Subject: CVS commit: pkgsrc/www/firefox91
From: Nia Alarie
Date: 2021-11-03 20:19:40
Message id: 20211103191940.7F01EFAEC@cvs.NetBSD.org
Log Message:
firefox91: update to 91.3.0

Security Vulnerabilities fixed in Firefox ESR 91.3

    #CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets

    #CVE-2021-38504: Use-after-free in file picker dialog

    #CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode
    without notification or warning

    #CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
    the Same-Origin-Policy on services hosted on other ports

    #MOZ-2021-0008: Use-after-free in HTTP2 Session object

    #CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing

    #CVE-2021-38509: Javascript alert box could have been spoofed onto an
    arbitrary domain

    #CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac
    OS

    #MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Files:
RevisionActionfile
1.8modifypkgsrc/www/firefox91/Makefile
1.3modifypkgsrc/www/firefox91/PLIST
1.6modifypkgsrc/www/firefox91/distinfo
1.1addpkgsrc/www/firefox91/patches/patch-modules_fdlibm_src_math__private.h