Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox119
changeset 1197 19915e86b721
parent 1196 954851a35787
child 1198 de5582739a05 
--- a/MozillaFirefox/MozillaFirefox.changes	Wed Oct 25 11:49:20 2023 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Nov 22 23:08:38 2023 +0100
@@ -1,4 +1,52 @@
 -------------------------------------------------------------------
+Wed Nov  8 20:27:15 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 119.0.1
+  * Fixed a bug causing colors in the <select> HTML element to not
+    be applied to dropdown menu arrows (bmo#1861253)
+  * Fixed a bug with the <input> HTML element state not changing
+    when dynamically updating the `disabled` attribute on an
+    ancestor <fieldset> (bmo#1861027)
+  * Fixed a bug causing elements with the indeterminate CSS
+    selector in a radio group to not update (bmo#1861346)
+
+-------------------------------------------------------------------
+Thu Oct 26 10:31:03 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 119.0
+  https://www.mozilla.org/en-US/firefox/119.0/releasenotes
+  MFSA 2023-45 (bsc#1216338)
+  * CVE-2023-5721 (bmo#1830820)
+    Queued up rendering could have allowed websites to clickjack
+  * CVE-2023-5722 (bmo#1738426)
+    Cross-Origin size and header leakage
+  * CVE-2023-5723 (bmo#1802057)
+    Invalid cookie characters could have led to unexpected errors
+  * CVE-2023-5724 (bmo#1836705)
+    Large WebGL draw could have led to a crash
+  * CVE-2023-5725 (bmo#1845739)
+    WebExtensions could open arbitrary URLs
+  * CVE-2023-5726 (bmo#1846205)
+    Full screen notification obscured by file open dialog on macOS
+  * CVE-2023-5727 (bmo#1847180)
+    Download Protections were bypassed by .msix, .msixbundle,
+    .appx, and .appxbundle files on Windows
+  * CVE-2023-5728 (bmo#1852729)
+    Improper object tracking during GC in the JavaScript engine
+    could have led to a crash.
+  * CVE-2023-5729 (bmo#1823720)
+    Fullscreen notification dialog could have been obscured by
+    WebAuthn prompts
+  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
+    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
+    bmo#1855306, bmo#1855640, bmo#1856695)
+    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
+    and Thunderbird 115.4.1
+  * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068)
+    Memory safety bugs fixed in Firefox 119
+- requires NSS 3.94
+
+-------------------------------------------------------------------
 Wed Oct 11 18:28:09 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
 
 - Mozilla Firefox 118.0.2
@@ -13,9 +61,10 @@
 -------------------------------------------------------------------
 Sat Sep 30 19:51:56 UTC 2023 - Björn Bidar <bjorn.bidar@thaodan.de>
 
-- Activate KDE integration again, included rebased and updated patches
-  (upstream removed special files handling for preferences but that
-  has no effect since we haven't shipped obsolete kde.js for a while)
+- Activate KDE integration again, included rebased and updated
+  patches, firefox-kde.patch and mozilla-kde.patch, (upstream
+  removed special files handling for preferences but that has no
+  effect since we haven't shipped obsolete kde.js for a while)
   (boo#1216027)
 
 -------------------------------------------------------------------
mozilla