Navigation:
Browse pkgsrc
(this page)
www firefox1..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2025-02-12 07:45:45 by Ryo ONODERA | Files touched by this commit (850) |
Log message: *: Recursive revbump from audio/flac-1.5.0 |
2025-02-04 21:29:06 by Benny Siegert | Files touched by this commit (4) |  |
Log message: firefox115: update to 115.20.0 (security) Security Vulnerabilities fixed in Firefox ESR 115.20 #CVE-2025-1009: Use-after-free in XSLT Impact: high An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. #CVE-2025-1010: Use-after-free in Custom Highlight Impact: high An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. #CVE-2025-1012: Use-after-free during concurrent delazification Impact: moderate A race during concurrent delazification could have led to a use-after-free. #CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 Impact: high Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| 2025-01-07 18:17:34 by Benny Siegert | Files touched by this commit (4) | |
Log message: firefox115, firefox115-l10n: update to 115.19.0 Security Vulnerabilities fixed in Firefox ESR 115.19 #CVE-2025-0238: Use-after-free when breaking lines in text Impact: moderate Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. #CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Impact: high Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
| 2024-12-27 09:21:09 by Thomas Klausner | Files touched by this commit (1055) |
Log message: *: recursive bump for pango requiring fontconfig 2.15 |
| 2024-11-26 20:11:54 by Benny Siegert | Files touched by this commit (2) | |
Log message: firefox115: update to 115.18.0 Security Vulnerabilities fixed in Firefox ESR 115.18 #CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL Impact: high Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. #CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims Impact: moderate Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. |
| 2024-11-17 08:17:06 by Thomas Klausner | Files touched by this commit (944) |
Log message: *: recursive bump for default-on option of at-spi2-core |
| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) |
Log message: *: recursive bump for icu 76 shlib major version bump |
| 2024-11-14 00:41:15 by Thomas Klausner | Files touched by this commit (1) |
Log message: firefox115: mark as not for Python 3.13 |
New packages: