- new version

- New ESR version.
- Security fixes:
  + CVE-2025-13012 Race condition in the Graphics component
  + CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018 Mitigation bypass in the DOM: Security component
  + CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014 Use-after-free in the Audio/Video component
  + CVE-2025-13015 Spoofing issue in Firefox
- provides x-www-browser (Closes: #44717).

- New ESR version.
- Security fixes:
  + CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
  + CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
  + CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
  + CVE-2025-11711 Some non-writable Object properties could be modified
  + CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
  + CVE-2025-11713 Potential user-assisted code execution in 'Copy as cURL' command
  + CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  + CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144

- New ESR version.
- Security fixes:
  + CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component
  + CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
  + CVE-2025-10529 Same-origin policy bypass in the Layout component
  + CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component
  + CVE-2025-10533 Integer overflow in the SVG component
  + CVE-2025-10536 Information disclosure in the Networking: Cache component
  + CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143

- New ESR version.
- Security fixes:
  + CVE-2025-4918 Out-of-bounds access when resolving Promise objects
  + CVE-2025-4919 Out-of-bounds access when optimizing linear sums

- New ESR version.
- Security fixes:
  + CVE-2025-2817 Privilege escalation in Firefox Updater
  + CVE-2025-4082 WebGL shader attribute memory corruption in Firefox for macOS
  + CVE-2025-4083 Process isolation bypass using "javascript:" URI links in cross-origin frames
  + CVE-2025-4084 Potential local code execution in "copy as cURL" command
  + CVE-2025-4087 Unsafe attribute access during XPath parsing
  + CVE-2025-4091 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
  + CVE-2025-4093 Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10

- New ESR version.
- Security fixes:
  + CVE-2025-3028 Use-after-free triggered by XSLTProcessor
  + CVE-2025-3029 URL Bar Spoofing via non-BMP Unicode characters
  + CVE-2025-3030 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

- New ESR version.
- Security fixes:
  + CVE-2025-2857 Incorrect handle could lead to sandbox escapes

- New ESR version.
- Security fixes:
  + CVE-2024-43097 Overflow when growing an SkRegion's RunArray
  + CVE-2025-1930 AudioIPC StreamData could trigger a use-after-free in the Browser process
  + CVE-2025-1931 Use-after-free in WebTransportChild
  + CVE-2025-1932 Inconsistent comparator in XSLT sorting led to out-of-bounds access
  + CVE-2025-1933 JIT corruption of WASM i32 return values on 64-bit CPUs
  + CVE-2025-1934 Unexpected GC during RegExp bailout processing
  + CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar
  + CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
  + CVE-2025-1937 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  + CVE-2025-1938 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

- New ESR version.
- Security fixes:
  + CVE-2025-1009 Use-after-free in XSLT
  + CVE-2025-1010 Use-after-free in Custom Highlight
  + CVE-2025-1011 A bug in WebAssembly code generation could result in a crash
  + CVE-2025-1012 Use-after-free during concurrent delazification
  + CVE-2024-11704 Potential double-free vulnerability in PKCS#7 decryption handling
  + CVE-2025-1013 Potential opening of private browsing tabs in normal browsing windows
  + CVE-2025-1014 Certificate length was not properly checked
  + CVE-2025-1016 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and
  + CVE-2025-1017 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7

- Update from upstream
- Fix build memfd and drm

- New ESR version.
- Security fixes
  + CVE-2024-4367 Arbitrary JavaScript execution in PDF.js
  + CVE-2024-4767 IndexedDB files retained in private browsing mode
  + CVE-2024-4768 Potential permissions request bypass via clickjacking
  + CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types
  + CVE-2024-4770 Use-after-free could occur when printing to PDF
  + CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11

- Add build with kerberos (Closes: #50204)

- New ESR version.
- Security fixes
  + CVE-2024-3852 GetBoundName in the JIT returned the wrong object
  + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement
  + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection
  + CVE-2024-2609 Permission prompt input delay could expire when not in focus
  + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move
  + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows
  + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames
  + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10

- New version.
- Security fixes:
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9

- ! add path to bundle

- New ESR version.
- Security fixes
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
  + CVE-2024-29944 Privileged JavaScript Execution via Event Handlers

- Fixed packages dependencies (Closes: #49747)

- New version.
- Security fixes:
  + CVE-2024-1936 Leaking of encrypted email subjects to other conversations

- update new release 3.0.9 (Closed: #49562)

- New version.
- Security fixes:
  + CVE-2024-1546 Out-of-bounds memory read in networking channels
  + CVE-2024-1547 Alert dialog could have been spoofed on another site
  + CVE-2024-1548 Fullscreen Notification could have been hidden by select element
  + CVE-2024-1549 Custom cursor could obscure the permission dialog
  + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts
  + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices
  + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

- New ESR version.
- Security fixes
  + CVE-2024-1546 Out-of-bounds memory read in networking channels
  + CVE-2024-1547 Alert dialog could have been spoofed on another site
  + CVE-2024-1548 Fullscreen Notification could have been hidden by select element
  + CVE-2024-1549 Custom cursor could obscure the permission dialog
  + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts
  + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices
  + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

- New version.
- Security fixes:
  + CVE-2024-0741 Out of bounds write in ANGLE
  + CVE-2024-0742 Failure to update user input timestamp
  + CVE-2024-0746 Crash when listing printers on Linux
  + CVE-2024-0747 Bypass of Content Security Policy when directive unsafe-inline was set
  + CVE-2024-0749 Phishing site popup could show local origin in address bar
  + CVE-2024-0750 Potential permissions request bypass via clickjacking
  + CVE-2024-0751 Privilege escalation through devtools
  + CVE-2024-0753 HSTS policy on subdomain could bypass policy of upper domain
  + CVE-2024-0755 Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

- New ESR version.
- Security fixes
  + CVE-2024-0741 Out of bounds write in ANGLE
  + CVE-2024-0742 Failure to update user input timestamp
  + CVE-2024-0746 Crash when listing printers on Linux
  + CVE-2024-0747 Bypass of Content Security Policy when directive unsafe-inline was set
  + CVE-2024-0749 Phishing site popup could show local origin in address bar
  + CVE-2024-0750 Potential permissions request bypass via clickjacking
  + CVE-2024-0751 Privilege escalation through devtools
  + CVE-2024-0753 HSTS policy on subdomain could bypass policy of upper domain
  + CVE-2024-0755 Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

- New version.
- Security fixes:
  + CVE-2023-50762 Truncated signed text was shown with a valid OpenPGP signature
  + CVE-2023-50761 S/MIME signature accepted despite mismatching message date
  + CVE-2023-6856 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
  + CVE-2023-6857 Symlinks may resolve to smaller than expected buffers
  + CVE-2023-6858 Heap buffer overflow in nsTextFragment
  + CVE-2023-6859 Use-after-free in PR_GetIdentitiesLayer
  + CVE-2023-6860 Potential sandbox escape due to VideoBridge lack of texture validation
  + CVE-2023-6861 Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode
  + CVE-2023-6862 Use-after-free in nsDNSService
  + CVE-2023-6863 Undefined behavior in ShutdownObserver()

- New ESR version.
- Security fixes
  + CVE-2023-6856 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
  + CVE-2023-6865 Potential exposure of uninitialized data in EncryptingOutputStream
  + CVE-2023-6857 Symlinks may resolve to smaller than expected buffers
  + CVE-2023-6858 Heap buffer overflow in nsTextFragment
  + CVE-2023-6859 Use-after-free in PR_GetIdentitiesLayer
  + CVE-2023-6860 Potential sandbox escape due to VideoBridge lack of texture validation
  + CVE-2023-6867 Clickjacking permission prompts using the popup transition
  + CVE-2023-6861 Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode
  + CVE-2023-6862 Use-after-free in nsDNSService
  + CVE-2023-6863 Undefined behavior in ShutdownObserver()
  + CVE-2023-6864 Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

- New ESR version.
- Security fixes
  + CVE-2023-5721 Queued up rendering could have allowed websites to clickjack
  + CVE-2023-5732 Address bar spoofing via bidirectional characters
  + CVE-2023-5724 Large WebGL draw could have led to a crash
  + CVE-2023-5725 WebExtensions could open arbitrary URLs
  + CVE-2023-5726 Full screen notification obscured by file open dialog on macOS
  + CVE-2023-5727 Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
  + CVE-2023-5728 Improper object tracking during GC in the JavaScript engine could have led to a crash.
  + CVE-2023-5730 Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1

- New version.
- Security fixes:
  + CVE-2023-5721 Queued up rendering could have allowed websites to clickjack
  + CVE-2023-5732 Address bar spoofing via bidirectional characters
  + CVE-2023-5724 Large WebGL draw could have led to a crash
  + CVE-2023-5725 WebExtensions could open arbitrary URLs
  + CVE-2023-5726 Full screen notification obscured by file open dialog on macOS
  + CVE-2023-5727 Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
  + CVE-2023-5728 Improper object tracking during GC in the JavaScript engine could have led to a crash.
  + CVE-2023-5730 Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1

- Fix check dependencies error for GLIBC_PRIVATE

- Fix check dependencies error for GLIBC_PRIVATE

- New version (Closes: #47908)

- Fix folder location for config-privacy js configuration files (Closes #47960)

- New version.
- Security fixes:
  + CVE-2023-5168 Out-of-bounds write in FilterNodeD2D1
  + CVE-2023-5169 Out-of-bounds write in PathOps
  + CVE-2023-5171 Use-after-free in Ion Compiler
  + CVE-2023-5174 Double-free in process spawning on Windows
  + CVE-2023-5176 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
  + CVE-2023-5217 Heap buffer overflow in libvpx

- New ESR version.
- Security fixes
  + CVE-2023-5168 Out-of-bounds write in FilterNodeD2D1
  + CVE-2023-5169 Out-of-bounds write in PathOps
  + CVE-2023-5171 Use-after-free in Ion Compiler
  + CVE-2023-5174 Double-free in process spawning on Windows
  + CVE-2023-5176 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
  + CVE-2023-5217 Heap buffer overflow in libvpx

- New version.
- Security fixes:
  + CVE-2023-3600 Use-after-free in workers
  + CVE-2023-3417 File Extension Spoofing using the Text Direction Override Character
  + CVE-2023-4045 Offscreen Canvas could have bypassed cross-origin restrictions
  + CVE-2023-4046 Incorrect value used during WASM compilation
  + CVE-2023-4047 Potential permissions request bypass via clickjacking
  + CVE-2023-4048 Crash in DOMParser due to out-of-memory conditions
  + CVE-2023-4049 Fix potential race conditions when releasing platform objects
  + CVE-2023-4050 Stack buffer overflow in StorageManager
  + CVE-2023-4052 File deletion and privilege escalation through Firefox uninstaller
  + CVE-2023-4054 Lack of warning when opening appref-ms files
  + CVE-2023-4055 Cookie jar overflow caused unexpected cookie jar state
  + CVE-2023-4056 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
  + CVE-2023-4057 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
  + CVE-2023-4573 Memory corruption in IPC CanvasTranslator
  + CVE-2023-4574 Memory corruption in IPC ColorPickerShownCallback
  + CVE-2023-4575 Memory corruption in IPC FilePickerShownCallback
  + CVE-2023-4576 Integer Overflow in RecordedSourceSurfaceCreation
  + CVE-2023-4577 Memory corruption in JIT UpdateRegExpStatics
  + CVE-2023-4051 Full screen notification obscured by file open dialog
  + CVE-2023-4578 Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
  + CVE-2023-4053 Full screen notification obscured by external program
  + CVE-2023-4580 Push notifications saved to disk unencrypted
  + CVE-2023-4581 XLL file extensions were downloadable without warnings
  + CVE-2023-4582 Buffer Overflow in WebGL glGetProgramiv
  + CVE-2023-4583 Browsing Context potentially not cleared when closing Private Window
  + CVE-2023-4584 Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
  + CVE-2023-4585 Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
  + CVE-2023-4863 Heap buffer overflow in libwebp

- Restored build for 32bit archs

- New ESR version.
- Security fixes
  + CVE-2023-3600 Use-after-free in workers
  + CVE-2023-4045 Offscreen Canvas could have bypassed cross-origin restrictions
  + CVE-2023-4046 Incorrect value used during WASM compilation
  + CVE-2023-4047 Potential permissions request bypass via clickjacking
  + CVE-2023-4048 Crash in DOMParser due to out-of-memory conditions
  + CVE-2023-4049 Fix potential race conditions when releasing platform objects
  + CVE-2023-4050 Stack buffer overflow in StorageManager
  + CVE-2023-4052 File deletion and privilege escalation through Firefox uninstaller
  + CVE-2023-4054 Lack of warning when opening appref-ms files
  + CVE-2023-4055 Cookie jar overflow caused unexpected cookie jar state
  + CVE-2023-4056 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
  + CVE-2023-4057 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
  + CVE-2023-4573 Memory corruption in IPC CanvasTranslator
  + CVE-2023-4574 Memory corruption in IPC ColorPickerShownCallback
  + CVE-2023-4575 Memory corruption in IPC FilePickerShownCallback
  + CVE-2023-4576 Integer Overflow in RecordedSourceSurfaceCreation
  + CVE-2023-4577 Memory corruption in JIT UpdateRegExpStatics
  + CVE-2023-4051 Full screen notification obscured by file open dialog
  + CVE-2023-4578 Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
  + CVE-2023-4053 Full screen notification obscured by external program
  + CVE-2023-4580 Push notifications saved to disk unencrypted
  + CVE-2023-4581 XLL file extensions were downloadable without warnings
  + CVE-2023-4582 Buffer Overflow in WebGL glGetProgramiv
  + CVE-2023-4583 Browsing Context potentially not cleared when closing Private Window
  + CVE-2023-4584 Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
  + CVE-2023-4585 Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
  + CVE-2023-4863 Heap buffer overflow in libwebp

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- Fixes: Unstable name collisions
         Build failure with GCC 13

- Fixes: Unstable name collisions
         Build failure with GCC 13

- New version.
- Security fixes:
  + CVE-2023-34414 Click-jacking certificate exceptions through rendering lag
  + CVE-2023-34416 Memory safety bugs fixed in Thunderbird 102.12

- New ESR version.
- Security fixes
  + CVE-2023-34414 Click-jacking certificate exceptions through rendering lag
  + CVE-2023-34416 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

- Fix removing depricated i810 definations

- New version.
- Security fixes:
  + CVE-2023-32205 Browser prompts could have been obscured by popups
  + CVE-2023-32206 Crash in RLBox Expat driver
  + CVE-2023-32207 Potential permissions request bypass via clickjacking
  + CVE-2023-32211 Content process crash due to invalid wasm code
  + CVE-2023-32212 Potential spoof due to obscured address bar
  + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
  + CVE-2023-32214 Potential DoS via exposed protocol handlers
  + CVE-2023-32215 Memory safety bugs fixed in Thunderbird 102.11

- New ESR version.
- Security fixes
  + CVE-2023-32205 Browser prompts could have been obscured by popups
  + CVE-2023-32206 Crash in RLBox Expat driver
  + CVE-2023-32207 Potential permissions request bypass via clickjacking
  + CVE-2023-32211 Content process crash due to invalid wasm code
  + CVE-2023-32212 Potential spoof due to obscured address bar
  + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
  + CVE-2023-32214 Potential DoS via exposed protocol handlers
  + CVE-2023-32215 Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

- New ESR version.
- Security fixes
  + CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
  + CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
  + CVE-2023-29533 Fullscreen notification obscured
  + CVE-2023-1999 Double-free in libwebp
  + CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
  + CVE-2023-29536 Invalid free from JavaScript code
  + CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
  + CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
  + CVE-2023-29542 Bypass of file download extension restrictions
  + CVE-2023-29545 Windows Save As dialog resolved environment variables
  + CVE-2023-1945 Memory Corruption in Safe Browsing Code
  + CVE-2023-29548 Incorrect optimization result on ARM64
  + CVE-2023-29550 Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10

- New version.
- Security fixes:
  + CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
  + CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
  + CVE-2023-29533 Fullscreen notification obscured
  + CVE-2023-1999 Double-free in libwebp
  + CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
  + CVE-2023-29536 Invalid free from JavaScript code
  + CVE-2023-0547 Revocation status of S/Mime recipient certificates was not checked
  + CVE-2023-29479 Hang when processing certain OpenPGP messages
  + CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
  + CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
  + CVE-2023-29542 Bypass of file download extension restrictions
  + CVE-2023-29545 Windows Save As dialog resolved environment variables
  + CVE-2023-1945 Memory Corruption in Safe Browsing Code
  + CVE-2023-29548 Incorrect optimization result on ARM64
  + CVE-2023-29550 Memory safety bugs fixed in Thunderbird 102.10

- New version.
- Security fixes:
  + CVE-2023-25751 Incorrect code generation during JIT compilation
  + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28162 Invalid downcast in Worklets
  + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163 Windows Save As dialog resolved environment variables
  + CVE-2023-28176 Memory safety bugs fixed in Thunderbird 102.9

- New ESR version.
- Security fixes
  + CVE-2023-25751 Incorrect code generation during JIT compilation
  + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28162 Invalid downcast in Worklets
  + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163 Windows Save As dialog resolved environment variables
  + CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

- New ESR version.
- Security fixes
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
  + CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8