Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox107
changeset 1181 ba646dddffef
parent 1180 d76083122710
child 1182 cb6f01567cf8 
--- a/MozillaFirefox/MozillaFirefox.changes	Tue Nov 15 15:11:07 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Mon Dec 12 22:35:13 2022 +0100
@@ -1,10 +1,73 @@
 -------------------------------------------------------------------
+Thu Dec  1 21:13:32 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 107.0.1:
+  * Fix an issue with accessing some sites reliably in Private
+    Browsing mode or Strict ETP due to anti-adblockers
+    (bmo#1717806)
+  * Fix an issue where Color Management was not available for
+    some users (bmo#1799391)
+  * Fix an issue with text overlapping in the Settings Menu for
+    some locales (bmo#1800379)
+  * Fix an issue where the DevTools UI is not accessible when an
+    alert dialog is displayed (bmo#1801840)
+
+-------------------------------------------------------------------
+Tue Nov 15 14:22:26 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 107.0
+  MFSA 2022-47 (bsc#1205270)
+ * CVE-2022-45403 (bmo#1762078)
+    Service Workers might have learned size of cross-origin media files
+  * CVE-2022-45404 (bmo#1790815)
+    Fullscreen notification bypass
+  * CVE-2022-45405 (bmo#1791314)
+    Use-after-free in InputStream implementation
+  * CVE-2022-45406 (bmo#1791975)
+    Use-after-free of a JavaScript Realm
+  * CVE-2022-45407 (bmo#1793314)
+    Loading fonts on workers was not thread-safe
+  * CVE-2022-45408 (bmo#1793829)
+    Fullscreen notification bypass via windowName
+  * CVE-2022-45409 (bmo#1796901)
+    Use-after-free in Garbage Collection
+  * CVE-2022-45410 (bmo#1658869)
+    ServiceWorker-intercepted requests bypassed SameSite cookie policy
+  * CVE-2022-45411 (bmo#1790311)
+    Cross-Site Tracing was possible via non-standard override headers
+  * CVE-2022-45412 (bmo#1791029)
+    Symlinks may resolve to partially uninitialized buffers
+  * CVE-2022-45413 (bmo#1791201)
+    SameSite=Strict cookies could have been sent cross-site via
+    intent URLs
+  * CVE-2022-40674 (bmo#1791598)
+    Use-after-free vulnerability in expat
+  * CVE-2022-45415 (bmo#1793551)
+    Downloaded file may have been saved with malicious extension
+  * CVE-2022-45416 (bmo#1793676)
+    Keystroke Side-Channel Leakage
+  * CVE-2022-45417 (bmo#1794508)
+    Service Workers in Private Browsing Mode may have been
+    written to disk
+  * CVE-2022-45418 (bmo#1795815)
+    Custom mouse cursor could have been drawn over browser UI
+  * CVE-2022-45419 (bmo#1716082)
+    Deleting a security exception did not take effect immediately
+  * CVE-2022-45420 (bmo#1792643)
+    Iframe contents could be rendered outside the iframe
+  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
+    Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
+- requires
+  * NSS >= 3.84
+  * rust = 1.64
+
+-------------------------------------------------------------------
 Sat Nov  5 13:16:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 
-- Mozilla Firefox 106.0.5:
+- Mozilla Firefox 106.0.5
   * Addresses a crash experienced by users with Intel Gemini Lake
     CPUs (bmo#1702019)
-- Mozilla Firefox 106.0.4:
+- Mozilla Firefox 106.0.4
   * Fixed an issue with DRM Video playback (bmo#1797292)
   * Fixed broken layout of datetime input when switching
     types (bmo#1797139)
mozilla