Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #6580 - requested by nia
www/firefox91: security fix
Revisions pulled up:
- www/firefox91/Makefile 1.12
- www/firefox91/distinfo 1.9
- \
www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h \
1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Jan 26 13:38:07 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches:
patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
Log Message:
firefox91: Update to 91.5.0
Changelog:
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5