on non-x86, the configure script
disables it only half-heartedly (forwarded request 162909 from AndreasSchwab)</comment>
<requestid>163032</requestid>
</revision>
<revision rev="172" vrev="3">
<srcmd5>b491b74e92847c7472a7a7fb6a678186</srcmd5>
<version>20.0</version>
<time>1365928529</time>
<user>coolo</user>
<comment>- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
(remove mozilla-gstreamer-1.patch)</comment>
<requestid>163449</requestid>
</revision>
<revision rev="173" vrev="1">
<srcmd5>de7d16df0c7f879789eb292125aeae13</srcmd5>
<version>21.0</version>
<time>1368771974</time>
<user>coolo</user>
<comment></comment>
<requestid>175906</requestid>
</revision>
<revision rev="174" vrev="2">
<srcmd5>ed6f63dca49ddeb751313f483bcaa841</srcmd5>
<version>21.0</version>
<time>1371136333</time>
<user>coolo</user>
<comment>- Fix qcms altivec include (mozilla-qcms-ppc.patch) (forwarded request 178590 from k0da)</comment>
<requestid>178599</requestid>
</revision>
<revision rev="175" vrev="1">
<srcmd5>cf590fa05961467ab93e11375e246bf0</srcmd5>
<version>22.0</version>
<time>1372271071</time>
<user>coolo</user>
<comment>- update to Firefox 22.0 (bnc#825935)
* removed obsolete patches
+ mozilla-qcms-ppc.patch
+ mozilla-gstreamer-760140.patch
* GStreamer support does not build on 12.1 anymore (build only
on 12.2 and later)
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
Miscellaneous memory safety hazards
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
Memory corruption found using Address Sanitizer
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
Privileged content access and execution via XBL
* MFSA 2013-52/CVE-2013-1688 (bmo#873966)
Arbitrary code execution within Profiler
* MFSA 2013-53/CVE-2013-1690 (bmo#857883)
Execution of unmapped memory through onreadystatechange event
* MFSA 2013-54/CVE-2013-1692 (bmo#866915)
Data in the body of XHR HEAD requests leads to CSRF attacks
* MFSA 2013-55/CVE-2013-1693 (bmo#711043)
SVG filters can lead to information disclosure
* MFSA 2013-56/CVE-2013-1694 (bmo#848535)
PreserveWrapper has inconsistent behavior
* MFSA 2013-57/CVE-2013-1695 (bmo#849791)
Sandbox restrictions not applied to nested frame elements
* MFSA 2013-58/CVE-2013-1696 (bmo#761667)
X-Frame-Options ignored when using server push with multi-part
responses
* MFSA 2013-59/CVE-2013-1697 (bmo#858101)
XrayWrappers can be bypassed to run user defined methods in a
privileged context</comment>
<requestid>180910</requestid>
</revision>
<revision rev="176" vrev="2">
<srcmd5>46ddb6e3f9e0ef64935a3ed553a364b6</srcmd5>
<version>22.0</version>
<time>1373086997</time>
<user>coolo</user>
<comment>- fix build on ARM (/-g/ matches /-grecord-switches/) (forwarded request 181923 from dirkmueller)</comment>
<requestid>182307</requestid>
</revision>
<revision rev="177" vrev="1">
<srcmd5>4eaad8fec28ef84c9b852ed061c76c5e</srcmd5>
<version>23.0</version>
<time>1376212880</time>
<user>scarabeus_factory</user>
<comment>- update to Firefox 23.0 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
Miscellaneous memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313)
Use after free mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865)
Buffer underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924)
Crash during WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253)
Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368)
CRMF requests allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829)
Bypass of XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098)
Wrong principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787)
Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file system
- requires NSPR 4.10 and NSS 3.15</comment>
<requestid>186295</requestid>
</revision>
<revision rev="178" vrev="1">
<srcmd5>dc21e7fe0977dbf87398df0e913976a9</srcmd5>
<version>23.0.1</version>
<time>1377855777</time>
<user>coolo</user>
<comment></comment>
<requestid>196711</requestid>
</revision>
<revision rev="179" vrev="3">
<srcmd5>dc21e7fe0977dbf87398df0e913976a9</srcmd5>
<version>23.0.1</version>
<time>1379661911</time>
<user>adrianSuSE</user>
<comment>Split 13.1 from Factory</comment>
</revision>
<revision rev="180" vrev="1">
<srcmd5>354a947048421ae69f83ae3a1e91457b</srcmd5>
<version>24.0</version>
<time>1379923539</time>
<user>coolo</user>
<comment>- move greek to the translations-common package (bnc#840551)
- update to Firefox 24.0 (bnc#840485)
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards
* MFSA 2013-77/CVE-2013-1720 (bmo#888820)
Improper state in HTML5 Tree Builder with templates
* MFSA 2013-78/CVE-2013-1721 (bmo#890277)
Integer overflow in ANGLE library
* MFSA 2013-79/CVE-2013-1722 (bmo#893308)
Use-after-free in Animation Manager during stylesheet cloning
* MFSA 2013-80/CVE-2013-1723 (bmo#891292)
NativeKey continues handling key messages after widget is destroyed
* MFSA 2013-81/CVE-2013-1724 (bmo#894137)
Use-after-free with select element
* MFSA 2013-82/CVE-2013-1725 (bmo#876762)
Calling scope for new Javascript objects can lead to memory corruption
* MFSA 2013-85/CVE-2013-1728 (bmo#883686)
Uninitialized data in IonMonkey
* MFSA 2013-88/CVE-2013-1730 (bmo#851353)
Compartment mismatch re-attaching XBL-backed nodes
* MFSA 2013-89/CVE-2013-1732 (bmo#883514)
Buffer overflow with multi-column, lists, and floats
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
Memory corruption involving scrolling
* MFSA 2013-91/CVE-2013-1737 (bmo#907727)
User-defined properties on DOM proxies get the wrong "this" object
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
GC hazard with default compartments and frame chain restoration
- enable gstreamer explicitely via pref (gecko.js)</comment>
<requestid>199437</requestid>
</revision>
<revision rev="181" vrev="2">
<srcmd5>06abb272c435982b3203f40a732cf958</srcmd5>
<version>24.0</version>
<time>1380526321</time>
<user>coolo</user>
<comment>- as GStreamer is not automatically required anymore but loaded
dynamically if available, require it explicitely
- recommend optional GStreamer plugins for comprehensive media
support</comment>
<requestid>201362</requestid>
</revision>
<revision rev="182" vrev="1">
<srcmd5>2a4dbe22c03487e84f2fa594e98dd034</srcmd5>
<version>25.0</version>
<time>1383285890</time>
<user>coolo</user>
<comment>- update to Firefox 25.0 (bnc#847708)
* rebased patches
* requires NSS 3.15.2 or above
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327)
Spoofing addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017)
Access violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580)
Improperly initialized memory and overflows in some JavaScript
functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881)
Writing to cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864)
Use-after-free when updating offline cache
* MFSA 2013-99/CVE-2013-5598 (bmo#920515)
Security bypass of PDF.js checks using iframes
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
(bmo#915210, bmo#915576, bmo#916685)
Miscellaneous use-after-free issues found through ASAN fuzzing
* MFSA 2013-101/CVE-2013-5602 (bmo#897678)
Memory corruption in workers
* MFSA 2013-102/CVE-2013-5603 (bmo#916404)
Use-after-free in HTML document templates</comment>
<requestid>205261</requestid>
</revision>
<revision rev="183" vrev="1">
<srcmd5>e49cf49085c34123cc0dfd137cffc457</srcmd5>
<version>26.0</version>
<time>1386772896</time>
<user>coolo</user>
<comment>- update to Firefox 26.0 (bnc#854367, bnc#854370)
* rebased patches
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)</comment>
<requestid>210489</requestid>
</revision>
<revision rev="184" vrev="2">
<srcmd5>7a104bdd854429cd307a0b51876a1012</srcmd5>
<version>26.0</version>
<time>1388757229</time>
<user>scarabeus_factory</user>
<comment></comment>
<requestid>212678</requestid>
</revision>
<revision rev="185" vrev="1">
<srcmd5>d7fee2fe343003f802ddb2a6c7a3d520</srcmd5>
<version>27.0</version>
<time>1391613790</time>
<user>coolo</user>
<comment>- update to Firefox 27.0 (bnc#861847)
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726)
UI selection timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427)
Information disclosure with *FromPoint on iframes
* MFSA 2014-06/CVE-2014-1484 (bmo#953993)
Profile path leaks to Android system log
* MFSA 2014-07/CVE-2014-1485 (bmo#910139)
XSLT stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers
* MFSA 2014-10/CVE-2014-1489 (bmo#959531)
Firefox default start page UI content invokable by script
* MFSA 2014-11/CVE-2014-1488 (bmo#950604)
Crash when using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4 or higher
- rebased/reworked patches</comment>
<requestid>220926</requestid>
</revision>
<revision rev="186" vrev="1">
<srcmd5>f6ce9e5679ebae0210a3c48290b55a8d</srcmd5>
<version>27.0.1</version>
<time>1393232558</time>
<user>coolo</user>
<comment>- update to Firefox 27.0.1
* Fixed stability issues with Greasemonkey and other JS that used
ClearTimeoutOrInterval
* JS math correctness issue (bnc#941381)
- incorporate Google API key for geolocation (bnc#864170)
- updated list of "other" locales in RPM requirements</comment>
<requestid>223589</requestid>
</revision>
<revision rev="187" vrev="2">
<srcmd5>41aa8e049e385c7a9da8077c33163d1e</srcmd5>
<version>27.0.1</version>
<time>1393937698</time>
<user>coolo</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>224415</requestid>
</revision>
<revision rev="188" vrev="1">
<srcmd5>1eb614b810187d53e5e2b04df478ce60</srcmd5>
<version>28.0</version>
<time>1395405231</time>
<user>coolo</user>
<comment>- update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering</comment>
<requestid>226811</requestid>
</revision>
<revision rev="189" vrev="2">
<srcmd5>d4a19446171e56e42b3bb4890cc74009</srcmd5>
<version>28.0</version>
<time>1396452309</time>
<user>coolo</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>228401</requestid>
</revision>
<revision rev="190" vrev="3">
<srcmd5>9feccb607ac0bfd5295b4880976ac506</srcmd5>
<version>28.0</version>
<time>1397460308</time>
<user>coolo</user>
<comment>- add mozilla-aarch64-599882cfb998.patch,
mozilla-aarch64-bmo-810631.patch,
mozilla-aarch64-bmo-962488.patch,
mozilla-aarch64-bmo-963030.patch,
mozilla-aarch64-bmo-963027.patch,
mozilla-aarch64-bmo-963028.patch,
mozilla-aarch64-bmo-963029.patch,
mozilla-aarch64-bmo-963023.patch,
mozilla-aarch64-bmo-963024.patch,
mozilla-aarch64-bmo-963031.patch: AArch64 porting (forwarded request 229482 from dirkmueller)</comment>
<requestid>229901</requestid>
</revision>
<revision rev="191" vrev="1">
<srcmd5>67ba36fa84abeb1aee66fc7cf63a9644</srcmd5>
<version>29.0</version>
<time>1398863379</time>
<user>coolo</user>
<comment>- update to Firefox 29.0 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-599882cfb998.diff</comment>
<requestid>232128</requestid>
</revision>
<revision rev="192" vrev="1">
<srcmd5>799ec13a09a12d1188c888068fcf856a</srcmd5>
<version>29.0.1</version>
<time>1400006856</time>
<user>coolo</user>
<comment>- update to Firefox 29.0.1
* Seer disabled by default (bmo#1005958)
* Session Restore failed with a corrupted sessionstore.js file
(bmo#1001167)
* pdf.js printing white page (bmo#1003707, bnc#876833)
- general.useragent.locale gets overwritten with en-US while it
should be using the active langpack's setting</comment>
<requestid>233497</requestid>
</revision>
<revision rev="193" vrev="1">
<srcmd5>3323edcd2a8d47fc7a8aa65eeea09aaa</srcmd5>
<version>30.0</version>
<time>1402947775</time>
<user>coolo</user>
<comment>- update to Firefox 30.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address
Sanitizer
* MFSA 2014-50/CVE-2014-1539 (bmo#995603)
Clickjacking through cursor invisability after Flash interaction
* MFSA 2014-51/CVE-2014-1540 (bmo#978862)
Use-after-free in Event Listener Manager
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller
* MFSA 2014-53/CVE-2014-1542 (bmo#991533)
Buffer overflow in Web Audio Speex resampler
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
Buffer overflow in Gamepad API
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR
- rebased patches
- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch</comment>
<requestid>236875</requestid>
</revision>
<revision rev="194" vrev="1">
<srcmd5>eaa6149bb5ecdd1dafb8a4b8ab514066</srcmd5>
<version>31.0</version>
<time>1406284038</time>
<user>coolo</user>
<comment>- update to Firefox 31.0 (bnc#887746)
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
Buffer overflow during Web Audio buffering for playback
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
Use-after-free in Web Audio due to incorrect control message ordering
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
Toolbar dialog customization event spoofing
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150)
Use-after-free while when manipulating certificates in the trusted cache
(solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805)
Crash in Skia library when scaling high quality images
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
(bmo#1015973, bmo#1026022, bmo#997795)
Certificate parsing broken by non-standard character encoding
* MFSA 2014-66/CVE-2014-1552 (bmo#985135)
IFRAME sandbox same-origin access through redirect
- use EGL on ARM
- rebased patches
- requires NSS 3.16.2
- requires python-devel (not only python)</comment>
<requestid>241955</requestid>
</revision>
<revision rev="195" vrev="3">
<srcmd5>eaa6149bb5ecdd1dafb8a4b8ab514066</srcmd5>
<version>31.0</version>
<time>1409300434</time>
<user>adrianSuSE</user>
<comment>Split 13.2 from Factory</comment>
</revision>
<revision rev="196" vrev="1">
<srcmd5>e1b8e2ddb54066abcc5155948565fff4</srcmd5>
<version>31.1.0</version>
<time>1409810156</time>
<user>coolo</user>
<comment>- update to Firefox 31.1.0esr (bnc#894370)
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1562
Miscellaneous memory safety hazards
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
Use-after-free during DOM interactions with SVG
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
Uninitialized memory use during GIF rendering
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
Out-of-bounds read in Web Audio audio timeline
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
Use-after-free setting text directionality
- changes to support compilation on 11.4
* explicit xz BuildRequires
* mozilla-nullptr-gcc45.patch
* remove unresolved makeinfo BuildRequires
- adapted _constraints, used more than 3900MB on s390x during
last build</comment>
<requestid>247292</requestid>
</revision>
<revision rev="197" vrev="1">
<srcmd5>94659be9d7b599475e58c1651d6c602a</srcmd5>
<version>32.0.2</version>
<time>1411556953</time>
<user>coolo</user>
<comment>- update to Firefox 32.0.2
* just a version bump for our builds
* fixed the in application update process for certain environments
(in application update is not enabled in openSUSE and Linux
is unaffected in any case)
- build with --disable-optimize for 13.1 and above for i586 to
workaround miscompilations (bnc#896624)
- use some more build flags to align with upstream
- update to Firefox 32.0.1
* fixed stability issues for computers with multiple graphics cards
* mixed content icon may be incorrectly displayed instead of lock
icon for SSL sites in 32.0 (
* WebRTC: setRemoteDescription() silently fails if no success
callback is specified (bmo#1063971)
- update to Firefox 32.0 (bnc#894370)
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
- rebased patches
- requires NSS 3.16.4
- removed upstreamed patch
* mozilla-aarch64-bmo-810631.patch</comment>
<requestid>251469</requestid>
</revision>
<revision rev="198" vrev="1">
<srcmd5>49a330bb3430cf9b361217783b661a30</srcmd5>
<version>33.0</version>
<time>1413384075</time>
<user>coolo</user>
<comment>- update to Firefox 33.0 (bnc#900941)
New features:
* OpenH264 support (sandboxed)
* Enhanced Tiles
* Improved search experience through the location bar
* Slimmer and faster JavaScript strings
* New CSP (Content Security Policy) backend
* Support for connecting to HTTP proxy over HTTPS
* Improved reliability of the session restoration
* Proprietary window.crypto properties/functions removed
Security:
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
Accessing cross-origin objects via the Alarms API
(only relevant for installed web apps)</comment>
<requestid>256323</requestid>
</revision>
<revision rev="199" vrev="2">
<srcmd5>7500bb510357a4aeb02d22df6a3e7308</srcmd5>
<version>33.0</version>
<time>1413616100</time>
<user>coolo</user>
<comment></comment>
<requestid>256768</requestid>
</revision>
<revision rev="200" vrev="1">
<srcmd5>e2c0aff7406eed78d93821ac08a09888</srcmd5>
<version>33.0.2</version>
<time>1414826041</time>
<user>coolo</user>
<comment>- update to Firefox 33.0.2
* Fix a startup crash with some combination of hardware and drivers
33.0.1
* Firefox displays a black screen at start-up with certain
graphics drivers
- adjusted _constraints for ARM
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
- define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)
- use Firefox default optimization flags instead of -Os
- specfile cleanup</comment>
<requestid>259011</requestid>
</revision>
<revision rev="201" vrev="2">
<srcmd5>7f86f305fecf8e7b432595994bbe47e0</srcmd5>
<version>33.0.2</version>
<time>1415347520</time>
<user>coolo</user>
<comment>1</comment>
<requestid>260182</requestid>
</revision>
<revision rev="202" vrev="1">
<srcmd5>462654973674bbdd75c0c41728df2674</srcmd5>
<version>33.1</version>
<time>1415866610</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>260773</requestid>
</revision>
<revision rev="203" vrev="1">
<srcmd5>b131402bc4f1d802309bd3bd9bdb3089</srcmd5>
<version>34.0.5</version>
<time>1417870043</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
* Default search engine changed to Yandex for Belarusian, Kazakh,
and Russian locales
* Improved search bar (en-US only)
* Firefox Hello real-time communication client
* Easily switch themes/personas directly in the Customizing mode
* Implementation of HTTP/2 (draft14) and ALPN
* Disabled SSLv3
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86</comment>
<requestid>263819</requestid>
</revision>
<revision rev="204" vrev="2">
<srcmd5>0d5788903c2c9c6fa856b1144e2afec7</srcmd5>
<version>34.0.5</version>
<time>1419545996</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>266182</requestid>
</revision>
<revision rev="205" vrev="1">
<srcmd5>cb3beefa5c5cf57318de11a4595e042d</srcmd5>
<version>35.0</version>
<time>1421873440</time>
<user>coolo</user>
<comment>- update to Firefox 35.0 (bnc#910669)
notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)
security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects
- rebased patches
- dropped explicit support for everything older than 12.3
(including SLES11)
* merge firefox-kde.patch and firefox-kde-114.patch
* dropped mozilla-sle11.patch</comment>
<requestid>281360</requestid>
</revision>
<revision rev="206" vrev="1">
<srcmd5>874715a23e6a2a9bb96d44f732fc915d</srcmd5>
<version>36.0</version>
<time>1425031620</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 36.0 (bnc#917597)
* mozilla-xremote-client was removed
* added libclearkey.so media plugin
* Pinned tiles on the new tab page can be synced
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
more scalable, and more responsive web.
* Locale added: Uzbek (uz)
security fixes:
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
Double-free when using non-default memory allocators with a
zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
Buffer overflow during CSS restyling</comment>
<requestid>287633</requestid>
</revision>
<revision rev="207" vrev="1">
<srcmd5>51c1d806f5d14a9635f49a41d1bbad31</srcmd5>
<version>36.0.1</version>
<time>1426494990</time>
<user>dimstar_suse</user>
<comment>FF 36 currently does not build on ARM and PPC apparently. I tried to fix one issue but it's not complete and still fails. This might need more research.
- update to Firefox 36.0.1
Bugfixes:
* Disable the usage of the ANY DNS query type (bmo#1093983)
* Hello may become inactive until restart (bmo#1137469)
* Print preferences may not be preserved (bmo#1136855)
* Hello contact tabs may not be visible (bmo#1137141)
* Accept hostnames that include an underscore character ("_")
(bmo#1136616)
* WebGL may use significant memory with Canvas2d (bmo#1137251)
* Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
ARM and PPC</comment>
<requestid>289960</requestid>
</revision>
<revision rev="208" vrev="1">
<srcmd5>f393265a6c5e991f48303f806ed86a61</srcmd5>
<version>36.0.4</version>
<time>1427273690</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 36.0.4 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
Code execution through incorrect JavaScript bounds checking
elimination
- Copy the icons to /usr/share/icons instead of symlinking them:
in preparation for containerized apps (e.g. xdg-app) as well as
AppStream metadata extraction, there are a couple locations that
need to be real files for system integration (.desktop files,
icons, mime-type info).</comment>
<requestid>292313</requestid>
</revision>
<revision rev="209" vrev="1">
<srcmd5>9e3ce6a6e441131401e8bd4b3a781923</srcmd5>
<version>37.0</version>
<time>1428391670</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL
centralized certificate revocation
* Opportunistically encrypt HTTP traffic where the server supports
HTTP/2 AltSvc
* some more behaviour changes for TLS
security fixes:
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
Add-on lightweight theme installation approval bypassed through
MITM attack
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
resource:// documents can load privileged pages
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
Out of bounds read in QCMS library
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
Cursor clickjacking with flash and images (OS X only)
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
Incorrect memory management for simple-type arrays in WebRTC
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
CORS requests should not follow 30x redirections after preflight
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
Memory corruption crashes in Off Main Thread Compositing
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)</comment>
<requestid>293906</requestid>
</revision>
<revision rev="210" vrev="1">
<srcmd5>0baf6da9560ed60593f4b7615b767c18</srcmd5>
<version>37.0.1</version>
<time>1428651986</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 37.0.1 (bnc#926166)
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
Loading privileged content through Reader mode
* MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
Certificate verification bypass through the HTTP/2 Alt-Svc header</comment>
<requestid>294722</requestid>
</revision>
<revision rev="211" vrev="1">
<srcmd5>e93548268285fc0d6395172298341e27</srcmd5>
<version>37.0.2</version>
<time>1429973198</time>
<user>coolo</user>
<comment>- update to Firefox 37.0.2 (bnc#928116)
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
Memory corruption during failed plugin initialization</comment>
<requestid>298646</requestid>
</revision>
<revision rev="212" vrev="1">
<srcmd5>f107e0bab001d12cdcc72b03b34a872f</srcmd5>
<version>38.0.1</version>
<time>1432158641</time>
<user>dimstar_suse</user>
<comment>- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
- update to Firefox 38.0.1
stability and regression fixes
* Systems with first generation NVidia Optimus graphics cards
may crash on start-up
* Users who import cookies from Google Chrome can end up with
broken websites
* Large animated images may fail to play and may stop other
images from loading
- update to Firefox 38.0 (bnc#930622)
* New tab-based preferences
* Ruby annotation support
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
security fixes:
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
Miscellaneous memory safety hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995)
Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
Buffer overflow with SVG content and CSS
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
Referrer policy ignored when links opened by middle-click and
context menu
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
Out-of-bounds read and write in asm.js validation
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
Use-after-free during text processing with vertical text enabled</comment>
<requestid>307294</requestid>
</revision>
<revision rev="213" vrev="1">
<srcmd5>ca257a880804ce7c198bf74aa3978997</srcmd5>
<version>38.0.5</version>
<time>1433401262</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 38.0.5
* Keep track of articles and videos with Pocket
* Clean formatting for articles and blog posts with Reader View
* Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)</comment>
<requestid>309818</requestid>
</revision>
<revision rev="214" vrev="1">
<srcmd5>9c2ec2cf0c7b52443d56e60a54d11858</srcmd5>
<version>38.0.6</version>
<time>1433845446</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>311096</requestid>
</revision>
<revision rev="215" vrev="1">
<srcmd5>b9a5dee24aeedd34cc6ec5bb5735903b</srcmd5>
<version>39.0</version>
<time>1437059587</time>
<user>coolo</user>
<comment>- update to Firefox 39.0 (bnc#935979)
* Share Hello URLs with social networks
* Support for 'switch' role in ARIA 1.1 (web accessibility)
* SafeBrowsing malware detection lookups enabled for downloads
(Mac OS X and Linux)
* Support for new Unicode 8.0 skin tone emoji
* Removed support for insecure SSLv3 for network communications
* Disable use of RC4 except for temporarily whitelisted hosts
* NPAPI Plug-in performance improved via asynchronous initialization
security fixes:
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
Miscellaneous memory safety hazards
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
Type confusion in Indexed Database Manager
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
Out-of-bound read while computing an oscillator rendering range in Web Audio
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
Use-after-free in Content Policy due to microtask execution error
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
ECDSA signature validation fails to handle some signatures correctly
(this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
Use-after-free in workers while using XMLHttpRequest
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
Vulnerabilities found through code inspection
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
Key pinning is ignored when overridable errors are encountered</comment>
<requestid>314952</requestid>
</revision>
<revision rev="216" vrev="1">
<srcmd5>481face813cf597a174e764f47ad97e1</srcmd5>
<version>39.0.3</version>
<time>1439190918</time>
<user>dimstar_suse</user>
<comment>- security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
Same origin violation and local file stealing via PDF reader</comment>
<requestid>321236</requestid>
</revision>
<revision rev="217" vrev="1">
<srcmd5>3556971125fa1d38b55d02ef02632bc1</srcmd5>
<version>40.0</version>
<time>1439556337</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
* Suggested Tiles show sites of interest, based on categories
from your recent browsing history
* Hello allows adding a link to conversations to provide context
on what the conversation will be about
* New style for add-on manager based on the in-content
preferences style
* Improved scrolling, graphics, and video playback performance
with off main thread compositing (GNU/Linux only)
* Graphic blocklist mechanism improved: Firefox version ranges
can be specified, limiting the number of devices blocked
security fixes:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
Out-of-bounds read with malformed MP3 file
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
Use-after-free in MediaStream playback
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518)
Arbitrary file overwriting through Mozilla Maintenance Service
with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
Out-of-bounds write with Updater and malicious MAR file
(does not affect openSUSE RPM packages which do not ship the
updater)</comment>
<requestid>322026</requestid>
</revision>
<revision rev="218" vrev="1">
<srcmd5>403d010959f312fa2f065cba9fe311da</srcmd5>
<version>40.0.3</version>
<time>1440871341</time>
<user>coolo</user>
<comment>- update to Firefox 40.0.3 (bnc#943550)
* Disable the asynchronous plugin initialization (bmo#1198590)
* Fix a segmentation fault in the GStreamer support (bmo#1145230)
* Fix a regression with some Japanese fonts used in the <input>
field (bmo#1194055)
* On some sites, the selection in a select combox box using the
mouse could be broken (bmo#1194733)
security fixes
* MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
Use-after-free when resizing canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
Add-on notification bypass through data URLs</comment>
<requestid>327639</requestid>
</revision>
<revision rev="219" vrev="1">
<srcmd5>4f5e24a5be89a82dab49dae250c38178</srcmd5>
<version>41.0</version>
<time>1443694879</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 41.0 (bnc#947003)
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
Site attribute spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
Out-of-bounds read during 2D canvas display on Linux 16-bit
color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
JavaScript immutable property enforcement can be bypassed</comment>
<requestid>333058</requestid>
</revision>
<revision rev="220" vrev="1">
<srcmd5>99ba6d58c42fb5c1291aafa51a120dcb</srcmd5>
<version>41.0.1</version>
<time>1444636837</time>
<user>coolo</user>
<comment>- do not build with --enable-stdcxx-compat
(this starts to fail build on various toolchain combinations
and is not required for openSUSE builds in general
- update to Firefox 41.0.1
* Fix a startup crash related to Yandex toolbar and Adblock Plus
(bmo#1209124)
* Fix potential hangs with Flash plugins (bmo#1185639)
* Fix a regression in the bookmark creation (bmo#1206376)
* Fix a startup crash with some Intel Media Accelerator 3150
graphic cards (bmo#1207665)
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)</comment>
<requestid>336284</requestid>
</revision>
<revision rev="221" vrev="1">
<srcmd5>c72e53a71c97b1920b985b4f1ff595c9</srcmd5>
<version>41.0.2</version>
<time>1445675034</time>
<user>coolo</user>
<comment>- update to Firefox 41.0.2 (bnc#950686)
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
Cross-origin restriction bypass using Fetch
- added explicit appdata provides (bnc#949983)</comment>
<requestid>339287</requestid>
</revision>
<revision rev="222" vrev="1">
<srcmd5>92e0309cc17cc89ee4bc574ecf389590</srcmd5>
<version>42.0</version>
<time>1446978280</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 42.0 (bnc#952810)
* Private Browsing with Tracking Protection blocks certain Web
elements that could be used to record your behavior across sites
* Control Center that contains site security and privacy controls
* Login Manager improvements
* WebRTC improvements
* Indicator added to tabs that play audio with one-click muting
* Media Source Extension for HTML5 video available for all sites
security fixes:
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)</comment>
<requestid>342306</requestid>
</revision>
<revision rev="223" vrev="2">
<srcmd5>e55b3608a3dfda6550df2fbfaa5fc12a</srcmd5>
<version>42.0</version>
<time>1447766494</time>
<user>dimstar_suse</user>
<comment>- Add desktop menu action for private browsing window to desktop
file (boo#954747)
- remove obsolete patch mozilla-bmo1005535.patch completely from
source package to avoid automatic check failures</comment>
<requestid>344628</requestid>
</revision>
<revision rev="224" vrev="1">
<srcmd5>199be07ea7960a7d89ab6720b43b2a6a</srcmd5>
<version>43.0</version>
<time>1451177832</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
* Users can opt-in to receive search suggestions from the Awesome Bar
* WebRTC streaming on multiple monitors
* User selectable second block list for Private Browsing's Tracking
Protection
security fixes:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using perfomance.getEntries and
history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
Linux file chooser crashes on malformed images due to flaws in
Jasper library</comment>
<requestid>349286</requestid>
</revision>
<revision rev="225" vrev="1">
<srcmd5>fa682b56395e8609f2dbd044efd2d3b8</srcmd5>
<version>43.0.3</version>
<time>1451983254</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>351269</requestid>
</revision>
<revision rev="226" vrev="1">
<srcmd5>14e2d667db6642106091f0aaaf8c20f4</srcmd5>
<version>43.0.4</version>
<time>1452850773</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>352993</requestid>
</revision>
<revision rev="227" vrev="1">
<srcmd5>be63c8fbee7c056002b234ee73068226</srcmd5>
<version>44.0</version>
<time>1454490960</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 44.0 (boo#963520)
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931
Miscellaneous memory safety hazards
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761)
Out of Memory crash when parsing GIF format images
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
Buffer overflow in WebGL after out of memory allocation
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)
Firefox allows for control characters to be set in cookie names
* MFSA 2016-06/CVE-2016-1937 (bmo#724353)
Missing delay following user click events in protocol handler dialog
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248)
Errors in mp_div and mp_exptmod cryptographic functions in NSS
(fixed by requiring NSS 3.21)
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
Addressbar spoofing attacks
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
(bmo#1186621, bmo#1214782, bmo#1232096)
Unsafe memory manipulation found through code inspection
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103)
Application Reputation service disabled in Firefox 43
* requires NSPR 4.11
* requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches</comment>
<requestid>356135</requestid>
</revision>
<revision rev="228" vrev="2">
<srcmd5>f23997e0380f9a127d81a4eb9c143366</srcmd5>
<version>44.0</version>
<time>1455272521</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>358662</requestid>
</revision>
<revision rev="229" vrev="1">
<srcmd5>eb12a64efd0a7b472a1d1b61a1625022</srcmd5>
<version>44.0.2</version>
<time>1456733614</time>
<user>dimstar_suse</user>
<comment>- fix build problems on i586, caused by too large unified compile
units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
Same-origin-policy violation using Service Workers with plugins
* Fix issue which could lead to the removal of stored passwords
under certain circumstances (bmo#1242176)
* Allows spaces in cookie names (bmo#1244505)
* Disable opus/vorbis audio with H.264 (bmo#1245696)
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
* Fix a crash in cache networking (bmo#1244076)
* Fix using WebSockets in service worker controlled pages (bmo#1243942)</comment>
<requestid>362048</requestid>
</revision>
<revision rev="230" vrev="1">
<srcmd5>ff21503a895c07c0cc0f73417bb37769</srcmd5>
<version>45.0</version>
<time>1458120276</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 45.0 (boo#969894)
* requires NSPR 4.12 / NSS 3.21.1
* Instant browser tab sharing through Hello
* Synced Tabs button in button bar
* Tabs synced via Firefox Accounts from other devices are now shown
in dropdown area of Awesome Bar when searching
* Introduce a new preference (network.dns.blockDotOnion) to allow
blocking .onion at the DNS level
* Tab Groups (Panorama) feature removed
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
Local file overwriting and potential privilege escalation through
CSP reports
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
CSP reports fail to strip location information for embedded iframe pages
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
Linux video memory DOS with Intel drivers
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
Memory leak in libstagefright when deleting an array during MP4
processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
Displayed page address can be overridden
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
Service Worker Manager out-of-bounds read in Service Worker Manager
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760)</comment>
<requestid>368778</requestid>
</revision>
<revision rev="231" vrev="1">
<srcmd5>a0174a69c14b7f2beaa72ae2f766d71a</srcmd5>
<version>45.0.1</version>
<time>1459237913</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>380049</requestid>
</revision>
<revision rev="232" vrev="1">
<srcmd5>24d21f12d578d80f014562e89bba17e7</srcmd5>
<version>45.0.2</version>
<time>1460924223</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>388302</requestid>
</revision>
<revision rev="233" vrev="1">
<srcmd5>0cf78223e280e1b1ce88b8d4771a467c</srcmd5>
<version>46.0</version>
<time>1462447165</time>
<user>dimstar_suse</user>
<comment>- add mozilla-jit_branch64.patch to avoid PowerPC build failure
(from bmo#1266366)
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
version from Fedora).
- update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
* WebRTC fixes to improve performance and stability
* Added support for document.elementsFromPoint
* Added HKDF support for Web Crypto API
* requires NSPR 4.12 and NSS 3.22.3
* added patch to fix unchecked return value
mozilla-check_return.patch
* Gtk3 builds not supported at the moment
security fixes:
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
(boo#977373, boo#977375, boo#977376)
Miscellaneous memory safety hazards
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
Privilege escalation through file deletion by Maintenance Service updater
(Windows only)
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
Content provider permission bypass allows malicious application
to access data (Android only)
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
(bmo#1252330, bmo#1261776, boo#977379)
Use-after-free and buffer overflow in Service Workers
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
Disclosure of user actions through JavaScript with motion and</comment>
<requestid>393514</requestid>
</revision>
<revision rev="234" vrev="1">
<srcmd5>fbe852870a6422688f54577f1b49c6e7</srcmd5>
<version>46.0.1</version>
<time>1463738070</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 46.0.1
Fixed:
* Search plugin issue for various locales
* Add-on signing certificate expiration
* Service worker update issue
* Build issue when jit is disabled
* Limit Sync registration updates
- removed now obsolete mozilla-jit_branch64.patch</comment>
<requestid>395587</requestid>
</revision>
<revision rev="235" vrev="2">
<srcmd5>bb6b74128898d4e72a09011bc59f79f8</srcmd5>
<version>46.0.1</version>
<time>1464017430</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>397000</requestid>
</revision>
<revision rev="236" vrev="3">
<srcmd5>13277f7f27be544fa91723a300b0c175</srcmd5>
<version>46.0.1</version>
<time>1464689487</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>398146</requestid>
</revision>
<revision rev="237" vrev="1">
<srcmd5>af9dc7441f13205deb42565101b49fec</srcmd5>
<version>47.0</version>
<time>1465750307</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction</comment>
<requestid>400713</requestid>
</revision>
<revision rev="238" vrev="1">
<srcmd5>07e720f397b0c0e58ffe069106d18e46</srcmd5>
<version>47.0.1</version>
<time>1467359645</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>405482</requestid>
</revision>
<revision rev="239" vrev="2">
<srcmd5>f4d7c361c5122d88b510572787f9c6e2</srcmd5>
<version>47.0.1</version>
<time>1469628512</time>
<user>dimstar_suse</user>
<comment>- Fix Firefox crash on startup on i586 (boo#986541):
* Add -fno-delete-null-pointer-checks and
-fno-inline-small-functions to CFLAGS
- Update the appdata.xml file (replace Windows XP screenshot)</comment>
<requestid>414919</requestid>
</revision>
<revision rev="240" vrev="1">
<srcmd5>8053bdc5a4b9f5116677f233c042dacf</srcmd5>
<version>48.0</version>
<time>1471008901</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>417434</requestid>
</revision>
<revision rev="241" vrev="1">
<srcmd5>bc8b3f5863385df84bb5710431cb2a30</srcmd5>
<version>48.0.1</version>
<time>1472026032</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>420732</requestid>
</revision>
<revision rev="242" vrev="1">
<srcmd5>088dc5f70410a17b6dbde881dcefd35e</srcmd5>
<version>48.0.2</version>
<time>1472731326</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>423950</requestid>
</revision>
<revision rev="243" vrev="1">
<srcmd5>6776ca732c2a11e6a87334eacf8fb553</srcmd5>
<version>49.0.1</version>
<time>1474806592</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>429909</requestid>
</revision>
<revision rev="244" vrev="2">
<srcmd5>564df7dab67ab8da11a05557db310d41</srcmd5>
<version>49.0.1</version>
<time>1477134209</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>435748</requestid>
</revision>
<revision rev="245" vrev="1">
<srcmd5>f22a7fca95f2290ef66e3c536230a4b1</srcmd5>
<version>49.0.2</version>
<time>1477644144</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>437097</requestid>
</revision>
<revision rev="246" vrev="1">
<srcmd5>30432addcce9830215a9094efe904781</srcmd5>
<version>50.0</version>
<time>1479381588</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
new features
* Updates to keyboard shortcuts
Set a preference to have Ctrl+Tab cycle through tabs in recently
used order
View a page in Reader Mode by using Ctrl+Alt+R
* Added option to Find in page that allows users to limit search to
whole words only
* Added download protection for a large number of executable file
types on Windows, Mac and Linux
* Fixed rendering of dashed and dotted borders with rounded corners
(border-radius)
* Added a built-in Emoji set for operating systems without native
Emoji fonts (Windows 8.0 and lower and Linux)
* Blocked versions of libavcodec older than 54.35.1
* additional locale
security fixes:
* MFSA 2016-89
CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
(bmo#1292443)
CVE-2016-5292: URL parsing causes crash (bmo#1288482)
CVE-2016-5293: Write to arbitrary file with updater and moz
maintenance service using updater.log hardlink
(Windows only) (bmo#1246945)
CVE-2016-5294: Arbitrary target directory for result files of
update process (Windows only) (bmo#1246972)
CVE-2016-5297: Incorrect argument length checking in Javascript
(bmo#1303678)
CVE-2016-9064: Addons update must verify IDs match between</comment>
<requestid>440442</requestid>
</revision>
<revision rev="247" vrev="1">
<srcmd5>969920b45400f0fbf191e223e9355ec7</srcmd5>
<version>50.0.2</version>
<time>1480785964</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>443072</requestid>
</revision>
<revision rev="248" vrev="1">
<srcmd5>45f879d2ff61b2389766051cca7a3758</srcmd5>
<version>50.1.0</version>
<time>1481886380</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 50.1.0 (boo#1015422)
* MFSA 2016-94
CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
CVE-2016-9899: Use-after-free while manipulating DOM events and
audio elements (bmo#1317409)
CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
CVE-2016-9898: Use-after-free in Editor while manipulating
DOM subtrees (bmo#1314442)
CVE-2016-9900: Restricted external resources can be loaded by
SVG images through data URLs (bmo#1319122)
CVE-2016-9904: Cross-origin information leak in shared atoms
(bmo#1317936)
CVE-2016-9901: Data from Pocket server improperly sanitized
before execution (bmo#1320057)
CVE-2016-9902: Pocket extension does not validate the origin
of events (bmo#1320039)
CVE-2016-9903: XSS injection vulnerability in add-ons SDK
(bmo#1315435)
CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
Firefox ESR 45.6
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)</comment>
<requestid>445658</requestid>
</revision>
<revision rev="249" vrev="1">
<srcmd5>cc33427d84233ee00f314ae2f7678eba</srcmd5>
<version>51.0.1</version>
<time>1485682232</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>453043</requestid>
</revision>
<revision rev="250" vrev="1">
<srcmd5>b00d41b4179c1f52c7e1f774d6d1df93</srcmd5>
<version>52.0.1</version>
<time>1490132875</time>
<user>dimstar_suse</user>
<comment>hopefully last iteration (let's see what the i586 builds are doing :-()
- disable rust usage for everything but x86(-64)
- explicitely add libffi build requirement
- update to Firefox 52.0.1 (boo#1029822)
MFSA 2017-08
CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
- reenable ALSA support which was removed by default upstream
- update to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight,
Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers
* MFSA 2017-05
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933)
CVE-2017-5401: Memory Corruption when handling ErrorResult
(bmo#1328861)
CVE-2017-5402: Use-after-free working with events in FontFace
objects (bmo#1334876)
CVE-2017-5403: Use-after-free using addRange to add range to an
incorrect root object (bmo#1340186)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
CVE-2017-5406: Segmentation fault in Skia with canvas operations</comment>
<requestid>481555</requestid>
</revision>
<revision rev="251" vrev="1">
<srcmd5>afcf56a6d3234dad438b67440dd9fd0b</srcmd5>
<version>52.0.2</version>
<time>1491895735</time>
<user>maxlin_factory</user>
<comment>- update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
* Fix loading tab icons on session restore (bmo#1338009)
* Fix a crash on startup on Linux (bmo#1345413)
* Fix new installs erroneously not prompting to change the default
browser setting (bmo#1343938)</comment>
<requestid>485000</requestid>
</revision>
<revision rev="252" vrev="1">
<srcmd5>a73ae52e2b010292f5540fe4e5a0917d</srcmd5>
<version>52.1.0</version>
<time>1493880730</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>491715</requestid>
</revision>
<revision rev="253" vrev="1">
<srcmd5>9f52289b49ea8cca8bb31771e37b170b</srcmd5>
<version>52.1.1</version>
<time>1495132598</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 52.1.1
MFSA 2017-14
* CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
(Windows only, Linux not affected)
- switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
firefox.js
- fixed KDE integration to avoid crash caused by filepicker
(boo#1015998)</comment>
<requestid>493642</requestid>
</revision>
<revision rev="254" vrev="2">
<srcmd5>bd493d22632dfa0922a311dcdddad874</srcmd5>
<version>52.1.1</version>
<time>1495883374</time>
<user>dimstar_suse</user>
<comment>- remove -fno-inline-small-functions and explicitely optimize with
-O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)</comment>
<requestid>498129</requestid>
</revision>
<revision rev="255" vrev="1">
<srcmd5>72b3f5af79bda108822585b249ef1b1c</srcmd5>
<version>52.2</version>
<time>1497949072</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
* CVE-2017-5472 (bmo#1365602)
Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749 (bmo#1355039)
Use-after-free during docshell reloading
* CVE-2017-7750 (bmo#1356558)
Use-after-free with track elements
* CVE-2017-7751 (bmo#1363396)
Use-after-free with content viewer listeners
* CVE-2017-7752 (bmo#1359547)
Use-after-free with IME input
* CVE-2017-7754 (bmo#1357090)
Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7755 (bmo#1361326)
Privilege escalation through Firefox Installer with same
directory DLL files (Windows only)
* CVE-2017-7756 (bmo#1366595)
Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757 (bmo#1356824)
Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777
Vulnerabilities in the Graphite 2 library
* CVE-2017-7758 (bmo#1368490)
Out-of-bounds read in Opus encoder
* CVE-2017-7760 (bmo#1348645)
File manipulation and privilege escalation via callback parameter
in Mozilla Windows Updater and Maintenance Service (Windows only)</comment>
<requestid>503675</requestid>
</revision>
<revision rev="256" vrev="1">
<srcmd5>2d41695987093899439fc7e2450b42af</srcmd5>
<version>52.2.1</version>
<time>1500669375</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>510206</requestid>
</revision>
<revision rev="257" vrev="1">
<srcmd5>55eee3b5966b1f4cdd7e61a0a1b2437c</srcmd5>
<version>52.3.0</version>
<time>1502561757</time>
<user>maxlin_factory</user>
<comment>1</comment>
<requestid>515337</requestid>
</revision>
<revision rev="258" vrev="1">
<srcmd5>ac659e26664806eac60670e0570c3e11</srcmd5>
<version>56.0</version>
<time>1507570592</time>
<user>dimstar_suse</user>
<comment>- Correct plugin directory for aarch64 (boo#1061207). The wrapper
script was not detecting aarch64 as a 64 bit architecture, thus
used /usr/lib/browser-plugins/.
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
looks for.
- update to Firefox 56.0 (boo#1060445)
* Firefox Screenshots
* Find Options/Preferences more quickly with new search function
* Media is no longer auto-played when opened in a background tab
* Enable CSS Grid Layout View
MFSA 2017-21
* CVE-2017-7793 (bmo#1371889)
Use-after-free with Fetch API
* CVE-2017-7817 (bmo#1356596) (Android-only)
Firefox for Android address bar spoofing through fullscreen mode
* CVE-2017-7818 (bmo#1363723)
Use-after-free during ARIA array manipulation
* CVE-2017-7819 (bmo#1380292)
Use-after-free while resizing images in design mode
* CVE-2017-7824 (bmo#1398381)
Buffer overflow when drawing and validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
Use-after-free in TLS 1.2 generating handshake hashes
* CVE-2017-7812 (bmo#1379842)
Drag and drop of malicious page content to the tab bar can open locally stored files
* CVE-2017-7814 (bmo#1376036)</comment>
<requestid>530307</requestid>
</revision>
<revision rev="259" vrev="1">
<srcmd5>72b2f21276abe9c33048ade962932256</srcmd5>
<version>57.0</version>
<time>1510837237</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 57.0 (boo#1068101)
* Firefox Quantum
* Photon UI
* Unified address and search bar
* AMD VP9 hardware video decoder support
* Added support for Date/Time input
* stricter security sandbox blocking filesystem reading and
writing on Linux systems
* middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
MFSA 2017-24
* CVE-2017-7828 (bmo#1406750. bmo#1412252)
Use-after-free of PressShell while restyling layout
* CVE-2017-7830 (bmo#1408990)
Cross-origin URL information leak through Resource Timing API
* CVE-2017-7831 (bmo#1392026)
Information disclosure of exposed properties on JavaScript proxy
objects
* CVE-2017-7832 (bmo#1408782)
Domain spoofing through use of dotless 'i' character followed
by accent markers
* CVE-2017-7833 (bmo#1370497)
Domain spoofing with Arabic and Indic vowel marker characters
* CVE-2017-7834 (bmo#1358009)
data: URLs opened in new tabs bypass CSP protections
* CVE-2017-7835 (bmo#1402363)
Mixed content blocking incorrectly applies with redirects
* CVE-2017-7836 (bmo#1401339)
Pingsender dynamically loads libcurl on Linux and OS X
* CVE-2017-7837 (bmo#1325923)</comment>
<requestid>541950</requestid>
</revision>
<revision rev="260" vrev="2">
<srcmd5>58a41a530fc533d437fc71bf58f64224</srcmd5>
<version>57.0</version>
<time>1512042179</time>
<user>dimstar_suse</user>
<comment>- Add mozilla-bmo1360278.patch
Starting with Firefox 57, the context menu appears on key press.
This patch creates a config entry to restore the
old behaviour. Without the patch, the mouse gesture extensions
require 2 clicks to work (bmo#1360278).
The new config entry is named ui.context_menus.after_mouseup
(default : false).
- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
widget.allow-client-side-decoration=true
(mozilla-bmo1399611-csd.patch)</comment>
<requestid>545695</requestid>
</revision>
<revision rev="261" vrev="1">
<srcmd5>891c196649a1e95f4b8abe407bef7802</srcmd5>
<version>57.0.1</version>
<time>1512765937</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 57.0.1
* Fix a video color distortion issue on YouTube and other video
sites with some AMD devices (bmo#1417442)
* Fix an issue with prefs.js when the profile path has non-ascii
characters (bmo#1420427)
</comment>
<requestid>547925</requestid>
</revision>
<revision rev="262" vrev="2">
<srcmd5>d32ac717085443906e0006060cd57d3b</srcmd5>
<version>57.0.1</version>
<time>1513110059</time>
<user>dimstar_suse</user>
<comment>- Explicitly buildrequires python2-xml: The build system relies on
it. We wrongly relied on other packages pulling it in for us.
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* CVE-2017-7843: Web worker in Private Browsing mode can write
IndexedDB data (bsc#1072034, bmo#1410106)
* CVE-2017-7844: Visited history information leak through SVG
image (bsc#1072036, bmo#1420001)</comment>
<requestid>555866</requestid>
</revision>
<revision rev="263" vrev="1">
<srcmd5>29163ecc594a6525bf947ebcec37376b</srcmd5>
<version>57.0.4</version>
<time>1515260831</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 57.0.4
MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
(boo#1074723)
- fixed regression introduced Oct 10th which made Firefox crash
when cancelling the KDE file dialog (boo#1069962)
- Mozilla Firefox 57.0.3:
* Fix a crash reporting issue that inadvertently sends background
tab crash reports to Mozilla without user opt-in (bmo#1427111,
bsc#1074235)
- Includes changes from 57.0.2:
* fixes for platforms other than GNU/Linux</comment>
<requestid>561754</requestid>
</revision>
<revision rev="264" vrev="2">
<srcmd5>3bde119f0e586f42e125f2e9e3d0a293</srcmd5>
<version>57.0.4</version>
<time>1516091791</time>
<user>dimstar_suse</user>
<comment>This should hopefully fix the build issue with latest rust in staging.
- fixed build with latest rust (mozilla-rust-1.23.patch)</comment>
<requestid>563240</requestid>
</revision>
<revision rev="265" vrev="1">
<srcmd5>3eab647834a62d29b1d7cd94f999e410</srcmd5>
<version>58.0.1</version>
<time>1518025164</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>573290</requestid>
</revision>
<revision rev="266" vrev="1">
<srcmd5>b43aa3b0a0a19f65914c14902d6af504</srcmd5>
<version>58.0.2</version>
<time>1518513986</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>574857</requestid>
</revision>
<revision rev="267" vrev="1">
<srcmd5>e56b34bb56dc5e34d7d58e8422d34871</srcmd5>
<version>59.0.1</version>
<time>1521579141</time>
<user>dimstar_suse</user>
<comment>yet another small tweak to have really all fixes in place also for ARM (libtremor) which was left out from the upstream Firefox tag (and only applied to the Fennec one)
- update to Firefox 59.0.1 (bsc#1085671)
MFSA 2018-08
* CVE-2018-5146 (bmo#1446062)
Vorbis audio processing out of bounds write
* CVE-2018-5147 (bmo#1446365)
Out of bounds memory write in libtremor
(mozilla-bmo1446062.patch)
- Added patch:
* mozilla-bmo1005535.patch:
Enable skia_gpu on big endian platforms.
- update to Firefox 59.0
* Performance enhancements
* Drag-and-drop to rearrange Top Sites on the Firefox Home page
* added features for Firefox Screenshots
* Enhanced WebExtensions API
* Improved RTC capabilities
MFSA 2018-06 (bsc#1085130)
* CVE-2018-5127 (bmo#1430557)
Buffer overflow manipulating SVG animatedPathSegList
* CVE-2018-5128 (bmo#1431336)
Use-after-free manipulating editor selection ranges
* CVE-2018-5129 (bmo#1428947)
Out-of-bounds write with malformed IPC messages
* CVE-2018-5130 (bmo#1433005)
Mismatched RTP payload type can trigger memory corruption
* CVE-2018-5131 (bmo#1440775)
Fetch API improperly returns cached copies of no-store/no-cache resources
* CVE-2018-5132 (bmo#1408194)</comment>
<requestid>588116</requestid>
</revision>
<revision rev="268" vrev="1">
<srcmd5>f57de4ea4c3e448f3d2a08208fb369f4</srcmd5>
<version>59.0.2</version>
<time>1522403979</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>591686</requestid>
</revision>
<revision rev="269" vrev="2">
<srcmd5>7c5977d83ef105f6a8c53b856c56902f</srcmd5>
<version>59.0.2</version>
<time>1525023387</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>601060</requestid>
</revision>
<revision rev="270" vrev="1">
<srcmd5>043f6c7dfcd3418c1a40b4743a645b9b</srcmd5>
<version>59.0.3</version>
<time>1525343466</time>
<user>dimstar_suse</user>
<comment>- do not try CSD on kwin (boo#1091592)
- fix build in openSUSE:Leap:42.3:Update, use gcc7
- Mozilla Firefox 59.0.3:
* fixes for platforms other than GNU/Linux</comment>
<requestid>603325</requestid>
</revision>
<revision rev="271" vrev="1">
<srcmd5>696ad38336a73608d4987bf94fb24ada</srcmd5>
<version>60.0</version>
<time>1526030803</time>
<user>dimstar_suse</user>
<comment>Final Firefox 60.0 (regular; non-ESR) for TW
- update to Firefox 60.0
* Added a policy engine that allows customized Firefox deployments
in enterprise environments, using Windows Group Policy or a
cross-platform JSON file
* Applied Quantum CSS to render browser UI
* Added support for Web Authentication, allowing the use of USB
tokens for authentication to web sites
* Locale added: Occitan (oc)
MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092)
Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774)
Use-after-free with SVG animations and text paths
* CVE-2018-5157 (bmo#1449898)
Same-origin bypass of PDF Viewer to view protected PDF files
* CVE-2018-5158 (bmo#1452075)
Malicious PDF can inject JavaScript into PDF Viewer
* CVE-2018-5159 (bmo#1441941)
Integer overflow and out-of-bounds write in Skia
* CVE-2018-5160 (bmo#1436117)
Uninitialized memory use by WebRTC encoder
* CVE-2018-5152 (bmo#1415644, bmo#1427289)
WebExtensions information leak through webRequest API
* CVE-2018-5153 (bmo#1436809)
Out-of-bounds read in mixed content websocket messages
* CVE-2018-5163 (bmo#1426353)
Replacing cached data in JavaScript Start-up Bytecode Cache
* CVE-2018-5164 (bmo#1416045)
CSP not applied to all multipart content sent with
multipart/x-mixed-replace</comment>
<requestid>605919</requestid>
</revision>
<revision rev="272" vrev="1">
<srcmd5>c6e4c3bf4a25f448969cb4f77debc592</srcmd5>
<version>60.0.1</version>
<time>1527084458</time>
<user>dimstar_suse</user>
<comment>- Disable webrtc for aarch64 due to bmo#1434589
- Add patch to fix skia build on AArch64:
* mozilla-fix-skia-aarch64.patch
- update to Firefox 60.0.1
* Avoid overly long cycle collector pauses with some add-ons installed
(bmo#1449033)
* After unckecking the "Sponsored Stories" option, the New Tab page
now immediately stops displaying "Sponsored content" cards (bmo#1458906)
* On touchscreen devices, fixed momentum scrolling on non-zoomable pages
(bmo#1457743)
* Use the right default background when opening tabs or windows in
high contrast mode (bmo#1458956)
* Restored translations of the Preferences panels when using a
language pack (bmo#1461590)
- parellelise locales building</comment>
<requestid>611510</requestid>
</revision>
<revision rev="273" vrev="2">
<srcmd5>61330cb97f4062ef26b31353f26729fc</srcmd5>
<version>60.0.1</version>
<time>1527418958</time>
<user>dimstar_suse</user>
<comment>- fixed "open with" option under KDE (boo#1094747)
- workaround crash on startup on aarch64 (boo#1093059)
(contributed by guillaume@Arm.com)</comment>
<requestid>612426</requestid>
</revision>
<revision rev="274" vrev="1">
<srcmd5>371b47040e4806ea0488a93c35dce635</srcmd5>
<version>61.0</version>
<time>1530741079</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>619394</requestid>
</revision>
<revision rev="275" vrev="1">
<srcmd5>2939efdddde3c208beef0b08a1e73ad6</srcmd5>
<version>61.0.1</version>
<time>1531469927</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>621751</requestid>
</revision>
<revision rev="276" vrev="1">
<srcmd5>752201831c6e6a5271b634189c9ef357</srcmd5>
<version>61.0.2</version>
<time>1534543091</time>
<user>dimstar_suse</user>
<comment>- update to Firefox 61.0.2
* Improved website rendering with the Retained Display List feature
enabled (bmo#1474402)
* Fixed broken DevTools panels with certain extensions installed
(bmo#1474379)
* Fixed a crash for users with some accessibility tools enabled
(bmo#1474007)</comment>
<requestid>628536</requestid>
</revision>
<revision rev="277" vrev="1">
<srcmd5>4d70ea47163042433a27ca4c26fb5c47</srcmd5>
<version>62.0.2</version>
<time>1538502210</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 62.0.2:
MFSA 2018-22
* CVE-2018-12385 (boo#1109363, bmo#1490585)
Crash in TransportSecurityInfo due to cached data
* Unvisited bookmarks can once again be autofilled in the address
bar
* Fix WebGL rendering issues
* Fix fallback on startup when a language pack is missing
* Avoid crash when sharing a profile with newer (as yet
unreleased) versions of Firefox
* Do not undo removal of search engines when using a language
pack
* Fixed rendering of some web sites
* Restored compatibility with some sites using deprecated TLS
settings
- disable rust debug symbols to fix build on %ix86
- update to Firefox 62.0
* Firefox Home (the default New Tab) now allows users to display
up to 4 rows of top sites, Pocket stories, and highlights
* "Reopen in Container" tab menu option appears for users with
Containers that lets them choose to reopen a tab in a different
container
* In advance of removing all trust for Symantec-issued certificates
in Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
* Support for CSS Shapes, allowing for richer web page layouts.
This goes hand in hand with a brand new Shape Path Editor in the
CSS inspector.
* CSS Variable Fonts (OpenType Font Variations) support, which makes
it possible to create beautiful typography with a single font file
* Added Canadian English (en-CA) locale
MFSA 2018-20 (bsc#1107343)
* CVE-2018-12377 (bmo#1470260)
Use-after-free in refresh driver timers
* CVE-2018-12378 (bmo#1459383)
Use-after-free in IndexedDB
* CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
Out-of-bounds write with malicious MAR file
* CVE-2017-16541 (bmo#1412081)
Proxy bypass using automount and autofs
* CVE-2018-12381 (bmo#1435319)
Dragging and dropping Outlook email message results in page navigation
* CVE-2018-12382 (bmo#1479311) (Android only)
Addressbar spoofing with javascript URI on Firefox for Android
* CVE-2018-12383 (bmo#1475775)
Setting a master password post-Firefox 58 does not delete
unencrypted previously stored passwords
* CVE-2018-12375
Memory safety bugs fixed in Firefox 62
* CVE-2018-12376
Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
- requires NSS >= 3.38
- removed obsolete patch
mozilla-bmo1464766.patch
</comment>
<requestid>637781</requestid>
</revision>
<revision rev="278" vrev="1">
<srcmd5>80837ffa19c181322789ec423a776331</srcmd5>
<version>62.0.3</version>
<time>1539093095</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>639752</requestid>
</revision>
<revision rev="279" vrev="1">
<srcmd5>9a9703a3890cf846148dd0f58bee8317</srcmd5>
<version>63.0.3</version>
<time>1543399842</time>
<user>dimstar_suse</user>
<comment>- Clean-up %arm build
- update to Firefox 63.0.3
* Games using WebGL (created in Unity) get stuck after very short
time of gameplay (bmo#1502748)
* Slow page loading for some users with specific proxy configurations
(bmo#1495024)
* Disable HTTP response throttling by default for causing bugs with
videos in background tabs (bmo#1503354)
* Opening magnet links no longer works (bmo#1498934)
* Crash fixes (bmo#1498510, bmo#1503424)
- removed mozilla-newer-cbindgen.patch; no longer needed
- update to Firefox 63.0.1
* Snippets are not loaded due to missing element (bmo#1503047)
* Print preview always shows 30& scale when it is actually
Shrink To Fit (bmo#1501952)
* Dialog displayed when closing multiple windows shows unreplaced
%1$S placeholder in Japanese and potentially other locales
(bmo#1500823)
- update to Firefox 63.0
* WebExtensions now run in their own process on Linux
* The Ctrl+Tab shortcut now displays thumbnail previews of your
tabs and cycles through tabs in recently used order. This new
default behavior is activated only in new profiles and can be
changed in preferences.
* Added support for Web Components custom elements and shadow DOM
MFSA 2018-26 (bsc#1112852)
* CVE-2018-12391 (bmo#1478843) (Android-only)</comment>
<requestid>651985</requestid>
</revision>
<revision rev="280" vrev="1">
<srcmd5>897e9442794dd30dcdee00473b345fad</srcmd5>
<version>64.0</version>
<time>1545222484</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>657819</requestid>
</revision>
<revision rev="281" vrev="1">
<srcmd5>0d6abe5248aab9bcc851a8aeaf70afce</srcmd5>
<version>65.0</version>
<time>1549464278</time>
<user>coolo</user>
<comment>Hope that the i586 build issue is fixed. It worked in my OBS project but not sure if it occasionally still could fail.
- Mozilla Firefox 65.0
* Enhanced tracking protection
* allow switching of UI locales within preferences
* support for the WebP image format
* "top"-like about:performance
MFSA 2019-01 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
Use-after-free parsing HTML5 stream
* CVE-2018-18503 bmo#1509442
Memory corruption with Audio Buffer
* CVE-2018-18504 bmo#1496413
Memory corruption and out-of-bounds read of texture client
* CVE-2018-18505 bmo#1497749
Privilege escalation through IPC channel messages
* CVE-2018-18506 bmo#1503393
Proxy Auto-Configuration file can define localhost access to be proxied
* CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
Memory safety bugs fixed in Firefox 65
* CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
bmo#1502871 bmo#1516738 bmo#1516514
Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires
NSS 3.41
rust/carge 1.30
rust-cbindgen 0.6.7
- rebased patches
- remove workaround for build memory consumption on i586; other
mitigations meanwhile introduced (mainly parallelity) will be</comment>
<requestid>670835</requestid>
</revision>
<revision rev="282" vrev="1">
<srcmd5>798293437be4e42a7f2c9840eb664f0c</srcmd5>
<version>65.0.1</version>
<time>1551113178</time>
<user>coolo</user>
<comment></comment>
<requestid>676563</requestid>
</revision>
<revision rev="283" vrev="2">
<srcmd5>79baf28b9f34bcf588e0d10b593b6d7a</srcmd5>
<version>65.0.1</version>
<time>1552039323</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>682354</requestid>
</revision>
<revision rev="284" vrev="1">
<srcmd5>d198c64442b769f765b10281196b0bce</srcmd5>
<version>66.0</version>
<time>1553699560</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 66.0
* Increased content processes to 8
* Added capability to search through open tabs from the tab overflow menu
* New backend for the storage.local WebExtensions API, providing
I/O performance improvements when the extension updates a small
subset of the stored data
* WebExtension keyboard shortcuts can now be managed or overridden
from about:addons
* Improved scrolling behavior: Firefox will now attempt to keep content
from jumping around while a page is loading by supporting scroll
anchoring
* New about:privatebrowsing with search
* A certificate error page now notifies the user of the name of the
certificate issuer that breaks HTTPs connections on intercepted
connections to help troubleshooting possible anti-virus software
issues.
* Fixed an performance issue some Linux users experienced with the
Downloads panel (bmo#1517101)
* Firefox now blocks all autoplay media with sound by default. Users
can add individual sites to an exceptions list or turn the blocking
off.
* System title bar is hidden by default to match Gnome guideline
MFSA 2019-07 (bsc#1129821)
* CVE-2019-9790 (bmo#1525145)
Use-after-free when removing in-use DOM elements
* CVE-2019-9791 (bmo#1530958)
Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey
* CVE-2019-9792 (bmo#1532599)
IonMonkey leaks JS_OPTIMIZED_OUT magic value to script</comment>
<requestid>686793</requestid>
</revision>
<revision rev="285" vrev="1">
<srcmd5>7fde5147fa37d7e6ae467d71da0dead7</srcmd5>
<version>66.0.2</version>
<time>1554189563</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 66.0.2
* Fixed Web compatibility issues with Office 365, iCloud and
IBM WebMail caused by recent changes to the handling of
keyboard events (bmo#1538966)
* Crash fixes (bmo#1521370, bmo#1539118)
- Add patch to fix aarch64 build:
* mozilla-fix-aarch64-libopus.patch (bmo#1539737)
- Mozilla Firefox 66.0.1
MFSA 2019-09 (bsc#1130262)
* CVE-2019-9810 (bmo#1537924)
IonMonkey MArraySlice has incorrect alias information
* CVE-2019-9813 (bmo#1538006)
Ionmonkey type confusion with __proto__ mutations</comment>
<requestid>690057</requestid>
</revision>
<revision rev="286" vrev="1">
<srcmd5>901c508fa4323b92fb25e861bc402c04</srcmd5>
<version>66.0.3</version>
<time>1555324492</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 66.0.3
* Fixed: Address bar on tablets running Windows 10 now behaves
correctly (bmo#1498973)
* Fixed: Performance issues with some HTML5 games (bmo#1537609)
* Fixed a bug with keypress events in IBM cloud applications
(bmo#1538970)
* Fix for keypress events in some Microsoft cloud applications
(bmo#1539618)
* Changed: Updated Baidu search plugin</comment>
<requestid>693917</requestid>
</revision>
<revision rev="287" vrev="1">
<srcmd5>8723eac507ab1b257f08967a48c6be60</srcmd5>
<version>66.0.4</version>
<time>1557170046</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 66.0.4 (boo#1134126)
* fix extension certificate chain
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/</comment>
<requestid>700898</requestid>
</revision>
<revision rev="288" vrev="1">
<srcmd5>aec8a9ff76241b05da61b1415f2caf51</srcmd5>
<version>66.0.5</version>
<time>1557653561</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 66.0.5
* Fixed: Further improvements to re-enable web extensions which
had been disabled for users with a master password set (bmo#1549249)</comment>
<requestid>702059</requestid>
</revision>
<revision rev="289" vrev="1">
<srcmd5>a0a3fe311f15975cfe2496988ceca5f1</srcmd5>
<version>67.0</version>
<time>1558938554</time>
<user>dimstar_suse</user>
<comment>fixed a missing syntax error (missing closing bracket); no extra changelog addition since it's not yet accepted afaik
- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
* Tabs can now be pinned from the Page Actions menu in the address bar
* Users can block known cryptominers and fingerprinters in the
Custom settings or their Content Blocking preferences
* The Import Data from Another Browser feature is now also available
from the File menu
* Firefox will now protect you against running older versions which
can lead to data corruption and stability issues
* Easier access to your list of saved logins from the main menu and
login autocomplete
* We’ve added a toolbar menu for your Firefox Account to provide more
transparency for when you are synced, sharing data across devices
and with Firefox. Personalize the appearance of the menu with your
own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts
* Enabled AV1 support on Linux
MFSA 2019-13 (boo#1135824)
* CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)</comment>
<requestid>705211</requestid>
</revision>
<revision rev="290" vrev="1">
<srcmd5>a22b66b5e6617682d8afe73e017746a4</srcmd5>
<version>67.0.4</version>
<time>1561405857</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 67.0.4
MFSA 2019-19 (boo#1138872)
* CVE-2019-11708 (bmo#1559858)
sandbox escape using Prompt:Open
- Mozilla Firefox 67.0.3
MFSA 2019-18 (boo#1138614)
* CVE-2019-11707 (bmo#1544386)
Type confusion in Array.pop
- Mozilla Firefox 67.0.2
* Fixed: Fix JavaScript error ("TypeError: data is null in
PrivacyFilter.jsm") in console which may significantly degrade
sessionstore reliability and performance (bmo#1553413)
* Fixed: Proxy authentication dialog box repeatedly pops up
asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
* Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
implementation (bmo#1551282)
* Fixed: Starting in safe mode on Linux or macOS causes Firefox
to think on the subsequent launch that the profile is too
recent to be used with this version of Firefox (bmo#1556612)
* Fixed: Linux distribution users can't easily install/use
additional/different languages using the built-in preferences
UI (bmo#1554744)
* Fixed: Developer tools users can't copy the href/src content
from various HTML tags via the context menu in the Inspector
markup view (bmo#1552275)
* Fixed: Custom home page is broken with clearing data on shutdown
settings applied (bmo#1554167)
* Fixed: Performance-regression for eclipse RAP based applications</comment>
<requestid>711215</requestid>
</revision>
<revision rev="291" vrev="1">
<srcmd5>fe5060657e183ab90e204e6794767aee</srcmd5>
<version>68.0.1</version>
<time>1563790721</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 68.0.1
* Fixed missing Full Screen button when watching videos in full
screen mode on HBO GO (bmo#1562837)
* Fixed a bug causing incorrect messages to appear for some
locales when sites try to request the use of the Storage
Access API (bmo#1558503)
* Users in Russian regions may have their default search engine
changed (bmo#1565315)
* Built-in search engines in some locales do not function
correctly (bmo#1565779)
* SupportMenu policy doesn't always work (bmo#1553290)
* Allow the privacy.file_unique_origin pref to be controlled by
policy (bmo#1563759)
- add fix-build-after-y2038-changes-in-glibc.patch
- Generate langpacks sequentially to avoid file corruption
from racy file writes (boo#1137970)
- Mozilla Firefox 68.0
* Dark mode in reader view
* Improved extension security and discovery
* Cryptomining and fingerprinting protections are added to strict
content blocking settings in Privacy & Security preferences
* Camera and microphone access now require an HTTPS connection
MFSA 2019-21 (bsc#1140868)
* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
Sandbox escape via installation of malicious languagepack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse</comment>
<requestid>717184</requestid>
</revision>
<revision rev="292" vrev="2">
<srcmd5>4edd2ba8e28dd7e3d63da61939baabe0</srcmd5>
<version>68.0.1</version>
<time>1565266942</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>721224</requestid>
</revision>
<revision rev="293" vrev="1">
<srcmd5>9c93fcdb453cba5ba4d5048c07d485ce</srcmd5>
<version>68.0.2</version>
<time>1566912130</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>724714</requestid>
</revision>
<revision rev="294" vrev="1">
<srcmd5>9ecf3b8b3cb897be104361021d62e8c1</srcmd5>
<version>68.1.0</version>
<time>1567848437</time>
<user>dimstar_suse</user>
<comment>Due to release timing and vacation time as well as security considerations Tumbleweed is getting 68.1esr as intermediate before switching back to regular and release 69.
- Mozilla Firefox 68.1.0
MFSA 2019-26
* CVE-2019-11751 (bmo#1572838; Windows only)
Malicious code execution through command line parameters
* CVE-2019-11746 (bmo#1564449)
Use-after-free while manipulating video
* CVE-2019-11744 (bmo#1562033)
XSS by breaking out of title and textarea elements using innerHTML
* CVE-2019-11742 (bmo#1559715)
Same-origin policy violation with SVG filters and canvas to steal
cross-origin images
* CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
File manipulation and privilege escalation in Mozilla Maintenance Service
* CVE-2019-11753 (bmo#1574980; Windows only)
Privilege escalation with Mozilla Maintenance Service in custom
Firefox installation location
* CVE-2019-11752 (bmo#1501152)
Use-after-free while extracting a key value in IndexedDB
* CVE-2019-9812 (bmo#1538008, bmo#1538015)
Sandbox escape through Firefox Sync
* CVE-2019-11743 (bmo#1560495)
Cross-origin access to unload event attributes
* CVE-2019-11748 (bmo#1564588)
Persistence of WebRTC permissions in a third party context
* CVE-2019-11749 (bmo#1565374)
Camera information available without prompting using getUserMedia
* CVE-2019-11750 (bmo#1568397)
Type confusion in Spidermonkey
* CVE-2019-11738 (bmo#1452037)
Content security policy bypass through hash-based sources in directives</comment>
<requestid>728229</requestid>
</revision>
<revision rev="295" vrev="1">
<srcmd5>c566c01cbb3cca48d493b19190b8bbbf</srcmd5>
<version>69.0</version>
<time>1568720083</time>
<user>maxlin_factory</user>
<comment>- Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
* Block Autoplay feature is enhanced to give users the option to block
any video
* Users in the US or using the en-US browser, can get a new “New Tab”
page experience connecting to the best of Pocket's content.
* Support for the Web Authentication HmacSecret extension via
Windows Hello introduced.
* Support for receiving multiple video codecs with this release makes
it easier for WebRTC conferencing services to mix video from
different clients.
MFSA 2019-25 (boo#1149324)
* CVE-2019-11741 (bmo#1539595)
Isolate addons.mozilla.org and accounts.firefox.com
* CVE-2019-5849 (bmo#1555838)
Out-of-bounds read in Skia
* CVE-2019-11737 (bmo#1388015)
Content security policy directives ignore port and path if host is a wildcard
* CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
Memory safety bugs fixed in Firefox 69
* CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
bmo#1565744,bmo#1568858,bmo#1570358)
Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
* CVE-2019-11740 (bmo#1563133,bmo#1573160)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- requires
* rust/cargo >= 1.35
* rust-cbindgen >= 0.9.0
* mozilla-nss >= 3.45
- rebased patches</comment>
<requestid>730473</requestid>
</revision>
<revision rev="296" vrev="1">
<srcmd5>6ff9f6da65ba8694abdaf3d63d97074a</srcmd5>
<version>69.0.1</version>
<time>1569369997</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 69.0.1
* Fixed external programs launching in the background when clicking
a link from inside Firefox to launch them (bmo#1570845)
* Usability improvements to the Add-ons Manager for users with
screen readers (bmo#1567600)
* Fixed the Captive Portal notification bar not being dismissable
in some situations after login is complete (bmo#1578633)
* Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
* Fixed missing stacks in the Developer Tools Performance section
(bmo#1578354)
MFSA 2019-31
* CVE-2019-11754 (bmo#1580506)
Pointer Lock is enabled with no user notification
- disable DOH by default</comment>
<requestid>732086</requestid>
</revision>
<revision rev="297" vrev="1">
<srcmd5>32d7093497abb8ec448f16e5712abb6f</srcmd5>
<version>69.0.2</version>
<time>1570799508</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 69.0.2
* Fixed a crash when editing files on Office 365 websites (bmo#1579858)
* Fixed a Linux-only crash when changing the playback speed while
watching YouTube videos (bmo#1582222)
- updated supported locale list
- Allow to build without profile guided optimizations (boo#1040589)
(contributed by Bernhard Wiedemann)
- Make build verbose (contributed by Martin Liška)
- remove obsolete kde.js setting (boo#1151186) and related patch
firefox-add-kde.js-in-order-to-survive-PGO-build.patch
- update create-tar.sh to latest revision and adjusted tar_stamps
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
- extension preferences moved from branding package to core package
(packaging but not branding specific)</comment>
<requestid>735118</requestid>
</revision>
<revision rev="298" vrev="1">
<srcmd5>dc39799c5805393b4737d6ae0ddee1e8</srcmd5>
<version>69.0.3</version>
<time>1571307397</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 69.0.3
* Fixed Yahoo mail users being prompted to download files when
clicking on emails (bmo#1582848)
- devel package build can easily be disabled now</comment>
<requestid>738119</requestid>
</revision>
<revision rev="299" vrev="1">
<srcmd5>d3a4f9414446e2eb88c34887010b6a84</srcmd5>
<version>70.0.1</version>
<time>1572883370</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 70.0.1
* Fix for an issue that caused some websites or page elements using
dynamic JavaScript to fail to load. (bmo#1592136)
* Title bar no longer shows in full screen view (bmo#1588747)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
big endian platforms
- Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
* Firefox Lockwise passwordmanager
* Improvements to core engine components, for better browsing on more sites
* Improved privacy and security indicators
MFSA 2019-34
* CVE-2018-6156 (bmo#1480088)
Heap buffer overflow in FEC processing in WebRTC
* CVE-2019-15903 (bmo#1584907)
Heap overflow in expat library in XML_GetCurrentLineNumber
* CVE-2019-11757 (bmo#1577107)
Use-after-free when creating index updates in IndexedDB
* CVE-2019-11759 (bmo#1577953)
Stack buffer overflow in HKDF output
* CVE-2019-11760 (bmo#1577719)
Stack buffer overflow in WebRTC networking
* CVE-2019-11761 (bmo#1561502)
Unintended access to a privileged JSONView object
* CVE-2019-11762 (bmo#1582857)
document.domain-based origin isolation has same-origin-property violation
* CVE-2019-11763 (bmo#1584216)
Incorrect HTML parsing results in XSS bypass technique
* CVE-2019-11765 (bmo#1562582)</comment>
<requestid>744799</requestid>
</revision>
<revision rev="300" vrev="1">
<srcmd5>c7aa7a727f25aca42d50d5cf9402031a</srcmd5>
<version>71.0</version>
<time>1577710101</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 71.0
* Improvements to Lockwise, our integrated password manager
* More information about Enhanced Tracking Protection in action
* Native MP3 decoding on Windows, Linux, and macOS
* Configuration page (about:config) reimplemented in HTML
* New kiosk mode functionality, which allows maximum screen space
for customer-facing displays
MFSA 2019-36
* CVE-2019-11756 (bmo#1508776)
Use-after-free of SFTKSession object
* CVE-2019-17008 (bmo#1546331)
Use-after-free in worker destruction
* CVE-2019-13722 (bmo#1580156) (Windows only)
Stack corruption due to incorrect number of arguments in WebRTC code
* CVE-2019-17014 (bmo#1322864)
Dragging and dropping a cross-origin resource, incorrectly loaded
as an image, could result in information disclosure
* CVE-2019-17010 (bmo#1581084)
Use-after-free when performing device orientation checks
* CVE-2019-17005 (bmo#1584170)
Buffer overflow in plain text serializer
* CVE-2019-17011 (bmo#1591334)
Use-after-free when retrieving a document in antitracking
* CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
bmo#1580288, bmo#1585760, bmo#1592502)
Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
* CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
bmo#1594181)
Memory safety bugs fixed in Firefox 71</comment>
<requestid>757910</requestid>
</revision>
<revision rev="301" vrev="1">
<srcmd5>c0fdd8181eccec3989c61f933b038d81</srcmd5>
<version>72.0.1</version>
<time>1578749876</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 72.0.1
MFSA 2020-03 (bsc#1160498)
* CVE-2019-17026 (bmo#1607443)
IonMonkey type confusion with StoreElementHole and FallibleStoreElement
- Mozilla Firefox 72.0
* block fingerprinting scripts by default
* new notification pop-ups
* Picture-in-picture video
MFSA 2020-01 (bsc#1160305)
* CVE-2019-17016 (bmo#1599181)
Bypass of @namespace CSS sanitization during pasting
* CVE-2019-17017 (bmo#1603055)
Type Confusion in XPCVariant.cpp
* CVE-2019-17020 (bmo#1597645)
Content Security Policy not applied to XSL stylesheets applied
to XML documents
* CVE-2019-17022 (bmo#1602843)
CSS sanitization does not escape HTML tags
* CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
NSS may negotiate TLS 1.2 or below after a TLS 1.3
HelloRetryRequest had been sent
* CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
* CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
bmo#1595692,bmo#1597321,bmo#1597481)
Memory safety bugs fixed in Firefox 72
- update create-tar.sh to skip compare-locales
- requires NSPR 4.24 and NSS 3.48
- removed usage of browser-plugins convention for NPAPI plugins
from start wrapper and changed the RPM macro to the</comment>
<requestid>762071</requestid>
</revision>
<revision rev="302" vrev="1">
<srcmd5>8426f00ee56a988c81038639274514a1</srcmd5>
<version>72.0.2</version>
<time>1579871475</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 72.0.2
* Various stability fixes
* Fixed issues opening files with spaces in their path (bmo#1601905)
* Fixed a hang opening about:logins when a master password is set
(bmo#1606992)
* Fixed a web compatibility issue with CSS Shadow Parts which
shipped in Firefox 72 (bmo#1604989)
* Fixed inconsistent playback performance for fullscreen 1080p
videos on some systems (bmo#1608485)
- Fix build for aarch64/ppc64le (do not update config.sub file
for libbacktrace)</comment>
<requestid>766431</requestid>
</revision>
<revision rev="303" vrev="2">
<srcmd5>4b1fc66f5f1b6ebd63d06fe23ad9b3b4</srcmd5>
<version>72.0.2</version>
<time>1580990779</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>769385</requestid>
</revision>
<revision rev="304" vrev="1">
<srcmd5>ee268abb9f0888fe755a5f63bd089931</srcmd5>
<version>73.0</version>
<time>1581694149</time>
<user>okurz-factory</user>
<comment>- Mozilla Firefox 73.0
* Added support for setting a default zoom level applicable for all
web content
* High-contrast mode has been updated to allow background images
* Improved audio quality when playing back audio at a faster or
slower speed
* Added NextDNS as alternative option for DNS over HTTPS
MFSA 2020-05 (bsc#1163368)
* CVE-2020-6796 (bmo#1610426)
Missing bounds check on shared memory read in the parent process
* CVE-2020-6797 (bmo#1596668) (MacOS X only)
Extensions granted downloads.open permission could open arbitrary
applications on Mac OSX
* CVE-2020-6798 (bmo#1602944)
Incorrect parsing of template tag could result in JavaScript injection
* CVE-2020-6799 (bmo#1606596) (Windows only)
Arbitrary code execution when opening pdf links from other
applications, when Firefox is configured as default pdf reader
* CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
bmo#1608580,bmo#1608785,bmo#1605777)
Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
* CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
Memory safety bugs fixed in Firefox 73
- updated requirements
* rust >= 1.39
* NSS >= 3.49.2
* rust-cbindgen >= 0.12.0
- rebased patches
- removed obsolete patch
* mozilla-bmo1601707.patch</comment>
<requestid>773730</requestid>
</revision>
<revision rev="305" vrev="1">
<srcmd5>8021c2f982eb13a036e694e89f945fe5</srcmd5>
<version>73.0.1</version>
<time>1582642956</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 73.0.1
* Resolved problems connecting to the RBC Royal Bank website
(bmo#1613943)
* Fixed Firefox unexpectedly exiting when leaving Print Preview mode
(bmo#1611133)
* Fixed crashes when playing encrypted content on some Linux systems
(bmo#1614535)
- start in wayland mode when running under wayland session</comment>
<requestid>777864</requestid>
</revision>
<revision rev="306" vrev="2">
<srcmd5>01e091053a02ac60ac6d0c261fa02a6b</srcmd5>
<version>73.0.1</version>
<time>1583007630</time>
<user>dimstar_suse</user>
<comment>- big endian fixes
- Fix build on aarch64/armv7 with:
* mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)</comment>
<requestid>779878</requestid>
</revision>
<revision rev="307" vrev="1">
<srcmd5>39672695f275234f9b60f4cd6a094db5</srcmd5>
<version>74.0</version>
<time>1584530186</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 74.0
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
MFSA 2020-08 (bsc#1166238)
* CVE-2020-6805 (bmo#1610880)
Use-after-free when removing data about origins
* CVE-2020-6806 (bmo#1612308)
BodyStream::OnInputStreamReady was missing protections against
state confusion
* CVE-2020-6807 (bmo#1614971)
Use-after-free in cubeb during stream destruction
* CVE-2020-6808 (bmo#1247968)
URL Spoofing via javascript: URL
* CVE-2020-6809 (bmo#1420296)
Web Extensions with the all-urls permission could access local
files
* CVE-2020-6810 (bmo#1432856)
Focusing a popup while in fullscreen could have obscured the
fullscreen notification
* CVE-2020-6811 (bmo#1607742)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2019-20503 (bmo#1613765)
Out of bounds reads in sctp_load_addresses_from_init
* CVE-2020-6812 (bmo#1616661)
The names of AirPods with personally identifiable information
were exposed to websites with camera or microphone permission
* CVE-2020-6813 (bmo#1605814)
@import statements in CSS could bypass the Content Security
Policy nonce feature
* CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,</comment>
<requestid>784530</requestid>
</revision>
<revision rev="308" vrev="2">
<srcmd5>6c286a440765bf6d4d9eb5b047e75dce</srcmd5>
<version>74.0</version>
<time>1585261831</time>
<user>dimstar_suse</user>
<comment>- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
(bsc#1167132)</comment>
<requestid>788189</requestid>
</revision>
<revision rev="309" vrev="1">
<srcmd5>1c8a6876aebbd3075471bff10c85a3dc</srcmd5>
<version>74.0.1</version>
<time>1586112599</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>791372</requestid>
</revision>
<revision rev="310" vrev="1">
<srcmd5>0e30296a39091d9010603652ce993ca9</srcmd5>
<version>75.0</version>
<time>1586774961</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 75.0
* https://www.mozilla.org/en-US/firefox/75.0/releasenotes
MFSA 2020-12 (bsc#1168874)
* CVE-2020-6821 (bmo#1625404)
Uninitialized memory could be read when using the WebGL
copyTexSubImage method
* CVE-2020-6822 (bmo#1544181)
Out of bounds write in GMPDecodeData when processing large images
* CVE-2020-6823 (bmo#1614919)
Malicious Extension could obtain auth codes from OAuth login flows
* CVE-2020-6824 (bmo#1621853)
Generated passwords may be identical on the same site between
separate private browsing sessions
* CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
* CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
bmo#1619229,bmo#1620719,bmo#1624897)
Memory safety bugs fixed in Firefox 75
- removed obsolete patch
mozilla-bmo1609538.patch
- requires
* rust >= 1.41
* rust-cbindgen >= 0.13.1
* mozilla-nss >= 3.51
* nodejs10 >= 10.19
- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
- increase _constraints memory for ppc64le</comment>
<requestid>792914</requestid>
</revision>
<revision rev="311" vrev="1">
<srcmd5>468b4d9fad42a557e8b3f20e79dba436</srcmd5>
<version>76.0</version>
<time>1588866664</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 76.0
* Lockwise improvements
* Improvements in Picture-in-Picture feature
* Support Audio Worklets
MFSA-2020-16 (bsc#1171186)
* CVE-2020-12387 (bmo#1545345)
Use-after-free during worker shutdown
* CVE-2020-12388 (bmo#1618911)
Sandbox escape with improperly guarded Access Tokens
* CVE-2020-12389 (bmo#1554110)
Sandbox escape with improperly separated process types
* CVE-2020-6831 (bmo#1632241)
Buffer overflow in SCTP chunk input validation
* CVE-2020-12390 (bmo#1141959)
Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
* CVE-2020-12391 (bmo#1457100)
Content-Security-Policy bypass using object elements
* CVE-2020-12392 (bmo#1614468)
Arbitrary local file access with 'Copy as cURL'
* CVE-2020-12393 (bmo#1615471)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2020-12394 (bmo#1628288)
URL spoofing in location bar when unfocussed
* CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
* CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
bmo#1622291, bmo#1627644)
Memory safety bugs fixed in Firefox 76</comment>
<requestid>800451</requestid>
</revision>
<revision rev="312" vrev="1">
<srcmd5>bdd13e88984507bfe3350ec72f7a880f</srcmd5>
<version>76.0.1</version>
<time>1589491439</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>805460</requestid>
</revision>
<revision rev="313" vrev="1">
<srcmd5>ced7ac36cc462522fe4d1bfbb9e25cd5</srcmd5>
<version>77.0.1</version>
<time>1591380247</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>811277</requestid>
</revision>
<revision rev="314" vrev="1">
<srcmd5>5165a36e24dda6be09ff4b59805c9e85</srcmd5>
<version>78.0.1</version>
<time>1594045226</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 78.0.1
* Fixed an issue which could cause installed search engines to not
be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
- Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
* PDF downloads now show an option to open the PDF directly in Firefox
* Protections Dashboard (about:protections)
* WebRTC not interrupted by screensaver anymore
* disabled TLS 1.0 and 1.1 by default
MFSA 2020-24 (bsc#1173576)
* CVE-2020-12415 (bmo#1586630)
AppCache manifest poisoning due to url encoded character processing
* CVE-2020-12416 (bmo#1639734)
Use-after-free in WebRTC VideoBroadcaster
* CVE-2020-12417 (bmo#1640737)
Memory corruption due to missing sign-extension for ValueTags
on ARM64
* CVE-2020-12418 (bmo#1641303)
Information disclosure due to manipulated URL object
* CVE-2020-12419 (bmo#1643874)
Use-after-free in nsGlobalWindowInner
* CVE-2020-12420 (bmo#1643437)
Use-After-Free when trying to connect to a STUN server
* CVE-2020-12402 (bmo#1631597)
RSA Key Generation vulnerable to side-channel attack
* CVE-2020-12421 (bmo#1308251)
Add-On updates did not respect the same certificate trust
rules as software updates</comment>
<requestid>818643</requestid>
</revision>
<revision rev="315" vrev="1">
<srcmd5>b73b03e0eb95c93ebccd4bd6f8d1b129</srcmd5>
<version>78.0.2</version>
<time>1594805561</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 78.0.2
* Fixed an accessibility regression in reader mode (bmo#1650922)
* Made the address bar more resilient to data corruption in the
user profile (bmo#1649981)
* Fixed a regression opening certain external applications (bmo#1650162)
MFSA 2020-28
* CVE pending (bmo#1644076)
X-Frame-Options bypass using object or embed tags
- added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
(boo#1173993)
- rework langpack integration (boo#1173991)
* ship XPIs instead of directories
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes
- Google API key is not usable for geolocation service
- fix pipewire support for TW (boo#1172903)</comment>
<requestid>820688</requestid>
</revision>
<revision rev="316" vrev="2">
<srcmd5>7ad8edb7c2d97d1a3888732b3f77ed2a</srcmd5>
<version>78.0.2</version>
<time>1595339126</time>
<user>dimstar_suse</user>
<comment>- Add mozilla-libavcodec58_91.patch to link against updated
soversion of libavcodec (58.91) with ffmpeg >= 4.3.
(patch provided by Atri Bhattacharya <badshah400@gmail.com>
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
(Plasma 5.19.3 is now in TW)</comment>
<requestid>821616</requestid>
</revision>
<revision rev="317" vrev="1">
<srcmd5>6aecf0b70aea4be050d5563da694dfb8</srcmd5>
<version>79.0</version>
<time>1596095792</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
* CVE-2020-15652 (bmo#1634872)
Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514 (bmo#1642792)
WebRTC data channel leaks internal address to peer
* CVE-2020-15655 (bmo#1645204)
Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653 (bmo#1521542)
Bypassing iframe sandbox when allowing popups
* CVE-2020-6463 (bmo#1635293)
Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656 (bmo#1647293)
Type confusion for special arguments in IonMonkey
* CVE-2020-15658 (bmo#1637745)
Overriding file type when saving to disk
* CVE-2020-15657 (bmo#1644954)
DLL hijacking due to incorrect loading path
* CVE-2020-15654 (bmo#1648333)
Custom cursor can overlay user interface
* CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
* mozilla-nspr >= 4.26
* mozilla-nss >= 3.54
* rust >= 1.43
* rust-cbindgen >= 0.14.3
- removed obsolete patch</comment>
<requestid>823315</requestid>
</revision>
<revision rev="318" vrev="1">
<srcmd5>60fd6c4479055996606079fda4d10289</srcmd5>
<version>80.0</version>
<time>1599088116</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 80.0
MFSA 2020-36 (bsc#1175686)
* CVE-2020-15663 (bmo#1643199)
Downgrade attack on the Mozilla Maintenance Service could
have resulted in escalation of privilege
* CVE-2020-15664 (bmo#1658214)
Attacker-induced prompt for extension installation
* CVE-2020-12401 (bmo#1631573)
Timing-attack on ECDSA signature generation
* CVE-2020-6829 (bmo#1631583)
P-384 and P-521 vulnerable to an electro-magnetic side
channel attack on signature generation
* CVE-2020-12400 (bmo#1623116)
P-384 and P-521 vulnerable to a side channel attack on
modular inversion
* CVE-2020-15665 (bmo#1651636)
Address bar not reset when choosing to stay on a page after
the beforeunload dialog is shown
* CVE-2020-15666 (bmo#1450853)
MediaError message property leaks cross-origin response
status
* CVE-2020-15667 (bmo#1653371)
Heap overflow when processing an update file
* CVE-2020-15668 (bmo#1651520)
Data Race when reading certificate information
* CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
bmo#1656957)
Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- requires
* NSPR 4.27</comment>
<requestid>829621</requestid>
</revision>
<revision rev="319" vrev="1">
<srcmd5>d6073d840d211e44cd4800793c36c393</srcmd5>
<version>81.0.1</version>
<time>1602155215</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 81.0.1
* https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
- remove obsolete python2 build requires
- Increase disk requirements in _constraints to match current needs
- Mozilla Firefox 81.0
* https://www.mozilla.org/en-US/firefox/81.0/releasenotes
MFSA 2020-42 (bsc#1176756)
* CVE-2020-15675 (bmo#1654211)
Use-After-Free in WebGL
* CVE-2020-15677 (bmo#1641487)
Download origin spoofing via redirect
* CVE-2020-15676 (bmo#1646140)
XSS when pasting attacker-controlled data into a
contenteditable element
* CVE-2020-15678 (bmo#1660211)
When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-
free scenario
* CVE-2020-15673 (bmo#1648493, bmo#1660800)
Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
* CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
Memory safety bugs fixed in Firefox 81
- requires
NSPR 4.28
NSS 3.56
- removed obsolete patches
* mozilla-system-nspr.patch
* mozilla-bmo1661715.patch</comment>
<requestid>839098</requestid>
</revision>
<revision rev="320" vrev="1">
<srcmd5>9d31d7f45a04b94d8589ad1256a4f009</srcmd5>
<version>82.0</version>
<time>1603724870</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 82.0
* https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
MFSA 2020-45 (bsc#1177872)
* CVE-2020-15969 (bmo#1666570)
Use-after-free in usersctp
* CVE-2020-15254 (bmo#1668514)
Undefined behavior in bounded channel of crossbeam rust crate
* CVE-2020-15680 (bmo#1658881)
Presence of external protocol handlers could be determined
through image tags
* CVE-2020-15681 (bmo#1666568)
Multiple WASM threads may have overwritten each others' stub
table entries
* CVE-2020-15682 (bmo#1636654)
The domain associated with the prompt to open an external
protocol could be spoofed to display the incorrect origin
* CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
bmo#1662760, bmo#1663439, bmo#1666140)
Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
* CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
bmo#1664257)
Memory safety bugs fixed in Firefox 82
- requires
* NSPR 4.29
* NSS 3.57</comment>
<requestid>843274</requestid>
</revision>
<revision rev="321" vrev="1">
<srcmd5>063a44565a05888ba2c1a0f7ebe4b128</srcmd5>
<version>82.0.3</version>
<time>1605011953</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 82.0.3
MSFA 2020-49
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted for
- Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions</comment>
<requestid>847338</requestid>
</revision>
<revision rev="322" vrev="1">
<srcmd5>547a824e8a69ceb52861069ea78613d2</srcmd5>
<version>83.0</version>
<time>1606428580</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
* optional HTTPS-Only mode
* more improvements
https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
MFSA 2020-50 (bsc#1178824))
* CVE-2020-26951 (bmo#1667113)
Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
* CVE-2020-26952 (bmo#1667685)
Out of memory handling of JITed, inlined functions could lead
to a memory corruption
* CVE-2020-16012 (bmo#1642028)
Variable time processing of cross-origin images during
drawImage calls
* CVE-2020-26953 (bmo#1656741)
Fullscreen could be enabled without displaying the security UI
* CVE-2020-26954 (bmo#1657026)
Local spoofing of web manifests for arbitrary pages in
Firefox for Android
* CVE-2020-26955 (bmo#1663261)
Cookies set during file downloads are shared between normal
and Private Browsing Mode in Firefox for Android
* CVE-2020-26956 (bmo#1666300)
XSS through paste (manual and clipboard API)
* CVE-2020-26957 (bmo#1667179)
OneCRL was not working in Firefox for Android
* CVE-2020-26958 (bmo#1669355)
Requests intercepted through ServiceWorkers lacked MIME type
restrictions</comment>
<requestid>849574</requestid>
</revision>
<revision rev="323" vrev="1">
<srcmd5>be2618d97b980735cc05e3e6dc341dfe</srcmd5>
<version>84.0</version>
<time>1608835219</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
* WebRender is enabled by default when run on GNOME-based X11
Linux desktops
MFSA 2020-54 (bsc#1180039))
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26972 (bmo#1671382)
Use-After-Free in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26975 (bmo#1661071)
Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
* CVE-2020-26976 (bmo#1674343)
HTTPS pages could have been intercepted by a registered
service worker when they should not have been
* CVE-2020-26977 (bmo#1676311)
URL spoofing via unresponsive port in Firefox for Android
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-26979 (bmo#1641287, bmo#1673299)
When entering an address in the address or search bars, a</comment>
<requestid>856849</requestid>
</revision>
<revision rev="324" vrev="1">
<srcmd5>d59adf2566fb1b513bf31841605ca899</srcmd5>
<version>84.0.1</version>
<time>1609783603</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
with certain third-party PKCS11 modules and smartcards installed
(bmo#1682881) (fixed in NSS 3.59.1)
* Fixed a bug causing some Unity JS games to not load on Apple
Silicon devices due to improper detection of the OS version
(bmo#1680516)
- requires NSS 3.59.1</comment>
<requestid>859835</requestid>
</revision>
<revision rev="325" vrev="1">
<srcmd5>15810ee58d5e57381f4136cd31f7b501</srcmd5>
<version>84.0.2</version>
<time>1610381296</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>861466</requestid>
</revision>
<revision rev="326" vrev="2">
<srcmd5>a69b6e9f3a8f8bc0776b59dafe610eb2</srcmd5>
<version>84.0.2</version>
<time>1610633033</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>862423</requestid>
</revision>
<revision rev="327" vrev="1">
<srcmd5>dad91b383dc0b74266f7d56d452f66b6</srcmd5>
<version>85.0</version>
<time>1611928531</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 85.0
* Adobe Flash is completely history
* supercookie protection
* new bookmark handling and features
MFSA 2021-03 (bsc#1181414)
* CVE-2021-23953 (bmo#1683940)
Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954 (bmo#1684020)
Type confusion when using logical assignment operators in
JavaScript switch statements
* CVE-2021-23955 (bmo#1684837)
Clickjacking across tabs through misusing requestPointerLock
* CVE-2021-23956 (bmo#1338637)
File picker dialog could have been used to disclose a
complete directory
* CVE-2021-23957 (bmo#1584582)
Iframe sandbox could have been bypassed on Android via the
intent URL scheme
* CVE-2021-23958 (bmo#1642747)
Screen sharing permission leaked across tabs
* CVE-2021-23959 (bmo#1659035)
Cross-Site Scripting in error pages on Firefox for Android
* CVE-2021-23960 (bmo#1675755)
Use-after-poison for incorrectly redeclared JavaScript
variables during GC
* CVE-2021-23961 (bmo#1677940)
More internal network hosts could have been probed by a
malicious webpage
* CVE-2021-23962 (bmo#1677194)
Use-after-poison in</comment>
<requestid>867008</requestid>
</revision>
<revision rev="328" vrev="1">
<srcmd5>2077d1f09d0e5a5b6557783ca291b7ff</srcmd5>
<version>85.0.1</version>
<time>1613427049</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>870519</requestid>
</revision>
<revision rev="329" vrev="1">
<srcmd5>85b5d8eeac8e3f5f36ca476dc2a50c83</srcmd5>
<version>85.0.2</version>
<time>1614002292</time>
<user>RBrownSUSE</user>
<comment></comment>
<requestid>873231</requestid>
</revision>
<revision rev="330" vrev="1">
<srcmd5>020e00dda87b88e2b888f05a90ddd770</srcmd5>
<version>86.0</version>
<time>1614684441</time>
<user>RBrownSUSE</user>
<comment>- Mozilla Firefox 86.0
* requires NSS >= 3.61
* requires rust-cbindgen >= 0.16.0
* Firefox now supports simultaneously watching multiple videos in
Picture-in-Picture.
* Total Cookie Protection to Strict Mode
* https://www.mozilla.org/en-US/firefox/86.0/releasenotes
MSFA 2021-07 (bsc#1182614)
* CVE-2021-23969 (bmo#1542194)
Content Security Policy violation report could have contained
the destination of a redirect
* CVE-2021-23970 (bmo#1681724)
Multithreaded WASM triggered assertions validating separation
of script domains
* CVE-2021-23968 (bmo#1687342)
Content Security Policy violation report could have contained
the destination of a redirect
* CVE-2021-23974 (bmo#1528997, bmo#1683627)
noscript elements could have led to an HTML Sanitizer bypass
* CVE-2021-23971 (bmo#1678545)
A website's Referrer-Policy could have been be overridden,
potentially resulting in the full URL being sent as a Referrer
* CVE-2021-23976 (bmo#1684627)
Local spoofing of web manifests for arbitrary pages in
Firefox for Android
* CVE-2021-23977 (bmo#1684761)
Malicious application could read sensitive data from Firefox
for Android's application directories
* CVE-2021-23972 (bmo#1683536)
HTTP Auth phishing warning was omitted when a redirect is</comment>
<requestid>874847</requestid>
</revision>
<revision rev="331" vrev="1">
<srcmd5>e24778024708d2a09c74e15c0e7beff6</srcmd5>
<version>86.0.1</version>
<time>1615905718</time>
<user>RBrownSUSE</user>
<comment></comment>
<requestid>878728</requestid>
</revision>
<revision rev="332" vrev="1">
<srcmd5>7755bb1e0a0f1ac1c6cfe182fcacefe6</srcmd5>
<version>87.0</version>
<time>1617722963</time>
<user>RBrownSUSE</user>
<comment>- Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
then.
- useccache: Add conditionals to enable/disable ccache.
- Mozilla Firefox 87.0
* requires NSS 3.62
* removed obsolete BigEndian ICU build workaround
* rebased patches
MFSA 2021-10 (bsc#1183942)
* CVE-2021-23981 (bmo#1692832)
Texture upload into an unbound backing buffer resulted in an
out-of-bound read
* CVE-2021-23982 (bmo#1677046)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2021-23983 (bmo#1692684)
Transitions for invalid ::marker properties resulted in memory
corruption
* CVE-2021-23984 (bmo#1693664)
Malicious extensions could have spoofed popup information
* CVE-2021-23985 (bmo#1659129)
Devtools remote debugging feature could have been enabled
without indication to the user
* CVE-2021-23986 (bmo#1692623)
A malicious extension could have performed credential-less
same origin policy violations
* CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
bmo#1690718)
Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9</comment>
<requestid>881766</requestid>
</revision>
<revision rev="333" vrev="1">
<srcmd5>d69b9c21477c9d30410700d0fcc1701f</srcmd5>
<version>88.0</version>
<time>1619192987</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
Some PDF forms use JavaScript for validation and other
interactive features
* New: Print updates: Margin units are now localized
* New: Smooth pinch-zooming using a touchpad is now supported
on Linux
* New: To protect against cross-site privacy leaks, Firefox now
isolates window.name data to the website that created it.
Learn more
* Changed: Firefox will not prompt for access to your
microphone or camera if you’ve already granted access to the
same device on the same site in the same tab within the past
50 seconds. This new grace period reduces the number of times
you’re prompted to grant device access
* Changed: The ‘Take a Screenshot’ feature was removed from the
Page Actions menu in the url bar. To take a screenshot,
right-click to open the context menu. You can also add a
screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize…
* Changed: FTP support has been disabled, and its full removal
is planned for an upcoming release. Addressing this security
risk reduces the likelihood of an attack while also removing
support for a non-encrypted protocol
* Developer: Introduced a new toggle button in the Network
panel for switching between JSON formatted HTTP response and
raw data (as received over the wire).
!enter image description here
* Enterprise: Various bug fixes and new policies have been
implemented in the latest version of Firefox. You can see</comment>
<requestid>886904</requestid>
</revision>
<revision rev="334" vrev="2">
<srcmd5>fff6cae65039a4b3badf2e86e25ed9a7</srcmd5>
<version>88.0</version>
<time>1620239946</time>
<user>dimstar_suse</user>
<comment>- add compatibility for libavcodec58_134</comment>
<requestid>889851</requestid>
</revision>
<revision rev="335" vrev="1">
<srcmd5>40f7922ca2947ca26a1ec7a47b632fd1</srcmd5>
<version>88.0.1</version>
<time>1620504419</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>890833</requestid>
</revision>
<revision rev="336" vrev="2">
<srcmd5>2b25d741e2e8f6afbeef5d810961c031</srcmd5>
<version>88.0.1</version>
<time>1621113358</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>892688</requestid>
</revision>
<revision rev="337" vrev="1">
<srcmd5>0bffdc8eef2355ee82c122d73a3409c7</srcmd5>
<version>89.0</version>
<time>1623443398</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 89.0
* UI redesign
* The Event Timing API is now supported
* The CSS forced-colors media query is now supported
MFSA 2021-23 (bsc#1186696)
* CVE-2021-29965 (bmo#1709257)
Password Manager on Firefox for Android susceptible to domain
spoofing
* CVE-2021-29960 (bmo#1675965)
Filenames printed from private browsing mode incorrectly
retained in preferences
* CVE-2021-29961 (bmo#1700235)
Firefox UI spoof using `<select>` elements and CSS scaling
* CVE-2021-29963 (bmo#1705068)
Shared cookies for search suggestions in private browsing mode
* CVE-2021-29964 (bmo#1706501)
Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29959 (bmo#1395819)
Devices could be re-enabled without additional permission prompt
* CVE-2021-29962 (bmo#1701673)
No rate-limiting for popups on Firefox for Android
* CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
bmo#1704722, bmo#1706041)
Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
* CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
Memory safety bugs fixed in Firefox 89
- require
NSS >= 3.64
rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore</comment>
<requestid>897726</requestid>
</revision>
<revision rev="338" vrev="1">
<srcmd5>a073668dce892d9a9b5b181ea20d1ded</srcmd5>
<version>89.0.2</version>
<time>1624626072</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 89.0.2 (boo#1187648):
* Fix occasional hangs with Software WebRender on Linux (bmo#1708224)
- Mozilla Firefox 89.0.1 (boo#1187475):
* Updated translations, including full Spanish (Mexico)
localization and other improvements (bmo#1714946)
* Fix various font related regressions (bmo#1694174)
* Linux: Fix performance and stability regressions with
WebRender (bmo#1715895, bmo#1715902)
* Enterprise: Fix for the `DisableDeveloperTools` policy not
having effect anymore (bmo#1715777)
* Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
* Various stability fixes</comment>
<requestid>901588</requestid>
</revision>
<revision rev="339" vrev="1">
<srcmd5>7cb4ad6b87a9f16416cffe9a05bfa95b</srcmd5>
<version>90.0</version>
<time>1626557788</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
* CVE-2021-29970 (bmo#1709976)
Use-after-free in accessibility features of a document
* CVE-2021-29971 (bmo#1713638)
Granted permissions only compared host; omitting scheme and
port on Android
* CVE-2021-30547 (bmo#1715766)
Out of bounds write in ANGLE
* CVE-2021-29972 (bmo#1696816)
Use of out-of-date library included use-after-free
vulnerability
* CVE-2021-29973 (bmo#1701932)
Password autofill on HTTP websites was enabled without user
interaction on Android
* CVE-2021-29974 (bmo#1704843)
HSTS errors could be overridden when network partitioning was
enabled
* CVE-2021-29975 (bmo#1713259)
Text message could be overlaid on top of another website
* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
bmo#1711576, bmo#1714391)
Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
* CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
bmo#1714066)
Memory safety bugs fixed in Firefox 90
- requires
NSPR 4.31
NSS 3.66</comment>
<requestid>906586</requestid>
</revision>
<revision rev="340" vrev="1">
<srcmd5>5487b1e60a9b9ee60e4d6d46df6da3bd</srcmd5>
<version>90.0.1</version>
<time>1626986554</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 90.0.1 (boo#1188480):
* Fixed: Fixed busy looping processing some HTTP3 responses
(bmo#1720079)
* Fixed: Fixed transient errors authenticating with some smart
cards (bmo#1715325)
* Fixed: Fixed a rare crash on shutdown (bmo#1707057)
* Fixed: Fixed a race on startup that caused about:support to
end up empty after upgrade (bmo#1717894, boo#1188330)</comment>
<requestid>907201</requestid>
</revision>
<revision rev="341" vrev="1">
<srcmd5>b133976b0084847a5edb73a185168071</srcmd5>
<version>90.0.2</version>
<time>1627587054</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>908075</requestid>
</revision>
<revision rev="342" vrev="1">
<srcmd5>8b1bca36fe6da87b00dc04aa95affbb0</srcmd5>
<version>91.0.1</version>
<time>1629360042</time>
<user>RBrownSUSE</user>
<comment>superseding the 91.0 version as another security and hotfix release
- Mozilla Firefox 91.0.1
* Fixed an issue causing buttons on the tab bar to be resized when
loading certain websites (bmo#1704404)
* Fixed an issue which caused tabs from private windows to be
visible in non-private windows when viewing switch-to-tab results
in the address bar panel (bmo#1720369)
* Various stability fixes
MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
- Mozilla Firefox 91.0
MFSA 2021-33 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138)
Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29981 (bmo#1707774)
Live range splitting could have led to conflicting
assignments in the JIT
* CVE-2021-29988 (bmo#1717922)
Memory corruption as a result of incorrect style treatment
* CVE-2021-29983 (bmo#1719088)
Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984 (bmo#1720031)
Incorrect instruction reordering during JIT optimization
* CVE-2021-29980 (bmo#1722204)
Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29987 (bmo#1716129)
Users could have been tricked into accepting unwanted</comment>
<requestid>912837</requestid>
</revision>
<revision rev="343" vrev="1">
<srcmd5>ca4176993c3ce67fbc4e8f6c81a264b8</srcmd5>
<version>91.0.2</version>
<time>1630697143</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>914799</requestid>
</revision>
<revision rev="344" vrev="1">
<srcmd5>aa83d5a04b3a316504dc0bfc4411acf9</srcmd5>
<version>92.0</version>
<time>1631543051</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to
HTTPS using HTTPS RR as Alt-Svc headers
* Full-range color levels are now supported for video playback on
many systems
MFSA 2021-38 (bsc#1190269)
* CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
bmo#1712242, bmo#1729259)
Handling custom intents could lead to crashes and UI spoofs
* CVE-2021-38491 (bmo#1551886)
Mixed-Content-Blocking was unable to check opaque origins
* CVE-2021-38492 (bmo#1721107)
Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
Firefox ESR 91.1
* CVE-2021-38494 (bmo#1723920, bmo#1725638)
Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
(does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
run post-build-checks everywhere again
- requires NSS 3.69.1
- Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly
repositioned due to rounding errors when font scaling != 1
(bmo#1708709); patch taken from upstream bug report and rebased
to apply cleanly against current version.</comment>
<requestid>917452</requestid>
</revision>
<revision rev="345" vrev="1">
<srcmd5>1902d1d617195c3be29e556f837df4cf</srcmd5>
<version>92.0.1</version>
<time>1633038192</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>921893</requestid>
</revision>
<revision rev="346" vrev="1">
<srcmd5>c98e4d7884248148ae21e27774ab894b</srcmd5>
<version>93.0</version>
<time>1634068091</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 93.0
* supports the new AVIF image format
* PDF viewer now supports filling more forms (XFA-based forms)
* now blocks downloads that rely on insecure connections,
protecting against potentially malicious or unsafe downloads
* Improved web compatibility for privacy protections with SmartBlock 3.0
* Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing
* TLS ciphersuites that use 3DES have been disabled. Such
ciphersuites can only be enabled when deprecated versions of
TLS are also enabled
* The download panel now follows the Firefox visual styles
MFSA 2021-43 (bsc#1191332)
* CVE-2021-38496 (bmo#1725335)
Use-after-free in MessageTask
* CVE-2021-38497 (bmo#1726621)
Validation message could have been overlaid on another origin
* CVE-2021-38498 (bmo#1729642)
Use-after-free of nsLanguageAtomService object
* CVE-2021-32810 (bmo#1729813)
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
Data race in crossbeam-deque
* CVE-2021-38500 (bmo#1725854, bmo#1728321)
Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
* CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
* CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch</comment>
<requestid>923417</requestid>
</revision>
<revision rev="347" vrev="2">
<srcmd5>120ed38580b68b4d32ab3b0161f46cac</srcmd5>
<version>93.0</version>
<time>1634754230</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>926026</requestid>
</revision>
<revision rev="348" vrev="3">
<srcmd5>19a3468b582b53e1b2cdd668dc27a0e5</srcmd5>
<version>93.0</version>
<time>1635539588</time>
<user>dimstar_suse</user>
<comment>- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- (re-)enable LTO on Tumbleweed
- Rebase mozilla-sandbox-fips.patch to punch another hole in the
sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
from within the newly introduced socket process sandbox.
This fixes bsc#1191815 and bsc#1190141
- Add patch to fix build on aarch64 (bmo#1729124)</comment>
<requestid>927811</requestid>
</revision>
<revision rev="349" vrev="1">
<srcmd5>e38a1464ce3bd3a2dd6121fe625bf0a2</srcmd5>
<version>94.0.1</version>
<time>1636388648</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>929844</requestid>
</revision>
<revision rev="350" vrev="1">
<srcmd5>3240104e35d0310b4a8b3d385aae6531</srcmd5>
<version>94.0.2</version>
<time>1637970635</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>933355</requestid>
</revision>
<revision rev="351" vrev="1">
<srcmd5>9ddb587c0356f4650ca8760ef9da499b</srcmd5>
<version>95.0</version>
<time>1639266969</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 95.0
* You can now move the Picture-in-Picture toggle button to the
opposite side of the video. Simply look for the new context menu
option Move Picture-in-Picture Toggle to Left (Right) Side.
* To better protect Firefox users against side-channel attacks such
as Spectre, Site Isolation is now enabled for all Firefox 95 users.
* https://www.mozilla.org/en-US/firefox/95.0/releasenotes
MFSA 2021-52 (bsc#1193485)
* CVE-2021-43536 (bmo#1730120)
URL leakage when navigating while executing asynchronous
function
* CVE-2021-43537 (bmo#1738237)
Heap buffer overflow when using structured clone
* CVE-2021-43538 (bmo#1739091)
Missing fullscreen and pointer lock notification when
requesting both
* CVE-2021-43539 (bmo#1739683)
GC rooting failure when calling wasm instance methods
* MOZ-2021-0010 (bmo#1735852)
Use-after-free in fullscreen objects on MacOS
* CVE-2021-43540 (bmo#1636629)
WebExtensions could have installed persistent ServiceWorkers
* CVE-2021-43541 (bmo#1696685)
External protocol handler parameters were unescaped
* CVE-2021-43542 (bmo#1723281)
XMLHttpRequest error codes could have leaked the existence of
an external protocol handler
* CVE-2021-43543 (bmo#1738418)
Bypass of CSP sandbox directive when embedding
* CVE-2021-43544 (bmo#1739934)</comment>
<requestid>936364</requestid>
</revision>
<revision rev="352" vrev="1">
<srcmd5>05d8c797e020c82f081d454050d4372f</srcmd5>
<version>95.0.1</version>
<time>1639855765</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 95.0.1 (bsc#1193845)
* Fixed frequent
MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
messages when trying to connect to various microsoft.com
domains (bmo#1745600)
* Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
* Fix for a frequent Windows shutdown crash (bmo#1738984)
* Fix websites contrast issues for some Linux users with
Dark mode set at OS level (bmo#1740518)</comment>
<requestid>941230</requestid>
</revision>
<revision rev="353" vrev="1">
<srcmd5>3d96da4406dbfde33084adcfb09f50a8</srcmd5>
<version>95.0.2</version>
<time>1640876128</time>
<user>dimstar_suse</user>
<comment>- Add upstream patches:
* mozilla-bmo1745560.patch: Fix build against wayland 1.20.
* mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
creation
- Mozilla Firefox 95.0.2
* Addresses frequent crashes experienced by users with C/E/Z-Series
"Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64</comment>
<requestid>943041</requestid>
</revision>
<revision rev="354" vrev="1">
<srcmd5>9b873ca6b300ac4c49380c963bfd8016</srcmd5>
<version>96.0</version>
<time>1642029734</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 96.0
* https://www.mozilla.org/en-US/firefox/96.0/releasenotes
MFSA 2022-01 (bsc#1194547)
* CVE-2022-22746 (bmo#1735071)
Calling into reportValidity could have lead to fullscreen
window spoof
* CVE-2022-22743 (bmo#1739220)
Browser window spoof using fullscreen mode
* CVE-2022-22742 (bmo#1739923)
Out-of-bounds memory access when inserting text in edit mode
* CVE-2022-22741 (bmo#1740389)
Browser window spoof using fullscreen mode
* CVE-2022-22740 (bmo#1742334)
Use-after-free of ChannelEventQueue::mOwner
* CVE-2022-22738 (bmo#1742382)
Heap-buffer-overflow in blendGaussianBlur
* CVE-2022-22737 (bmo#1745874)
Race condition when playing audio files
* CVE-2021-4140 (bmo#1746720)
Iframe sandbox bypass with XSLT
* CVE-2022-22750 (bmo#1566608)
IPC passing of resource handles could have lead to sandbox
bypass
* CVE-2022-22749 (bmo#1705094)
Lack of URL restrictions when scanning QR codes
* CVE-2022-22748 (bmo#1705211)
Spoofed origin on external protocol launch dialog
* CVE-2022-22745 (bmo#1735856)
Leaking cross-origin URLs through securitypolicyviolation
event</comment>
<requestid>945699</requestid>
</revision>
<revision rev="355" vrev="1">
<srcmd5>33f4d0f34fb0a0c668aa6dc6f0f31006</srcmd5>
<version>96.0.1</version>
<time>1642279512</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>946473</requestid>
</revision>
<revision rev="356" vrev="1">
<srcmd5>014bd43635b3f8eec79a1dedb590ba5f</srcmd5>
<version>96.0.2</version>
<time>1642936508</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>947863</requestid>
</revision>
<revision rev="357" vrev="2">
<srcmd5>4f34e7dc1bc0ae1060954cf837b5bf7e</srcmd5>
<version>96.0.2</version>
<time>1643228790</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>948332</requestid>
</revision>
<revision rev="358" vrev="1">
<srcmd5>b4d5910cbeb396b38dacf6ac1740e90d</srcmd5>
<version>96.0.3</version>
<time>1643720552</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 96.0.3 (bsc#1195230)
* Fixed an issue that allowed unexpected data to be submitted in
some of our search telemetry (bmo#1752317)</comment>
<requestid>949716</requestid>
</revision>
<revision rev="359" vrev="1">
<srcmd5>22e540058222eb8cc377be66c2657496</srcmd5>
<version>97.0</version>
<time>1644531096</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 97.0
MFSA 2022-04 (bsc#1195682)
* CVE-2022-22753 (bmo#1732435)
Privilege Escalation to SYSTEM on Windows via Maintenance Service
* CVE-2022-22754 (bmo#1750565)
Extensions could have bypassed permission confirmation during update
* CVE-2022-22755 (bmo#1309630)
XSL could have allowed JavaScript execution after a tab was closed
* CVE-2022-22756 (bmo#1317873)
Drag and dropping an image could have resulted in the dropped
object being an executable
* CVE-2022-22757 (bmo#1720098)
Remote Agent did not prevent local websites from connecting
* CVE-2022-22758 (bmo#1728742)
tel: links could have sent USSD codes to the dialer on
Firefox for Android
* CVE-2022-22759 (bmo#1739957)
Sandboxed iframes could have executed script if the parent
appended elements
* CVE-2022-22760 (bmo#1740985, bmo#1748503)
Cross-Origin responses could be distinguished between script
and non-script content-types
* CVE-2022-22761 (bmo#1745566)
frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
* CVE-2022-22762 (bmo#1743931)
JavaScript Dialogs could have been displayed over other
domains on Firefox for Android
* CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
bmo#1748210, bmo#1748279)</comment>
<requestid>952887</requestid>
</revision>
<revision rev="360" vrev="1">
<srcmd5>f1bf91acd730d61049a4b2b3439383b7</srcmd5>
<version>97.0.1</version>
<time>1645461957</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>955949</requestid>
</revision>
<revision rev="361" vrev="1">
<srcmd5>80948a7b7c1f375dee695487e9bbe1c2</srcmd5>
<version>98.0</version>
<time>1647199457</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 98.0
* Firefox has a new optimized download flow
* other changes as documented here
https://www.mozilla.org/en-US/firefox/98.0/releasenotes
MFSA 2022-10 (bsc#1196900)
* CVE-2022-26383 (bmo#1742421)
Browser window spoof using fullscreen mode
* CVE-2022-26384 (bmo#1744352)
iframe allow-scripts sandbox bypass
* CVE-2022-26387 (bmo#1752979)
Time-of-check time-of-use bug when verifying add-on signatures
* CVE-2022-26381 (bmo#1736243)
Use-after-free in text reflows
* CVE-2022-26382 (bmo#1741888)
Autofill Text could be exfiltrated via side-channel attacks
* CVE-2022-26385 (bmo#1747526)
Use-after-free in thread shutdown
* CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
bmo#1754508)
Memory safety bugs fixed in Firefox 98
- requires NSS 3.75
- add mozilla-bmo1756347.patch to fix i586 build
- Remove bashisms ("source" and "function" keywords) from
mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user
has either dash-sh package or busybox-sh to handle Bourn Shell
scripts rather than having bash-sh package, the script would
fail. Using "." instead of "source" and "create_langpack_link()"
function definition is enough to keep both sides sane,</comment>
<requestid>960656</requestid>
</revision>
<revision rev="362" vrev="1">
<srcmd5>55dac1236c436d9b4295948a0f466f4c</srcmd5>
<version>98.0.2</version>
<time>1648479585</time>
<user>dimstar_suse</user>
<comment>- MozillaFirefox 98.0.2:
* Fixed: Fixed an issue preventing users from typing in Address
Bar after opening new tab and pressing cmd + enter
(bmo#1757376)
* Fixed: Fixed an issue causing some users to crash in out-of-
memory conditions (bmo#1757618)
* Fixed: Fixed an issue in session history which caused some
sites to fail to load (bmo#1758664)
* Fixed: Fixed an add-on specific compatibility issue
(bmo#1759162)
- Change mozilla-kde.patch to follow the GNOME registry
behavior for new MIME types to avoid opening downloaded files
without any inquiries (bsc#1197319)
- Add patch to fix start-up on aarch64:
* mozilla-bmo1757571.patch
- exclude slow cpus for building
- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
faster buildhosts, as the others struggle to build FF.
- Mozilla Firefox 98.0.1:
* Yandex and Mail.ru have been removed as optional search
providers in the drop-down search menu in Firefox</comment>
<requestid>964778</requestid>
</revision>
<revision rev="363" vrev="1">
<srcmd5>678f14baf26382eb7d4ca88bdf0647f8</srcmd5>
<version>99.0</version>
<time>1649370413</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 99.0
* You can now toggle Narrate in ReaderMode with the keyboard
shortcut "n."
* You can find added support for search—with or without
diacritics—in the PDF viewer.
* The Linux sandbox has been strengthened: processes exposed to web
content no longer have access to the X Window system (X11).
* Firefox now supports credit card autofill and capture in
Germany and France.
MFSA 2022-13 (bsc#1197903)
* CVE-2022-1097 (bmo#1745667)
Use-after-free in NSSToken objects
* CVE-2022-28281 (bmo#1755621)
Out of bounds write due to unexpected WebAuthN Extensions
* CVE-2022-28282 (bmo#1751609)
Use-after-free in DocumentL10n::TranslateDocument
* CVE-2022-28283 (bmo#1754066)
Missing security checks for fetching sourceMapURL
* CVE-2022-28284 (bmo#1754522)
Script could be executed via svg's use element
* CVE-2022-28285 (bmo#1756957)
Incorrect AliasSet used in JIT Codegen
* CVE-2022-28286 (bmo#1735265)
iframe contents could be rendered outside the border
* CVE-2022-28287 (bmo#1741515)
Text Selection could crash Firefox
* CVE-2022-24713 (bmo#1758509)
Denial of Service via complex regular expressions
* CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)</comment>
<requestid>967154</requestid>
</revision>
<revision rev="364" vrev="1">
<srcmd5>1d4097d4c87282e3a324f580a41dfcbd</srcmd5>
<version>99.0.1</version>
<time>1650060806</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>969574</requestid>
</revision>
<revision rev="365" vrev="1">
<srcmd5>352539f1392e3e4f7fc822b685df5507</srcmd5>
<version>100.0</version>
<time>1651856310</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 100.0
* subtitle support in PiP
* spell checking supports multiple languages in parallel
* more details here
https://www.mozilla.org/en-US/firefox/100.0/releasenotes
MFSA 2022-16 (boo#1198970)
* CVE-2022-29914 (bmo#1746448)
Fullscreen notification bypass using popups
* CVE-2022-29909 (bmo#1755081)
Bypassing permission prompt in nested browsing contexts
* CVE-2022-29916 (bmo#1760674)
Leaking browser history with CSS variables
* CVE-2022-29911 (bmo#1761981)
iframe Sandbox bypass
* CVE-2022-29912 (bmo#1692655)
Reader mode bypassed SameSite cookies
* CVE-2022-29910 (bmo#1757138)
Firefox for Android forgot HTTP Strict Transport Security
settings
* CVE-2022-29915 (bmo#1751678)
Leaking cross-origin redirect through the Performance API
* CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
bmo#1762614, bmo#1762620, bmo#1764778)
Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
* CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
Memory safety bugs fixed in Firefox 100
- requires NSS 3.77</comment>
<requestid>974815</requestid>
</revision>
<revision rev="366" vrev="1">
<srcmd5>ef1cc4a8ff48fc27d942f8f9afb9ac49</srcmd5>
<version>100.0.2</version>
<time>1653152745</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 100.0.2
MFSA 2022-19 (bsc#1199768)
* CVE-2022-1802 (bmo#1770137)
Prototype pollution in Top-Level Await implementation
* CVE-2022-1529 (bmo#1770048)
Untrusted input used in JavaScript object indexing, leading
to prototype pollution
- Mozilla Firefox 100.0.1:
* Fixed: Fixed an issue with subtitles in Picture-in-Picture
mode while using Netflix (bmo#1768818)
* Fixed: Fixed an issue where some commands were unavailable in
the Picture-in-Picture window (bmo#1768201)</comment>
<requestid>978314</requestid>
</revision>
<revision rev="367" vrev="1">
<srcmd5>95e53dab11d29717f2f99789843c0d5f</srcmd5>
<version>101.0</version>
<time>1654199625</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 101.0
* Reading is now easier with the prefers-contrast media query,
which allows sites to detect if the user has requested that web
content is presented with a higher (or lower) contrast
* All non-configured MIME types can now be assigned a custom
action upon download completion
* allows users to use as many microphones as you want, at the
same time, during video conferencing. The most exciting benefit
is that you can easily switch your microphones at any time
(if your conferencing service provider enables this flexibility)
MFSA 2022-20 (bsc#1200027)
* CVE-2022-31736 (bmo#1735923)
Cross-Origin resource's length leaked
* CVE-2022-31737 (bmo#1743767)
Heap buffer overflow in WebGL
* CVE-2022-31738 (bmo#1756388)
Browser window spoof using fullscreen mode
* CVE-2022-31739 (bmo#1765049)
Attacker-influenced path traversal when saving downloaded files
* CVE-2022-31740 (bmo#1766806)
Register allocation problem in WASM on arm64
* CVE-2022-31741 (bmo#1767590)
Uninitialized variable leads to invalid memory read
* CVE-2022-31742 (bmo#1730434)
Querying a WebAuthn token with a large number of allowCredential
entries may have leaked cross-origin information
* CVE-2022-31743 (bmo#1747388)
HTML Parsing incorrectly ended HTML comments prematurely
* CVE-2022-31744 (bmo#1757604)
CSP bypass enabling stylesheet injection</comment>
<requestid>980191</requestid>
</revision>
<revision rev="368" vrev="1">
<srcmd5>8ad252e51bb48d7f781d2ba9320ee855</srcmd5>
<version>101.0.1</version>
<time>1655493598</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>982081</requestid>
</revision>
<revision rev="369" vrev="1">
<srcmd5>fb1f576786484f3d6ce5508efe520391</srcmd5>
<version>102.0.1</version>
<time>1657559277</time>
<user>dimstar_suse</user>
<comment>- Firefox 102.0.1:
* Fixed: Fixed bookmarks sidebar flashing white when opened in
dark mode (bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with
content in both English and a non-Latin alphabet
(bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last
visible message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is
closed* checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
- Firefox 102.0
* You can now disable automatic opening of the download panel
every time a new download starts
* Firefox now mitigates query parameter tracking when navigating
sites in ETP strict mode
* Improved security by moving audio decoding into a separate
process with stricter sandboxing, thus improving process isolation
* https://www.mozilla.org/en-US/firefox/102.0/releasenotes
MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595)
A popup window could be resized in a way to overlay the
address bar with web content
* CVE-2022-34470 (bmo#1765951)
Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537)
CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI</comment>
<requestid>988096</requestid>
</revision>
<revision rev="370" vrev="1">
<srcmd5>8bc1d100b49fb50ad74f152795483baf</srcmd5>
<version>103.0.1</version>
<time>1659554149</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 103.0.1
* Enabled hardware acceleration on newer AMD cards.
* Fixed a crash on Firefox shutdown caused by a bug in the
audio manager
- Mozilla Firefox 103.0
https://www.mozilla.org/en-US/firefox/103.0/releasenotes
MFSA 2022-28 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722)
Mouse Position spoofing with CSS transforms
* CVE-2022-36317 (bmo#1759951)
Long URL would hang Firefox for Android
* CVE-2022-36318 (bmo#1771774)
Directory indexes for bundled resources reflected URL
parameters
* CVE-2022-36314 (bmo#1773894)
Opening local <code>.lnk</code> files could cause unexpected
network loads
* CVE-2022-36315 (bmo#1762520)
Preload Cache Bypasses Subresource Integrity
* CVE-2022-36316 (bmo#1768583)
Performance API leaked whether a cross-site resource is
redirecting
* CVE-2022-36320 (bmo#1759794, bmo#1760998)
Memory safety bugs fixed in Firefox 103
* CVE-2022-2505 (bmo#1769739, bmo#1772824)
Memory safety bugs fixed in Firefox 103 and 102.1
- requires
NSS >= 3.80
rust = 1.61</comment>
<requestid>992040</requestid>
</revision>
<revision rev="371" vrev="1">
<srcmd5>50aa3c0366007db7937e36e3e33a6c40</srcmd5>
<version>103.0.2</version>
<time>1660235486</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 103.0.2
* Fixed menu shortcuts for users of the JAWS screen reader
* Fixed an occasional non-overridable certificate error when
accessing device configuration pages
- The --disable-elf-hack option only exists on ARM and X86</comment>
<requestid>994312</requestid>
</revision>
<revision rev="372" vrev="2">
<srcmd5>a910dd98c3b3c1d1e31a1a9535e03f26</srcmd5>
<version>103.0.2</version>
<time>1660586178</time>
<user>dimstar_suse</user>
<comment>- added mozilla-glibc236.patch (bmo#1782988, boo#1202323)</comment>
<requestid>994938</requestid>
</revision>
<revision rev="373" vrev="1">
<srcmd5>e992c44017521dcbc354d157ac940e58</srcmd5>
<version>104.0</version>
<time>1661593672</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 104.0
* https://www.mozilla.org/en-US/firefox/104.0/releasenotes
MFSA 2022-33 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155)
Address bar spoofing via XSLT error handling
* CVE-2022-38473 (bmo#1771685)
Cross-origin XSLT Documents would have inherited the parent's
permissions
* CVE-2022-38474 (bmo#1719511)
Recording notification not shown when microphone was
recording on Android
* CVE-2022-38475 (bmo#1773266)
Attacker could write a value to a zero-length array
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658)
Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
- requires
NSPR 4.34.1
NSS 3.81
rust 1.62</comment>
<requestid>999342</requestid>
</revision>
<revision rev="374" vrev="1">
<srcmd5>632e5325d445e7aa16bab5f2daf5ba3b</srcmd5>
<version>104.0.2</version>
<time>1662639681</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 104.0.2 (boo#1203177)
https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
* Fixed a bug making it impossible to use touch or a stylus to
drag the scrollbar on pages (bmo#1787361)
* Fixed an issue causing some users to crash in out-of-memory
conditions (bmo#1774155)
* Fixed an issue that would sometimes affect video & audio playback
when loaded via a cross-origin iframe src attribute (bmo#1781759)
* Fixed an issue that would sometimes affect video & audio playback
when served with Content-Security-Policy: sandbox (bmo#1781063)
- Mozilla Firefox 104.0.1
* Addresses an issue with Youtube video playback that was
affecting some users (boo#1203003)</comment>
<requestid>1001583</requestid>
</revision>
<revision rev="375" vrev="2">
<srcmd5>15dcfa7223d9d11bffa31a253d45b848</srcmd5>
<version>104.0.2</version>
<time>1662833811</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1002272</requestid>
</revision>
<revision rev="376" vrev="1">
<srcmd5>b46b1b1a7f0975c77c7b1674e65f8253</srcmd5>
<version>105.0.3</version>
<time>1665591775</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 105.0.3:
* Fixes for other platforms
- Mozilla Firefox 105.0.2:
* Fixed poor contrast on various menu items with certain
themes on Linux systems (bmo#1792063)
* Fixed the scrollbar appearing on the wrong side of
`select` elements in right-to-left locales (bmo#1791219)
* Fixed a possible deadlock when loading some sites in
Troubleshoot Mode (bmo#1786259)
* Fixed a bug causing some dynamic appearance changes to
not appear when expected (bmo#1786521)
* Fixed a bug causing theme styling to not be properly applied
to sidebars for some add-ons in Private Browsing Mode
(bmo#1787543)
- Mozilla Firefox 105.0.1
* Reverted focus behavior for new windows back to the content
area instead of the address bar (bmo#1784692)
- added mozilla-i686-build.patch to avoid using avx2
- Mozilla Firefox 105.0
https://www.mozilla.org/en-US/firefox/105.0/releasenotes
MFSA 2022-40 (bsc#1203477)
* CVE-2022-40959 (bmo#1782211)
Bypassing FeaturePolicy restrictions on transient pages
* CVE-2022-40960 (bmo#1787633)
Data-race when parsing non-UTF-8 URLs in threads
* CVE-2022-40958 (bmo#1779993)
Bypassing Secure Context restriction for cookies with __Host</comment>
<requestid>1009258</requestid>
</revision>
<revision rev="377" vrev="1">
<srcmd5>60155f7fd978fa6eff3e5874d7159109</srcmd5>
<version>106.0</version>
<time>1666440723</time>
<user>dimstar_suse</user>
<comment>i686 and aarch64 should be fixed. No idea for ppc64le
- Mozilla Firefox 106.0
* support editing of PDFs
* introduced Firefox View
* major WebRTC update
- Better screen sharing for Windows and Linux Wayland users
- RTP performance and reliability improvements
- Richer statistics
- Cross-browser and service compatibility improvements
* detailed releasenotes
https://www.mozilla.org/en-US/firefox/106.0/releasenotes
MFSA 2022-44 (bsc#1204421)
* CVE-2022-42927 (bmo#1789128)
Same-origin policy violation could have leaked cross-origin URLs
* CVE-2022-42928 (bmo#1791520)
Memory Corruption in JS Engine
* CVE-2022-42929 (bmo#1789439)
Denial of Service via window.print
* CVE-2022-42930 (bmo#1789503)
Race condition in DOM Workers
* CVE-2022-42931 (bmo#1780571)
Username saved to a plaintext file on disk
* CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
Memory safety bugs fixed in Firefox
- added -msse2 flag to fix i386 build and workaround bmo#1795993
- fixed used buildflags
- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
as it was extended with changes for other archs</comment>
<requestid>1030290</requestid>
</revision>
<revision rev="378" vrev="1">
<srcmd5>1e394c238be9ddfea1076dcd8f147ff9</srcmd5>
<version>106.0.1</version>
<time>1666535565</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 106.0.1
* Addresses a crash experienced by users with AMD Zen 1 CPUs
(bmo#1796126)</comment>
<requestid>1030584</requestid>
</revision>
<revision rev="379" vrev="1">
<srcmd5>e9da95c71a62d767741d53e4a929e1bd</srcmd5>
<version>106.0.2</version>
<time>1666978172</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 106.0.2
* Fix missing content on some PDF forms (bmo#1794351)
* Fix column width for the Notification sub-panel in Settings
(bmo#1793558)
* Fix a browser freeze with accessibility enabled on some sites
such as the Proxmox Web UI (bmo#1793748)
* Fix page reloading not working with Firefox View and not
refreshing synced data (bmo#1792680, bmo#1794474)</comment>
<requestid>1031637</requestid>
</revision>
<revision rev="380" vrev="1">
<srcmd5>09edcc480fde40ff6968a62fd1dc4920</srcmd5>
<version>106.0.3</version>
<time>1667499196</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 106.0.3
* Fixes for other platforms</comment>
<requestid>1032848</requestid>
</revision>
<revision rev="381" vrev="1">
<srcmd5>8ce8d54aec0bf870cc037a0037fed80e</srcmd5>
<version>106.0.5</version>
<time>1667734897</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1033697</requestid>
</revision>
<revision rev="382" vrev="1">
<srcmd5>76d5fc097e88a12039f20b333ad334b9</srcmd5>
<version>107.0</version>
<time>1668702232</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 107.0
MFSA 2022-47 (bsc#1205270)
* CVE-2022-45403 (bmo#1762078)
Service Workers might have learned size of cross-origin media files
* CVE-2022-45404 (bmo#1790815)
Fullscreen notification bypass
* CVE-2022-45405 (bmo#1791314)
Use-after-free in InputStream implementation
* CVE-2022-45406 (bmo#1791975)
Use-after-free of a JavaScript Realm
* CVE-2022-45407 (bmo#1793314)
Loading fonts on workers was not thread-safe
* CVE-2022-45408 (bmo#1793829)
Fullscreen notification bypass via windowName
* CVE-2022-45409 (bmo#1796901)
Use-after-free in Garbage Collection
* CVE-2022-45410 (bmo#1658869)
ServiceWorker-intercepted requests bypassed SameSite cookie policy
* CVE-2022-45411 (bmo#1790311)
Cross-Site Tracing was possible via non-standard override headers
* CVE-2022-45412 (bmo#1791029)
Symlinks may resolve to partially uninitialized buffers
* CVE-2022-45413 (bmo#1791201)
SameSite=Strict cookies could have been sent cross-site via
intent URLs
* CVE-2022-40674 (bmo#1791598)
Use-after-free vulnerability in expat
* CVE-2022-45415 (bmo#1793551)
Downloaded file may have been saved with malicious extension
* CVE-2022-45416 (bmo#1793676)</comment>
<requestid>1036230</requestid>
</revision>
<revision rev="383" vrev="1">
<srcmd5>1c4e35681e847e385bf1cd3c5b7a1011</srcmd5>
<version>107.0.1</version>
<time>1669983145</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1039406</requestid>
</revision>
<revision rev="384" vrev="1">
<srcmd5>769a67be6b1793ba726bc8041d2a4d61</srcmd5>
<version>108.0.1</version>
<time>1671635148</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 108.0.1 (boo#1206507)
* Fixes the default search engine being reset on upgrade for
profiles which were previously copied from a different location
- Mozilla Firefox 108.0
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
MFSA 2022-51 (bsc#1206242)
* CVE-2022-46871 (bmo#1795697)
libusrsctp library out of date
* CVE-2022-46872 (bmo#1799156)
Arbitrary file read from a compromised content process
* CVE-2022-46873 (bmo#1644790)
Firefox did not implement the CSP directive unsafe-hashes
* CVE-2022-46874 (bmo#1746139)
Drag and Dropped Filenames could have been truncated to
malicious extensions
* CVE-2022-46875 (bmo#1786188)
Download Protections were bypassed by .atloc and .ftploc
files on Mac OS
* CVE-2022-46877 (bmo#1795139)
Fullscreen notification bypass
* CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
bmo#1801102, bmo#1801315, bmo#1802395)
Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
* CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
Memory safety bugs fixed in Firefox 108
- requires
NSS >= 3.85
rustc/cargo 1.65</comment>
<requestid>1043934</requestid>
</revision>
<revision rev="385" vrev="2">
<srcmd5>a40e188372945f2cb50142d26bd35634</srcmd5>
<version>108.0.1</version>
<time>1671787248</time>
<user>dimstar_suse</user>
<comment>- add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)</comment>
<requestid>1044163</requestid>
</revision>
<revision rev="386" vrev="1">
<srcmd5>a7f37f7e1a6ec0283b117314ab94b06c</srcmd5>
<version>108.0.2</version>
<time>1673108167</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1056394</requestid>
</revision>
<revision rev="387" vrev="1">
<srcmd5>888d816f58f9ff7b22876c9e7f14b164</srcmd5>
<version>109.0</version>
<time>1674232591</time>
<user>dimstar_suse</user>
<comment>- Mozilla Firefox 109.0
MFSA 2023-01 (bsc#1207119)
* CVE-2023-23597 (bmo#1538028)
Logic bug in process allocation allowed to read arbitrary
files
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23600 (bmo#1787034)
Notification permissions persisted between Normal and Private
Browsing on Android
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2023-23603 (bmo#1800832)
Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
* CVE-2023-23604 (bmo#1802346)
Creation of duplicate <code>SystemPrincipal</code> from less
secure contexts
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
* CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
bmo#1804626, bmo#1804971, bmo#1807004)</comment>
<requestid>1059273</requestid>
</revision>
<revision rev="388" vrev="1">
<srcmd5>3dfa6216e2142e9309e65c7facc40ed7</srcmd5>
<version>109.0.1</version>
<time>1675357667</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1062544</requestid>
</revision>
</revisionlist>