commit firefox-esr for openSUSE:Factory

Source-Sync Tue, 11 Nov 2025 10:23:28 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package firefox-esr for openSUSE:Factory 
checked in at 2025-11-11 19:21:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old)
 and      /work/SRC/openSUSE:Factory/.firefox-esr.new.1980 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "firefox-esr"

Tue Nov 11 19:21:47 2025 rev:22 rq:1317100 version:140.5.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes       
2025-10-16 17:38:40.712236831 +0200
+++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1980/MozillaFirefox.changes     
2025-11-11 19:22:58.863605148 +0100
@@ -1,0 +2,28 @@
+Tue Nov 11 06:59:11 UTC 2025 - Manfred Hollstein <[email protected]>
+
+- Firefox Extended Support Release 140.5.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.5
+  https://www.mozilla.org/security/advisories/mfsa2025-88
+  MFSA 2025-88 (boo#1253188)
+  * MFSA-RESERVE-2025-1991458 (bmo#1991458)
+    Race condition in the Graphics component
+  * MFSA-RESERVE-2025-1992130 (bmo#1992130)
+    Incorrect boundary conditions in the JavaScript: WebAssembly
+    component
+  * MFSA-RESERVE-2025-1980904 (bmo#1980904)
+    Same-origin policy bypass in the DOM: Notifications component
+  * MFSA-RESERVE-2025-1984940 (bmo#1984940)
+    Mitigation bypass in the DOM: Security component
+  * MFSA-RESERVE-2025-1988412 (bmo#1988412)
+    Same-origin policy bypass in the DOM: Workers component
+  * MFSA-RESERVE-2025-1991945 (bmo#1991945)
+    Mitigation bypass in the DOM: Core & HTML component
+  * MFSA-RESERVE-2025-1995686 (bmo#1995686)
+    Use-after-free in the WebRTC: Audio/Video component
+  * MFSA-RESERVE-2025-1994241 (bmo#1994241)
+    Use-after-free in the Audio/Video component
+  * MFSA-RESERVE-2025-1994164 (bmo#1994164)
+    Spoofing issue in Firefox
+
+-------------------------------------------------------------------
firefox-esr.changes: same change

Old:
----
  firefox-140.4.0esr.source.tar.xz
  firefox-140.4.0esr.source.tar.xz.asc
  l10n-140.4.0esr.tar.xz

New:
----
  firefox-140.5.0esr.source.tar.xz
  firefox-140.5.0esr.source.tar.xz.asc
  l10n-140.5.0esr.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firefox-esr.spec ++++++
--- /var/tmp/diff_new_pack.eXiXmi/_old  2025-11-11 19:23:15.452299930 +0100
+++ /var/tmp/diff_new_pack.eXiXmi/_new  2025-11-11 19:23:15.456300098 +0100
@@ -41,8 +41,8 @@
 # major 69
 # mainver %%major.99
 %define major          140
-%define mainver        %major.4.0
-%define orig_version   140.4.0
+%define mainver        %major.5.0
+%define orig_version   140.5.0
 %define orig_suffix    esr
 %define update_channel esr
 %define branding       1

++++++ MozillaFirefox.changes.txt ++++++
--- /var/tmp/diff_new_pack.eXiXmi/_old  2025-11-11 19:23:15.592305795 +0100
+++ /var/tmp/diff_new_pack.eXiXmi/_new  2025-11-11 19:23:15.600306129 +0100
@@ -1,4 +1,32 @@
 -------------------------------------------------------------------
+Tue Nov 11 06:59:11 UTC 2025 - Manfred Hollstein <[email protected]>
+
+- Firefox Extended Support Release 140.5.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.5
+  https://www.mozilla.org/security/advisories/mfsa2025-88
+  MFSA 2025-88 (boo#1253188)
+  * MFSA-RESERVE-2025-1991458 (bmo#1991458)
+    Race condition in the Graphics component
+  * MFSA-RESERVE-2025-1992130 (bmo#1992130)
+    Incorrect boundary conditions in the JavaScript: WebAssembly
+    component
+  * MFSA-RESERVE-2025-1980904 (bmo#1980904)
+    Same-origin policy bypass in the DOM: Notifications component
+  * MFSA-RESERVE-2025-1984940 (bmo#1984940)
+    Mitigation bypass in the DOM: Security component
+  * MFSA-RESERVE-2025-1988412 (bmo#1988412)
+    Same-origin policy bypass in the DOM: Workers component
+  * MFSA-RESERVE-2025-1991945 (bmo#1991945)
+    Mitigation bypass in the DOM: Core & HTML component
+  * MFSA-RESERVE-2025-1995686 (bmo#1995686)
+    Use-after-free in the WebRTC: Audio/Video component
+  * MFSA-RESERVE-2025-1994241 (bmo#1994241)
+    Use-after-free in the Audio/Video component
+  * MFSA-RESERVE-2025-1994164 (bmo#1994164)
+    Spoofing issue in Firefox
+
+-------------------------------------------------------------------
 Wed Oct 15 08:14:11 UTC 2025 - Manfred Hollstein <[email protected]>
 
 - Run the "desktop file" actions only on non Leap/SLE distributions.

++++++ firefox-140.4.0esr.source.tar.xz -> firefox-140.5.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/firefox-esr/firefox-140.4.0esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.firefox-esr.new.1980/firefox-140.5.0esr.source.tar.xz
 differ: char 15, line 1

++++++ firefox-esr.changes.txt ++++++
--- /var/tmp/diff_new_pack.eXiXmi/_old  2025-11-11 19:23:15.752312496 +0100
+++ /var/tmp/diff_new_pack.eXiXmi/_new  2025-11-11 19:23:15.760312831 +0100
@@ -1,4 +1,32 @@
 -------------------------------------------------------------------
+Tue Nov 11 06:59:11 UTC 2025 - Manfred Hollstein <[email protected]>
+
+- Firefox Extended Support Release 140.5.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.5
+  https://www.mozilla.org/security/advisories/mfsa2025-88
+  MFSA 2025-88 (boo#1253188)
+  * MFSA-RESERVE-2025-1991458 (bmo#1991458)
+    Race condition in the Graphics component
+  * MFSA-RESERVE-2025-1992130 (bmo#1992130)
+    Incorrect boundary conditions in the JavaScript: WebAssembly
+    component
+  * MFSA-RESERVE-2025-1980904 (bmo#1980904)
+    Same-origin policy bypass in the DOM: Notifications component
+  * MFSA-RESERVE-2025-1984940 (bmo#1984940)
+    Mitigation bypass in the DOM: Security component
+  * MFSA-RESERVE-2025-1988412 (bmo#1988412)
+    Same-origin policy bypass in the DOM: Workers component
+  * MFSA-RESERVE-2025-1991945 (bmo#1991945)
+    Mitigation bypass in the DOM: Core & HTML component
+  * MFSA-RESERVE-2025-1995686 (bmo#1995686)
+    Use-after-free in the WebRTC: Audio/Video component
+  * MFSA-RESERVE-2025-1994241 (bmo#1994241)
+    Use-after-free in the Audio/Video component
+  * MFSA-RESERVE-2025-1994164 (bmo#1994164)
+    Spoofing issue in Firefox
+
+-------------------------------------------------------------------
 Wed Oct 15 08:14:11 UTC 2025 - Manfred Hollstein <[email protected]>
 
 - Run the "desktop file" actions only on non Leap/SLE distributions.

++++++ l10n-140.4.0esr.tar.xz -> l10n-140.5.0esr.tar.xz ++++++

++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.eXiXmi/_old  2025-11-11 19:23:16.024323889 +0100
+++ /var/tmp/diff_new_pack.eXiXmi/_new  2025-11-11 19:23:16.024323889 +0100
@@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="esr140"
-VERSION="140.4.0"
+VERSION="140.5.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="140.3.1"
+PREV_VERSION="140.4.0"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140";
-RELEASE_TAG="c4525dfe35a20458c7a6966c0c6d27f92f2deca7"
-RELEASE_TIMESTAMP="20251009121631"
+RELEASE_TAG="558705980ca9db16de0564b5a6031b5d6e0a7efe"
+RELEASE_TIMESTAMP="20251106203603"

commit firefox-esr for openSUSE:Factory

Reply via email to