|
1 ------------------------------------------------------------------- |
|
2 Thu Dec 1 21:13:32 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
|
3 |
|
4 - Mozilla Firefox 107.0.1: |
|
5 * Fix an issue with accessing some sites reliably in Private |
|
6 Browsing mode or Strict ETP due to anti-adblockers |
|
7 (bmo#1717806) |
|
8 * Fix an issue where Color Management was not available for |
|
9 some users (bmo#1799391) |
|
10 * Fix an issue with text overlapping in the Settings Menu for |
|
11 some locales (bmo#1800379) |
|
12 * Fix an issue where the DevTools UI is not accessible when an |
|
13 alert dialog is displayed (bmo#1801840) |
|
14 |
|
15 ------------------------------------------------------------------- |
|
16 Tue Nov 15 14:22:26 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
17 |
|
18 - Mozilla Firefox 107.0 |
|
19 MFSA 2022-47 (bsc#1205270) |
|
20 * CVE-2022-45403 (bmo#1762078) |
|
21 Service Workers might have learned size of cross-origin media files |
|
22 * CVE-2022-45404 (bmo#1790815) |
|
23 Fullscreen notification bypass |
|
24 * CVE-2022-45405 (bmo#1791314) |
|
25 Use-after-free in InputStream implementation |
|
26 * CVE-2022-45406 (bmo#1791975) |
|
27 Use-after-free of a JavaScript Realm |
|
28 * CVE-2022-45407 (bmo#1793314) |
|
29 Loading fonts on workers was not thread-safe |
|
30 * CVE-2022-45408 (bmo#1793829) |
|
31 Fullscreen notification bypass via windowName |
|
32 * CVE-2022-45409 (bmo#1796901) |
|
33 Use-after-free in Garbage Collection |
|
34 * CVE-2022-45410 (bmo#1658869) |
|
35 ServiceWorker-intercepted requests bypassed SameSite cookie policy |
|
36 * CVE-2022-45411 (bmo#1790311) |
|
37 Cross-Site Tracing was possible via non-standard override headers |
|
38 * CVE-2022-45412 (bmo#1791029) |
|
39 Symlinks may resolve to partially uninitialized buffers |
|
40 * CVE-2022-45413 (bmo#1791201) |
|
41 SameSite=Strict cookies could have been sent cross-site via |
|
42 intent URLs |
|
43 * CVE-2022-40674 (bmo#1791598) |
|
44 Use-after-free vulnerability in expat |
|
45 * CVE-2022-45415 (bmo#1793551) |
|
46 Downloaded file may have been saved with malicious extension |
|
47 * CVE-2022-45416 (bmo#1793676) |
|
48 Keystroke Side-Channel Leakage |
|
49 * CVE-2022-45417 (bmo#1794508) |
|
50 Service Workers in Private Browsing Mode may have been |
|
51 written to disk |
|
52 * CVE-2022-45418 (bmo#1795815) |
|
53 Custom mouse cursor could have been drawn over browser UI |
|
54 * CVE-2022-45419 (bmo#1716082) |
|
55 Deleting a security exception did not take effect immediately |
|
56 * CVE-2022-45420 (bmo#1792643) |
|
57 Iframe contents could be rendered outside the iframe |
|
58 * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) |
|
59 Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 |
|
60 - requires |
|
61 * NSS >= 3.84 |
|
62 * rust = 1.64 |
|
63 |
1 ------------------------------------------------------------------- |
64 ------------------------------------------------------------------- |
2 Sat Nov 5 13:16:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
65 Sat Nov 5 13:16:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
3 |
66 |
4 - Mozilla Firefox 106.0.5: |
67 - Mozilla Firefox 106.0.5 |
5 * Addresses a crash experienced by users with Intel Gemini Lake |
68 * Addresses a crash experienced by users with Intel Gemini Lake |
6 CPUs (bmo#1702019) |
69 CPUs (bmo#1702019) |
7 - Mozilla Firefox 106.0.4: |
70 - Mozilla Firefox 106.0.4 |
8 * Fixed an issue with DRM Video playback (bmo#1797292) |
71 * Fixed an issue with DRM Video playback (bmo#1797292) |
9 * Fixed broken layout of datetime input when switching |
72 * Fixed broken layout of datetime input when switching |
10 types (bmo#1797139) |
73 types (bmo#1797139) |
11 |
74 |
12 ------------------------------------------------------------------- |
75 ------------------------------------------------------------------- |