Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox101
changeset 1174 90e3d0cf8567
parent 1173 56ecd2ae6e61
child 1175 4c6576f9cf04 
--- a/MozillaFirefox/MozillaFirefox.changes	Sun May 01 18:18:56 2022 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Sun Jun 12 16:05:04 2022 +0200
@@ -1,4 +1,114 @@
 -------------------------------------------------------------------
+Fri Jun 10 20:45:37 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 101.0.1:
+  * Fixed context menus not appearing when right-clicking
+    Picture-in-Picture windows on some Linux systems (bmo#1771914)
+  * Various stability fixes
+
+-------------------------------------------------------------------
+Sun May 29 08:02:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 101.0
+  * Reading is now easier with the prefers-contrast media query,
+    which allows sites to detect if the user has requested that web
+    content is presented with a higher (or lower) contrast
+  * All non-configured MIME types can now be assigned a custom
+    action upon download completion
+  * allows users to use as many microphones as you want, at the
+    same time, during video conferencing. The most exciting benefit
+    is that you can easily switch your microphones at any time
+    (if your conferencing service provider enables this flexibility)
+  MFSA 2022-20 (bsc#1200027)
+  * CVE-2022-31736 (bmo#1735923)
+    Cross-Origin resource's length leaked
+  * CVE-2022-31737 (bmo#1743767)
+    Heap buffer overflow in WebGL
+  * CVE-2022-31738 (bmo#1756388)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-31739 (bmo#1765049)
+    Attacker-influenced path traversal when saving downloaded files
+  * CVE-2022-31740 (bmo#1766806)
+    Register allocation problem in WASM on arm64
+  * CVE-2022-31741 (bmo#1767590)
+    Uninitialized variable leads to invalid memory read
+  * CVE-2022-31742 (bmo#1730434)
+    Querying a WebAuthn token with a large number of allowCredential
+    entries may have leaked cross-origin information
+  * CVE-2022-31743 (bmo#1747388)
+    HTML Parsing incorrectly ended HTML comments prematurely
+  * CVE-2022-31744 (bmo#1757604)
+    CSP bypass enabling stylesheet injection
+  * CVE-2022-31745 (bmo#1760944)
+    Incorrect Assertion caused by unoptimized array shift operations
+  * CVE-2022-1919 (bmo#1761275)
+    Memory Corruption when manipulating webp images
+  * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
+    bmo#1767365, bmo#1768559, bmo#1768734)
+    Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
+  * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469,
+    bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973,
+    bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869)
+    Memory safety bugs fixed in Firefox 101
+- requires
+  * NSS 3.78.1
+  * rust-cbindgen 0.23.0
+  * rust 1.59
+
+-------------------------------------------------------------------
+Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0.2
+  MFSA 2022-19 (bsc#1199768)
+  * CVE-2022-1802 (bmo#1770137)
+    Prototype pollution in Top-Level Await implementation
+  * CVE-2022-1529 (bmo#1770048)
+    Untrusted input used in JavaScript object indexing, leading
+    to prototype pollution
+
+-------------------------------------------------------------------
+Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 100.0.1:
+  * Fixed: Fixed an issue with subtitles in Picture-in-Picture
+    mode while using Netflix (bmo#1768818)
+  * Fixed: Fixed an issue where some commands were unavailable in
+    the Picture-in-Picture window (bmo#1768201)
+
+-------------------------------------------------------------------
+Sun May  1 21:31:01 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0
+  * subtitle support in PiP
+  * spell checking supports multiple languages in parallel
+  * more details here
+    https://www.mozilla.org/en-US/firefox/100.0/releasenotes
+  MFSA 2022-16 (boo#1198970)
+  * CVE-2022-29914 (bmo#1746448)
+    Fullscreen notification bypass using popups
+  * CVE-2022-29909 (bmo#1755081)
+    Bypassing permission prompt in nested browsing contexts
+  * CVE-2022-29916 (bmo#1760674)
+    Leaking browser history with CSS variables
+  * CVE-2022-29911 (bmo#1761981)
+    iframe Sandbox bypass
+  * CVE-2022-29912 (bmo#1692655)
+    Reader mode bypassed SameSite cookies
+  * CVE-2022-29910 (bmo#1757138)
+    Firefox for Android forgot HTTP Strict Transport Security
+    settings
+  * CVE-2022-29915 (bmo#1751678)
+    Leaking cross-origin redirect through the Performance API
+  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
+    bmo#1762614, bmo#1762620, bmo#1764778)
+    Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
+  * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
+    bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
+    bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
+    Memory safety bugs fixed in Firefox 100
+- requires NSS 3.77
+
+-------------------------------------------------------------------
 Tue Apr 12 19:30:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 
 - Mozilla Firefox 99.0.1
mozilla