Subject: CVS commit: pkgsrc/www
From: Nia Alarie
Date: 2021-12-10 15:32:07
Message id: 20211210143207.A5904FAEC@cvs.NetBSD.org
Log Message:
firefox91: Update to 91.4.0

Security Vulnerabilities fixed in Firefox ESR 91.4.0

    #CVE-2021-43536: URL leakage when navigating while executing asynchronous
    function

    #CVE-2021-43537: Heap buffer overflow when using structured clone

    #CVE-2021-43538: Missing fullscreen and pointer lock notification when
    requesting both

    #CVE-2021-43539: GC rooting failure when calling wasm instance methods

    #CVE-2021-43541: External protocol handler parameters were unescaped

    #CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
    of an external protocol handler

    #CVE-2021-43543: Bypass of CSP sandbox directive when embedding

    #CVE-2021-43545: Denial of Service when using the Location API in a loop

    #CVE-2021-43546: Cursor spoofing could overlay user interface when native
    cursor is zoomed

    #MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Files:
RevisionActionfile
1.10modifypkgsrc/www/firefox91/Makefile
1.7modifypkgsrc/www/firefox91/distinfo
1.5modifypkgsrc/www/firefox91-l10n/Makefile
1.7modifypkgsrc/www/firefox91-l10n/distinfo