Subject: CVS commit: [pkgsrc-2022Q1] pkgsrc/www/firefox91
From: S.P.Zeidler
Date: 2022-06-05 08:09:37
Message id: 20220605060938.05328FB19@cvs.NetBSD.org
Log Message:
Pullup ticket #6635 - requested by nia
www/firefox91: security update

Revisions pulled up:
- www/firefox91/Makefile                                        1.18
- www/firefox91/distinfo                                        1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js    1.2

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Mon May 16 21:16:00 UTC 2022

   Modified Files:
   	pkgsrc/www/firefox91: Makefile distinfo
   	pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js

   Log Message:
   firefox91: update to 91.9.0

   Security Vulnerabilities fixed in Firefox ESR 91.9

       #CVE-2022-29914: Fullscreen notification bypass using popups

       #CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

       #CVE-2022-29916: Leaking browser history with CSS variables

       #CVE-2022-29911: iframe Sandbox bypass

       #CVE-2022-29912: Reader mode bypassed SameSite cookies

       #CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
       91.9

   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
   cvs rdiff -u -r1.1 -r1.2 \
       pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
Files:
RevisionActionfile
1.15.2.2modifypkgsrc/www/firefox91/Makefile
1.11.2.2modifypkgsrc/www/firefox91/distinfo
1.1.6.1modifypkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js