diff -r d76083122710 -r ba646dddffef MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Nov 15 15:11:07 2022 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Mon Dec 12 22:35:13 2022 +0100 @@ -1,10 +1,73 @@ ------------------------------------------------------------------- +Thu Dec 1 21:13:32 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 107.0.1: + * Fix an issue with accessing some sites reliably in Private + Browsing mode or Strict ETP due to anti-adblockers + (bmo#1717806) + * Fix an issue where Color Management was not available for + some users (bmo#1799391) + * Fix an issue with text overlapping in the Settings Menu for + some locales (bmo#1800379) + * Fix an issue where the DevTools UI is not accessible when an + alert dialog is displayed (bmo#1801840) + +------------------------------------------------------------------- +Tue Nov 15 14:22:26 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 107.0 + MFSA 2022-47 (bsc#1205270) + * CVE-2022-45403 (bmo#1762078) + Service Workers might have learned size of cross-origin media files + * CVE-2022-45404 (bmo#1790815) + Fullscreen notification bypass + * CVE-2022-45405 (bmo#1791314) + Use-after-free in InputStream implementation + * CVE-2022-45406 (bmo#1791975) + Use-after-free of a JavaScript Realm + * CVE-2022-45407 (bmo#1793314) + Loading fonts on workers was not thread-safe + * CVE-2022-45408 (bmo#1793829) + Fullscreen notification bypass via windowName + * CVE-2022-45409 (bmo#1796901) + Use-after-free in Garbage Collection + * CVE-2022-45410 (bmo#1658869) + ServiceWorker-intercepted requests bypassed SameSite cookie policy + * CVE-2022-45411 (bmo#1790311) + Cross-Site Tracing was possible via non-standard override headers + * CVE-2022-45412 (bmo#1791029) + Symlinks may resolve to partially uninitialized buffers + * CVE-2022-45413 (bmo#1791201) + SameSite=Strict cookies could have been sent cross-site via + intent URLs + * CVE-2022-40674 (bmo#1791598) + Use-after-free vulnerability in expat + * CVE-2022-45415 (bmo#1793551) + Downloaded file may have been saved with malicious extension + * CVE-2022-45416 (bmo#1793676) + Keystroke Side-Channel Leakage + * CVE-2022-45417 (bmo#1794508) + Service Workers in Private Browsing Mode may have been + written to disk + * CVE-2022-45418 (bmo#1795815) + Custom mouse cursor could have been drawn over browser UI + * CVE-2022-45419 (bmo#1716082) + Deleting a security exception did not take effect immediately + * CVE-2022-45420 (bmo#1792643) + Iframe contents could be rendered outside the iframe + * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) + Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 +- requires + * NSS >= 3.84 + * rust = 1.64 + +------------------------------------------------------------------- Sat Nov 5 13:16:42 UTC 2022 - Andreas Stieger -- Mozilla Firefox 106.0.5: +- Mozilla Firefox 106.0.5 * Addresses a crash experienced by users with Intel Gemini Lake CPUs (bmo#1702019) -- Mozilla Firefox 106.0.4: +- Mozilla Firefox 106.0.4 * Fixed an issue with DRM Video playback (bmo#1797292) * Fixed broken layout of datetime input when switching types (bmo#1797139)