|
1 ------------------------------------------------------------------- |
|
2 Tue Jan 9 20:36:26 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de> |
|
3 |
|
4 - Mozilla Firefox 121.0.1 |
|
5 * Fixed unexpected line wrapping in some CJK contexts caused by |
|
6 changes in ideographic space handling. bmo#1870973) |
|
7 * Fixed a hang when loading sites containing column-based |
|
8 layouts under some circumstances. bmo#1867784) |
|
9 * Fixed missing rounded corners for videos playing over another |
|
10 video. bmo#1869994) |
|
11 * Fixed Firefox not closing properly and other applications being |
|
12 unable to use a USB security key after being previously used |
|
13 during a Firefox session. bmo#1863135) |
|
14 |
|
15 ------------------------------------------------------------------- |
|
16 Wed Dec 20 12:59:57 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
17 |
|
18 - Mozilla Firefox 121.0 |
|
19 https://www.mozilla.org/en-US/firefox/121.0/releasenotes |
|
20 MFSA 2023-56 (bsc#1217974) |
|
21 * CVE-2023-6856 (bmo#1843782) |
|
22 Heap-buffer-overflow affecting WebGL DrawElementsInstanced |
|
23 method with Mesa VM driver |
|
24 * CVE-2023-6135 (bmo#1853908) |
|
25 NSS susceptible to "Minerva" attack |
|
26 * CVE-2023-6865 (bmo#1864123) |
|
27 Potential exposure of uninitialized data in EncryptingOutputStream |
|
28 * CVE-2023-6857 (bmo#1796023) |
|
29 Symlinks may resolve to smaller than expected buffers |
|
30 * CVE-2023-6858 (bmo#1826791) |
|
31 Heap buffer overflow in nsTextFragment |
|
32 * CVE-2023-6859 (bmo#1840144) |
|
33 Use-after-free in PR_GetIdentitiesLayer |
|
34 * CVE-2023-6866 (bmo#1849037) |
|
35 TypedArrays lack sufficient exception handling |
|
36 * CVE-2023-6860 (bmo#1854669) |
|
37 Potential sandbox escape due to VideoBridge lack of texture |
|
38 validation |
|
39 * CVE-2023-6867 (bmo#1863863) |
|
40 Clickjacking permission prompts using the popup transition |
|
41 * CVE-2023-6861 (bmo#1864118) |
|
42 Heap buffer overflow affected nsWindow::PickerOpen(void) in |
|
43 headless mode |
|
44 * CVE-2023-6868 (bmo#1865488) |
|
45 WebPush requests on Firefox for Android did not require VAPID key |
|
46 * CVE-2023-6869 (bmo#1799036) |
|
47 Content can paint outside of sandboxed iframe |
|
48 * CVE-2023-6870 (bmo#1823316) |
|
49 Android Toast notifications may obscure fullscreen event |
|
50 notifications |
|
51 * CVE-2023-6871 (bmo#1828334) |
|
52 Lack of protocol handler warning in some instances |
|
53 * CVE-2023-6872 (bmo#1849186) |
|
54 Browsing history leaked to syslogs via GNOME |
|
55 * CVE-2023-6863 (bmo#1868901) |
|
56 Undefined behavior in ShutdownObserver() |
|
57 * CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328, bmo#1856090, |
|
58 bmo#1858033, bmo#1858509, bmo#1862777, bmo#1864015) |
|
59 Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, |
|
60 and Thunderbird 115.6 |
|
61 * CVE-2023-6873 (bmo#1855327, bmo#1862089, bmo#1862723) |
|
62 Memory safety bugs fixed in Firefox 121 |
|
63 - requires NSS 3.95 |
|
64 |
1 ------------------------------------------------------------------- |
65 ------------------------------------------------------------------- |
2 Fri Dec 8 15:55:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de> |
66 Fri Dec 8 15:55:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de> |
3 |
67 |
4 - Mozilla Firefox 120.0.1 (boo#1217910) |
68 - Mozilla Firefox 120.0.1 (boo#1217910) |
5 * Fixed a bug that was causing persistent startup slowdowns |
69 * Fixed a bug that was causing persistent startup slowdowns |