pkgsrc.se | The NetBSD package collection

Next | Query returned 16 messages, browsing 1 to 10 | Previous

CVS Commit History:

2023-11-23 15:23:56 by Ryo ONODERA | Files touched by this commit (2)

Log message:
firefox102-l10n: Update to 102.15.1

* Sync with www/firefox102-102.15.1.

2023-09-10 16:42:29 by Nia Alarie | Files touched by this commit (8)

Log message:
firefox102: Update to 102.15.0

Add some fixes from www/firefox, thanks a lot tnn@.

Security Vulnerabilities fixed in Firefox ESR 102.15

    #CVE-2023-4573: Memory corruption in IPC CanvasTranslator

    #CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback

    #CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback

    #CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation

    #CVE-2023-4581: XLL file extensions were downloadable without warnings

    #CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
    Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2

2023-08-08 17:46:58 by Nia Alarie | Files touched by this commit (4)

Log message:
firefox102: Update to 102.14.0

Security Vulnerabilities fixed in Firefox ESR 102.14

    #CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin
    restrictions

    #CVE-2023-4046: Incorrect value used during WASM compilation

    #CVE-2023-4047: Potential permissions request bypass via clickjacking

    #CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions

    #CVE-2023-4049: Fix potential race conditions when releasing platform
    objects

    #CVE-2023-4050: Stack buffer overflow in StorageManager

    #CVE-2023-4054: Lack of warning when opening appref-ms files

    #CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state

    #CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
    Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

2023-07-07 22:47:53 by Nia Alarie | Files touched by this commit (4) | Package updated

Log message:
firefox102: update to 102.13.0

Security Vulnerabilities fixed in Firefox ESR 102.13

    #CVE-2023-37201: Use-after-free in WebRTC certificate generation

    #CVE-2023-37202: Potential use-after-free from compartment mismatch in
    SpiderMonkey

    #CVE-2023-37207: Fullscreen notification obscured

    #CVE-2023-37208: Lack of warning when opening Diagcab files

    #CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR
    102.13, and Thunderbird 102.13

2023-06-25 18:07:08 by Nia Alarie | Files touched by this commit (4) | Package updated

Log message:
firefox102: update to 102.12

Security Vulnerabilities fixed in Firefox ESR 102.12

    #CVE-2023-34414: Click-jacking certificate exceptions through rendering lag

    #CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR
    102.12

2023-05-14 21:50:11 by Nia Alarie | Files touched by this commit (4) | Package updated

Log message:
firefox102: update to 102.11

Security Vulnerabilities fixed in Firefox ESR 102.11

    #CVE-2023-32205: Browser prompts could have been obscured by popups

    #CVE-2023-32206: Crash in RLBox Expat driver

    #CVE-2023-32207: Potential permissions request bypass via clickjacking

    #CVE-2023-32211: Content process crash due to invalid wasm code

    #CVE-2023-32212: Potential spoof due to obscured address bar

    #CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()

    #CVE-2023-32214: Potential DoS via exposed protocol handlers

2023-04-14 10:53:12 by Nia Alarie | Files touched by this commit (4)

Log message:
firefox102: Update to 102.10.0

Security Vulnerabilities fixed in Firefox ESR 102.10

    #CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
    #CVE-2023-29533: Fullscreen notification obscured
    #CVE-2023-29535: Potential Memory Corruption following Garbage Collector
    compaction
    #CVE-2023-29536: Invalid free from JavaScript code
    #CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
    File Download
    #CVE-2023-29541: Files with malicious extensions could have been downloaded
    unsafely on Linux
    #CVE-2023-29542: Bypass of file download extension restrictions
    #CVE-2023-1945: Memory Corruption in Safe Browsing Code
    #CVE-2023-29548: Incorrect optimization result on ARM64
    #CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR
    102.10

2023-01-24 18:59:28 by Nia Alarie | Files touched by this commit (4)

Log message:
firefox102: Update to 102.7.0

Security Vulnerabilities fixed in Firefox ESR 102.7

    #CVE-2022-46871: libusrsctp library out of date

    #CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux

    #CVE-2023-23599: Malicious command could be hidden in devtools output on
    Windows

    #CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
    triggers navigation

    #CVE-2023-23602: Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers

    #CVE-2022-46877: Fullscreen notification bypass

    #CVE-2023-23603: Calls to <code>console.log</code> allowed \ 
bypasing Content
    Security Policy via format directive

    #CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
    102.7

2022-12-24 16:47:54 by Nia Alarie | Files touched by this commit (5) | Package updated

Log message:
firefox102: update to 102.6.0

Security Vulnerabilities fixed in Firefox ESR 102.6

    #CVE-2022-46880: Use-after-free in WebGL

    #CVE-2022-46872: Arbitrary file read from a compromised content process

    #CVE-2022-46881: Memory corruption in WebGL

    #CVE-2022-46874: Drag and Dropped Filenames could have been truncated to
    malicious extensions

    #CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS

    #CVE-2022-46882: Use-after-free in WebGL

    #CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR
    102.6

2022-12-04 10:50:00 by Nia Alarie | Files touched by this commit (4)

Log message:
firefox102: Update to 102.5.0

Security Vulnerabilities fixed in Firefox ESR 102.5

    #CVE-2022-45403: Service Workers might have learned size of cross-origin
    media files

    #CVE-2022-45404: Fullscreen notification bypass

    #CVE-2022-45405: Use-after-free in InputStream implementation

    #CVE-2022-45406: Use-after-free of a JavaScript Realm

    #CVE-2022-45408: Fullscreen notification bypass via windowName

    #CVE-2022-45409: Use-after-free in Garbage Collection

    #CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie
    policy

    #CVE-2022-45411: Cross-Site Tracing was possible via non-standard override
    headers

    #CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers

    #CVE-2022-45416: Keystroke Side-Channel Leakage

    #CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI

    #CVE-2022-45420: Iframe contents could be rendered outside the iframe

    #CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR
    102.5

Next | Query returned 16 messages, browsing 1 to 10 | Previous