![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / firefox102
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Tue May 16 16:28:36 2023 UTC (3 weeks, 3 days ago) by bsiegert
Branch: pkgsrc-2023Q1
Changes since 1.16.2.1: +2 -2
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Pullup ticket #6760 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.11
- www/firefox102-l10n/distinfo 1.10
- www/firefox102/Makefile 1.20
- www/firefox102/distinfo 1.12
---
Module Name: pkgsrc
Committed By: nia
Date: Sun May 14 19:50:11 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: update to 102.11
Security Vulnerabilities fixed in Firefox ESR 102.11
#CVE-2023-32205: Browser prompts could have been obscured by popups
#CVE-2023-32206: Crash in RLBox Expat driver
#CVE-2023-32207: Potential permissions request bypass via clickjacking
#CVE-2023-32211: Content process crash due to invalid wasm code
#CVE-2023-32212: Potential spoof due to obscured address bar
#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
#CVE-2023-32214: Potential DoS via exposed protocol handlers
Revision 1.20 / (download) - annotate - [select for diffs], Sun May 14 19:50:11 2023 UTC (3 weeks, 5 days ago) by nia
Branch: MAIN
CVS Tags: HEAD
Changes since 1.19: +2 -3
lines
Diff to previous 1.19 (colored)
firefox102: update to 102.11
Security Vulnerabilities fixed in Firefox ESR 102.11
#CVE-2023-32205: Browser prompts could have been obscured by popups
#CVE-2023-32206: Crash in RLBox Expat driver
#CVE-2023-32207: Potential permissions request bypass via clickjacking
#CVE-2023-32211: Content process crash due to invalid wasm code
#CVE-2023-32212: Potential spoof due to obscured address bar
#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
#CVE-2023-32214: Potential DoS via exposed protocol handlers
Revision 1.19 / (download) - annotate - [select for diffs], Sat May 6 19:09:50 2023 UTC (4 weeks, 6 days ago) by ryoon
Branch: MAIN
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
*: Recursive revbump from audio/libopus 1.4
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Sat Apr 22 15:06:23 2023 UTC (6 weeks, 6 days ago) by bsiegert
Branch: pkgsrc-2023Q1
Changes since 1.16: +2 -3
lines
Diff to previous 1.16 (colored)
Pullup ticket #6754 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.10
- www/firefox102-l10n/distinfo 1.9
- www/firefox102/Makefile 1.17
- www/firefox102/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 14 08:53:12 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: Update to 102.10.0
Security Vulnerabilities fixed in Firefox ESR 102.10
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector
compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
File Download
#CVE-2023-29541: Files with malicious extensions could have been downloaded
unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-1945: Memory Corruption in Safe Browsing Code
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR
102.10
Revision 1.18 / (download) - annotate - [select for diffs], Wed Apr 19 08:11:46 2023 UTC (7 weeks, 2 days ago) by adam
Branch: MAIN
Changes since 1.17: +2 -1
lines
Diff to previous 1.17 (colored)
revbump after textproc/icu update
Revision 1.17 / (download) - annotate - [select for diffs], Fri Apr 14 08:53:12 2023 UTC (8 weeks ago) by nia
Branch: MAIN
Changes since 1.16: +2 -3
lines
Diff to previous 1.16 (colored)
firefox102: Update to 102.10.0
Security Vulnerabilities fixed in Firefox ESR 102.10
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector
compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
File Download
#CVE-2023-29541: Files with malicious extensions could have been downloaded
unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-1945: Memory Corruption in Safe Browsing Code
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR
102.10
Revision 1.16 / (download) - annotate - [select for diffs], Sun Jan 29 21:18:03 2023 UTC (4 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base
Branch point for: pkgsrc-2023Q1
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored)
*: Recursive revbup from graphics/freetype2
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Thu Jan 26 19:58:25 2023 UTC (4 months, 1 week ago) by bsiegert
Branch: pkgsrc-2022Q4
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
Pullup ticket #6725 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.9
- www/firefox102-l10n/distinfo 1.8
- www/firefox102/Makefile 1.15
- www/firefox102/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jan 24 17:59:28 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: Update to 102.7.0
Security Vulnerabilities fixed in Firefox ESR 102.7
#CVE-2022-46871: libusrsctp library out of date
#CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
#CVE-2023-23599: Malicious command could be hidden in devtools output on
Windows
#CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
triggers navigation
#CVE-2023-23602: Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
#CVE-2022-46877: Fullscreen notification bypass
#CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
#CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
102.7
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jan 24 17:59:27 2023 UTC (4 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.14: +2 -3
lines
Diff to previous 1.14 (colored)
firefox102: Update to 102.7.0
Security Vulnerabilities fixed in Firefox ESR 102.7
#CVE-2022-46871: libusrsctp library out of date
#CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
#CVE-2023-23599: Malicious command could be hidden in devtools output on
Windows
#CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
triggers navigation
#CVE-2023-23602: Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
#CVE-2022-46877: Fullscreen notification bypass
#CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content
Security Policy via format directive
#CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
102.7
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jan 3 17:38:23 2023 UTC (5 months ago) by wiz
Branch: MAIN
Changes since 1.13: +2 -1
lines
Diff to previous 1.13 (colored)
*: recursive bump for tiff shlib major bump
Revision 1.13 / (download) - annotate - [select for diffs], Sat Dec 24 15:47:54 2022 UTC (5 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base
Branch point for: pkgsrc-2022Q4
Changes since 1.12: +2 -3
lines
Diff to previous 1.12 (colored)
firefox102: update to 102.6.0
Security Vulnerabilities fixed in Firefox ESR 102.6
#CVE-2022-46880: Use-after-free in WebGL
#CVE-2022-46872: Arbitrary file read from a compromised content process
#CVE-2022-46881: Memory corruption in WebGL
#CVE-2022-46874: Drag and Dropped Filenames could have been truncated to
malicious extensions
#CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc
files on Mac OS
#CVE-2022-46882: Use-after-free in WebGL
#CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR
102.6
Revision 1.12 / (download) - annotate - [select for diffs], Wed Dec 21 10:10:37 2022 UTC (5 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
firefox102: Disable service worker support until the root cause of the crashes is investigated.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Dec 4 09:49:59 2022 UTC (6 months ago) by nia
Branch: MAIN
Changes since 1.10: +2 -3
lines
Diff to previous 1.10 (colored)
firefox102: Update to 102.5.0
Security Vulnerabilities fixed in Firefox ESR 102.5
#CVE-2022-45403: Service Workers might have learned size of cross-origin
media files
#CVE-2022-45404: Fullscreen notification bypass
#CVE-2022-45405: Use-after-free in InputStream implementation
#CVE-2022-45406: Use-after-free of a JavaScript Realm
#CVE-2022-45408: Fullscreen notification bypass via windowName
#CVE-2022-45409: Use-after-free in Garbage Collection
#CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie
policy
#CVE-2022-45411: Cross-Site Tracing was possible via non-standard override
headers
#CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
#CVE-2022-45416: Keystroke Side-Channel Leakage
#CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI
#CVE-2022-45420: Iframe contents could be rendered outside the iframe
#CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR
102.5
Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 23 16:21:19 2022 UTC (6 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
massive revision bump after textproc/icu update
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Thu Oct 27 06:27:40 2022 UTC (7 months, 1 week ago) by bsiegert
Branch: pkgsrc-2022Q3
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Pullup ticket #6693 - requested by nia
www/firefox102: security fix
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.6
- www/firefox102-l10n/distinfo 1.5
- www/firefox102/Makefile 1.9
- www/firefox102/distinfo 1.6
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Oct 22 15:59:27 UTC 2022
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: Update to 102.4.0
Security Vulnerabilities fixed in Firefox ESR 102.4
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR
102.4
Revision 1.9 / (download) - annotate - [select for diffs], Sat Oct 22 15:59:26 2022 UTC (7 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
firefox102: Update to 102.4.0
Security Vulnerabilities fixed in Firefox ESR 102.4
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR
102.4
Revision 1.8 / (download) - annotate - [select for diffs], Fri Sep 23 22:52:49 2022 UTC (8 months, 2 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base
Branch point for: pkgsrc-2022Q3
Changes since 1.7: +2 -3
lines
Diff to previous 1.7 (colored)
firefox102: update to 102.3.0
Security Vulnerabilities fixed in Firefox ESR 102.3
#CVE-2022-3266: Out of bounds read when decoding H264
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with
__Host and __Secure prefix
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR
102.3
Revision 1.7 / (download) - annotate - [select for diffs], Sun Sep 11 12:52:09 2022 UTC (8 months, 4 weeks ago) by wiz
Branch: MAIN
Changes since 1.6: +2 -1
lines
Diff to previous 1.6 (colored)
*: bump PKGREVISION for flac shlib bump
Revision 1.6 / (download) - annotate - [select for diffs], Tue Sep 6 09:16:42 2022 UTC (9 months ago) by nia
Branch: MAIN
Changes since 1.5: +2 -3
lines
Diff to previous 1.5 (colored)
firefox102: Update to 102.2.0
Mozilla Foundation Security Advisory 2022-34
Security Vulnerabilities fixed in Firefox ESR 102.2
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW
#CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR
102.2
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 11 05:09:22 2022 UTC (9 months, 4 weeks ago) by gutteridge
Branch: MAIN
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
Bump all dependent packages of wayland (belatedly) The package changed with the addition of its libepoll-shim dependency. Otherwise, we can get: ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Aug 7 18:08:08 2022 UTC (10 months ago) by nia
Branch: MAIN
Changes since 1.3: +8 -1
lines
Diff to previous 1.3 (colored)
firefox102: Sync fixes with www/firefox
Revision 1.3 / (download) - annotate - [select for diffs], Fri Aug 5 08:41:25 2022 UTC (10 months ago) by nia
Branch: MAIN
Changes since 1.2: +2 -3
lines
Diff to previous 1.2 (colored)
firefox102: update to 102.1.0
Security Vulnerabilities fixed in Firefox ESR 102.1
#CVE-2022-36319: Mouse Position spoofing with CSS transforms
#CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
#CVE-2022-36314: Opening local <code>.lnk</code> files could cause
unexpected network loads
#CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jul 25 01:01:54 2022 UTC (10 months, 2 weeks ago) by tnn
Branch: MAIN
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
*: revbump for ffmpeg5
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jul 21 23:56:38 2022 UTC (10 months, 2 weeks ago) by nia
Branch: MAIN
Add a package for Firefox 102 ESR