diff -r 59c4b0a75ff4 -r c384af864671 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Oct 26 21:54:27 2021 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Dec 04 11:19:16 2021 +0100 @@ -1,4 +1,78 @@ ------------------------------------------------------------------- +Thu Dec 2 20:32:42 UTC 2021 - Andreas Stieger + +- remove x-scheme-handler/ftp from firefox.desktop boo#1193321 + +------------------------------------------------------------------- +Thu Nov 25 20:21:07 UTC 2021 - Bjørn Lie + +- Drop unused libidl-devel BuildRequires. + +------------------------------------------------------------------- +Tue Nov 23 22:00:38 UTC 2021 - Andreas Stieger + +- Mozilla Firefox 94.0.2: + * Update preference design for Firefox Suggest for improved clarity + * Resolved general instability/crashes on Linux caused by a file + descriptor leak when backgrounding tabs using WebGL + (bmo#1741997) + +------------------------------------------------------------------- +Fri Nov 5 18:02:48 UTC 2021 - Andreas Stieger + +- Mozilla Firefox 94.0.1: + * fixes for other platforms + +------------------------------------------------------------------- +Sat Oct 30 07:52:22 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 94.0 + * https://www.mozilla.org/en-US/firefox/94.0/releasenotes + MFSA 2021-48 (bsc#1192250) + * CVE-2021-38503 (bmo#1729517) + iframe sandbox rules did not apply to XSLT stylesheets + * CVE-2021-38504 (bmo#1730156) + Use-after-free in file picker dialog + * CVE-2021-38505 (bmo#1730194) + Windows 10 Cloud Clipboard may have recorded sensitive user data + * CVE-2021-38506 (bmo#1730750) + Firefox could be coaxed into going into fullscreen mode + without notification or warning + * CVE-2021-38507 (bmo#1730935) + Opportunistic Encryption in HTTP2 could be used to bypass the + Same-Origin-Policy on services hosted on other ports + * MOZ-2021-0003 (bmo#1736886) + Universal XSS in Firefox for Android via QR Code URLs + * CVE-2021-38508 (bmo#1366818) + Permission Prompt could be overlaid, resulting in user + confusion and potential spoofing + * MOZ-2021-0004 (bmo#1659155) + Web Extensions could access pre-redirect URL when their + context menu was triggered by a user + * CVE-2021-38509 (bmo#1718571) + Javascript alert box could have been spoofed onto an + arbitrary domain + * CVE-2021-38510 (bmo#1731779) + Download Protections were bypassed by .inetloc files on Mac OS + * MOZ-2021-0005 (bmo#1719203) + 'Copy Image Link' context menu action could have been abused + to see authentication tokens + * MOZ-2021-0006 (bmo#1724233) + URL Parsing may incorrectly parse internationalized domains + * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048, bmo#1735152) + Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 +- removed obsolete patches + * mozilla-bmo1602730.patch + * mozilla-bmo1725828.patch + * mozilla-bmo1729124.patch +- requires + NSS >= 3.71 + rust >= 1.53 +- fix Plasma detection (boo#1191825) +- fix Link error "undefined hidden symbol:" + https://github.com/openSUSE/firefox-maintenance/issues/37 + +------------------------------------------------------------------- Tue Oct 26 19:48:24 UTC 2021 - Wolfgang Rosenauer - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires