./www/firefox91, Web browser with support for extensions (version 91ESR)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2021Q4, Version: 91.7.0, Package name: firefox91-91.7.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 91 ESR.



Package options: dbus

Master sites:

Filesize: 374153.902 KB

Version history: (Expand)


CVS history: (Expand)


   2022-03-13 19:34:40 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6598 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.14
- www/firefox91/distinfo                                        1.11

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Mar 10 16:22:47 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo

   Log message:
   firefox91: update to 91.7.0

   Security Vulnerabilities fixed in Firefox ESR 91.7

       #CVE-2022-26383: Browser window spoof using fullscreen mode

       #CVE-2022-26384: iframe allow-scripts sandbox bypass

       #CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
       signatures

       #CVE-2022-26381: Use-after-free in text reflows

       #CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
       local users
   2022-02-21 14:34:26 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6582 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.13
- www/firefox91/distinfo                                        1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon Feb 21 03:43:56 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo

   Log message:
   firefox91: update to 91.6.0

   Security Vulnerabilities fixed in Firefox ESR 91.6

       #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
       Service

       #CVE-2022-22754: Extensions could have bypassed permission confirmation
       during update

       #CVE-2022-22756: Drag and dropping an image could have resulted in the
       dropped object being an executable

       #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
       appended elements

       #CVE-2022-22760: Cross-Origin responses could be distinguished between
       script and non-script content-types

       #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
       enforced for framed extension pages

       #CVE-2022-22763: Script Execution during invalid object state

       #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
   2022-02-20 11:20:22 by Benny Siegert | Files touched by this commit (3)
Log message:
Pullup ticket #6580 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.12
- www/firefox91/distinfo                                        1.9
- \ 
www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h \ 
1.2

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Wed Jan 26 13:38:07 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91/patches:
   	    patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h

   Log message:
   firefox91: Update to 91.5.0

   Changelog:
   Security fixes:
   #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
   #CVE-2022-22743: Browser window spoof using fullscreen mode
   #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
   #CVE-2022-22741: Browser window spoof using fullscreen mode
   #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
   #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
   #CVE-2022-22737: Race condition when playing audio files
   #CVE-2021-4140: Iframe sandbox bypass with XSLT
   #CVE-2022-22748: Spoofed origin on external protocol launch dialog
   #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
    event
   #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
   #CVE-2022-22747: Crash when handling empty pkcs7 sequence
   #CVE-2022-22739: Missing throttling on external protocol launch dialog
   #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5