Пакет firefox-wayland: Информация

- New release (101.0).
- Use internal cbindgen again.
- Security fixes:
  + CVE-2022-31736: Cross-Origin resource's length leaked
  + CVE-2022-31737: Heap buffer overflow in WebGL
  + CVE-2022-31738: Browser window spoof using fullscreen mode
  + CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files
  + CVE-2022-31740: Register allocation problem in WASM on arm64
  + CVE-2022-31741: Uninitialized variable leads to invalid memory read
  + CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
  + CVE-2022-31743: HTML Parsing incorrectly ended HTML comments prematurely
  + CVE-2022-31744: CSP bypass enabling stylesheet injection
  + CVE-2022-31745: Incorrect Assertion caused by unoptimized array shift operations
  + CVE-2022-1919: Memory Corruption when manipulating webp images
  + CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
  + CVE-2022-31748: Memory safety bugs fixed in Firefox 101

- New release (100.0.2).
- Security fixes:
  + CVE-2022-1802: Prototype pollution in Top-Level Await implementation
  + CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

- New release (100.0).
- Security fixes:
  + CVE-2022-29914: Fullscreen notification bypass using popups
  + CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
  + CVE-2022-29916: Leaking browser history with CSS variables
  + CVE-2022-29911: iframe Sandbox bypass
  + CVE-2022-29912: Reader mode bypassed SameSite cookies
  + CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security settings
  + CVE-2022-29915: Leaking cross-origin redirect through the Performance API
  + CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
  + CVE-2022-29918: Memory safety bugs fixed in Firefox 100