./www/firefox91, Web browser with support for extensions (version 91ESR)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 91.9.0, Package name: firefox91-91.9.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

This package provides Firefox 91 ESR.



Package options: dbus

Master sites:

Filesize: 375504.355 KB

Version history: (Expand)


CVS history: (Expand)


   2022-05-16 23:16:00 by Nia Alarie | Files touched by this commit (3) | Package updated
Log message:
firefox91: update to 91.9.0

Security Vulnerabilities fixed in Firefox ESR 91.9

    #CVE-2022-29914: Fullscreen notification bypass using popups

    #CVE-2022-29909: Bypassing permission prompt in nested browsing contexts

    #CVE-2022-29916: Leaking browser history with CSS variables

    #CVE-2022-29911: iframe Sandbox bypass

    #CVE-2022-29912: Reader mode bypassed SameSite cookies

    #CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
    91.9
   2022-05-05 10:21:34 by Nia Alarie | Files touched by this commit (5)
Log message:
firefox*: Use OPSYS_VERSION to numerically compare NetBSD versions
   2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | Package updated
Log message:
revbump for textproc/icu update
   2022-04-10 15:43:44 by Nia Alarie | Files touched by this commit (4) | Package updated
Log message:
firefox91: update to 91.8.0

Security Vulnerabilities fixed in Firefox ESR 91.8

#CVE-2022-1097: Use-after-free in NSSToken objects

#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions

#CVE-2022-1196: Use-after-free after VR Process destruction

#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument

#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen

#CVE-2022-28286: iframe contents could be rendered outside the border

#CVE-2022-24713: Denial of Service via complex regular expressions

#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
   2022-03-28 12:59:32 by Tobias Nygren | Files touched by this commit (54)
Log message:
{s,t,w}*/*: revbump(1) for libsndfile
   2022-03-10 17:22:47 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
firefox91: update to 91.7.0

Security Vulnerabilities fixed in Firefox ESR 91.7

    #CVE-2022-26383: Browser window spoof using fullscreen mode

    #CVE-2022-26384: iframe allow-scripts sandbox bypass

    #CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on
    signatures

    #CVE-2022-26381: Use-after-free in text reflows

    #CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other
    local users
   2022-02-21 04:43:56 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
firefox91: update to 91.6.0

Security Vulnerabilities fixed in Firefox ESR 91.6

    #CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance
    Service

    #CVE-2022-22754: Extensions could have bypassed permission confirmation
    during update

    #CVE-2022-22756: Drag and dropping an image could have resulted in the
    dropped object being an executable

    #CVE-2022-22759: Sandboxed iframes could have executed script if the parent
    appended elements

    #CVE-2022-22760: Cross-Origin responses could be distinguished between
    script and non-script content-types

    #CVE-2022-22761: frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages

    #CVE-2022-22763: Script Execution during invalid object state

    #CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
   2022-01-26 14:38:07 by Ryo ONODERA | Files touched by this commit (3)
Log message:
firefox91: Update to 91.5.0

Changelog:
Security fixes:
#CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
#CVE-2022-22743: Browser window spoof using fullscreen mode
#CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
#CVE-2022-22741: Browser window spoof using fullscreen mode
#CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
#CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
#CVE-2022-22737: Race condition when playing audio files
#CVE-2021-4140: Iframe sandbox bypass with XSLT
#CVE-2022-22748: Spoofed origin on external protocol launch dialog
#CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
 event
#CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
 website-controlled data, potentially leading to command injection
#CVE-2022-22747: Crash when handling empty pkcs7 sequence
#CVE-2022-22739: Missing throttling on external protocol launch dialog
#CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5