|
1 ------------------------------------------------------------------- |
|
2 Fri Jun 10 20:45:37 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
|
3 |
|
4 - Mozilla Firefox 101.0.1: |
|
5 * Fixed context menus not appearing when right-clicking |
|
6 Picture-in-Picture windows on some Linux systems (bmo#1771914) |
|
7 * Various stability fixes |
|
8 |
|
9 ------------------------------------------------------------------- |
|
10 Sun May 29 08:02:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
11 |
|
12 - Mozilla Firefox 101.0 |
|
13 * Reading is now easier with the prefers-contrast media query, |
|
14 which allows sites to detect if the user has requested that web |
|
15 content is presented with a higher (or lower) contrast |
|
16 * All non-configured MIME types can now be assigned a custom |
|
17 action upon download completion |
|
18 * allows users to use as many microphones as you want, at the |
|
19 same time, during video conferencing. The most exciting benefit |
|
20 is that you can easily switch your microphones at any time |
|
21 (if your conferencing service provider enables this flexibility) |
|
22 MFSA 2022-20 (bsc#1200027) |
|
23 * CVE-2022-31736 (bmo#1735923) |
|
24 Cross-Origin resource's length leaked |
|
25 * CVE-2022-31737 (bmo#1743767) |
|
26 Heap buffer overflow in WebGL |
|
27 * CVE-2022-31738 (bmo#1756388) |
|
28 Browser window spoof using fullscreen mode |
|
29 * CVE-2022-31739 (bmo#1765049) |
|
30 Attacker-influenced path traversal when saving downloaded files |
|
31 * CVE-2022-31740 (bmo#1766806) |
|
32 Register allocation problem in WASM on arm64 |
|
33 * CVE-2022-31741 (bmo#1767590) |
|
34 Uninitialized variable leads to invalid memory read |
|
35 * CVE-2022-31742 (bmo#1730434) |
|
36 Querying a WebAuthn token with a large number of allowCredential |
|
37 entries may have leaked cross-origin information |
|
38 * CVE-2022-31743 (bmo#1747388) |
|
39 HTML Parsing incorrectly ended HTML comments prematurely |
|
40 * CVE-2022-31744 (bmo#1757604) |
|
41 CSP bypass enabling stylesheet injection |
|
42 * CVE-2022-31745 (bmo#1760944) |
|
43 Incorrect Assertion caused by unoptimized array shift operations |
|
44 * CVE-2022-1919 (bmo#1761275) |
|
45 Memory Corruption when manipulating webp images |
|
46 * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283, |
|
47 bmo#1767365, bmo#1768559, bmo#1768734) |
|
48 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 |
|
49 * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469, |
|
50 bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973, |
|
51 bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869) |
|
52 Memory safety bugs fixed in Firefox 101 |
|
53 - requires |
|
54 * NSS 3.78.1 |
|
55 * rust-cbindgen 0.23.0 |
|
56 * rust 1.59 |
|
57 |
|
58 ------------------------------------------------------------------- |
|
59 Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
60 |
|
61 - Mozilla Firefox 100.0.2 |
|
62 MFSA 2022-19 (bsc#1199768) |
|
63 * CVE-2022-1802 (bmo#1770137) |
|
64 Prototype pollution in Top-Level Await implementation |
|
65 * CVE-2022-1529 (bmo#1770048) |
|
66 Untrusted input used in JavaScript object indexing, leading |
|
67 to prototype pollution |
|
68 |
|
69 ------------------------------------------------------------------- |
|
70 Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
|
71 |
|
72 - Mozilla Firefox 100.0.1: |
|
73 * Fixed: Fixed an issue with subtitles in Picture-in-Picture |
|
74 mode while using Netflix (bmo#1768818) |
|
75 * Fixed: Fixed an issue where some commands were unavailable in |
|
76 the Picture-in-Picture window (bmo#1768201) |
|
77 |
|
78 ------------------------------------------------------------------- |
|
79 Sun May 1 21:31:01 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
80 |
|
81 - Mozilla Firefox 100.0 |
|
82 * subtitle support in PiP |
|
83 * spell checking supports multiple languages in parallel |
|
84 * more details here |
|
85 https://www.mozilla.org/en-US/firefox/100.0/releasenotes |
|
86 MFSA 2022-16 (boo#1198970) |
|
87 * CVE-2022-29914 (bmo#1746448) |
|
88 Fullscreen notification bypass using popups |
|
89 * CVE-2022-29909 (bmo#1755081) |
|
90 Bypassing permission prompt in nested browsing contexts |
|
91 * CVE-2022-29916 (bmo#1760674) |
|
92 Leaking browser history with CSS variables |
|
93 * CVE-2022-29911 (bmo#1761981) |
|
94 iframe Sandbox bypass |
|
95 * CVE-2022-29912 (bmo#1692655) |
|
96 Reader mode bypassed SameSite cookies |
|
97 * CVE-2022-29910 (bmo#1757138) |
|
98 Firefox for Android forgot HTTP Strict Transport Security |
|
99 settings |
|
100 * CVE-2022-29915 (bmo#1751678) |
|
101 Leaking cross-origin redirect through the Performance API |
|
102 * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298, |
|
103 bmo#1762614, bmo#1762620, bmo#1764778) |
|
104 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 |
|
105 * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535, |
|
106 bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477, |
|
107 bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771) |
|
108 Memory safety bugs fixed in Firefox 100 |
|
109 - requires NSS 3.77 |
|
110 |
1 ------------------------------------------------------------------- |
111 ------------------------------------------------------------------- |
2 Tue Apr 12 19:30:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
112 Tue Apr 12 19:30:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
3 |
113 |
4 - Mozilla Firefox 99.0.1 |
114 - Mozilla Firefox 99.0.1 |
5 * Fixed an issue with text rendering in Bengali (bmo#1763368) |
115 * Fixed an issue with text rendering in Bengali (bmo#1763368) |