Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaFirefox-branding-upstream-131.0.3-1.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: MozillaFirefox-branding-upstream Distribution: openSUSE:Factory:zSystems
Version: 131.0.3 Vendor: openSUSE
Release: 1.1 Build date: Thu Oct 17 08:18:12 2024
Group: Productivity/Networking/Web/Browsers Build host: reproducible
Size: 0 Source RPM: MozillaFirefox-131.0.3-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.mozilla.org/
Summary: Upstream branding for Firefox
This package provides upstream look and feel for Firefox.

Provides

Requires

License

MPL-2.0

Changelog

* Thu Oct 17 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 131.0.3
    * some users could not access the Bill Pay portion of their
      bank's site (bmo#1923500)
    * some VR180 and 360 videos were not properly rendering on YouTube
      (bmo#1922278)
    * Fixed a crash that Windows users with Avast or AVG security
      software were experiencing when visiting certain sites. (bmo#1919678)
    * "List all tabs" button was not able to be moved from the toolbar
      (bmo#1918681)
    NFSA 2024-53
    * CVE-2024-9936 (bmo#1920381)
      Undefined behavior in selection node cache
  - remove obsolete mozilla-rust-disable-future-incompat.patch
* Wed Oct 09 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 131.0.2
    MFSA 2024-51 (bsc#1231413)
    * CVE-2024-9680 (bmo#1923344)
      Use-after-free in Animation timeline
* Sun Sep 29 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Firefox 131.0
    https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
    MFSA 2024-46 (bsc#1230979)
    * CVE-2024-9391 (bmo#1892407)
      Prevent users from exiting full-screen mode in Firefox Focus
      for Android
    * CVE-2024-9392 (bmo#1899154, bmo#1905843)
      Compromised content process can bypass site isolation
    * CVE-2024-9393 (bmo#1918301)
      Cross-origin access to PDF contents through multipart responses
    * CVE-2024-9394 (bmo#1918874)
      Cross-origin access to JSON contents through multipart responses
    * CVE-2024-9395 (bmo#1906024)
      Specially crafted filename could be used to obscure download type
    * CVE-2024-9396 (bmo#1912471)
      Potential memory corruption may occur when cloning certain objects
    * CVE-2024-9397 (bmo#1916659)
      Potential directory upload bypass via clickjacking
    * CVE-2024-9398 (bmo#1881037)
      External protocol handlers could be enumerated via popups
    * CVE-2024-9399 (bmo#1907726)
      Specially crafted WebTransport requests could lead to denial
      of service
    * CVE-2024-9400 (bmo#1915249)
      Potential memory corruption during JIT compilation
    * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
      Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
      Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
    * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
      bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
      Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
      Thunderbird 131, and Thunderbird 128.3
    * CVE-2024-9403 (bmo#1917807)
      Memory safety bugs fixed in Firefox 131 and Thunderbird 131
  - requires NSS 3.104
  - rebased patches
* Sat Sep 21 2024 Manfred Hollstein <manfred.h@gmx.net>
  - Don't use clang18-devel on Leap as they don't have that version.
* Wed Sep 18 2024 Manfred Hollstein <manfred.h@gmx.net>
  - Firefox 130.0.1 Release
    https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes
    * Enterprise: Added an enterprise policy to disable the
    * Firefox Labs* section in *Settings*. (bmo#1911826)
    * Fixed a recent regression causing some UI elements to
      be rendered as left-to-right instead of right-to-left for
      users of our Saraiki localization. (bmo#1917175)
    * Linux: Fixed black rendering of AVIF images when
      Firefox is built with GCC. (bmo#1916038)
  - removed obsolete patches
    mozilla-bmo1916038.patch
* Sat Sep 07 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 130.0
    https://www.mozilla.org/en-US/firefox/130.0/releasenotes
    MFSA 2024-39 (bsc#1229821)
    * CVE-2024-8385 (bmo#1911909)
      WASM type confusion involving ArrayTypes
    * CVE-2024-8381 (bmo#1912715)
      Type confusion when looking up a property name in a "with" block
    * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
      bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
      bmo#1894891, bmo#1897648)
      Fullscreen notice on Android could be hidden under various
      panels and OS prompts
    * CVE-2024-8382 (bmo#1906744)
      Internal event interfaces were exposed to web content when
      browser EventHandler listener callbacks ran
    * CVE-2024-8383 (bmo#1908496)
      Firefox did not ask before openings news: links in an
      external application
    * CVE-2024-8384 (bmo#1911288)
      Garbage collection could mis-color cross-compartment objects
      in OOM conditions
    * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529)
      SelectElements could be shown over another site if popups are
      allowed
    * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009)
      Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
      and Thunderbird 128.2
    * CVE-2024-8389 (bmo#1907230, bmo#1909367)
      Memory safety bugs fixed in Firefox 130
  - requires NSS 3.103
  - removed obsolete patches
    mozilla-bmo1898476.patch
    mozilla-bmo1907511.patch
  - added mozilla-bmo1916038.patch to fix AVIF decoding (bsc#1230500)
* Fri Sep 06 2024 Marvin Friedrich <contact@marvinf.com>
  - Update dependency on clang-devel from LLVM15 to LLVM18
* Wed Sep 04 2024 pallas wept <pallaswept@proton.me>
  - Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling
* Sat Aug 24 2024 Christian Boltz <suse-beta@cboltz.de>
  - _constraints: increase RAM on s390x to fix the build
* Fri Aug 16 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 129.0.1
    * Fixed playback issues on some websites with copyrighted video
      served via digital rights management. (bmo#1911283)
    * Fixed a crash when dragging a video file onto some websites
      (bmo#1910990)
* Thu Aug 08 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 129.0
    https://www.mozilla.org/en-US/firefox/129.0/releasenotes
    MFSA 2024-33 (bsc#1228648))
    * CVE-2024-7518 (bmo#1875354)
      Fullscreen notification dialog can be obscured by document content
    * CVE-2024-7519 (bmo#1902307)
      Out of bounds memory access in graphics shared memory handling
    * CVE-2024-7520 (bmo#1903041)
      Type confusion in WebAssembly
    * CVE-2024-7521 (bmo#1904644)
      Incomplete WebAssembly exception handing
    * CVE-2024-7522 (bmo#1906727)
      Out of bounds read in editor component
    * CVE-2024-7523 (bmo#1908344)
      Document content could partially obscure security prompts
    * CVE-2024-7524 (bmo#1909241)
      CSP strict-dynamic bypass using web-compatibility shims
    * CVE-2024-7525 (bmo#1909298)
      Missing permission check when creating a StreamFilter
    * CVE-2024-7526 (bmo#1910306)
      Uninitialized memory used by WebGL
    * CVE-2024-7527 (bmo#1871303)
      Use-after-free in JavaScript garbage collection
    * CVE-2024-7528 (bmo#1895951)
      Use-after-free in IndexedDB
    * CVE-2024-7529 (bmo#1903187)
      Document content could partially obscure security prompts
    * CVE-2024-7530 (bmo#1904011)
      Use-after-free in JavaScript code coverage collection
    * CVE-2024-7531 (bmo#1905691)
      PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
      Sandy Bridge machines
  - removed obsolete patches
    mozilla-bmo1905018.patch
    mozilla-bmo1504834-part3.patch
    mozilla-bmo1512162.patch
    mozilla-bmo1822730.patch
    mozilla-fix-aarch64-libopus.patch
    mozilla-partial-revert-1768632.patch
  - requires NSS 3.102.1
  - extended mozilla-silence-no-return-type.patch
* Sun Jul 28 2024 Manfred Hollstein <manfred.h@gmx.net>
  - Firefox 128.0.3 Release
    * Fixed: Fixed an issue causing some sites to not load when
      connecting via HTTP/2. (bmo#1908161, bmo#1909666)
    * Fixed: Fixed collapsed table rows not appearing when expected
      in some situations. (bmo#1907789)
    * Fixed: Fixed the Windows on-screen keyboard potentially
      concealing the webpage when displayed. (bmo#1907766)
  - Firefox 128.0.2 Release
    * Fixed: Fixed an audio echo in video calls on macOS under
      certain conditions. (bmo#1908539)
    * Fixed: Fixed an issue where the Adguard extension popup was
      not displaying. (bmo#1906132)
    * Fixed: Fixed an issue causing some screen readers to fail to
      read when navigating by character in rich text editors. (Bug
      1905021)
    * Fixed: Fixed visual glitches when dark mode is enabled in
      Windows ARM devices. (bmo#1897444)
    * Fixed: Fixed an issue causing NTLM authentication failure.
      (bmo#1908115)
    * Fixed: Fixed an issue where content displayed on mouseover
      was not captured in a screenshot. (bmo#1905468)
    * Fixed: Various stability fixes.
  - renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
    to conform with patch structure and naming for the package
* Thu Jul 18 2024 Martin Jambor <mjambor@suse.com>
  - Add firefox-3781e3117706.patch to fix boo#1227856 aka bmo#1905018
    where an incompatible pointer assignment is not accepted in C by
    GCC 14.
* Mon Jul 08 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 128.0
    https://www.mozilla.org/en-US/firefox/128.0/releasenotes
    MFSA 2024-29 (bsc#1226316)
    * CVE-2024-6605 (bmo#1836786)
      Firefox Android missed activation delay to prevent tapjacking
    * CVE-2024-6606 (bmo#1902305)
      Out-of-bounds read in clipboard component
    * CVE-2024-6607 (bmo#1694513)
      Leaving pointerlock by pressing the escape key could be
      prevented
    * CVE-2024-6608 (bmo#1743329)
      Cursor could be moved out of the viewport using pointerlock.
    * CVE-2024-6609 (bmo#1839258)
      Memory corruption in NSS
    * CVE-2024-6610 (bmo#1883396)
      Form validation popups could block exiting full-screen mode
    * CVE-2024-6600 (bmo#1888340)
      Memory corruption in WebGL API
    * CVE-2024-6601 (bmo#1890748)
      Race condition in permission assignment
    * CVE-2024-6602 (bmo#1895032)
      Memory corruption in NSS
    * CVE-2024-6603 (bmo#1895081)
      Memory corruption in thread creation
    * CVE-2024-6611 (bmo#1844827)
      Incorrect handling of SameSite cookies
    * CVE-2024-6612 (bmo#1880374)
      CSP violation leakage when using devtools
    * CVE-2024-6613 (bmo#1900523)
      Incorrect listing of stack frames
    * CVE-2024-6614 (bmo#1902983)
      Incorrect listing of stack frames
    * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
      Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
      and Thunderbird 115.13
    * CVE-2024-6615 (bmo#1892875, bmo#1894428, bmo#1898364)
      Memory safety bugs fixed in Firefox 128
  - requires
    NSS 3.101.1
    rust >= 1.78
  - update create-tar.sh
  - add wayland upstream fixes (bmo#1907511, bmo#1898476)
    (mozilla-bmo1898476.patch and mozilla-bmo1907511.patch)
* Mon Jul 01 2024 Andrei Dziahel <develop7@develop7.info>
  - Mozilla Firefox 127.0.2
    * Fixed an issue where YouTube playback may experience stalling under
      certain conditions (bmo#1900191, bmo#1878510).
    * Fixed an issue where the Private Window icon was displayed in the taskbar
      on Windows when browser.privateWindowSeparation.enabled was
      set to false (bmo#1901840).
  - Mozilla Firefox 127.0.1
    * Fixed an issue where users with a primary password set on their profile
      could lose their previous session of tabs upon upgrading if they dismissed
      the primary password prompt (bmo#1901899).
    * Fixed an issue where Linux users with accessibility.monoaudio.enable set
      to true were experiencing slow audio speeds (bmo#1900972).
    * Fixed an issue where, in some circumstances, the Firefox installer
      on Windows failed to complete the installation (bmo#1896868).
    * Fixed an issue causing Firefox to incorrectly reject cookies
      for certain websites (bmo#1901325).
* Fri Jun 28 2024 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Fix GNOME search provider (boo#1225278)
* Tue Jun 11 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 127.0
    https://www.mozilla.org/en-US/firefox/127.0/releasenotes
    MFSA 2024-25 (bsc#1226027)
    * CVE-2024-5687 (bmo#1889066)
      An incorrect principal could have been used when opening new tabs
    * CVE-2024-5688 (bmo#1895086)
      Use-after-free in JavaScript object transplant
    * CVE-2024-5689 (bmo#1389707)
      User confusion and possible phishing vector via Firefox Screenshots
    * CVE-2024-5690 (bmo#1883693)
      External protocol handlers leaked by timing attack
    * CVE-2024-5691 (bmo#1888695)
      Sandboxed iframes were able to bypass sandbox restrictions to
      open a new window
    * CVE-2024-5692 (bmo#1837514, bmo#1891234)
      Bypass of file name restrictions during saving
    * CVE-2024-5693 (bmo#1891319)
      Cross-Origin Image leak via Offscreen Canvas
    * CVE-2024-5694 (bmo#1895055)
      Use-after-free in JavaScript Strings
    * CVE-2024-5695 (bmo#1895579)
      Memory Corruption using allocation using out-of-memory conditions
    * CVE-2024-5696 (bmo#1896555)
      Memory Corruption in Text Fragments
    * CVE-2024-5697 (bmo#1414937)
      Website was able to detect when Firefox was taking a
      screenshot of them
    * CVE-2024-5698 (bmo#1828259)
      Data-list could have overlaid address bar
    * CVE-2024-5699 (bmo#1891349)
      Cookie prefixes not treated as case-sensitive
    * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
      Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
      and Thunderbird 115.12
    * CVE-2024-5701 (bmo#1890909, bmo#1891422, bmo#1893915,
      bmo#1894047, bmo#1896024)
      Memory safety bugs fixed in Firefox 127
  - removed obsolete mozilla-bmo1886378.patch
* Wed May 29 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 126.0.1
    * Fixed an issue with reading tagged PDF documents in a screen reader
      bmo#1894849
    * Fixed not displaying localized text for non-en-US locales in the
      Crash Reporter dialog box on macOS. (bmo#1896097)
    * Fixed issues with drag-and-drop functionality on Linux. (bmo#1897115)
    * Fixed an issue causing high GPU memory usage on certain versions
      of AMD cards. (bmo#1897006)
* Tue May 28 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Backport upstream patches to fix build on aarch64 - boo#1225460
    * mozilla-bmo1886378.patch
* Wed May 15 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 126.0
    https://www.mozilla.org/en-US/firefox/126.0/releasenotes
    MFSA 2024-21 (bsc#1224056)
    * CVE-2024-4764 (bmo#1879093)
      Use-after-free when audio input connected with multiple consumers
    * CVE-2024-4367 (bmo#1893645)
      Arbitrary JavaScript execution in PDF.js
    * CVE-2024-4765 (bmo#1871109)
      Web application manifests could have been overwritten via
      hash collision
    * CVE-2024-4766 (bmo#1871214, bmo#1871217)
      Fullscreen notification could have been obscured on Firefox
      for Android
    * CVE-2024-4767 (bmo#1878577)
      IndexedDB files retained in private browsing mode
    * CVE-2024-4768 (bmo#1886082)
      Potential permissions request bypass via clickjacking
    * CVE-2024-4769 (bmo#1886108)
      Cross-origin responses could be distinguished between script
      and non-script content-types
    * CVE-2024-4770 (bmo#1893270)
      Use-after-free could occur when printing to PDF
    * CVE-2024-4771 (bmo#1893891)
      Failed allocation could lead to use-after-free
    * CVE-2024-4772 (bmo#1870579)
      Use of insecure rand() function to generate nonce
    * CVE-2024-4773 (bmo#1875248)
      URL bar could be cleared after network error
    * CVE-2024-4774 (bmo#1886598)
      Undefined behavior in ShmemCharMapHashEntry()
    * CVE-2024-4775 (bmo#1887332)
      Invalid memory access in the built-in profiler
    * CVE-2024-4776 (bmo#1887343)
      Window may remain disabled after file dialog is shown in
      full-screen
    * CVE-2024-4777 (bmo#1878199, bmo#1893340)
      Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
      and Thunderbird 115.11
    * CVE-2024-4778 (bmo#1838834, bmo#1889291, bmo#1889595,
      bmo#1890204, bmo#1891545)
      Memory safety bugs fixed in Firefox 126
  - requires NSS 3.100
  - removed obsolete mozilla-libproxy-fix.patch
* Mon Apr 29 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 125.0.3
    * Fixed: Fixed an extra blank tab with an address of
      `https://0.0.0.1` sometimes appearing when attempting to
      launch Firefox when it is already running (bmo#1892612).
    * Fixed: Fixed an issue that could cause incorrect font
      selection in some situations for users with the Japanese
      locale set (bmo#1892363).
    * Fixed: Fixed text corruption when dragging text containing
      unicode characters on Linux systems (bmo#1888202).
    * Fixed: Fixed a correctness error when checking
      `arguments.length` (and not using arguments otherwise) inside
      of a generator or async function (bmo#1892699).
    * Fixed: Fixed an issue that could lead to inconsistent focus
      handling of `<select>` elements when opened (bmo#1893177).
* Wed Apr 24 2024 Manfred Hollstein <manfred.h@gmx.net>
  - Fix build on Leap by requiring gcc13 which has been made available
    as an update.
* Sun Apr 21 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 125.0.2
    * The 125.0 and 125.0.1 releases were skipped due to problems
      with a feature that proactively blocked downloads from
      potentially untrustworthy URLs.
    * New: Firefox now supports the AV1 codec for Encrypted Media
      Extensions (EME), enabling higher-quality playback from video
      streaming providers
    * New: The Firefox PDF viewer now supports text highlighting.
    * New: Firefox View now displays pinned tabs in the Open tabs
      section. Tab indicators have also been added to Open tabs, so
      users can do things like see which tabs are playing media and
      quickly mute or unmute across windows. Indicators were also
      added for bookmarks, tabs with notifications, and more!
      their addresses upon submitting an address form, allowing
      Firefox to autofill stored address information in the future.
    * New: The URL Paste Suggestion feature provides a convenient
      way for users to quickly visit URLs copied to the clipboard
      in the address bar of Firefox. When the clipboard contains a
      URL and the URL bar is focused, an autocomplete result
      appears automatically. Activating the clipboard suggestion
      will navigate the user to the URL with 1 click.
    * New: Users of tab-specific Container add-ons can now search
      in the Address Bar for tabs that are open in different
      containers. Special thanks to volunteer contributor atararx
      for kicking off the work on this feature!
    * New: Firefox now provides an option to enable Web Proxy Auto-
      Discovery (WPAD) while configured to use system proxy
      settings.
    * Changed: In a group of radio buttons where no option is
      selected, the tab key now only reaches the first option
      rather than cycling through all available options. The arrow
      keys navigate between options as they do when there is a
      selected option. This makes keyboard navigation more
      efficient and consistent
    * HTML5: Firefox now supports the `popover` global attribute
      used for designating an element as a popover element. The
      element won't be rendered until it is made visible, after
      which it will appear on top of other page content.
    * HTML5: WebAssembly multi-memory is now enabled by default.
      Wasm multi-memory allows wasm modules to use and import
      multiple independent linear memories. This enables more
      efficient interoperability between modules and provides
      better polyfills for upcoming wasm standards, such as the
      component model.
    * HTML5: Added support for Unicode Text Segmentation to
      JavaScript.
    * HTML5: Added support for `contextlost` and `contextrestored`
      events on HTMLCanvasElement and OffscreenCanvas to allow user
      code to recover from context loss with hardware accelerated
      2d canvas.
    * HTML5: Firefox now supports the
      `navigator.clipboard.readText()` web API. A paste context
      menu will appear for the user to confirm when attempting to
      read clipboard data not provided by the same-origin page.
    * HTML5: Added support for the `content-box` and `stroke-box`
      keywords of the `transform-box` CSS property.
    * HTML5: The `align-content` property now works in block
      layout, allowing block direction alignment without needing a
      flex or grid container.
    * HTML5: Support for `SVGAElement.text` was removed in favor of
      the more widely-implemented `SVGAElement.textContent` method.
    * Developer: Following several requests, we have reintroduced
      the option to disable the Pause Debugger Overlay
      (`devtools.debugger.features.overlay`). This overlay appears
      over the page content when the debugger pauses JavaScript
      execution. In certain scenarios, the overlay can be
      intrusive, making it challenging to interact with the page,
      for instance, evaluating shades of color underneath.
    * Developer: We've added a new drop-down menu button at the
      bottom of the source view in the Debugger panel, specifically
      designed for Source Map related actions. Users can now easily
      disable or enable Source Maps support, open the Source Map
      file in a new tab, switch between the original source and the
      generated bundle, toggle the "open original source by
      default" option, and view the Source Map status such as
      errors, loading status, etc.
      MFSA 2024-18 (bsc#1221327)
    * CVE-2024-3852 (bmo#1883542)
      GetBoundName in the JIT returned the wrong object
    * CVE-2024-3853 (bmo#1884427)
      Use-after-free if garbage collection runs during realm
      initialization
    * CVE-2024-3854 (bmo#1884552)
      Out-of-bounds-read after mis-optimized switch statement
    * CVE-2024-3855 (bmo#1885828)
      Incorrect JIT optimization of MSubstr leads to out-of-bounds
      reads
    * CVE-2024-3856 (bmo#1885829)
      Use-after-free in WASM garbage collection
    * CVE-2024-3857 (bmo#1886683)
      Incorrect JITting of arguments led to use-after-free during
      garbage collection
    * CVE-2024-3858 (bmo#1888892)
      Corrupt pointer dereference in
      js::CheckTracedThing<js::Shape>
    * CVE-2024-3859 (bmo#1874489)
      Integer-overflow led to out-of-bounds-read in the OpenType
      sanitizer
    * CVE-2024-3860 (bmo#1881417)
      Crash when tracing empty shape lists
    * CVE-2024-3861 (bmo#1883158)
      Potential use-after-free due to AlignedBuffer self-move
    * CVE-2024-3862 (bmo#1884457)
      Potential use of uninitialized memory in MarkStack assignment
      operator on self-assignment
    * CVE-2024-3863 (bmo#1885855)
      Download Protections were bypassed by .xrm-ms files on
      Windows
    * CVE-2024-3302 (bmo#1881183,
      bmo#https://kb.cert.org/vuls/id/421644)
      Denial of Service using HTTP/2 CONTINUATION frames
    * CVE-2024-3864 (bmo#1888333)
      Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
      and Thunderbird 115.10
    * CVE-2024-3865 (bmo#1881076, bmo#1884887, bmo#1885359,
      bmo#1889049)
      Memory safety bugs fixed in Firefox 125
  - requires
    NSS 3.99
    rust 1.76
  - add mozilla-libproxy-fix.patch to fix with-libproxy build variant
* Wed Apr 03 2024 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Firefox 124.0.2
    https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/
    * Fixed an issue where users with a large amount of bookmarks would
      be unable to restore a bookmarks backup. (bmo#1884308)
    * Fixed an issue that would cause open Firefox windows
      to go blank or crash during video playback on sites such as
      Netflix. (bmo#1883932)
    * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396)
    * Fixed an issue where some users experienced difficulties loading
      webpages due to changes made to the default AppArmor configuration
      shipping in Ubuntu 24.04. (bmo#1884347)
* Fri Mar 22 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 124.0.1
    https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/
    MFSA 2024-15 (bsc#1221850)
    * CVE-2024-29943 (bmo#1886849)
      Out-of-bounds access via Range Analysis bypass
    * CVE-2024-29944 (bmo#1886852)
      Privileged JavaScript Execution via Event Handlers
    Mozilla Firefox 124.0
    https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
    MFSA 2024-12 (bsc#1221327)
    * CVE-2024-2605 (bmo#1872920)
      Windows Error Reporter could be used as a Sandbox escape vector
    * CVE-2024-2606 (bmo#1879237)
      Mishandling of WASM register values
    * CVE-2024-2607 (bmo#1879939)
      JIT code failed to save return registers on Armv7-A
    * CVE-2024-2608 (bmo#1880692)
      Integer overflow could have led to out of bounds write
    * CVE-2023-5388 (bmo#1780432)
      NSS susceptible to timing attack against RSA decryption
    * CVE-2024-2609 (bmo#1866100)
      Permission prompt input delay could expire when not in focus
    * CVE-2024-2610 (bmo#1871112)
      Improper handling of html and body tags enabled CSP nonce leakage
    * CVE-2024-2611 (bmo#1876675)
      Clickjacking vulnerability could have led to a user accidentally
      granting permissions
    * CVE-2024-2612 (bmo#1879444)
      Self referencing object could have potentially led to a use-
      after-free
    * CVE-2024-2613 (bmo#1875701)
      Improper handling of QUIC ACK frame data could have led to OOM
    * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
      Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
      and Thunderbird 115.9
    * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438)
      Memory safety bugs fixed in Firefox 124
  - requires
    NSS = 3.98
    rust-cbindgen >= 0.26
* Fri Mar 08 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 123.0.1
    * Fixed the *Firefox Translation* language indicator in the
      address bar displaying a colored square icon instead of the
      language code icon. (bmo#1879415)
    * Fixed a regression with the `onChange` event not firing when
      clearing the value of a `textarea` HTML field.
      (bmo#1881457)
    * Fixed a regression in the JavaScript JIT engine incorrectly
      inlining strings in some cases. (bmo#1882386)
    * Fixed: Fixed low contrast of text when selecting rows in the
      Developer tools' Storage panel. (bmo#1877090)
* Thu Feb 22 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 123.0
    https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
    MFSA 2024-05 (bsc#1220048)
    * CVE-2024-1546 (bmo#1843752)
      Out-of-bounds memory read in networking channels
    * CVE-2024-1547 (bmo#1877879)
      Alert dialog could have been spoofed on another site
    * CVE-2024-1554 (bmo#1816390)
      fetch could be used to effect cache poisoning
    * CVE-2024-1548 (bmo#1832627)
      Fullscreen Notification could have been hidden by select element
    * CVE-2024-1549 (bmo#1833814)
      Custom cursor could obscure the permission dialog
    * CVE-2024-1550 (bmo#1860065)
      Mouse cursor re-positioned unexpectedly could have led to
      unintended permission grants
    * CVE-2024-1551 (bmo#1864385)
      Multipart HTTP Responses would accept the Set-Cookie header
      in response parts
    * CVE-2024-1555 (bmo#1873223)
      SameSite cookies were not properly respected when opening a
      website from an external browser
    * CVE-2024-1556 (bmo#1870414)
      Invalid memory access in the built-in profiler
    * CVE-2024-1552 (bmo#1874502)
      Incorrect code generation on 32-bit ARM devices
    * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
      bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
      bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
      bmo#1878286)
      Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8,
      and Thunderbird 115.8
    * CVE-2024-1557 (bmo#1746471, bmo#1848829, bmo#1864011, bmo#1869175,
      bmo#1869455, bmo#1869938, bmo#1871606)
      Memory safety bugs fixed in Firefox 123
  - requires NSS 3.97
* Tue Feb 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 122.0.1
    https://www.mozilla.org/en-US/firefox/122.0.1/releasenotes/
    * Fixed the Library and Sidebar context menus only displaying
      Multi-Account Containers icons in the "Open in New Container
      Tab" menu. (bmo#1876518)
    * Fixed an issue when clicking the Dismiss button in
      notification pop-ups on Windows causing a webpage in a new tab.
      (bmo#1848801)
    * Fixed the yaru-remix system theme not applying correctly on
      Linux. (bmo#1877002)
    * Fixed adding an extra new line to a rule in the Developer
      Tools' Inspector when copying it to the clipboard.
      (bmo#1876220)
    * Rolled back a keyboard behavior change made to the Developer
      Tools' Rules view when validating a property name or input with
      the Enter key.
      This moves the focus to the next input, as was the behavior
      in Firefox 121. (bmo#1877457)
* Tue Jan 30 2024 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Recommend libfido2-udev on codestreams that exist, in order to try
    to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)
* Sat Jan 27 2024 Andreas Schwab <schwab@suse.de>
  - Fix file list
* Sun Jan 21 2024 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 122.0
    https://www.mozilla.org/en-US/firefox/122.0/releasenotes/
    MFSA 2024-01 (bsc#1218955)
    * CVE-2024-0741 (bmo#1864587)
      Out of bounds write in ANGLE
    * CVE-2024-0742 (bmo#1867152)
      Failure to update user input timestamp
    * CVE-2024-0743 (bmo#1867408)
      Crash in NSS TLS method
    * CVE-2024-0744 (bmo#1871089)
      Wild pointer dereference in JavaScript
    * CVE-2024-0745 (bmo#1871838)
      Stack buffer overflow in WebAudio
    * CVE-2024-0746 (bmo#1660223)
      Crash when listing printers on Linux
    * CVE-2024-0747 (bmo#1764343)
      Bypass of Content Security Policy when directive unsafe-inline was set
    * CVE-2024-0748 (bmo#1783504)
      Compromised content process could modify document URI
    * CVE-2024-0749 (bmo#1813463)
      Phishing site popup could show local origin in address bar
    * CVE-2024-0750 (bmo#1863083)
      Potential permissions request bypass via clickjacking
    * CVE-2024-0751 (bmo#1865689)
      Privilege escalation through devtools
    * CVE-2024-0752 (bmo#1866840)
      Use-after-free could occur when applying update on macOS
    * CVE-2024-0753 (bmo#1870262)
      HSTS policy on subdomain could bypass policy of upper domain
    * CVE-2024-0754 (bmo#1871605)
      Crash when using some WASM files in devtools
    * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
      Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
      and Thunderbird 115.7
  - requires NSS 3.96.1
  - rebased patches
* Tue Jan 09 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 121.0.1
    * Fixed unexpected line wrapping in some CJK contexts caused by
      changes in ideographic space handling. bmo#1870973)
    * Fixed a hang when loading sites containing column-based
      layouts under some circumstances. bmo#1867784)
    * Fixed missing rounded corners for videos playing over another
      video. bmo#1869994)
    * Fixed Firefox not closing properly and other applications being
      unable to use a USB security key after being previously used
      during a Firefox session. bmo#1863135)
* Wed Dec 20 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 121.0
    https://www.mozilla.org/en-US/firefox/121.0/releasenotes
    MFSA 2023-56 (bsc#1217974)
    * CVE-2023-6856 (bmo#1843782)
      Heap-buffer-overflow affecting WebGL DrawElementsInstanced
      method with Mesa VM driver
    * CVE-2023-6135 (bmo#1853908)
      NSS susceptible to "Minerva" attack
    * CVE-2023-6865 (bmo#1864123)
      Potential exposure of uninitialized data in EncryptingOutputStream
    * CVE-2023-6857 (bmo#1796023)
      Symlinks may resolve to smaller than expected buffers
    * CVE-2023-6858 (bmo#1826791)
      Heap buffer overflow in nsTextFragment
    * CVE-2023-6859 (bmo#1840144)
      Use-after-free in PR_GetIdentitiesLayer
    * CVE-2023-6866 (bmo#1849037)
      TypedArrays lack sufficient exception handling
    * CVE-2023-6860 (bmo#1854669)
      Potential sandbox escape due to VideoBridge lack of texture
      validation
    * CVE-2023-6867 (bmo#1863863)
      Clickjacking permission prompts using the popup transition
    * CVE-2023-6861 (bmo#1864118)
      Heap buffer overflow affected nsWindow::PickerOpen(void) in
      headless mode
    * CVE-2023-6868 (bmo#1865488)
      WebPush requests on Firefox for Android did not require VAPID key
    * CVE-2023-6869 (bmo#1799036)
      Content can paint outside of sandboxed iframe
    * CVE-2023-6870 (bmo#1823316)
      Android Toast notifications may obscure fullscreen event
      notifications
    * CVE-2023-6871 (bmo#1828334)
      Lack of protocol handler warning in some instances
    * CVE-2023-6872 (bmo#1849186)
      Browsing history leaked to syslogs via GNOME
    * CVE-2023-6863 (bmo#1868901)
      Undefined behavior in ShutdownObserver()
    * CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328, bmo#1856090,
      bmo#1858033, bmo#1858509, bmo#1862777, bmo#1864015)
      Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
      and Thunderbird 115.6
    * CVE-2023-6873 (bmo#1855327, bmo#1862089, bmo#1862723)
      Memory safety bugs fixed in Firefox 121
  - requires NSS 3.95
* Fri Dec 08 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 120.0.1 (boo#1217910)
    * Fixed a bug that was causing persistent startup slowdowns
      (bmo#1867095)
    * Fixed an issue that was causing 100% CPU usage on sites such as
      Google Maps. (bmo#1866409)
    * Fixed an issue that was causing YouTube videos to show a green
      screen when hardware acceleration was enabled. (bmo#1865928)
    * Fixed an issue where the status bar was still visible when
      viewing fullscreen video. (bmo#1853896)
    * Fixed a startup crash affecting Linux users on some aarch64
      systems with page sizes other than 4KB. (bmo#1866025)
* Wed Nov 22 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 120.0
    https://www.mozilla.org/en-US/firefox/120.0/releasenotes
    MFSA 2023-49 (bsc#1217230)
    * CVE-2023-6204 (bmo#1841050)
      Out-of-bound memory access in WebGL2 blitFramebuffer
    * CVE-2023-6205 (bmo#1854076)
      Use-after-free in MessagePort::Entangled
    * CVE-2023-6206 (bmo#1857430)
      Clickjacking permission prompts using the fullscreen
      transition
    * CVE-2023-6207 (bmo#1861344)
      Use-after-free in ReadableByteStreamQueueEntry::Buffer
    * CVE-2023-6208 (bmo#1855345)
      Using Selection API would copy contents into X11 primary
      selection.
    * CVE-2023-6209 (bmo#1858570)
      Incorrect parsing of relative URLs starting with "///"
    * CVE-2023-6210 (bmo#1801501)
      Mixed-content resources not blocked in a javascript: pop-up
    * CVE-2023-6211 (bmo#1850200)
      Clickjacking to load insecure pages in HTTPS-only mode
    * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
      bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
      bmo#1862782)
      Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
      and Thunderbird 115.5
    * CVE-2023-6213 (bmo#1849265, bmo#1851118, bmo#1854911)
      Memory safety bugs fixed in Firefox 120
  - rebased patches
* Wed Nov 08 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 119.0.1
    * Fixed a bug causing colors in the <select> HTML element to not
      be applied to dropdown menu arrows (bmo#1861253)
    * Fixed a bug with the <input> HTML element state not changing
      when dynamically updating the `disabled` attribute on an
      ancestor <fieldset> (bmo#1861027)
    * Fixed a bug causing elements with the indeterminate CSS
      selector in a radio group to not update (bmo#1861346)
* Thu Oct 26 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 119.0
    https://www.mozilla.org/en-US/firefox/119.0/releasenotes
    MFSA 2023-45 (bsc#1216338)
    * CVE-2023-5721 (bmo#1830820)
      Queued up rendering could have allowed websites to clickjack
    * CVE-2023-5722 (bmo#1738426)
      Cross-Origin size and header leakage
    * CVE-2023-5723 (bmo#1802057)
      Invalid cookie characters could have led to unexpected errors
    * CVE-2023-5724 (bmo#1836705)
      Large WebGL draw could have led to a crash
    * CVE-2023-5725 (bmo#1845739)
      WebExtensions could open arbitrary URLs
    * CVE-2023-5726 (bmo#1846205)
      Full screen notification obscured by file open dialog on macOS
    * CVE-2023-5727 (bmo#1847180)
      Download Protections were bypassed by .msix, .msixbundle,
      .appx, and .appxbundle files on Windows
    * CVE-2023-5728 (bmo#1852729)
      Improper object tracking during GC in the JavaScript engine
      could have led to a crash.
    * CVE-2023-5729 (bmo#1823720)
      Fullscreen notification dialog could have been obscured by
      WebAuthn prompts
    * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
      bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
      bmo#1855306, bmo#1855640, bmo#1856695)
      Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
      and Thunderbird 115.4.1
    * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068)
      Memory safety bugs fixed in Firefox 119
  - requires NSS 3.94
* Wed Oct 11 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 118.0.2
    * Fix games not loading on betsoft.com (bmo#1856145)
    * Fix printing issues for some SVG images (bmo#1853727)
    * Fix CORS XHR with authentication no longer working (bmo#1855650)
    * Fix h264 WebRTC video not working in some contexts (bmo#1855636)
    * Fix Firefox Translations not working on some pages
      (bmo#1841656, bmo#1855307)
    * Stability fixes (bmo#1851991, bmo#1799326, bmo#1856637)
* Sat Sep 30 2023 Björn Bidar <bjorn.bidar@thaodan.de>
  - Activate KDE integration again, included rebased and updated
    patches, firefox-kde.patch and mozilla-kde.patch, (upstream
    removed special files handling for preferences but that has no
    effect since we haven't shipped obsolete kde.js for a while)
    (boo#1216027)
* Fri Sep 29 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 118.0.1
    MFSA 2023-44 (bsc#1215814)
    * CVE-2023-5217 (bmo#1855550),
      Heap buffer overflow in libvpx
* Mon Sep 25 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 118.0
    MFSA 2023-41 (bsc#1215575)
    * CVE-2023-5168 (bmo#1846683)
      Out-of-bounds write in FilterNodeD2D1
    * CVE-2023-5169 (bmo#1846685)
      Out-of-bounds write in PathOps
    * CVE-2023-5170 (bmo#1846686)
      Memory leak from a privileged process
    * CVE-2023-5171 (bmo#1851599)
      Use-after-free in Ion Compiler
    * CVE-2023-5172 (bmo#1852218)
      Memory Corruption in Ion Hints
    * CVE-2023-5173 (bmo#1823172)
      Out-of-bounds write in HTTP Alternate Services
    * CVE-2023-5174 (bmo#1848454)
      Double-free in process spawning on Windows
    * CVE-2023-5175 (bmo#1849704)
      Use-after-free of ImageBitmap during process shutdown
    * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
      bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
      Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
      and Thunderbird 115.3
  - requires NSS 3.93
  - add mozilla-bmo1822730.patch
  - deactivated KDE integration temporarily
    (removed mozilla-kde.patch and firefox-kde.patch for now)
* Tue Sep 12 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 117.0.1
    * Fix a bug causing extensions using an event page for long-
      running tasks to be terminated while running, causing
      unexpected behavior changes (bmo#1851373)
    * Temporarily revert an intentional behavior change preventing
      Javascript from changing URL.protocol (bmo#1850954).
    * Fix audio worklets not working for sites using WebAssembly
      exception handling (bmo#1851468)
    * Fix the Reopen all tabs option in the Recently closed tabs
      menu sometimes failing to open all tabs (bmo#1850856)
    * Fix the bookmarks menu sometimes remaining partially visible
      when minimizing Firefox (bmo#1843700)
    * Fix an issue causing incorrect time zones to be detected on
      some sites (bmo#1848615)
    * MFSA 2023-40 CVE-2023-4863 (boo#1215231)
      Heap buffer overflow in WebP
* Sun Aug 27 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 117.0
    https://www.mozilla.org/en-US/firefox/117.0/releasenotes
    MFSA 2023-34 (bsc#1214606)
    * CVE-2023-4573 (bmo#1846687)
      Memory corruption in IPC CanvasTranslator
    * CVE-2023-4574 (bmo#1846688)
      Memory corruption in IPC ColorPickerShownCallback
    * CVE-2023-4575 (bmo#1846689)
      Memory corruption in IPC FilePickerShownCallback
    * CVE-2023-4576 (bmo#1846694)
      Integer Overflow in RecordedSourceSurfaceCreation
    * CVE-2023-4577 (bmo#1847397)
      Memory corruption in JIT UpdateRegExpStatics
    * CVE-2023-4578 (bmo#1839007)
      Error reporting methods in SpiderMonkey could have triggered
      an Out of Memory Exception
    * CVE-2023-4579 (bmo#1842766)
      Persisted search terms were formatted as URLs
    * CVE-2023-4580 (bmo#1843046)
      Push notifications saved to disk unencrypted
    * CVE-2023-4581 (bmo#1843758)
      XLL file extensions were downloadable without warnings
    * CVE-2023-4582 (bmo#1773874)
      Buffer Overflow in WebGL glGetProgramiv
    * CVE-2023-4583 (bmo#1842030)
      Browsing Context potentially not cleared when closing Private
      Window
    * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,
      bmo#1846526, bmo#1847529)
      Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
      Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
    * CVE-2023-4585 (bmo#1751583, bmo#1841082, bmo#1847904, bmo#1848999)
      Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2,
      and Thunderbird 115.2
  - requires
    NSS = 3.92
    rustc = 1.71
* Thu Aug 17 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 116.0.3
    * Fixed an issue for OPFS users that broke access to files that
      were locally cached in a previous version
      (bmo#1847989, bmo#1847619)
    * Fixed an issue that was breaking screensharing for some users
      on Wayland (bmo#1841851)
    * Fixed an issue where a fullscreen notification was persistently
      being shown to a user, even after disabling it (bmo#1847901)
    * Fixed an issue where Firefox would hang when doing a Google
      search (bmo#1847066)
* Tue Aug 15 2023 Adam Majer <adam.majer@suse.de>
  - After further testing on memory consumption during linking, it's
    safe to remove most of the memory reducing options for ix86 linker.
    A combination of these actually resulted in the OOM condition.
    It's even possible to add basic debugging info while keeping
    linker memory consumption at about 2GB
* Thu Aug 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 116.0.2
    * fixes for other platforms
* Wed Aug 09 2023 Adam Majer <adam.majer@suse.de>
  - Workarold ld bug causing OOM when linking on 32-bit
  - Remove -j1 limit on x86. The build runs on 64-bit kernel with a
    32-bit userland. This means there is plenty of memory available
    but userland is limited to just under 4GB per process.
* Sat Aug 05 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 116.0.1
    * fixes for other platforms
* Sat Aug 05 2023 Andreas Schwab <schwab@suse.de>
  - ship vaapitest binary for supported archs
* Fri Aug 04 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - re-enable ppc64le
  - ship v4l2test binary for supported archs
  - drop obsolete mozilla-bmo1775202.patch
* Sun Jul 30 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 116.0
    * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/
    MFSA 2023-29 (bsc#1213746)
    * CVE-2023-4045 (bmo#1833876)
      Offscreen Canvas could have bypassed cross-origin restrictions
    * CVE-2023-4046 (bmo#1837686)
      Incorrect value used during WASM compilation
    * CVE-2023-4047 (bmo#1839073)
      Potential permissions request bypass via clickjacking
    * CVE-2023-4048 (bmo#1841368)
      Crash in DOMParser due to out-of-memory conditions
    * CVE-2023-4049 (bmo#1842658)
      Fix potential race conditions when releasing platform objects
    * CVE-2023-4050 (bmo#1843038)
      Stack buffer overflow in StorageManager
    * CVE-2023-4051 (bmo#1821884)
      Full screen notification obscured by file open dialog
    * CVE-2023-4052 (bmo#1824420)
      File deletion and privilege escalation through Firefox uninstaller
    * CVE-2023-4053 (bmo#1839079)
      Full screen notification obscured by external program
    * CVE-2023-4054 (bmo#1840777)
      Lack of warning when opening appref-ms files
    * CVE-2023-4055 (bmo#1782561)
      Cookie jar overflow caused unexpected cookie jar state
    * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
      bmo#1842325, bmo#1843847)
      Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
      Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
    * CVE-2023-4057 (bmo#1841682)
      Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
      and Thunderbird 115.1
    * CVE-2023-4058 (bmo#1819160, bmo#1828024)
      Memory safety bugs fixed in Firefox 116
  - require NSS 3.91
  - remove obsolete mozilla-fix-top-level-asm.patch
  - re-enable LTO
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 115.0.3
    * fixes for other platforms
  - remove bashisms from firefox startup script (boo#1213657)
* Thu Jul 13 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 115.0.2
    * Fixed a bug with displaying a caret in the text editor on some websites
      (bmo#1840804)
    * Fixed a bug with broken audio rendering on some websites (bmo#1841982)
    * Fixed a bug with patternTransform translate using the wrong units
      (bmo#1840746)
    MFSA 2023-26 (bsc#1213230)
    * CVE-2023-3600 (bmo#1839703)
      Use-after-free in workers
* Fri Jul 07 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
  - Mozilla Firefox 115.0.1
    * fixes for other platforms
* Sun Jul 02 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 115.0
    * Support for importing payment methods saved in Chrome-based browser
    * Hardware video decoding is now enabled for Intel GPUs on Linux
    * The Tab Manager dropdown now features close buttons, so tabs
      can be closed more quickly
    * Streamlined the user interface for importing data in from other browsers
    * Users without platform support for H264 video decoding can now
      fallback to Cisco's OpenH264 plugin for playback.
    * Undo and redo are now available in Password fields
    * Changed: On Linux, middle clicks on the new tab button will
      now open the xclipboard contents in the new tab. If the
      xclipboard content is a URL then that URL is opened, any
      other text is opened with your default search provider.
    * Changed: For users with a Firefox Colorways built-in theme,
      the theme will be automatically migrated to the same theme
      hosted on addons.mozilla.org for Firefox profiles that have
      disabled add-ons auto-updates. This will allow users to keep
      their Colorways theme when they are later removed from
      Firefox installer files.
    * Changed: Certain Firefox users may come across a message in
      the extensions panel indicating that their add-ons are not
      allowed on the site currently open. We have introduced a new
      back-end feature to only allow some extensions monitored by
      Mozilla to run on specific websites for various reasons,
      including security concerns.
    * HTML5: The builtin editor now behaves similarly to other
      browsers with `contenteditable` and `designMode` when
      splitting a node, e.g. typing Enter to split a paragraph, and
      also when joining two nodes, e.g. typing Backspace at the
      start of a paragraph to join the paragraph and the previous
      one.
      When a node is split, the builtin editor creates a new node
      after the original one instead of before, i.e. creates the
      right node instead of the left node.
      Similarly, when two nodes are joined, the builtin editor
      deletes the latter node and moves its children to the end of
      the preceding node instead of deleting the former node and
      moving its child to the start of the following node.
    * HTML5: WebRTC application developers can now specify a target
      in milliseconds of media for the jitter buffer to hold.
      Altering the target value allows applications to control the
      tradeoff between playout delay and the risk of running out of
      audio or video frames due to network jitter.
    * HTML5: Change array by copy provides additional methods on
      `Array.prototype` and `TypedArray.prototype` to enable
      changes on the array by returning a new copy of it with the
      change.
    * HTML5: The animation-composition property is now supported,
      allowing a declarative way to define the composite operation
      used when multiple animations affect the same property
      simultaneously.
    * HTML5: Added the URL.canParse() function to allow easy and
      fast checking if URLs are valid and parseable.
    * HTML5: IndexedDB is now also supported in private browsing
      without memory limits thanks to encrypted storage on disk.
      The temporary keys to decrypt the information are hold in RAM
      only and all stored information is purged at the normal end
      of a private browsing session from disk.
    * HTML5: Supports conditions are now supported in CSS import
      rules @import supports(...)
    * Developer: In web development, we rely on third-party
      libraries which you may not be interested in while debugging.
      These can be ignored. Ignoring them means that breakpoints
      will not get hit and they are skipped during stepping.
      You can now choose to **Hide ignore-listed sources** in the
      Developer Tools source tree
    * Developer: We have introduced a new option,
      `devtools.f12_enabled`, that can be utilized to prevent the
      accidental use of the F12 key, which opens the DevTools
      toolbox (bug).
    * Enterprise: You can find information about policy updates and
      enterprise specific bug fixes in the Firefox for Enterprise
      115 Release Notes.
    MFSA 2023-22 (bsc#1212438)
    * CVE-2023-3482 (bmo#1839464)
      Block all cookies bypass for localstorage
    * CVE-2023-37201 (bmo#1826002)
      Use-after-free in WebRTC certificate generation
    * CVE-2023-37202 (bmo#1834711)
      Potential use-after-free from compartment mismatch in SpiderMonkey
    * CVE-2023-37203 (bmo#291640)
      Drag and Drop API may provide access to local system files
    * CVE-2023-37204 (bmo#1832195)
      Fullscreen notification obscured via option element
    * CVE-2023-37205 (bmo#1704420)
      URL spoofing in address bar using RTL characters
    * CVE-2023-37206 (bmo#1813299)
      Insufficient validation of symlinks in the FileSystem API
    * CVE-2023-37207 (bmo#1816287)
      Fullscreen notification obscured
    * CVE-2023-37208 (bmo#1837675)
      Lack of warning when opening Diagcab files
    * CVE-2023-37209 (bmo#1837993)
      Use-after-free in `NotifyOnHistoryReload`
    * CVE-2023-37210 (bmo#1821886)
      Full-screen mode exit prevention
    * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
      bmo#1836550, bmo#1837450)
      Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
      and Thunderbird 102.13
    * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076,
      bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587)
      Memory safety bugs fixed in Firefox 115
  - Requires NSS 3.90
  - Add patches:
    mozilla-rust-disable-future-incompat.patch
    mozilla-bmo1775202.patch
    mozilla-partial-revert-1768632.patch
  - removed obsolete mozilla-buildfixes.patch
* Tue Jun 20 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
  - Mozilla Firefox 114.0.2:
    * Several crash fixes
    * Web Extensions: Fixes for 114 regressions in Native Messaging
      support
* Tue Jun 20 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - do not enable LTO as it caused crashes now (boo#1212101)
* Sat Jun 10 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
  - Mozilla Firefox 114.0.1
    * Fix a startup crash (bmo#1837201, boo#1212101)
* Fri Jun 09 2023 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Only install vaapitest for wayland-enabled builds, where it gets built
  - Rebase mozilla-silence-no-return-type.patch
  - Rebase s390x-patches, and remove obsolete patches:
    mozilla-bmo1005535.patch mozilla-s390x-skia-gradient.patch
* Mon Jun 05 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 114.0
    MFSA 2023-20 (bsc#1211922)
    * CVE-2023-34414 (bmo#1695986)
      Click-jacking certificate exceptions through rendering lag
    * CVE-2023-34415 (bmo#1811999)
      Site-isolation bypass on sites that allow open redirects to
      data: urls
    * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875,
      bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190,
      bmo#1830206, bmo#1830795, bmo#1833339)
      Memory safety bugs fixed in Firefox 114 and Firefox ESR
      102.12
    * CVE-2023-34417 (bmo#1746447, bmo#1820903, bmo#1832832)
      Memory safety bugs fixed in Firefox 114
    * New: Added UI to manage the DNS over HTTPS exception list.
      (bmo#1596847)
    * New: Bookmarks can now be searched from the Bookmarks menu.
      The Bookmarks menu is accessible by adding the *Bookmarks
      menu* button to the toolbar. (bmo#1736937)
    * New: Restrict searches to your local browsing history by
      selecting *Search history* from the History, Library or
      Application menu buttons. (bmo#1736939)
    * New: Mac users can now capture video from their cameras in
      all supported native resolutions. This enables resolutions
      higher than 1280x720. (bmo#1806604)
    * New: It is now possible to reorder the extensions listed in
      the extensions panel. (bmo#1805924)
    * New: Users on macOS, Linux, and Windows 7 can now use FIDO2 /
      WebAuthn authenticators over USB. Some advanced features,
      such as fully passwordless logins, require a PIN to be set on
      the authenticator. (bmo#1814487)
    * New: Pocket Recommended content can now be seen in France,
      Italy, and Spain. (bmo#None)
    * Changed: DNS over HTTPS settings are now part of  the
    * Privacy & Security* section of the *Settings* page and allow
      the user to choose from all the supported modes.
      (bmo#1610741)
    * HTML5: DOM: Added support for ES Modules on DedicatedWorker
      and SharedWorker
    * HTML5: WebTransport is now enabled by default and will be
      going to release with 114. As the original Explainer  notes,
      it enables multiple use-cases that are hard or impossible to
      handle without it, especially for Gaming and live streaming.
      It covers cases that are problematic for alternative
      mechanisms, such as WebSockets.
      Built on top of HTTP3 (HTTP2 support will be coming later).
      The current implementation in Firefox is passing 505 out of
      565 Web-Platform Tests.
    * HTML5: CSS: The `infinity` and `NaN` constants are now
      supported inside the `calc()` function. (bmo#1830759)
    * Developer: The *Copy as cURL* feature, available in the
      Network panel, has been enhanced. It now supports the
    - `-compressed` argument. (bmo#1776120)
    * Developer: The Accessibility Inspector has been improved to
      accurately recognize all the ARIA roles like `banner`,
      `main`, `navigation`, and `contentinfo`, etc. This
      enhancement is particularly beneficial for web developers
      working with ARIA roles to improve web accessibility.
      (bmo#1572512)
    * Developer: Firefox now provides support for the CSS Cascading
      Level 4 `supports()` syntax for `@import` rules. This allows
      for the importation of other stylesheets based on support-
      dependency. In addition, the Inspector panel now accurately
      displays the conditions at the top of the imported rule.
  - requires NSS 3.89.1
* Wed May 24 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
  - Mozilla Firefox 113.0.2 (boo#1211696)
    * Fixed: Fixed a bug which could cause Firefox to freeze on
      some pages when loading them with the Developer Tools Web
      Console open (bmo#1828026)
    * Fixed: Fixed a bug which would cause the bookmarks and
      history sidebars to not properly react to the browser window
      being vertically resized (bmo#1831535)
* Sat May 13 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
  - Mozilla Firefox 113.0.1
    * UI fixes for other platforms
  - upstream signing key updated
* Tue May 09 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 113.0
    * https://www.mozilla.org/en-US/firefox/113.0/releasenotes
    MFSA 2023-16 (bsc#1211175)
    * CVE-2023-32205 (bmo#1753339, bmo#1753341)
      Browser prompts could have been obscured by popups
    * CVE-2023-32206 (bmo#1824892)
      Crash in RLBox Expat driver
    * CVE-2023-32207 (bmo#1826116)
      Potential permissions request bypass via clickjacking
    * CVE-2023-32208 (bmo#1646034)
      Leak of script base URL in service workers via import()
    * CVE-2023-32209 (bmo#1767194)
      Persistent DoS via favicon image
    * CVE-2023-32210 (bmo#1776755)
      Incorrect principal object ordering
    * CVE-2023-32211 (bmo#1823379)
      Content process crash due to invalid wasm code
    * CVE-2023-32212 (bmo#1826622)
      Potential spoof due to obscured address bar
    * CVE-2023-32213 (bmo#1826666)
      Potential memory corruption in FileReader::DoReadData()
    * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796)
      Race condition in dav1d decoding
    * CVE-2023-32214 (bmo#1828716)
      Potential DoS via exposed protocol handlers
    * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210,
      bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359,
      bmo#1830186)
      Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
    * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987,
      bmo#1820359, bmo#1823568, bmo#1824803, bmo#1824834, bmo#1825170,
      bmo#1827020, bmo#1828130)
      Memory safety bugs fixed in Firefox 113
  - removed obsolete mozilla-bmo1568145.patch
* Sun May 07 2023 Aaron Puchert <aaronpuchert@alice-dsl.net>
  - Fix i586 build by reducing debug info to -g1. (boo#1210168)
* Tue Apr 25 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 112.0.2
    * Fix a high memory usage issue with animated images in minimized
      (or completely covered) windows, especially when using animated
      themes (bmo#1828587)
    * Fix an issue where Linux users with bitmap fonts installed may
      have had entire sections of text invisible to them on some
      sites (bmo#1827950)
* Fri Apr 21 2023 Manfred Hollstein <manfred.h@gmx.net>
  - Include Leap 15.5 in check for which python version is required.
* Thu Apr 20 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
  - Mozilla Firefox 112.0.1
    * Fix a bug where cookie dates appear to be set in the far
      future after updating Firefox. This may have caused cookies to
      be unintentionally purged (bmo#1827669)
* Mon Apr 10 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 112.0
    * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
    MFSA 2023-13 (bsc#1210212)
    * CVE-2023-29531 (bmo#1794292)
      Out-of-bound memory access in WebGL on macOS
    * CVE-2023-29532 (bmo#1806394)
      Mozilla Maintenance Service Write-lock bypass
    * CVE-2023-29533 (bmo#1798219, bmo#1814597)
      Fullscreen notification obscured
    * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
      bmo#1821906, bmo#1822298, bmo#1822305)
      Fullscreen notification could have been obscured on Firefox
      for Android
    * MFSA-TMP-2023-0001 (bmo#1819244)
      Double-free in libwebp
    * CVE-2023-29535 (bmo#1820543)
      Potential Memory Corruption following Garbage Collector compaction
    * CVE-2023-29536 (bmo#1821959)
      Invalid free from JavaScript code
    * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
      Data Races in font initialization code
    * CVE-2023-29538 (bmo#1685403)
      Directory information could have been leaked to WebExtensions
    * CVE-2023-29539 (bmo#1784348)
      Content-Disposition filename truncation leads to Reflected
      File Download
    * CVE-2023-29540 (bmo#1790542)
      Iframe sandbox bypass using redirects and sourceMappingUrls
    * CVE-2023-29541 (bmo#1810191)
      Files with malicious extensions could have been downloaded
      unsafely on Linux
    * CVE-2023-29542 (bmo#1810793, bmo#1815062)
      Bypass of file download extension restrictions
    * CVE-2023-29543 (bmo#1816158)
      Use-after-free in debugging APIs
    * CVE-2023-29544 (bmo#1818781)
      Memory Corruption in garbage collector
    * CVE-2023-29545 (bmo#1823077)
      Windows Save As dialog resolved environment variables
    * CVE-2023-29546 (bmo#1780842)
      Screen recording in Private Browsing included address bar on
      Android
    * CVE-2023-29547 (bmo#1783536)
      Secure document cookie could be spoofed with insecure cookie
    * CVE-2023-29548 (bmo#1822754)
      Incorrect optimization result on ARM64
    * CVE-2023-29549 (bmo#1823042)
      Javascript's bind function may have failed
    * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217,
      bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602,
      bmo#1821448, bmo#1822413, bmo#1824828)
      Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
    * CVE-2023-29551 (bmo#1763625, bmo#1814314, bmo#1815798, bmo#1815890,
      bmo#1819239, bmo#1819465, bmo#1819486, bmo#1819492, bmo#1819957,
      bmo#1820514, bmo#1820776, bmo#1821838, bmo#1822175, bmo#1823547)
      Memory safety bugs fixed in Firefox 112
  - requires
    * NSS 3.89
    * Python >= 3.7 (for build)
  - removed obsolete mozilla-bmo1807652.patch
  - Fix Icons displayed incorrectly on GNOME/wayland via WMCLASS
    in desktop file
* Mon Mar 27 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 111.0.1 (boo#1209688)
    * Fixed a crash on macOS while pinch-zooming under some circumstances
      (bmo#1658986)
    * Fixed a bug causing Firefox to freeze on startup for some
      Windows users (bmo#1823159)
  - fix build on Tumbleweed (mozilla-bmo1807652.patch)
  - exclude i586/i686 once again because it fails to link libxul due
    to its size
* Tue Mar 14 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 111.0
    * https://www.mozilla.org/en-US/firefox/111.0/releasenotes
    MFSA 2023-09 (bsc#1209173)
    * CVE-2023-28159 (bmo#1783561)
      Fullscreen Notification could have been hidden by download
      popups on Android
    * CVE-2023-25748 (bmo#1798798)
      Fullscreen Notification could have been hidden by window
      prompts on Android
    * CVE-2023-25749 (bmo#1810705)
      Firefox for Android may have opened third-party apps without
      a prompt
    * CVE-2023-25750 (bmo#1814733)
      Potential ServiceWorker cache leak during private browsing mode
    * CVE-2023-25751 (bmo#1814899)
      Incorrect code generation during JIT compilation
    * CVE-2023-28160 (bmo#1802385)
      Redirect to Web Extension files may have leaked local path
    * CVE-2023-28164 (bmo#1809122)
      URL being dragged from a removed cross-origin iframe into the
      same tab triggered navigation
    * CVE-2023-28161 (bmo#1811181)
      One-time permissions granted to a local file were extended to
      other local files loaded in the same tab
    * CVE-2023-28162 (bmo#1811327)
      Invalid downcast in Worklets
    * CVE-2023-25752 (bmo#1811627)
      Potential out-of-bounds when accessing throttled streams
    * CVE-2023-28163 (bmo#1817768)
      Windows Save As dialog resolved environment variables
    * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442,
      bmo#1818674)
      Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
    * CVE-2023-28177 (bmo#1803109, bmo#1808832, bmo#1809542, bmo#1817336)
      Memory safety bugs fixed in Firefox 111
  - ensure gcc11-c++ gets used on Leap 15.5
  - requires NSS >= 3.88.1
  - removed obsolete patches
    gcc13-fix.patch
    mozilla-bmo1810584.patch
  - rebased patches
  - update create-tar.sh
* Tue Mar 07 2023 Martin Liška <mliska@suse.cz>
  - Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.
* Mon Mar 06 2023 Andreas Schwab <schwab@suse.de>
  - Limit memory use on riscv64
* Sat Mar 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)
* Fri Mar 03 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 110.0.1 (boo#1208886)
    * Fixed clearing recent cookies clears all cookies
      (bmo#1816279)
    * Fixed WebGL crashes on Linux when ran inside a VMWare virtual
      machine (bmo#1807942)
    * Fixed a bug with CSP serialization causing bugs with the MitID
      Digital ID in Denmark (bmo#1819096)
* Wed Feb 15 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 110.0
    * https://www.mozilla.org/en-US/firefox/110.0/releasenotes
    MFSA 2023-05 (bsc#1208144)
    * CVE-2023-25728 (bmo#1790345)
      Content security policy leak in violation reports using iframes
    * CVE-2023-25730 (bmo#1794622)
      Screen hijack via browser fullscreen mode
    * CVE-2023-25743 (bmo#1800203)
      Fullscreen notification not shown in Firefox Focus
    * CVE-2023-0767 (bmo#1804640)
      Arbitrary memory write via PKCS 12 in NSS
    * CVE-2023-25735 (bmo#1810711)
      Potential use-after-free from compartment mismatch in SpiderMonkey
    * CVE-2023-25737 (bmo#1811464)
      Invalid downcast in SVGUtils::SetupStrokeGeometry
    * CVE-2023-25738 (bmo#1811852)
      Printing on Windows could potentially crash Firefox with some
      device drivers
    * CVE-2023-25739 (bmo#1811939)
      Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
    * CVE-2023-25729 (bmo#1792138)
      Extensions could have opened external schemes without user knowledge
    * CVE-2023-25732 (bmo#1804564)
      Out of bounds memory write from EncodeInputStream
    * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
      Opening local .url files could cause unexpected network loads
    * CVE-2023-25740 (bmo#1812354)
      Opening local .scf files could cause unexpected network loads
    * CVE-2023-25731 (bmo#1801542)
      Prototype pollution when rendering URLPreview
    * CVE-2023-25733 (bmo#1808632)
      Possible null pointer dereference in TaskbarPreviewCallback
    * CVE-2023-25736 (bmo#1811331)
      Invalid downcast in GetTableSelectionMode
    * CVE-2023-25741 (bmo#1437126, bmo#1812611, bmo#1813376)
      Same-origin policy leak via image drag and drop
    * CVE-2023-25742 (bmo#1813424)
      Web Crypto ImportKey crashes tab
    * CVE-2023-25744 (bmo#1789449, bmo#1803628, bmo#1810536)
      Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
    * CVE-2023-25745 (bmo#1688592, bmo#1797186, bmo#1804998,
      bmo#1806521, bmo#1813284)
      Memory safety bugs fixed in Firefox 110
  - requires
    NSS = 3.87
    rust/cargo = 1.66
  - update create-tar.sh
* Wed Feb 01 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 109.0.1
    * Fixed jank when loading pages containing a large number of
      emoji characters (bmo#1809081)
    * Fixed an issue causing authentication prompts to not appear
      when loading pages in some enterprise environments
      (bmo#1809151)
    * ixed inconsistent sizing of event listener checkboxes inside
      the Inspector developer tool (bmo#1811760)
* Mon Jan 16 2023 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 109.0
    MFSA 2023-01 (bsc#1207119)
    * CVE-2023-23597 (bmo#1538028)
      Logic bug in process allocation allowed to read arbitrary
      files
    * CVE-2023-23598 (bmo#1800425)
      Arbitrary file read from GTK drag and drop on Linux
    * CVE-2023-23599 (bmo#1777800)
      Malicious command could be hidden in devtools output on
      Windows
    * CVE-2023-23600 (bmo#1787034)
      Notification permissions persisted between Normal and Private
      Browsing on Android
    * CVE-2023-23601 (bmo#1794268)
      URL being dragged from cross-origin iframe into same tab
      triggers navigation
    * CVE-2023-23602 (bmo#1800890)
      Content Security Policy wasn't being correctly applied to
      WebSockets in WebWorkers
    * CVE-2023-23603 (bmo#1800832)
      Calls to <code>console.log</code> allowed bypasing Content
      Security Policy via format directive
    * CVE-2023-23604 (bmo#1802346)
      Creation of duplicate <code>SystemPrincipal</code> from less
      secure contexts
    * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
      Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
    * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
      bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
      bmo#1804626, bmo#1804971, bmo#1807004)
      Memory safety bugs fixed in Firefox 109
  - requires NSS 3.86
  - rebased patches
* Fri Jan 06 2023 Luciano Santos <luc14n0@opensuse.org>
  - Mozilla Firefox 108.0.2
    * Fixes a crash that might occur when managing browser history
      (bmo#1806408).
  - Drop merged-upstream mozilla-bmo1805809.patch.
* Wed Dec 21 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)
* Tue Dec 20 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 108.0.1 (boo#1206507)
    * Fixes the default search engine being reset on upgrade for
      profiles which were previously copied from a different location
* Tue Dec 13 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 108.0
    https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
    MFSA 2022-51 (bsc#1206242)
    * CVE-2022-46871 (bmo#1795697)
      libusrsctp library out of date
    * CVE-2022-46872 (bmo#1799156)
      Arbitrary file read from a compromised content process
    * CVE-2022-46873 (bmo#1644790)
      Firefox did not implement the CSP directive unsafe-hashes
    * CVE-2022-46874 (bmo#1746139)
      Drag and Dropped Filenames could have been truncated to
      malicious extensions
    * CVE-2022-46875 (bmo#1786188)
      Download Protections were bypassed by .atloc and .ftploc
      files on Mac OS
    * CVE-2022-46877 (bmo#1795139)
      Fullscreen notification bypass
    * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
      bmo#1801102, bmo#1801315, bmo#1802395)
      Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
    * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
      bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
      Memory safety bugs fixed in Firefox 108
  - requires
    NSS >= 3.85
    rustc/cargo 1.65
* Thu Dec 08 2022 Milachew <milachew@mail.lv>
  - added translations to .desktop file.
* Thu Dec 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 107.0.1:
    * Fix an issue with accessing some sites reliably in Private
      Browsing mode or Strict ETP due to anti-adblockers
      (bmo#1717806)
    * Fix an issue where Color Management was not available for
      some users (bmo#1799391)
    * Fix an issue with text overlapping in the Settings Menu for
      some locales (bmo#1800379)
    * Fix an issue where the DevTools UI is not accessible when an
      alert dialog is displayed (bmo#1801840)
* Tue Nov 15 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 107.0
    MFSA 2022-47 (bsc#1205270)
    * CVE-2022-45403 (bmo#1762078)
      Service Workers might have learned size of cross-origin media files
    * CVE-2022-45404 (bmo#1790815)
      Fullscreen notification bypass
    * CVE-2022-45405 (bmo#1791314)
      Use-after-free in InputStream implementation
    * CVE-2022-45406 (bmo#1791975)
      Use-after-free of a JavaScript Realm
    * CVE-2022-45407 (bmo#1793314)
      Loading fonts on workers was not thread-safe
    * CVE-2022-45408 (bmo#1793829)
      Fullscreen notification bypass via windowName
    * CVE-2022-45409 (bmo#1796901)
      Use-after-free in Garbage Collection
    * CVE-2022-45410 (bmo#1658869)
      ServiceWorker-intercepted requests bypassed SameSite cookie policy
    * CVE-2022-45411 (bmo#1790311)
      Cross-Site Tracing was possible via non-standard override headers
    * CVE-2022-45412 (bmo#1791029)
      Symlinks may resolve to partially uninitialized buffers
    * CVE-2022-45413 (bmo#1791201)
      SameSite=Strict cookies could have been sent cross-site via
      intent URLs
    * CVE-2022-40674 (bmo#1791598)
      Use-after-free vulnerability in expat
    * CVE-2022-45415 (bmo#1793551)
      Downloaded file may have been saved with malicious extension
    * CVE-2022-45416 (bmo#1793676)
      Keystroke Side-Channel Leakage
    * CVE-2022-45417 (bmo#1794508)
      Service Workers in Private Browsing Mode may have been
      written to disk
    * CVE-2022-45418 (bmo#1795815)
      Custom mouse cursor could have been drawn over browser UI
    * CVE-2022-45419 (bmo#1716082)
      Deleting a security exception did not take effect immediately
    * CVE-2022-45420 (bmo#1792643)
      Iframe contents could be rendered outside the iframe
    * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
      Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
  - requires
    * NSS >= 3.84
    * rust = 1.64
* Sat Nov 05 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 106.0.5
    * Addresses a crash experienced by users with Intel Gemini Lake
      CPUs (bmo#1702019)
  - Mozilla Firefox 106.0.4
    * Fixed an issue with DRM Video playback (bmo#1797292)
    * Fixed broken layout of datetime input when switching
      types (bmo#1797139)
* Tue Nov 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 106.0.3
    * Fixes for other platforms
* Thu Oct 27 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 106.0.2
    * Fix missing content on some PDF forms (bmo#1794351)
    * Fix column width for the Notification sub-panel in Settings
      (bmo#1793558)
    * Fix a browser freeze with accessibility enabled on some sites
      such as the Proxmox Web UI (bmo#1793748)
    * Fix page reloading not working with Firefox View and not
      refreshing synced data (bmo#1792680, bmo#1794474)
* Sun Oct 23 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 106.0.1
    * Addresses a crash experienced by users with AMD Zen 1 CPUs
      (bmo#1796126)
* Sun Oct 16 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 106.0
    * support editing of PDFs
    * introduced Firefox View
    * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
    * detailed releasenotes
      https://www.mozilla.org/en-US/firefox/106.0/releasenotes
    MFSA 2022-44 (bsc#1204421)
    * CVE-2022-42927 (bmo#1789128)
      Same-origin policy violation could have leaked cross-origin URLs
    * CVE-2022-42928 (bmo#1791520)
      Memory Corruption in JS Engine
    * CVE-2022-42929 (bmo#1789439)
      Denial of Service via window.print
    * CVE-2022-42930 (bmo#1789503)
      Race condition in DOM Workers
    * CVE-2022-42931 (bmo#1780571)
      Username saved to a plaintext file on disk
    * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
      Memory safety bugs fixed in Firefox
  - added -msse2 flag to fix i386 build and workaround bmo#1795993
  - fixed used buildflags
  - renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
    as it was extended with changes for other archs
* Sat Oct 08 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 105.0.3:
    * Fixes for other platforms
* Wed Oct 05 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 105.0.2:
    * Fixed poor contrast on various menu items with certain
      themes on Linux systems (bmo#1792063)
    * Fixed the scrollbar appearing on the wrong side of
      `select` elements in right-to-left locales (bmo#1791219)
    * Fixed a possible deadlock when loading some sites in
      Troubleshoot Mode (bmo#1786259)
    * Fixed a bug causing some dynamic appearance changes to
      not appear when expected (bmo#1786521)
    * Fixed a bug causing theme styling to not be properly applied
      to sidebars for some add-ons in Private Browsing Mode
      (bmo#1787543)
* Thu Sep 22 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 105.0.1
    * Reverted focus behavior for new windows back to the content
      area instead of the address bar (bmo#1784692)
  - added mozilla-i686-build.patch to avoid using avx2
* Sat Sep 17 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 105.0
    https://www.mozilla.org/en-US/firefox/105.0/releasenotes
    MFSA 2022-40 (bsc#1203477)
    * CVE-2022-40959 (bmo#1782211)
      Bypassing FeaturePolicy restrictions on transient pages
    * CVE-2022-40960 (bmo#1787633)
      Data-race when parsing non-UTF-8 URLs in threads
    * CVE-2022-40958 (bmo#1779993)
      Bypassing Secure Context restriction for cookies with __Host
      and __Secure prefix
    * CVE-2022-40961 (bmo#1784588)
      Stack-buffer overflow when initializing Graphics
    * CVE-2022-40956 (bmo#1770094)
      Content-Security-Policy base-uri bypass
    * CVE-2022-40957 (bmo#1777604)
      Incoherent instruction cache when building WASM on ARM64
    * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574,
      bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440)
      Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
  - requires
    NSS 3.82
    Rust 1.63 (1.61)
  - removed obsolete mozilla-glibc236.patch
* Fri Sep 09 2022 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Adjust memory requirements to fix build on aarch64
* Wed Sep 07 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 104.0.2 (boo#1203177)
    https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
    * Fixed a bug making it impossible to use touch or a stylus to
      drag the scrollbar on pages (bmo#1787361)
    * Fixed an issue causing some users to crash in out-of-memory
      conditions (bmo#1774155)
    * Fixed an issue that would sometimes affect video & audio playback
      when loaded via a cross-origin iframe src attribute (bmo#1781759)
    * Fixed an issue that would sometimes affect video & audio playback
      when served with Content-Security-Policy: sandbox (bmo#1781063)
* Thu Sep 01 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 104.0.1
    * Addresses an issue with Youtube video playback that was
      affecting some users (boo#1203003)
* Sun Aug 21 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 104.0
    * https://www.mozilla.org/en-US/firefox/104.0/releasenotes
    MFSA 2022-33 (bsc#1202645)
    * CVE-2022-38472 (bmo#1769155)
      Address bar spoofing via XSLT error handling
    * CVE-2022-38473 (bmo#1771685)
      Cross-origin XSLT Documents would have inherited the parent's
      permissions
    * CVE-2022-38474 (bmo#1719511)
      Recording notification not shown when microphone was
      recording on Android
    * CVE-2022-38475 (bmo#1773266)
      Attacker could write a value to a zero-length array
    * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
      Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
    * CVE-2022-38478 (bmo#1770630, bmo#1776658)
      Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
      and Firefox ESR 91.13
  - requires
    NSPR 4.34.1
    NSS 3.81
    rust 1.62
* Sat Aug 13 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
* Tue Aug 09 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 103.0.2
    * Fixed menu shortcuts for users of the JAWS screen reader
    * Fixed an occasional non-overridable certificate error when
      accessing device configuration pages
* Tue Aug 02 2022 Andreas Schwab <schwab@suse.de>
  - The --disable-elf-hack option only exists on ARM and X86
* Mon Aug 01 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 103.0.1
    * Enabled hardware acceleration on newer AMD cards.
    * Fixed a crash on Firefox shutdown caused by a bug in the
      audio manager
* Wed Jul 27 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 103.0
    https://www.mozilla.org/en-US/firefox/103.0/releasenotes
    MFSA 2022-28 (bsc#1201758)
    * CVE-2022-36319 (bmo#1737722)
      Mouse Position spoofing with CSS transforms
    * CVE-2022-36317 (bmo#1759951)
      Long URL would hang Firefox for Android
    * CVE-2022-36318 (bmo#1771774)
      Directory indexes for bundled resources reflected URL
      parameters
    * CVE-2022-36314 (bmo#1773894)
      Opening local <code>.lnk</code> files could cause unexpected
      network loads
    * CVE-2022-36315 (bmo#1762520)
      Preload Cache Bypasses Subresource Integrity
    * CVE-2022-36316 (bmo#1768583)
      Performance API leaked whether a cross-site resource is
      redirecting
    * CVE-2022-36320 (bmo#1759794, bmo#1760998)
      Memory safety bugs fixed in Firefox 103
    * CVE-2022-2505 (bmo#1769739, bmo#1772824)
      Memory safety bugs fixed in Firefox 103 and 102.1
  - requires
    NSS >= 3.80
    rust = 1.61
    rust-cbindgen >= 0.24.3
* Wed Jul 13 2022 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Move %limit_build set before mozilla config to actually set the
    value of %jobs to MOZ_MAKE_FLAGS to fix build on aarch64
* Wed Jul 06 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Firefox 102.0.1:
    * Fixed: Fixed bookmarks sidebar flashing white when opened in
      dark mode (bmo#1776157)
    * Fixed: Fixed multilingual spell checking not working with
      content in both English and a non-Latin alphabet
      (bmo#1773802)
    * Fixed: Developer tools:  Fixed an issue where the console
      output keep getting scrolled to the bottom when the last
      visible message is an evaluation result (bmo#1776262)
    * Fixed: Fixed *Delete cookies and site data when Firefox is
      closed* checkbox getting disabled on startup (bmo#1777419)
    * Fixed: Various stability fixes
* Sat Jun 25 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Firefox 102.0
    * You can now disable automatic opening of the download panel
      every time a new download starts
    * Firefox now mitigates query parameter tracking when navigating
      sites in ETP strict mode
    * Improved security by moving audio decoding into a separate
      process with stricter sandboxing, thus improving process isolation
    * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
    MFSA 2022-24 (bsc#1200793)
    * CVE-2022-34479 (bmo#1745595)
      A popup window could be resized in a way to overlay the
      address bar with web content
    * CVE-2022-34470 (bmo#1765951)
      Use-after-free in nsSHistory
    * CVE-2022-34468 (bmo#1768537)
      CSP sandbox header without `allow-scripts` can be bypassed
      via retargeted javascript: URI
    * CVE-2022-34482 (bmo#845880)
      Drag and drop of malicious image could have led to malicious
      executable and potential code execution
    * CVE-2022-34483 (bmo#1335845)
      Drag and drop of malicious image could have led to malicious
      executable and potential code execution
    * CVE-2022-34476 (bmo#1387919)
      ASN.1 parser could have been tricked into accepting malformed ASN.1
    * CVE-2022-34481 (bmo#1483699, bmo#1497246)
      Potential integer overflow in ReplaceElementsAt
    * CVE-2022-34474 (bmo#1677138)
      Sandboxed iframes could redirect to external schemes
    * CVE-2022-34469 (bmo#1721220)
      TLS certificate errors on HSTS-protected domains could be
      bypassed by the user on Firefox for Android
    * CVE-2022-34471 (bmo#1766047)
      Compromised server could trick a browser into an addon downgrade
    * CVE-2022-34472 (bmo#1770123)
      Unavailable PAC file resulted in OCSP requests being blocked
    * CVE-2022-34478 (bmo#1773717)
      Microsoft protocols can be attacked if a user accepts a prompt
    * CVE-2022-2200 (bmo#1771381)
      Undesired attributes could be set as part of prototype pollution
    * CVE-2022-34480 (bmo#1454072)
      Free of uninitialized pointer in lg_init
    * CVE-2022-34477 (bmo#1731614)
      MediaError message property leaked information on cross-
      origin same-site pages
    * CVE-2022-34475 (bmo#1757210)
      HTML Sanitizer could have been bypassed via same-origin
      script via use tags
    * CVE-2022-34473 (bmo#1770888)
      HTML Sanitizer could have been bypassed via use tags
    * CVE-2022-34484 (bmo#1763634, bmo#1772651)
      Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
    * CVE-2022-34485 (bmo#1768409, bmo#1768578)
      Memory safety bugs fixed in Firefox 102
  - requires
    NSPR >= 4.34
    NSS >= 3.79
    rust = 1.60
  - switch out skia-patches with webrender-patches for big endian
    removed:
    * mozilla-bmo1504834-part2.patch
    * mozilla-bmo1504834-part4.patch
    * mozilla-bmo1626236.patch
    added:
    * one_swizzle_to_rule_them_all.patch
    * svg-rendering.patch
  - add some more returns to the no-return-patch
* Fri Jun 10 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 101.0.1:
    * Fixed context menus not appearing when right-clicking
      Picture-in-Picture windows on some Linux systems (bmo#1771914)
    * Various stability fixes
* Sun May 29 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 101.0
    * Reading is now easier with the prefers-contrast media query,
      which allows sites to detect if the user has requested that web
      content is presented with a higher (or lower) contrast
    * All non-configured MIME types can now be assigned a custom
      action upon download completion
    * allows users to use as many microphones as you want, at the
      same time, during video conferencing. The most exciting benefit
      is that you can easily switch your microphones at any time
      (if your conferencing service provider enables this flexibility)
    MFSA 2022-20 (bsc#1200027)
    * CVE-2022-31736 (bmo#1735923)
      Cross-Origin resource's length leaked
    * CVE-2022-31737 (bmo#1743767)
      Heap buffer overflow in WebGL
    * CVE-2022-31738 (bmo#1756388)
      Browser window spoof using fullscreen mode
    * CVE-2022-31739 (bmo#1765049)
      Attacker-influenced path traversal when saving downloaded files
    * CVE-2022-31740 (bmo#1766806)
      Register allocation problem in WASM on arm64
    * CVE-2022-31741 (bmo#1767590)
      Uninitialized variable leads to invalid memory read
    * CVE-2022-31742 (bmo#1730434)
      Querying a WebAuthn token with a large number of allowCredential
      entries may have leaked cross-origin information
    * CVE-2022-31743 (bmo#1747388)
      HTML Parsing incorrectly ended HTML comments prematurely
    * CVE-2022-31744 (bmo#1757604)
      CSP bypass enabling stylesheet injection
    * CVE-2022-31745 (bmo#1760944)
      Incorrect Assertion caused by unoptimized array shift operations
    * CVE-2022-1919 (bmo#1761275)
      Memory Corruption when manipulating webp images
    * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
      bmo#1767365, bmo#1768559, bmo#1768734)
      Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
    * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469,
      bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973,
      bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869)
      Memory safety bugs fixed in Firefox 101
  - requires
    * NSS 3.78.1
    * rust-cbindgen 0.23.0
    * rust 1.59
* Fri May 20 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 100.0.2
    MFSA 2022-19 (bsc#1199768)
    * CVE-2022-1802 (bmo#1770137)
      Prototype pollution in Top-Level Await implementation
    * CVE-2022-1529 (bmo#1770048)
      Untrusted input used in JavaScript object indexing, leading
      to prototype pollution
* Wed May 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 100.0.1:
    * Fixed: Fixed an issue with subtitles in Picture-in-Picture
      mode while using Netflix (bmo#1768818)
    * Fixed: Fixed an issue where some commands were unavailable in
      the Picture-in-Picture window (bmo#1768201)
* Sun May 01 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 100.0
    * subtitle support in PiP
    * spell checking supports multiple languages in parallel
    * more details here
      https://www.mozilla.org/en-US/firefox/100.0/releasenotes
    MFSA 2022-16 (boo#1198970)
    * CVE-2022-29914 (bmo#1746448)
      Fullscreen notification bypass using popups
    * CVE-2022-29909 (bmo#1755081)
      Bypassing permission prompt in nested browsing contexts
    * CVE-2022-29916 (bmo#1760674)
      Leaking browser history with CSS variables
    * CVE-2022-29911 (bmo#1761981)
      iframe Sandbox bypass
    * CVE-2022-29912 (bmo#1692655)
      Reader mode bypassed SameSite cookies
    * CVE-2022-29910 (bmo#1757138)
      Firefox for Android forgot HTTP Strict Transport Security
      settings
    * CVE-2022-29915 (bmo#1751678)
      Leaking cross-origin redirect through the Performance API
    * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
      bmo#1762614, bmo#1762620, bmo#1764778)
      Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
    * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
      bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
      bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
      Memory safety bugs fixed in Firefox 100
  - requires NSS 3.77
* Tue Apr 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 99.0.1
    * Fixed an issue with text rendering in Bengali (bmo#1763368)
    * Fixed a selection issue in the Download panel with drag and
      drop (bmo#1762723)
    * Fixed: Fixed an issue preventing Zoom gallery mode for users
      who go to zoom.us URLs instead of subdomain.zoom.us URLs
      (bmo#1763801)
* Mon Apr 04 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 99.0
    * You can now toggle Narrate in ReaderMode with the keyboard
      shortcut "n."
    * You can find added support for search—with or without
      diacritics—in the PDF viewer.
    * The Linux sandbox has been strengthened: processes exposed to web
      content no longer have access to the X Window system (X11).
    * Firefox now supports credit card autofill and capture in
      Germany and France.
    MFSA 2022-13 (bsc#1197903)
    * CVE-2022-1097 (bmo#1745667)
      Use-after-free in NSSToken objects
    * CVE-2022-28281 (bmo#1755621)
      Out of bounds write due to unexpected WebAuthN Extensions
    * CVE-2022-28282 (bmo#1751609)
      Use-after-free in DocumentL10n::TranslateDocument
    * CVE-2022-28283 (bmo#1754066)
      Missing security checks for fetching sourceMapURL
    * CVE-2022-28284 (bmo#1754522)
      Script could be executed via svg's use element
    * CVE-2022-28285 (bmo#1756957)
      Incorrect AliasSet used in JIT Codegen
    * CVE-2022-28286 (bmo#1735265)
      iframe contents could be rendered outside the border
    * CVE-2022-28287 (bmo#1741515)
      Text Selection could crash Firefox
    * CVE-2022-24713 (bmo#1758509)
      Denial of Service via complex regular expressions
    * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
      bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
      Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
    * CVE-2022-28288 (bmo#1746415, bmo#1746495, bmo#1746500,
      bmo#1747282, bmo#1748759, bmo#1749056, bmo#1749786,
      bmo#1751679, bmo#1752120, bmo#1756010, bmo#1756017,
      bmo#1757213, bmo#1757258, bmo#1757427)
      Memory safety bugs fixed in Firefox 99
  - requires NSS >= 3.76.1
  - remove obsolete patch
    * mozilla-bmo1756347.patch
    * mozilla-bmo1757571.patch
  - update create-tar.sh
* Thu Mar 24 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - MozillaFirefox 98.0.2:
    * Fixed: Fixed an issue preventing users from typing in Address
      Bar after opening new tab and pressing cmd + enter
      (bmo#1757376)
    * Fixed: Fixed an issue causing some users to crash in out-of-
      memory conditions (bmo#1757618)
    * Fixed: Fixed an issue in session history which caused some
      sites to fail to load (bmo#1758664)
    * Fixed: Fixed an add-on specific compatibility issue
      (bmo#1759162)
* Wed Mar 23 2022 Simon Vogl <simon.vogl@gmx.net>
  - Change mozilla-kde.patch to follow the GNOME registry
    behavior for new MIME types to avoid opening downloaded files
    without any inquiries (bsc#1197319)
* Tue Mar 22 2022 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Add patch to fix start-up on aarch64:
    * mozilla-bmo1757571.patch
* Thu Mar 17 2022 Dirk Müller <dmueller@suse.com>
  - exclude slow cpus for building
* Thu Mar 17 2022 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
    faster buildhosts, as the others struggle to build FF.
* Mon Mar 14 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 98.0.1:
    * Yandex and Mail.ru have been removed as optional search
      providers in the drop-down search menu in Firefox
* Tue Mar 08 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 98.0
    * Firefox has a new optimized download flow
    * other changes as documented here
      https://www.mozilla.org/en-US/firefox/98.0/releasenotes
    MFSA 2022-10 (bsc#1196900)
    * CVE-2022-26383 (bmo#1742421)
      Browser window spoof using fullscreen mode
    * CVE-2022-26384 (bmo#1744352)
      iframe allow-scripts sandbox bypass
    * CVE-2022-26387 (bmo#1752979)
      Time-of-check time-of-use bug when verifying add-on signatures
    * CVE-2022-26381 (bmo#1736243)
      Use-after-free in text reflows
    * CVE-2022-26382 (bmo#1741888)
      Autofill Text could be exfiltrated via side-channel attacks
    * CVE-2022-26385 (bmo#1747526)
      Use-after-free in thread shutdown
    * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
      bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
      bmo#1754508)
      Memory safety bugs fixed in Firefox 98
  - requires NSS 3.75
  - add mozilla-bmo1756347.patch to fix i586 build
* Fri Feb 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 97.0.1
    * Fixed: Fixed an issue where TikTok videos would fail to load
      when selected from a user's profile page (bmo#1750973)
    * Fixed: Fixed an issue which led to Picture-in-Picture mode
      being unable to be toggled on Hulu (bmo#1753401)
    * Fixed: Works around problems with WebRoot SecureAnywhere
      antivirus rendering Firefox unusable in some situations
      (bmo#1752466)
    * Fixed: Fixed an issue causing users to see the Restore
      Session screen unexpectedly when starting Firefox
      (bmo#1749996)
* Mon Feb 14 2022 Luciano Santos <luc14n0@opensuse.org>
  - Remove bashisms ("source" and "function" keywords) from
    mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user
    has either dash-sh package or busybox-sh to handle Bourn Shell
    scripts rather than having bash-sh package, the script would
    fail. Using "." instead of "source" and "create_langpack_link()"
    function definition is enough to keep both sides sane,
    behavior-wise.
* Tue Feb 08 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 97.0
    MFSA 2022-04 (bsc#1195682)
    * CVE-2022-22753 (bmo#1732435)
      Privilege Escalation to SYSTEM on Windows via Maintenance Service
    * CVE-2022-22754 (bmo#1750565)
      Extensions could have bypassed permission confirmation during update
    * CVE-2022-22755 (bmo#1309630)
      XSL could have allowed JavaScript execution after a tab was closed
    * CVE-2022-22756 (bmo#1317873)
      Drag and dropping an image could have resulted in the dropped
      object being an executable
    * CVE-2022-22757 (bmo#1720098)
      Remote Agent did not prevent local websites from connecting
    * CVE-2022-22758 (bmo#1728742)
      tel: links could have sent USSD codes to the dialer on
      Firefox for Android
    * CVE-2022-22759 (bmo#1739957)
      Sandboxed iframes could have executed script if the parent
      appended elements
    * CVE-2022-22760 (bmo#1740985, bmo#1748503)
      Cross-Origin responses could be distinguished between script
      and non-script content-types
    * CVE-2022-22761 (bmo#1745566)
      frame-ancestors Content Security Policy directive was not
      enforced for framed extension pages
    * CVE-2022-22762 (bmo#1743931)
      JavaScript Dialogs could have been displayed over other
      domains on Firefox for Android
    * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
      bmo#1748210, bmo#1748279)
      Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
    * CVE-2022-0511 (bmo#1713579, bmo#1735448, bmo#1743821, bmo#1746313,
      bmo#1746314, bmo#1746316, bmo#1746321, bmo#1746322, bmo#1746323,
      bmo#1746412, bmo#1746430, bmo#1746451, bmo#1746488, bmo#1746875,
      bmo#1746898, bmo#1746905, bmo#1746907, bmo#1746917, bmo#1747128,
      bmo#1747137, bmo#1747331, bmo#1747346, bmo#1747439, bmo#1747457,
      bmo#1747870, bmo#1749051, bmo#1749274, bmo#1749831)
      Memory safety bugs fixed in Firefox 97
  - requires NSS 3.74
  - requires rust 1.57
* Mon Feb 07 2022 Dirk Müller <dmueller@suse.com>
  - remove memoryperjob and use %limit instead. this allows to
    adapt to more worker types, and lowers the time the package
    is stuck in "scheduling". raising memory above 8 to lower
    risk for LTO jobs to run OOM
  - add hack to disable -Wl,--gc-section which avoids a binutils
    segfault on x86
  - change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere
* Sun Jan 30 2022 Dirk Müller <dmueller@suse.com>
  - disable ccache, this adds about 1 minute of build time and
    over 2 GB of disk space usage without benefit on OBS builds
  - build with rust-simd like upstream does
  - use -g1 for debuginfo generation as this is what upstream
    does as well and it saves ~ 2GB of writes
  - use %limit on x86_64 to scale down to less capable workers
  - disable install stripping so that debuginfo is useful
  - use autopatch
  - cleanup constraints to specify only jobs, physicalmemory
    and memoryperjob to be more flexible on which host to build
    on
* Fri Jan 28 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 96.0.3 (bsc#1195230)
    * Fixed an issue that allowed unexpected data to be submitted in
      some of our search telemetry (bmo#1752317)
* Mon Jan 24 2022 Martin Liška <mliska@suse.cz>
  - Enable -fimplicit-constexpr for GCC 12+.
* Thu Jan 20 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 96.0.2
    * Fix an issue that caused tab height to display inconsistently
      on Linux when audio was played (bmo#1714276)
    * Fix an issue that caused Lastpass dropdowns to appear blank in
      Private Browsing mode (bmo#1748158)
    * Fix a crash encountered when resizing a Facebook app
      (bmo#1746084)
* Fri Jan 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 96.0.1
    * Fixed: Improvements to make the parsing of content-length
      headers more robust (bmo#1749957, boo#1194677)
* Sat Jan 08 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 96.0
    * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
    MFSA 2022-01 (bsc#1194547)
    * CVE-2022-22746 (bmo#1735071)
      Calling into reportValidity could have lead to fullscreen
      window spoof
    * CVE-2022-22743 (bmo#1739220)
      Browser window spoof using fullscreen mode
    * CVE-2022-22742 (bmo#1739923)
      Out-of-bounds memory access when inserting text in edit mode
    * CVE-2022-22741 (bmo#1740389)
      Browser window spoof using fullscreen mode
    * CVE-2022-22740 (bmo#1742334)
      Use-after-free of ChannelEventQueue::mOwner
    * CVE-2022-22738 (bmo#1742382)
      Heap-buffer-overflow in blendGaussianBlur
    * CVE-2022-22737 (bmo#1745874)
      Race condition when playing audio files
    * CVE-2021-4140 (bmo#1746720)
      Iframe sandbox bypass with XSLT
    * CVE-2022-22750 (bmo#1566608)
      IPC passing of resource handles could have lead to sandbox
      bypass
    * CVE-2022-22749 (bmo#1705094)
      Lack of URL restrictions when scanning QR codes
    * CVE-2022-22748 (bmo#1705211)
      Spoofed origin on external protocol launch dialog
    * CVE-2022-22745 (bmo#1735856)
      Leaking cross-origin URLs through securitypolicyviolation
      event
    * CVE-2022-22744 (bmo#1737252)
      The 'Copy as curl' feature in DevTools did not fully escape
      website-controlled data, potentially leading to command
      injection
    * CVE-2022-22747 (bmo#1735028)
      Crash when handling empty pkcs7 sequence
    * CVE-2022-22736 (bmo#1742692)
      Potential local privilege escalation when loading modules
      from the install directory.
    * CVE-2022-22739 (bmo#1744158)
      Missing throttling on external protocol launch dialog
    * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
      bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
      bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
      Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
    * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
      Memory safety bugs fixed in Firefox 96
  - removed obsolete patches
    * mozilla-bmo1745560.patch
    * mozilla-bmo1744896.patch
    * mozilla-sandbox-fips.patch
  - requires
    NSPR >= 4.33
    NSS  >= 3.73.1
* Tue Dec 28 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Add upstream patches:
    * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
    * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
      creation
* Mon Dec 20 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 95.0.2
    * Addresses frequent crashes experienced by users with C/E/Z-Series
      "Bobcat" CPUs running on Windows 7, 8, and 8.1.
  - updated constraints for ppc and x86-64
* Fri Dec 17 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 95.0.1 (bsc#1193845)
    * Fixed frequent
      MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
      messages when trying to connect to various microsoft.com
      domains (bmo#1745600)
    * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
    * Fix for a frequent Windows shutdown crash (bmo#1738984)
    * Fix websites contrast issues for some Linux users with
      Dark mode set at OS level (bmo#1740518)
* Sat Dec 04 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 95.0
    * You can now move the Picture-in-Picture toggle button to the
      opposite side of the video. Simply look for the new context menu
      option Move Picture-in-Picture Toggle to Left (Right) Side.
    * To better protect Firefox users against side-channel attacks such
      as Spectre, Site Isolation is now enabled for all Firefox 95 users.
    * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
    MFSA 2021-52 (bsc#1193485)
    * CVE-2021-43536 (bmo#1730120)
      URL leakage when navigating while executing asynchronous
      function
    * CVE-2021-43537 (bmo#1738237)
      Heap buffer overflow when using structured clone
    * CVE-2021-43538 (bmo#1739091)
      Missing fullscreen and pointer lock notification when
      requesting both
    * CVE-2021-43539 (bmo#1739683)
      GC rooting failure when calling wasm instance methods
    * MOZ-2021-0010 (bmo#1735852)
      Use-after-free in fullscreen objects on MacOS
    * CVE-2021-43540 (bmo#1636629)
      WebExtensions could have installed persistent ServiceWorkers
    * CVE-2021-43541 (bmo#1696685)
      External protocol handler parameters were unescaped
    * CVE-2021-43542 (bmo#1723281)
      XMLHttpRequest error codes could have leaked the existence of
      an external protocol handler
    * CVE-2021-43543 (bmo#1738418)
      Bypass of CSP sandbox directive when embedding
    * CVE-2021-43544 (bmo#1739934)
      Receiving a malicious URL as text through a SEND intent could
      have led to XSS
    * CVE-2021-43545 (bmo#1720926)
      Denial of Service when using the Location API in a loop
    * CVE-2021-43546 (bmo#1737751)
      Cursor spoofing could overlay user interface when native
      cursor is zoomed
    * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
      bmo#1737009, bmo#1739372, bmo#1739421)
      Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
  - requires
    NSS >= 3.72
* Thu Dec 02 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - remove x-scheme-handler/ftp from firefox.desktop boo#1193321
* Thu Nov 25 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Drop unused libidl-devel BuildRequires.
* Tue Nov 23 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 94.0.2:
    * Update preference design for Firefox Suggest for improved clarity
    * Resolved general instability/crashes on Linux caused by a file
      descriptor leak when backgrounding tabs using WebGL
      (bmo#1741997)
* Fri Nov 05 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 94.0.1:
    * fixes for other platforms
* Sat Oct 30 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 94.0
    * https://www.mozilla.org/en-US/firefox/94.0/releasenotes
    MFSA 2021-48 (bsc#1192250)
    * CVE-2021-38503 (bmo#1729517)
      iframe sandbox rules did not apply to XSLT stylesheets
    * CVE-2021-38504 (bmo#1730156)
      Use-after-free in file picker dialog
    * CVE-2021-38505 (bmo#1730194)
      Windows 10 Cloud Clipboard may have recorded sensitive user data
    * CVE-2021-38506 (bmo#1730750)
      Firefox could be coaxed into going into fullscreen mode
      without notification or warning
    * CVE-2021-38507 (bmo#1730935)
      Opportunistic Encryption in HTTP2 could be used to bypass the
      Same-Origin-Policy on services hosted on other ports
    * MOZ-2021-0003 (bmo#1736886)
      Universal XSS in Firefox for Android via QR Code URLs
    * CVE-2021-38508 (bmo#1366818)
      Permission Prompt could be overlaid, resulting in user
      confusion and potential spoofing
    * MOZ-2021-0004 (bmo#1659155)
      Web Extensions could access pre-redirect URL when their
      context menu was triggered by a user
    * CVE-2021-38509 (bmo#1718571)
      Javascript alert box could have been spoofed onto an
      arbitrary domain
    * CVE-2021-38510 (bmo#1731779)
      Download Protections were bypassed by .inetloc files on Mac OS
    * MOZ-2021-0005 (bmo#1719203)
      'Copy Image Link' context menu action could have been abused
      to see authentication tokens
    * MOZ-2021-0006 (bmo#1724233)
      URL Parsing may incorrectly parse internationalized domains
    * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048, bmo#1735152)
      Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
  - removed obsolete patches
    * mozilla-bmo1602730.patch
    * mozilla-bmo1725828.patch
    * mozilla-bmo1729124.patch
  - requires
    NSS >= 3.71
    rust >= 1.53
  - fix Plasma detection (boo#1191825)
  - fix Link error "undefined hidden symbol:"
    https://github.com/openSUSE/firefox-maintenance/issues/37
* Tue Oct 26 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
  - (re-)enable LTO on Tumbleweed
* Wed Oct 20 2021 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Rebase mozilla-sandbox-fips.patch to punch another hole in the
    sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
    from within the newly introduced socket process sandbox.
    This fixes bsc#1191815 and bsc#1190141
* Mon Oct 18 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Add patch to fix build on aarch64 (bmo#1729124)
    * mozilla-bmo1729124.patch
* Fri Oct 01 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 93.0
    * supports the new AVIF image format
    * PDF viewer now supports filling more forms (XFA-based forms)
    * now blocks downloads that rely on insecure connections,
      protecting against potentially malicious or unsafe downloads
    * Improved web compatibility for privacy protections with SmartBlock 3.0
    * Introducing a new referrer tracking protection in Strict Tracking
      Protection and Private Browsing
    * TLS ciphersuites that use 3DES have been disabled. Such
      ciphersuites can only be enabled when deprecated versions of
      TLS are also enabled
    * The download panel now follows the Firefox visual styles
    MFSA 2021-43 (bsc#1191332)
    * CVE-2021-38496 (bmo#1725335)
      Use-after-free in MessageTask
    * CVE-2021-38497 (bmo#1726621)
      Validation message could have been overlaid on another origin
    * CVE-2021-38498 (bmo#1729642)
      Use-after-free of nsLanguageAtomService object
    * CVE-2021-32810 (bmo#1729813)
      https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
      Data race in crossbeam-deque
    * CVE-2021-38500 (bmo#1725854, bmo#1728321)
      Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
      and Firefox ESR 91.2
    * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
      Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
    * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
      Memory safety bugs fixed in Firefox 93
  - removed obsolete mozilla-bmo1708709.patch
  - require NSS >= 3.70
  - allow to override wayland detection by defining MOZ_ENABLE_WAYLAND
    explicitely as 0 or 1
  - fix aarch64 build by updating constraints
  - add mozilla-bmo1725828.patch to fix widevine (bsc#1190842)
  - add mozilla-bmo531915.patch to fix build for i586
* Sat Sep 25 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 92.0.1
    * Fixed: Fixes an issue where audio playback was not working on
      some Linux systems (bmo#1730499)
    * Fixed: Fixes issues with the findbar close button on
      different operating systems (bmo#1728368)
* Mon Sep 06 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 92.0
    * More secure connections: Firefox can now automatically upgrade to
      HTTPS using HTTPS RR as Alt-Svc headers
    * Full-range color levels are now supported for video playback on
      many systems
    MFSA 2021-38 (bsc#1190269)
    * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
      bmo#1712242, bmo#1729259)
      Handling custom intents could lead to crashes and UI spoofs
    * CVE-2021-38491 (bmo#1551886)
      Mixed-Content-Blocking was unable to check opaque origins
    * CVE-2021-38492 (bmo#1721107)
      Navigating to `mk:` URL scheme could load Internet Explorer
    * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
      Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
      Firefox ESR 91.1
    * CVE-2021-38494 (bmo#1723920, bmo#1725638)
      Memory safety bugs fixed in Firefox 92
  - updated appdata
  - remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
    (does not apply anymore; unclear if obsolete)
  - bring back mozilla-silence-no-return-type.patch and
    run post-build-checks everywhere again
  - requires NSS 3.69.1
* Tue Aug 31 2021 Atri Bhattacharya <badshah400@gmail.com>
  - Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly
    repositioned due to rounding errors when font scaling != 1
    (bmo#1708709); patch taken from upstream bug report and rebased
    to apply cleanly against current version.
* Sun Aug 29 2021 Martin Liška <mliska@suse.cz>
  - Bump using with GCC (tested locally).
* Fri Aug 27 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 91.0.2:
    * Fixed: Firefox no longer clears authentication data when
      purging trackers, to avoid repeatedly prompting for a
      password (bmo#1721084)
* Wed Aug 18 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 91.0.1
    * Fixed an issue causing buttons on the tab bar to be resized when
      loading certain websites (bmo#1704404)
    * Fixed an issue which caused tabs from private windows to be
      visible in non-private windows when viewing switch-to-tab results
      in the address bar panel (bmo#1720369)
    * Various stability fixes
    MFSA 2021-37 (bsc#1189547)
    * CVE-2021-29991 (bmo#1724896)
      Header Splitting possible with HTTP/3 Responses
* Mon Aug 09 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 91.0
    MFSA 2021-33 (bsc#1188891)
    * CVE-2021-29986 (bmo#1696138)
      Race condition when resolving DNS names could have led to
      memory corruption
    * CVE-2021-29981 (bmo#1707774)
      Live range splitting could have led to conflicting
      assignments in the JIT
    * CVE-2021-29988 (bmo#1717922)
      Memory corruption as a result of incorrect style treatment
    * CVE-2021-29983 (bmo#1719088)
      Firefox for Android could get stuck in fullscreen mode
    * CVE-2021-29984 (bmo#1720031)
      Incorrect instruction reordering during JIT optimization
    * CVE-2021-29980 (bmo#1722204)
      Uninitialized memory in a canvas object could have led to
      memory corruption
    * CVE-2021-29987 (bmo#1716129)
      Users could have been tricked into accepting unwanted
      permissions on Linux
    * CVE-2021-29985 (bmo#1722083)
      Use-after-free media channels
    * CVE-2021-29982 (bmo#1715318)
      Single bit data leak due to incorrect JIT optimization and
      type confusion
    * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
      bmo#1719998, bmo#1720568)
      Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
    * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
      bmo#1719319, bmo#1722073)
      Memory safety bugs fixed in Firefox 91
  - requires
    * rustc/cargo >= 1.51
    * NSPR >= 4.32
    * NSS >= 3.68
  - force-disable webrender on BE platforms
* Sat Jul 24 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 90.0.2:
    * Changed: Updates to support DoH Canada rollout (bmo#1713036)
    * Fixed: Fixed truncated output when printing (bmo#1720621)
    * Fixed: Fixed menu styling on some Gtk themes (bmo#1720441,
      bmo#1720874)
* Mon Jul 19 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 90.0.1 (boo#1188480):
    * Fixed: Fixed busy looping processing some HTTP3 responses
      (bmo#1720079)
    * Fixed: Fixed transient errors authenticating with some smart
      cards (bmo#1715325)
    * Fixed: Fixed a rare crash on shutdown (bmo#1707057)
    * Fixed: Fixed a race on startup that caused about:support to
      end up empty after upgrade (bmo#1717894, boo#1188330)
* Sun Jul 11 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 90.0
    MFSA 2021-28 (bsc#1188275)
    * CVE-2021-29970 (bmo#1709976)
      Use-after-free in accessibility features of a document
    * CVE-2021-29971 (bmo#1713638)
      Granted permissions only compared host; omitting scheme and
      port on Android
    * CVE-2021-30547 (bmo#1715766)
      Out of bounds write in ANGLE
    * CVE-2021-29972 (bmo#1696816)
      Use of out-of-date library included use-after-free
      vulnerability
    * CVE-2021-29973 (bmo#1701932)
      Password autofill on HTTP websites was enabled without user
      interaction on Android
    * CVE-2021-29974 (bmo#1704843)
      HSTS errors could be overridden when network partitioning was
      enabled
    * CVE-2021-29975 (bmo#1713259)
      Text message could be overlaid on top of another website
    * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
      bmo#1711576, bmo#1714391)
      Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
    * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
      bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
      bmo#1714066)
      Memory safety bugs fixed in Firefox 90
  - requires
    NSPR 4.31
    NSS 3.66
  - Gtk2 support removed (was only for Flash plugin before)
* Wed Jun 23 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 89.0.2 (boo#1187648):
    * Fix occasional hangs with Software WebRender on Linux (bmo#1708224)
* Sat Jun 19 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 89.0.1 (boo#1187475):
    * Updated translations, including full Spanish (Mexico)
      localization and other improvements (bmo#1714946)
    * Fix various font related regressions (bmo#1694174)
    * Linux: Fix performance and stability regressions with
      WebRender (bmo#1715895, bmo#1715902)
    * Enterprise: Fix for the `DisableDeveloperTools` policy not
      having effect anymore (bmo#1715777)
    * Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
    * Various stability fixes
* Sat May 29 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 89.0
    * UI redesign
    * The Event Timing API is now supported
    * The CSS forced-colors media query is now supported
    MFSA 2021-23 (bsc#1186696)
    * CVE-2021-29965 (bmo#1709257)
      Password Manager on Firefox for Android susceptible to domain
      spoofing
    * CVE-2021-29960 (bmo#1675965)
      Filenames printed from private browsing mode incorrectly
      retained in preferences
    * CVE-2021-29961 (bmo#1700235)
      Firefox UI spoof using `<select>` elements and CSS scaling
    * CVE-2021-29963 (bmo#1705068)
      Shared cookies for search suggestions in private browsing mode
    * CVE-2021-29964 (bmo#1706501)
      Out of bounds-read when parsing a `WM_COPYDATA` message
    * CVE-2021-29959 (bmo#1395819)
      Devices could be re-enabled without additional permission prompt
    * CVE-2021-29962 (bmo#1701673)
      No rate-limiting for popups on Firefox for Android
    * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
      bmo#1704722, bmo#1706041)
      Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
    * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
      Memory safety bugs fixed in Firefox 89
  - require
    NSS >= 3.64
    rust-cbindgen >= 0.19.0
  - do not rely on nodejs10 packagename anymore
  - updated mozilla.keyring
  - switched TW/x86_64 to clang as the last platform due to
    https://bugs.gentoo.org/792705
  - but LTO with clang is broken in TW so disable LTO for it
    https://bugs.llvm.org/show_bug.cgi?id=47872
* Thu May 06 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Relax RAM and disk constraints for aarch64
* Wed May 05 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 88.0.1
    * Fixed: Resolved an issue caused by a recent Widevine plugin
      update which prevented some purchased video content from
      playing correctly (bmo#1705138)
    * Fixed: Fixed corruption of videos playing on Twitter or
      WebRTC calls on some Gen6 Intel graphics chipsets
      (bmo#1708937)
    * Fixed: Fixed menulists in Preferences being unreadable for
      users with High Contrast Mode enabled (bmo#1706496)
    MFSA 2021-20 (bsc#1185633)
    * CVE-2021-29952 (bmo#1704227)
      Race condition in Web Render Components
  - devel package: move macros to /usr/lib/rpm/macros.d (boo#1185658)
* Sun May 02 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - add compatibility for libavcodec58_134
* Sun Apr 18 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 88.0
    * New: PDF forms now support JavaScript embedded in PDF files.
      Some PDF forms use JavaScript for validation and other
      interactive features
    * New: Print updates: Margin units are now localized
    * New: Smooth pinch-zooming using a touchpad is now supported
      on Linux
    * New: To protect against cross-site privacy leaks, Firefox now
      isolates window.name data to the website that created it.
      Learn more
    * Changed: Firefox will not prompt for access to your
      microphone or camera if you’ve already granted access to the
      same device on the same site in the same tab within the past
      50 seconds. This new grace period reduces the number of times
      you’re prompted to grant device access
    * Changed: The ‘Take a Screenshot’ feature was removed from the
      Page Actions menu in the url bar. To take a screenshot,
      right-click to open the context menu. You can also add a
      screenshots shortcut directly to your toolbar via the
      Customize menu. Open the Firefox menu and select Customize…
    * Changed: FTP support has been disabled, and its full removal
      is planned for an upcoming release. Addressing this security
      risk reduces the likelihood of an attack while also removing
      support for a non-encrypted protocol
    * Developer: Introduced a new toggle button in the Network
      panel for switching between JSON formatted HTTP response and
      raw data (as received over the wire).
      !enter image description here
    * Enterprise: Various bug fixes and new policies have been
      implemented in the latest version of Firefox. You can see
      more details in the Firefox for Enterprise 88 Release Notes.
    * Fixed: Screen readers no longer incorrectly read content that
      websites have visually hidden, as in the case of articles in
      the Google Help panel
    MFSA 2021-16 (bsc#1184960)
    * CVE-2021-23994 (bmo#1699077)
      Out of bound write due to lazy initialization
    * CVE-2021-23995 (bmo#1699835)
      Use-after-free in Responsive Design Mode
    * CVE-2021-23996 (bmo#1701834)
      Content rendered outside of webpage viewport
    * CVE-2021-23997 (bmo#1701942)
      Use-after-free when freeing fonts from cache
    * CVE-2021-23998 (bmo#1667456)
      Secure Lock icon could have been spoofed
    * CVE-2021-23999 (bmo#1691153)
      Blob URLs may have been granted additional privileges
    * CVE-2021-24000 (bmo#1694698)
      requestPointerLock() could be applied to a tab different from
      the visible tab
    * CVE-2021-24001 (bmo#1694727)
      Testing code could have enabled session history manipulations
      by a compromised content process
    * CVE-2021-24002 (bmo#1702374)
      Arbitrary FTP command execution on FTP servers using an
      encoded URL
    * CVE-2021-29945 (bmo#1700690)
      Incorrect size computation in WebAssembly JIT could lead to
      null-reads
    * CVE-2021-29944 (bmo#1697604)
      HTML injection vulnerability in Firefox for Android's Reader View
    * CVE-2021-29946 (bmo#1698503)
      Port blocking could be bypassed
    * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476,
      bmo#1696886, bmo#1700091)
      Memory safety bugs fixed in Firefox 88
  - requires
    * NSPR 4.30
    * NSS 3.63.1
  - align wayland support logic
* Sat Mar 27 2021 Manfred Hollstein <manfred.h@gmx.net>
  - Switch to clang_build globally; just on TW/x86_64 it does not work
    due to unreolved externals `__rust_probestack' - disable clang_build
    then.
  - useccache: Add conditionals to enable/disable ccache.
* Tue Mar 23 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 87.0
    * requires NSS 3.62
    * removed obsolete BigEndian ICU build workaround
    * rebased patches
    MFSA 2021-10 (bsc#1183942)
    * CVE-2021-23981 (bmo#1692832)
      Texture upload into an unbound backing buffer resulted in an
      out-of-bound read
    * CVE-2021-23982 (bmo#1677046)
      Internal network hosts could have been probed by a malicious
      webpage
    * CVE-2021-23983 (bmo#1692684)
      Transitions for invalid ::marker properties resulted in memory
      corruption
    * CVE-2021-23984 (bmo#1693664)
      Malicious extensions could have spoofed popup information
    * CVE-2021-23985 (bmo#1659129)
      Devtools remote debugging feature could have been enabled
      without indication to the user
    * CVE-2021-23986 (bmo#1692623)
      A malicious extension could have performed credential-less
      same origin policy violations
    * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
      bmo#1690718)
      Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
    * CVE-2021-23988 (bmo#1684994, bmo#1686653)
      Memory safety bugs fixed in Firefox 87
* Tue Mar 16 2021 Martin Liška <mliska@suse.cz>
  - Set memory limits for DWZ to 4x.
* Sat Mar 13 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 86.0.1
    * Fixed: Fixed an issue on Apple Silicon machines that caused
      Firefox to be unresponsive after system sleep (bmo#1682713)
    * Fixed: Fixed an issue causing windows to gain or lose focus
      unexpectedly (bmo#1694927)
    * Fixed: Fixed truncation of date and time widgets due to
      incorrect width calculation (bmo#1695578)
    * Fixed: Fixed an issue causing unexpected behavior with
      extensions managing tab groups (bmo#1694699)
    * Fixed: Fixed a frequent Linux crash on browser launch
      (bmo#1694670)
* Sun Feb 21 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 86.0
    * requires NSS >= 3.61
    * requires rust-cbindgen >= 0.16.0
    * Firefox now supports simultaneously watching multiple videos in
      Picture-in-Picture.
    * Total Cookie Protection to Strict Mode
    * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
    MSFA 2021-07 (bsc#1182614)
    * CVE-2021-23969 (bmo#1542194)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23970 (bmo#1681724)
      Multithreaded WASM triggered assertions validating separation
      of script domains
    * CVE-2021-23968 (bmo#1687342)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23974 (bmo#1528997, bmo#1683627)
      noscript elements could have led to an HTML Sanitizer bypass
    * CVE-2021-23971 (bmo#1678545)
      A website's Referrer-Policy could have been be overridden,
      potentially resulting in the full URL being sent as a Referrer
    * CVE-2021-23976 (bmo#1684627)
      Local spoofing of web manifests for arbitrary pages in
      Firefox for Android
    * CVE-2021-23977 (bmo#1684761)
      Malicious application could read sensitive data from Firefox
      for Android's application directories
    * CVE-2021-23972 (bmo#1683536)
      HTTP Auth phishing warning was omitted when a redirect is
      cached
    * CVE-2021-23975 (bmo#1685145)
      about:memory Measure function caused an incorrect pointer
      operation
    * CVE-2021-23973 (bmo#1690976)
      MediaError message property could have leaked information
      about cross-origin resources
    * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797)
      Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
    * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463,
      bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490,
      bmo#1684377, bmo#1684902)
      Memory safety bugs fixed in Firefox 86
  - updated create-tar.sh (bsc#1182357)
  - removed obsolete mozilla-bmo1554971.patch
  - remove buildsymbols subpackage
    * we haven't done anything with it for years
    * mozilla is collecting those from our debuginfo packages
    * would require a local dump_syms tool
* Wed Feb 17 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 85.0.2
    * Fixed: Fixed a deadlock during startup (bmo#1679933)
* Wed Feb 17 2021 Michel Normand <normand@linux.vnet.ibm.com>
  - Use %limit_build macros for PowerPC to avoid oom build failure
* Tue Feb 09 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 85.0.1
    MFSA 2021-06 (bsc#1181848)
    * MOZ-2021-0001 (bmo#1676636)
      Buffer overflow in depth pitch calculations for compressed
      textures
    * Fixed: Avoid printing an extra blank page at the end of some
      documents (bmo#1689789).
    * Fixed: Fixed a browser crash in case of unexpected Cache API
      state (bmo#1684838).
* Sun Jan 24 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 85.0
    * Adobe Flash is completely history
    * supercookie protection
    * new bookmark handling and features
    MFSA 2021-03 (bsc#1181414)
    * CVE-2021-23953 (bmo#1683940)
      Cross-origin information leakage via redirected PDF requests
    * CVE-2021-23954 (bmo#1684020)
      Type confusion when using logical assignment operators in
      JavaScript switch statements
    * CVE-2021-23955 (bmo#1684837)
      Clickjacking across tabs through misusing requestPointerLock
    * CVE-2021-23956 (bmo#1338637)
      File picker dialog could have been used to disclose a
      complete directory
    * CVE-2021-23957 (bmo#1584582)
      Iframe sandbox could have been bypassed on Android via the
      intent URL scheme
    * CVE-2021-23958 (bmo#1642747)
      Screen sharing permission leaked across tabs
    * CVE-2021-23959 (bmo#1659035)
      Cross-Site Scripting in error pages on Firefox for Android
    * CVE-2021-23960 (bmo#1675755)
      Use-after-poison for incorrectly redeclared JavaScript
      variables during GC
    * CVE-2021-23961 (bmo#1677940)
      More internal network hosts could have been probed by a
      malicious webpage
    * CVE-2021-23962 (bmo#1677194)
      Use-after-poison in
      <code>nsTreeBodyFrame::RowCountChanged</code>
    * CVE-2021-23963 (bmo#1680793)
      Permission prompt inaccessible after asking for additional
      permissions
    * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278,
      bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590,
      bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938,
      bmo#1683736, bmo#1685260, bmo#1685925)
      Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
    * CVE-2021-23965 (bmo#1670378, bmo#1673555, bmo#1676812, bmo#1678582,
      bmo#1684497)
      Memory safety bugs fixed in Firefox 85
  - requires NSS 3.60.1
  - requires rust 1.47
  - remove obsolete mozilla-pipewire-0-3.patch
* Mon Jan 11 2021 Matthias Mailänder <mailaender@opensuse.org>
  - Fix AppStream screenshot links
* Thu Jan 07 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 84.0.2
    MFSA 2021-01 (bsc#1180623)
    * CVE-2020-16044 (bmo#1683964)
      Use-after-free write when handling a malicious COOKIE-ECHO
      SCTP chunk

Files

/usr/lib64/firefox


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Nov 7 00:51:36 2024