Категория Сеть/WWW

- New ESR version.
- Security fixes:
  + CVE-2022-34479 A popup window could be resized in a way to overlay the address bar with web content
  + CVE-2022-34470 Use-after-free in nsSHistory
  + CVE-2022-34468 CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
  + CVE-2022-34481 Potential integer overflow in ReplaceElementsAt
  + CVE-2022-31744 CSP bypass enabling stylesheet injection
  + CVE-2022-34472 Unavailable PAC file resulted in OCSP requests being blocked
  + CVE-2022-34478 Microsoft protocols can be attacked if a user accepts a prompt
  + CVE-2022-2200 Undesired attributes could be set as part of prototype pollution
  + CVE-2022-34484 Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11

- New release (102.0).

- New release (102.0).
- Use internal libevent.
- Security fixes:
  + CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content
  + CVE-2022-34470: Use-after-free in nsSHistory
  + CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
  + CVE-2022-34482: Drag and drop of malicious image could have led to malicious executable and potential code execution
  + CVE-2022-34483: Drag and drop of malicious image could have led to malicious executable and potential code execution
  + CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed ASN.1
  + CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
  + CVE-2022-34474: Sandboxed iframes could redirect to external schemes
  + CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android
  + CVE-2022-34471: Compromised server could trick a browser into an addon downgrade
  + CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked
  + CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt
  + CVE-2022-2200: Undesired attributes could be set as part of prototype pollution
  + CVE-2022-34480: Free of uninitialized pointer in lg_init
  + CVE-2022-34477: MediaError message property leaked information on cross-origin same-site pages
  + CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script via use tags
  + CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags
  + CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
  + CVE-2022-34485: Memory safety bugs fixed in Firefox 102

- New version (103.0.5060.53).
- Security fixes:
  - CVE-2022-2156: Use after free in Base.
  - CVE-2022-2157: Use after free in Interest groups.
  - CVE-2022-2158: Type Confusion in V8.
  - CVE-2022-2160: Insufficient policy enforcement in DevTools.
  - CVE-2022-2161: Use after free in WebApp Provider.
  - CVE-2022-2162: Insufficient policy enforcement in File System API.
  - CVE-2022-2163: Use after free in Cast UI and Toolbar.
  - CVE-2022-2164: Inappropriate implementation in Extensions API.
  - CVE-2022-2165: Insufficient data validation in URL formatting.

- new version 1.37.2 (with rpmrb script)
- (T297571, CVE-2022-28201) (T297731, CVE-2022-28203)
- (T297754, CVE-2022-28204) (T297543, CVE-2022-28202)

- 2.5.2

- new version 6.45

- fix build with gcc-12.1.1 (-Werror=address, address always true)

- Handle kioslaverc config located in XDG_CONFIG_DIRS.

- new version

- new version (watch file uupdate)

- Add nemoon_branding-31.0.0.patch

- ^ 5.3.2 -> 5.6.2

- 1.3.3
- build from gear

- NMU: use %_rpmmacrosdir instead of /etc/rpm
- split rpm-macros-seamonkey from rpm-build-seamonkey

- update to new release by fcimport

- 1.5.0 Release.

- new version

- eget: fix making file url from site url and filename

- 42.2 (fixed CVE-2022-29536)