Subject: CVS commit: [pkgsrc-2021Q3] pkgsrc/www
From: Thomas Merkel
Date: 2021-12-14 18:44:44
Message id: 20211214174444.EE3AEFAEC@cvs.NetBSD.org
Log Message:
Pullup ticket #6552 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91-l10n/Makefile                                   1.5
- www/firefox91-l10n/distinfo                                   1.7
- www/firefox91/Makefile                                        1.10
- www/firefox91/distinfo                                        1.7

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Fri Dec 10 14:32:07 UTC 2021

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91-l10n: Makefile distinfo

   Log Message:
   firefox91: Update to 91.4.0

   Security Vulnerabilities fixed in Firefox ESR 91.4.0

       #CVE-2021-43536: URL leakage when navigating while executing asynchronous
       function

       #CVE-2021-43537: Heap buffer overflow when using structured clone

       #CVE-2021-43538: Missing fullscreen and pointer lock notification when
       requesting both

       #CVE-2021-43539: GC rooting failure when calling wasm instance methods

       #CVE-2021-43541: External protocol handler parameters were unescaped

       #CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence
       of an external protocol handler

       #CVE-2021-43543: Bypass of CSP sandbox directive when embedding

       #CVE-2021-43545: Denial of Service when using the Location API in a loop

       #CVE-2021-43546: Cursor spoofing could overlay user interface when native
       cursor is zoomed

       #MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Files:
RevisionActionfile
1.5.2.3modifypkgsrc/www/firefox91/Makefile
1.2.2.3modifypkgsrc/www/firefox91/distinfo
1.2.2.3modifypkgsrc/www/firefox91-l10n/Makefile
1.2.2.3modifypkgsrc/www/firefox91-l10n/distinfo