Subject: CVS commit: [pkgsrc-2021Q4] pkgsrc/www/firefox91
From: Benny Siegert
Date: 2022-02-21 14:34:26
Message id: 20220221133426.F3D87FB24@cvs.NetBSD.org

Log Message:
Pullup ticket #6582 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.13
- www/firefox91/distinfo                                        1.10

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon Feb 21 03:43:56 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo

   Log Message:
   firefox91: update to 91.6.0

   Security Vulnerabilities fixed in Firefox ESR 91.6

       #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
       Service

       #CVE-2022-22754: Extensions could have bypassed permission confirmation
       during update

       #CVE-2022-22756: Drag and dropping an image could have resulted in the
       dropped object being an executable

       #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
       appended elements

       #CVE-2022-22760: Cross-Origin responses could be distinguished between
       script and non-script content-types

       #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
       enforced for framed extension pages

       #CVE-2022-22763: Script Execution during invalid object state

       #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6

Files:
RevisionActionfile
1.11.2.2modifypkgsrc/www/firefox91/Makefile
1.8.2.2modifypkgsrc/www/firefox91/distinfo