1 -------------------------------------------------------------------

     2 Mon Aug  9 14:55:22 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>

     3 

     4 - Mozilla Firefox 91.0

     5   MFSA 2021-33 (bsc#1188891)

     6   * CVE-2021-29986 (bmo#1696138)

     7     Race condition when resolving DNS names could have led to

     8     memory corruption

     9   * CVE-2021-29981 (bmo#1707774)

    10     Live range splitting could have led to conflicting

    11     assignments in the JIT

    12   * CVE-2021-29988 (bmo#1717922)

    13     Memory corruption as a result of incorrect style treatment

    14   * CVE-2021-29983 (bmo#1719088)

    15     Firefox for Android could get stuck in fullscreen mode

    16   * CVE-2021-29984 (bmo#1720031)

    17     Incorrect instruction reordering during JIT optimization

    18   * CVE-2021-29980 (bmo#1722204)

    19     Uninitialized memory in a canvas object could have led to

    20     memory corruption

    21   * CVE-2021-29987 (bmo#1716129)

    22     Users could have been tricked into accepting unwanted

    23     permissions on Linux

    24   * CVE-2021-29985 (bmo#1722083)

    25     Use-after-free media channels

    26   * CVE-2021-29982 (bmo#1715318)

    27     Single bit data leak due to incorrect JIT optimization and

    28     type confusion

    29   * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,

    30     bmo#1719998, bmo#1720568)

    31     Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13

    32   * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,

    33     bmo#1719319, bmo#1722073)

    34     Memory safety bugs fixed in Firefox 91

    35 - requires

    36   * rustc/cargo >= 1.51

    37   * NSPR >= 4.32

    38   * NSS >= 3.68

    39 - force-disable webrender on BE platforms

    40