diff -r de5582739a05 -r 4c520ebe1ad7 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Wed Dec 20 13:57:45 2023 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 17:32:46 2024 +0100 @@ -1,4 +1,68 @@ ------------------------------------------------------------------- +Tue Jan 9 20:36:26 UTC 2024 - Andreas Stieger + +- Mozilla Firefox 121.0.1 + * Fixed unexpected line wrapping in some CJK contexts caused by + changes in ideographic space handling. bmo#1870973) + * Fixed a hang when loading sites containing column-based + layouts under some circumstances. bmo#1867784) + * Fixed missing rounded corners for videos playing over another + video. bmo#1869994) + * Fixed Firefox not closing properly and other applications being + unable to use a USB security key after being previously used + during a Firefox session. bmo#1863135) + +------------------------------------------------------------------- +Wed Dec 20 12:59:57 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Firefox 121.0 + https://www.mozilla.org/en-US/firefox/121.0/releasenotes + MFSA 2023-56 (bsc#1217974) + * CVE-2023-6856 (bmo#1843782) + Heap-buffer-overflow affecting WebGL DrawElementsInstanced + method with Mesa VM driver + * CVE-2023-6135 (bmo#1853908) + NSS susceptible to "Minerva" attack + * CVE-2023-6865 (bmo#1864123) + Potential exposure of uninitialized data in EncryptingOutputStream + * CVE-2023-6857 (bmo#1796023) + Symlinks may resolve to smaller than expected buffers + * CVE-2023-6858 (bmo#1826791) + Heap buffer overflow in nsTextFragment + * CVE-2023-6859 (bmo#1840144) + Use-after-free in PR_GetIdentitiesLayer + * CVE-2023-6866 (bmo#1849037) + TypedArrays lack sufficient exception handling + * CVE-2023-6860 (bmo#1854669) + Potential sandbox escape due to VideoBridge lack of texture + validation + * CVE-2023-6867 (bmo#1863863) + Clickjacking permission prompts using the popup transition + * CVE-2023-6861 (bmo#1864118) + Heap buffer overflow affected nsWindow::PickerOpen(void) in + headless mode + * CVE-2023-6868 (bmo#1865488) + WebPush requests on Firefox for Android did not require VAPID key + * CVE-2023-6869 (bmo#1799036) + Content can paint outside of sandboxed iframe + * CVE-2023-6870 (bmo#1823316) + Android Toast notifications may obscure fullscreen event + notifications + * CVE-2023-6871 (bmo#1828334) + Lack of protocol handler warning in some instances + * CVE-2023-6872 (bmo#1849186) + Browsing history leaked to syslogs via GNOME + * CVE-2023-6863 (bmo#1868901) + Undefined behavior in ShutdownObserver() + * CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328, bmo#1856090, + bmo#1858033, bmo#1858509, bmo#1862777, bmo#1864015) + Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, + and Thunderbird 115.6 + * CVE-2023-6873 (bmo#1855327, bmo#1862089, bmo#1862723) + Memory safety bugs fixed in Firefox 121 +- requires NSS 3.95 + +------------------------------------------------------------------- Fri Dec 8 15:55:00 UTC 2023 - Andreas Stieger - Mozilla Firefox 120.0.1 (boo#1217910)