diff -r af5e283c2e5d -r 7852ceef239b MozillaFirefox/firefox-esr.changes --- a/MozillaFirefox/firefox-esr.changes Mon Sep 06 12:03:54 2021 +0200 +++ b/MozillaFirefox/firefox-esr.changes Tue Nov 02 13:21:17 2021 +0100 @@ -1,7 +1,36 @@ ------------------------------------------------------------------- +Tue Oct 5 13:16:17 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 91.2.0 ESR + MFSA 2021-45 (bsc#1191332) + * CVE-2021-38496 (bmo#1725335) + Use-after-free in MessageTask + * CVE-2021-38497 (bmo#1726621) + Validation message could have been overlaid on another origin + * CVE-2021-38498 (bmo#1729642) + Use-after-free of nsLanguageAtomService object + * CVE-2021-32810 (bmo#1729813, + bmo#https://github.com/crossbeam- + rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw) + Data race in crossbeam-deque + * CVE-2021-38500 (bmo#1725854, bmo#1728321) + Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, + and Firefox ESR 91.2 + * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) + Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 +- allow to override wayland detection by defining MOZ_ENABLE_WAYLAND + explicitely as 0 or 1 + +------------------------------------------------------------------- Fri Sep 3 11:12:18 UTC 2021 - Wolfgang Rosenauer - Mozilla Firefox 91.1.0 ESR + MFSA 2021-40 (bsc#1190269) + * CVE-2021-38492 (bmo#1721107) + Navigating to `mk:` URL scheme could load Internet Explorer + * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101, bmo#1724107) + Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and + Firefox ESR 91.1 - switched to ESR branch and renamed package accordingly - updated appdata - don't apply mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch