pkgsrc.se | The NetBSD package collection

./www/firefox102, Web browser with support for extensions (version 102ESR)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2022Q4, Version: 102.7.0, Package name: firefox102-102.7.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

Note: Due to upstream's trademark policies, this package identifies as
"Nightly" rather than "Firefox" by default.

This package provides Firefox 102 Extended Support Release.

Package options: dbus, sunaudio, webrtc

Master sites:

Filesize: 468298.918 KB

Version history: (Expand)

(2023-01-27) Updated to version: firefox102-102.7.0
(2022-12-27) Package added to pkgsrc.se, version firefox102-102.6.0 (created)

CVS history: (Expand)

2023-01-26 20:58:25 by Benny Siegert | Files touched by this commit (4) | Package updated

Log message:
Pullup ticket #6725 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update

Revisions pulled up:
- www/firefox102-l10n/Makefile                                  1.9
- www/firefox102-l10n/distinfo                                  1.8
- www/firefox102/Makefile                                       1.15
- www/firefox102/distinfo                                       1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue Jan 24 17:59:28 UTC 2023

   Modified Files:
   	pkgsrc/www/firefox102: Makefile distinfo
   	pkgsrc/www/firefox102-l10n: Makefile distinfo

   Log message:
   firefox102: Update to 102.7.0

   Security Vulnerabilities fixed in Firefox ESR 102.7

       #CVE-2022-46871: libusrsctp library out of date

       #CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux

       #CVE-2023-23599: Malicious command could be hidden in devtools output on
       Windows

       #CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
       triggers navigation

       #CVE-2023-23602: Content Security Policy wasn't being correctly applied to
       WebSockets in WebWorkers

       #CVE-2022-46877: Fullscreen notification bypass

       #CVE-2023-23603: Calls to <code>console.log</code> allowed \ 
bypasing Content
       Security Policy via format directive

       #CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
       102.7