Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2026-03-24 18:50:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Tue Mar 24 18:50:26 2026 rev:30 rq:1342243 version:140.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2026-02-24 18:30:42.082501928 +0100 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.8177/MozillaFirefox.changes 2026-03-24 18:51:20.528580483 +0100 @@ -1,0 +2,108 @@ +Tue Mar 24 07:53:07 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.9.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.9 + https://www.mozilla.org/security/advisories/mfsa2026-22 + MFSA 2026-22 (boo#1260083) + * CVE-2026-4684 (bmo#2011129) + Race condition, use-after-free in the Graphics: WebRender + component + * CVE-2026-4685 (bmo#2016349) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4686 (bmo#2016351) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4687 (bmo#2016368) + Sandbox escape due to incorrect boundary conditions in the + Telemetry component + * CVE-2026-4688 (bmo#2016373) + Sandbox escape due to use-after-free in the Disability Access + APIs component + * CVE-2026-4689 (bmo#2016374) + Sandbox escape due to incorrect boundary conditions, integer + overflow in the XPCOM component + * CVE-2026-4690 (bmo#2016375) + Sandbox escape due to incorrect boundary conditions, integer + overflow in the XPCOM component + * CVE-2026-4691 (bmo#2017512) + Use-after-free in the CSS Parsing and Computation component + * CVE-2026-4692 (bmo#2017643) + Sandbox escape in the Responsive Design Mode component + * CVE-2026-4693 (bmo#2018102) + Incorrect boundary conditions in the Audio/Video: Playback + component + * CVE-2026-4694 (bmo#2018430) + Incorrect boundary conditions, integer overflow in the + Graphics component + * CVE-2026-4695 (bmo#2020030) + Incorrect boundary conditions in the Audio/Video: Web Codecs + component + * CVE-2026-4696 (bmo#2020190) + Use-after-free in the Layout: Text and Fonts component + * CVE-2026-4697 (bmo#2020422) + Incorrect boundary conditions in the Audio/Video: Web Codecs + component + * CVE-2026-4698 (bmo#2020906) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2026-4699 (bmo#2021863) + Incorrect boundary conditions in the Layout: Text and Fonts + component + * CVE-2026-4700 (bmo#2003766) + Mitigation bypass in the Networking: HTTP component + * CVE-2026-4701 (bmo#2009303) + Use-after-free in the JavaScript Engine component + * CVE-2026-4702 (bmo#2013560) + JIT miscompilation in the JavaScript Engine component + * CVE-2026-4704 (bmo#2014868) + Denial-of-service in the WebRTC: Signaling component + * CVE-2026-4705 (bmo#2014873) + Undefined behavior in the WebRTC: Signaling component + * CVE-2026-4706 (bmo#2015091) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4707 (bmo#2015267) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4708 (bmo#2015268) + Incorrect boundary conditions in the Graphics component + * CVE-2026-4709 (bmo#2016329) + Incorrect boundary conditions in the Audio/Video: GMP + component + * CVE-2026-4710 (bmo#2016370) + Incorrect boundary conditions in the Audio/Video component + * CVE-2026-4711 (bmo#2017002) + Use-after-free in the Widget: Cocoa component + * CVE-2026-4712 (bmo#2017666) + Information disclosure in the Widget: Cocoa component + * CVE-2026-4713 (bmo#2018113) + Incorrect boundary conditions in the Graphics component + * CVE-2026-4714 (bmo#2018126) + Incorrect boundary conditions in the Audio/Video component + * CVE-2026-4715 (bmo#2018405) + Uninitialized memory in the Graphics: Canvas2D component + * CVE-2026-4716 (bmo#2018592) + Incorrect boundary conditions, uninitialized memory in the + JavaScript Engine component + * CVE-2026-4717 (bmo#2021695) + Privilege escalation in the Netmonitor component + * CVE-2025-59375 (bmo#1988467) + Denial-of-service in the XML component + * CVE-2026-4718 (bmo#2014864) + Undefined behavior in the WebRTC: Signaling component + * CVE-2026-4719 (bmo#2016367) + Incorrect boundary conditions in the Graphics: Text component + * CVE-2026-4720 (bmo#2004652, bmo#2019372, bmo#2021922, + bmo#2022567, bmo#2022733) + Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird + ESR 140.9, Firefox 149 and Thunderbird 149 + * CVE-2026-4721 (bmo#2013762, bmo#2015291, bmo#2016591, + bmo#2016661, bmo#2016664, bmo#2017303, bmo#2017894, + bmo#2018090, bmo#2018196, bmo#2018379, bmo#2019112, + bmo#2022090, bmo#2022243, bmo#2022351, bmo#2022478, + bmo#2022676) + Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR + 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.8.0esr.source.tar.xz firefox-140.8.0esr.source.tar.xz.asc l10n-140.8.0esr.tar.xz New: ---- firefox-140.9.0esr.source.tar.xz firefox-140.9.0esr.source.tar.xz.asc l10n-140.9.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.Lv7Pi5/_old 2026-03-24 18:51:31.705042776 +0100 +++ /var/tmp/diff_new_pack.Lv7Pi5/_new 2026-03-24 18:51:31.709042942 +0100 @@ -1,7 +1,7 @@ # # spec file for package firefox-esr # -# Copyright (c) 2026 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2006-2026 Wolfgang Rosenauer <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.8.0 -%define orig_version 140.8.0 +%define mainver %major.9.0 +%define orig_version 140.9.0 %define orig_suffix esr %define update_channel esr %define branding 1 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.Lv7Pi5/_old 2026-03-24 18:51:31.829047906 +0100 +++ /var/tmp/diff_new_pack.Lv7Pi5/_new 2026-03-24 18:51:31.837048237 +0100 @@ -1,4 +1,112 @@ ------------------------------------------------------------------- +Tue Mar 24 07:53:07 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.9.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.9 + https://www.mozilla.org/security/advisories/mfsa2026-22 + MFSA 2026-22 (boo#1260083) + * CVE-2026-4684 (bmo#2011129) + Race condition, use-after-free in the Graphics: WebRender + component + * CVE-2026-4685 (bmo#2016349) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4686 (bmo#2016351) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4687 (bmo#2016368) + Sandbox escape due to incorrect boundary conditions in the + Telemetry component + * CVE-2026-4688 (bmo#2016373) + Sandbox escape due to use-after-free in the Disability Access + APIs component + * CVE-2026-4689 (bmo#2016374) + Sandbox escape due to incorrect boundary conditions, integer + overflow in the XPCOM component + * CVE-2026-4690 (bmo#2016375) + Sandbox escape due to incorrect boundary conditions, integer + overflow in the XPCOM component + * CVE-2026-4691 (bmo#2017512) + Use-after-free in the CSS Parsing and Computation component + * CVE-2026-4692 (bmo#2017643) + Sandbox escape in the Responsive Design Mode component + * CVE-2026-4693 (bmo#2018102) + Incorrect boundary conditions in the Audio/Video: Playback + component + * CVE-2026-4694 (bmo#2018430) + Incorrect boundary conditions, integer overflow in the + Graphics component + * CVE-2026-4695 (bmo#2020030) + Incorrect boundary conditions in the Audio/Video: Web Codecs + component + * CVE-2026-4696 (bmo#2020190) + Use-after-free in the Layout: Text and Fonts component + * CVE-2026-4697 (bmo#2020422) + Incorrect boundary conditions in the Audio/Video: Web Codecs + component + * CVE-2026-4698 (bmo#2020906) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2026-4699 (bmo#2021863) + Incorrect boundary conditions in the Layout: Text and Fonts + component + * CVE-2026-4700 (bmo#2003766) + Mitigation bypass in the Networking: HTTP component + * CVE-2026-4701 (bmo#2009303) + Use-after-free in the JavaScript Engine component + * CVE-2026-4702 (bmo#2013560) + JIT miscompilation in the JavaScript Engine component + * CVE-2026-4704 (bmo#2014868) + Denial-of-service in the WebRTC: Signaling component + * CVE-2026-4705 (bmo#2014873) + Undefined behavior in the WebRTC: Signaling component + * CVE-2026-4706 (bmo#2015091) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4707 (bmo#2015267) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4708 (bmo#2015268) + Incorrect boundary conditions in the Graphics component + * CVE-2026-4709 (bmo#2016329) + Incorrect boundary conditions in the Audio/Video: GMP + component + * CVE-2026-4710 (bmo#2016370) + Incorrect boundary conditions in the Audio/Video component + * CVE-2026-4711 (bmo#2017002) + Use-after-free in the Widget: Cocoa component + * CVE-2026-4712 (bmo#2017666) + Information disclosure in the Widget: Cocoa component + * CVE-2026-4713 (bmo#2018113) + Incorrect boundary conditions in the Graphics component + * CVE-2026-4714 (bmo#2018126) + Incorrect boundary conditions in the Audio/Video component + * CVE-2026-4715 (bmo#2018405) + Uninitialized memory in the Graphics: Canvas2D component + * CVE-2026-4716 (bmo#2018592) + Incorrect boundary conditions, uninitialized memory in the + JavaScript Engine component + * CVE-2026-4717 (bmo#2021695) + Privilege escalation in the Netmonitor component + * CVE-2025-59375 (bmo#1988467) + Denial-of-service in the XML component + * CVE-2026-4718 (bmo#2014864) + Undefined behavior in the WebRTC: Signaling component + * CVE-2026-4719 (bmo#2016367) + Incorrect boundary conditions in the Graphics: Text component + * CVE-2026-4720 (bmo#2004652, bmo#2019372, bmo#2021922, + bmo#2022567, bmo#2022733) + Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird + ESR 140.9, Firefox 149 and Thunderbird 149 + * CVE-2026-4721 (bmo#2013762, bmo#2015291, bmo#2016591, + bmo#2016661, bmo#2016664, bmo#2017303, bmo#2017894, + bmo#2018090, bmo#2018196, bmo#2018379, bmo#2019112, + bmo#2022090, bmo#2022243, bmo#2022351, bmo#2022478, + bmo#2022676) + Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR + 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 + +------------------------------------------------------------------- Tue Feb 24 13:56:01 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.8.0 ESR ++++++ firefox-140.8.0esr.source.tar.xz -> firefox-140.9.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.8.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.8177/firefox-140.9.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.Lv7Pi5/_old 2026-03-24 18:51:32.029056178 +0100 +++ /var/tmp/diff_new_pack.Lv7Pi5/_new 2026-03-24 18:51:32.037056509 +0100 @@ -1,4 +1,112 @@ ------------------------------------------------------------------- +Tue Mar 24 07:53:07 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.9.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.9 + https://www.mozilla.org/security/advisories/mfsa2026-22 + MFSA 2026-22 (boo#1260083) + * CVE-2026-4684 (bmo#2011129) + Race condition, use-after-free in the Graphics: WebRender + component + * CVE-2026-4685 (bmo#2016349) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4686 (bmo#2016351) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4687 (bmo#2016368) + Sandbox escape due to incorrect boundary conditions in the + Telemetry component + * CVE-2026-4688 (bmo#2016373) + Sandbox escape due to use-after-free in the Disability Access + APIs component + * CVE-2026-4689 (bmo#2016374) + Sandbox escape due to incorrect boundary conditions, integer + overflow in the XPCOM component + * CVE-2026-4690 (bmo#2016375) + Sandbox escape due to incorrect boundary conditions, integer + overflow in the XPCOM component + * CVE-2026-4691 (bmo#2017512) + Use-after-free in the CSS Parsing and Computation component + * CVE-2026-4692 (bmo#2017643) + Sandbox escape in the Responsive Design Mode component + * CVE-2026-4693 (bmo#2018102) + Incorrect boundary conditions in the Audio/Video: Playback + component + * CVE-2026-4694 (bmo#2018430) + Incorrect boundary conditions, integer overflow in the + Graphics component + * CVE-2026-4695 (bmo#2020030) + Incorrect boundary conditions in the Audio/Video: Web Codecs + component + * CVE-2026-4696 (bmo#2020190) + Use-after-free in the Layout: Text and Fonts component + * CVE-2026-4697 (bmo#2020422) + Incorrect boundary conditions in the Audio/Video: Web Codecs + component + * CVE-2026-4698 (bmo#2020906) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2026-4699 (bmo#2021863) + Incorrect boundary conditions in the Layout: Text and Fonts + component + * CVE-2026-4700 (bmo#2003766) + Mitigation bypass in the Networking: HTTP component + * CVE-2026-4701 (bmo#2009303) + Use-after-free in the JavaScript Engine component + * CVE-2026-4702 (bmo#2013560) + JIT miscompilation in the JavaScript Engine component + * CVE-2026-4704 (bmo#2014868) + Denial-of-service in the WebRTC: Signaling component + * CVE-2026-4705 (bmo#2014873) + Undefined behavior in the WebRTC: Signaling component + * CVE-2026-4706 (bmo#2015091) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4707 (bmo#2015267) + Incorrect boundary conditions in the Graphics: Canvas2D + component + * CVE-2026-4708 (bmo#2015268) + Incorrect boundary conditions in the Graphics component + * CVE-2026-4709 (bmo#2016329) + Incorrect boundary conditions in the Audio/Video: GMP + component + * CVE-2026-4710 (bmo#2016370) + Incorrect boundary conditions in the Audio/Video component + * CVE-2026-4711 (bmo#2017002) + Use-after-free in the Widget: Cocoa component + * CVE-2026-4712 (bmo#2017666) + Information disclosure in the Widget: Cocoa component + * CVE-2026-4713 (bmo#2018113) + Incorrect boundary conditions in the Graphics component + * CVE-2026-4714 (bmo#2018126) + Incorrect boundary conditions in the Audio/Video component + * CVE-2026-4715 (bmo#2018405) + Uninitialized memory in the Graphics: Canvas2D component + * CVE-2026-4716 (bmo#2018592) + Incorrect boundary conditions, uninitialized memory in the + JavaScript Engine component + * CVE-2026-4717 (bmo#2021695) + Privilege escalation in the Netmonitor component + * CVE-2025-59375 (bmo#1988467) + Denial-of-service in the XML component + * CVE-2026-4718 (bmo#2014864) + Undefined behavior in the WebRTC: Signaling component + * CVE-2026-4719 (bmo#2016367) + Incorrect boundary conditions in the Graphics: Text component + * CVE-2026-4720 (bmo#2004652, bmo#2019372, bmo#2021922, + bmo#2022567, bmo#2022733) + Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird + ESR 140.9, Firefox 149 and Thunderbird 149 + * CVE-2026-4721 (bmo#2013762, bmo#2015291, bmo#2016591, + bmo#2016661, bmo#2016664, bmo#2017303, bmo#2017894, + bmo#2018090, bmo#2018196, bmo#2018379, bmo#2019112, + bmo#2022090, bmo#2022243, bmo#2022351, bmo#2022478, + bmo#2022676) + Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR + 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 + +------------------------------------------------------------------- Tue Feb 24 13:56:01 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.8.0 ESR ++++++ l10n-140.8.0esr.tar.xz -> l10n-140.9.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.Lv7Pi5/_old 2026-03-24 18:51:32.321068257 +0100 +++ /var/tmp/diff_new_pack.Lv7Pi5/_new 2026-03-24 18:51:32.325068423 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.8.0" +VERSION="140.9.0" VERSION_SUFFIX="esr" -PREV_VERSION="140.7.1" +PREV_VERSION="140.8.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="b23aff4bbac16e44f2a9d3127c18616acfef6166" -RELEASE_TIMESTAMP="20260217105505" +RELEASE_TAG="ad4a5ceb5516151b4014e2af6c1565c68ab330cc" +RELEASE_TIMESTAMP="20260317093326"
