Navigation:
Browse pkgsrc
(this page) 2023-01-26 20:58:25 by Benny Siegert | Files touched by this commit (4) |  |
Log message:
Pullup ticket #6725 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.9
- www/firefox102-l10n/distinfo 1.8
- www/firefox102/Makefile 1.15
- www/firefox102/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jan 24 17:59:28 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log message:
firefox102: Update to 102.7.0
Security Vulnerabilities fixed in Firefox ESR 102.7
#CVE-2022-46871: libusrsctp library out of date
#CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
#CVE-2023-23599: Malicious command could be hidden in devtools output on
Windows
#CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
triggers navigation
#CVE-2023-23602: Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
#CVE-2022-46877: Fullscreen notification bypass
#CVE-2023-23603: Calls to <code>console.log</code> allowed \
bypasing Content
Security Policy via format directive
#CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
102.7
|
New packages: