diff -r 56ecd2ae6e61 -r 90e3d0cf8567 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun May 01 18:18:56 2022 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Jun 12 16:05:04 2022 +0200 @@ -1,4 +1,114 @@ ------------------------------------------------------------------- +Fri Jun 10 20:45:37 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 101.0.1: + * Fixed context menus not appearing when right-clicking + Picture-in-Picture windows on some Linux systems (bmo#1771914) + * Various stability fixes + +------------------------------------------------------------------- +Sun May 29 08:02:45 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 101.0 + * Reading is now easier with the prefers-contrast media query, + which allows sites to detect if the user has requested that web + content is presented with a higher (or lower) contrast + * All non-configured MIME types can now be assigned a custom + action upon download completion + * allows users to use as many microphones as you want, at the + same time, during video conferencing. The most exciting benefit + is that you can easily switch your microphones at any time + (if your conferencing service provider enables this flexibility) + MFSA 2022-20 (bsc#1200027) + * CVE-2022-31736 (bmo#1735923) + Cross-Origin resource's length leaked + * CVE-2022-31737 (bmo#1743767) + Heap buffer overflow in WebGL + * CVE-2022-31738 (bmo#1756388) + Browser window spoof using fullscreen mode + * CVE-2022-31739 (bmo#1765049) + Attacker-influenced path traversal when saving downloaded files + * CVE-2022-31740 (bmo#1766806) + Register allocation problem in WASM on arm64 + * CVE-2022-31741 (bmo#1767590) + Uninitialized variable leads to invalid memory read + * CVE-2022-31742 (bmo#1730434) + Querying a WebAuthn token with a large number of allowCredential + entries may have leaked cross-origin information + * CVE-2022-31743 (bmo#1747388) + HTML Parsing incorrectly ended HTML comments prematurely + * CVE-2022-31744 (bmo#1757604) + CSP bypass enabling stylesheet injection + * CVE-2022-31745 (bmo#1760944) + Incorrect Assertion caused by unoptimized array shift operations + * CVE-2022-1919 (bmo#1761275) + Memory Corruption when manipulating webp images + * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283, + bmo#1767365, bmo#1768559, bmo#1768734) + Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 + * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469, + bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973, + bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869) + Memory safety bugs fixed in Firefox 101 +- requires + * NSS 3.78.1 + * rust-cbindgen 0.23.0 + * rust 1.59 + +------------------------------------------------------------------- +Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 100.0.2 + MFSA 2022-19 (bsc#1199768) + * CVE-2022-1802 (bmo#1770137) + Prototype pollution in Top-Level Await implementation + * CVE-2022-1529 (bmo#1770048) + Untrusted input used in JavaScript object indexing, leading + to prototype pollution + +------------------------------------------------------------------- +Wed May 18 20:27:49 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 100.0.1: + * Fixed: Fixed an issue with subtitles in Picture-in-Picture + mode while using Netflix (bmo#1768818) + * Fixed: Fixed an issue where some commands were unavailable in + the Picture-in-Picture window (bmo#1768201) + +------------------------------------------------------------------- +Sun May 1 21:31:01 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 100.0 + * subtitle support in PiP + * spell checking supports multiple languages in parallel + * more details here + https://www.mozilla.org/en-US/firefox/100.0/releasenotes + MFSA 2022-16 (boo#1198970) + * CVE-2022-29914 (bmo#1746448) + Fullscreen notification bypass using popups + * CVE-2022-29909 (bmo#1755081) + Bypassing permission prompt in nested browsing contexts + * CVE-2022-29916 (bmo#1760674) + Leaking browser history with CSS variables + * CVE-2022-29911 (bmo#1761981) + iframe Sandbox bypass + * CVE-2022-29912 (bmo#1692655) + Reader mode bypassed SameSite cookies + * CVE-2022-29910 (bmo#1757138) + Firefox for Android forgot HTTP Strict Transport Security + settings + * CVE-2022-29915 (bmo#1751678) + Leaking cross-origin redirect through the Performance API + * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298, + bmo#1762614, bmo#1762620, bmo#1764778) + Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 + * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535, + bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477, + bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771) + Memory safety bugs fixed in Firefox 100 +- requires NSS 3.77 + +------------------------------------------------------------------- Tue Apr 12 19:30:30 UTC 2022 - Andreas Stieger - Mozilla Firefox 99.0.1