--- a/MozillaFirefox/MozillaFirefox.changes Tue Nov 15 15:11:07 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Mon Dec 12 22:35:13 2022 +0100
@@ -1,10 +1,73 @@
-------------------------------------------------------------------
+Thu Dec 1 21:13:32 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 107.0.1:
+ * Fix an issue with accessing some sites reliably in Private
+ Browsing mode or Strict ETP due to anti-adblockers
+ (bmo#1717806)
+ * Fix an issue where Color Management was not available for
+ some users (bmo#1799391)
+ * Fix an issue with text overlapping in the Settings Menu for
+ some locales (bmo#1800379)
+ * Fix an issue where the DevTools UI is not accessible when an
+ alert dialog is displayed (bmo#1801840)
+
+-------------------------------------------------------------------
+Tue Nov 15 14:22:26 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 107.0
+ MFSA 2022-47 (bsc#1205270)
+ * CVE-2022-45403 (bmo#1762078)
+ Service Workers might have learned size of cross-origin media files
+ * CVE-2022-45404 (bmo#1790815)
+ Fullscreen notification bypass
+ * CVE-2022-45405 (bmo#1791314)
+ Use-after-free in InputStream implementation
+ * CVE-2022-45406 (bmo#1791975)
+ Use-after-free of a JavaScript Realm
+ * CVE-2022-45407 (bmo#1793314)
+ Loading fonts on workers was not thread-safe
+ * CVE-2022-45408 (bmo#1793829)
+ Fullscreen notification bypass via windowName
+ * CVE-2022-45409 (bmo#1796901)
+ Use-after-free in Garbage Collection
+ * CVE-2022-45410 (bmo#1658869)
+ ServiceWorker-intercepted requests bypassed SameSite cookie policy
+ * CVE-2022-45411 (bmo#1790311)
+ Cross-Site Tracing was possible via non-standard override headers
+ * CVE-2022-45412 (bmo#1791029)
+ Symlinks may resolve to partially uninitialized buffers
+ * CVE-2022-45413 (bmo#1791201)
+ SameSite=Strict cookies could have been sent cross-site via
+ intent URLs
+ * CVE-2022-40674 (bmo#1791598)
+ Use-after-free vulnerability in expat
+ * CVE-2022-45415 (bmo#1793551)
+ Downloaded file may have been saved with malicious extension
+ * CVE-2022-45416 (bmo#1793676)
+ Keystroke Side-Channel Leakage
+ * CVE-2022-45417 (bmo#1794508)
+ Service Workers in Private Browsing Mode may have been
+ written to disk
+ * CVE-2022-45418 (bmo#1795815)
+ Custom mouse cursor could have been drawn over browser UI
+ * CVE-2022-45419 (bmo#1716082)
+ Deleting a security exception did not take effect immediately
+ * CVE-2022-45420 (bmo#1792643)
+ Iframe contents could be rendered outside the iframe
+ * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
+ Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
+- requires
+ * NSS >= 3.84
+ * rust = 1.64
+
+-------------------------------------------------------------------
Sat Nov 5 13:16:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
-- Mozilla Firefox 106.0.5:
+- Mozilla Firefox 106.0.5
* Addresses a crash experienced by users with Intel Gemini Lake
CPUs (bmo#1702019)
-- Mozilla Firefox 106.0.4:
+- Mozilla Firefox 106.0.4
* Fixed an issue with DRM Video playback (bmo#1797292)
* Fixed broken layout of datetime input when switching
types (bmo#1797139)