commit firefox-esr for openSUSE:Factory

Source-Sync Tue, 19 May 2026 08:53:21 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package firefox-esr for openSUSE:Factory 
checked in at 2026-05-19 17:51:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old)
 and      /work/SRC/openSUSE:Factory/.firefox-esr.new.1966 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "firefox-esr"

Tue May 19 17:51:15 2026 rev:36 rq:1354028 version:140.11.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes       
2026-05-08 16:44:36.831283689 +0200
+++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1966/MozillaFirefox.changes     
2026-05-19 17:51:55.092476296 +0200
@@ -1,0 +2,74 @@
+Tue May 19 12:41:51 UTC 2026 - Manfred Hollstein <[email protected]>
+
+- Firefox Extended Support Release 140.11.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.11.0
+  https://www.mozilla.org/security/advisories/mfsa2026-48
+  MFSA 2026-48 (boo#1265212)
+  * CVE-2026-8946 (bmo#2029070)
+    Incorrect boundary conditions in the Audio/Video: Web Codecs
+    component
+  * CVE-2026-8388 (bmo#2036978)
+    Incorrect boundary conditions in the JavaScript Engine: JIT
+    component
+  * CVE-2026-8947 (bmo#2038439)
+    Use-after-free in the DOM: Bindings (WebIDL) component
+  * CVE-2026-8391 (bmo#2038575)
+    Other issue in the JavaScript Engine component
+  * CVE-2026-8401 (bmo#2038679)
+    Sandbox escape in the Profile Backup component
+  * CVE-2026-8949 (bmo#1355639)
+    Integer overflow in the Widget: Win32 component
+  * CVE-2026-8950 (bmo#1965430)
+    Same-origin policy bypass in the Networking: HTTP component
+  * CVE-2026-8953 (bmo#2029511)
+    Sandbox escape due to use-after-free in the Disability Access
+    APIs component
+  * CVE-2026-8954 (bmo#2030747)
+    Incorrect boundary conditions, integer overflow in the
+    Audio/Video component
+  * CVE-2026-8955 (bmo#2031064)
+    Privilege escalation in the DOM: Workers component
+  * CVE-2026-8956 (bmo#2032427)
+    Integer overflow in the Networking: JAR component
+  * CVE-2026-8957 (bmo#2033850)
+    Privilege escalation in the Enterprise Policies component
+  * CVE-2026-8958 (bmo#2034713)
+    Information disclosure, sandbox escape in the Security:
+    Process Sandboxing component
+  * CVE-2026-8959 (bmo#2034754)
+    Sandbox escape due to incorrect boundary conditions in the
+    Widget: Win32 component
+  * CVE-2026-8961 (bmo#1962625)
+    Spoofing issue in the Form Autofill component
+  * CVE-2026-8962 (bmo#2004804)
+    Mitigation bypass in the DOM: Security component
+  * CVE-2026-8968 (bmo#2030467)
+    Denial-of-service due to invalid pointer in the Audio/Video:
+    Web Codecs component
+  * CVE-2026-8970 (bmo#2032174)
+    Privilege escalation in the Security component
+  * CVE-2026-8974 (bmo#1784128, bmo#1883230, bmo#1983677,
+    bmo#2022390, bmo#2023116, bmo#2023657, bmo#2024255,
+    bmo#2024418, bmo#2024441, bmo#2024447, bmo#2024966,
+    bmo#2025412, bmo#2025467, bmo#2025940, bmo#2025950,
+    bmo#2025956, bmo#2026284, bmo#2027247, bmo#2027255,
+    bmo#2027288, bmo#2027306, bmo#2027322, bmo#2027332,
+    bmo#2027333, bmo#2028266, bmo#2028292, bmo#2028319,
+    bmo#2028526, bmo#2028870, bmo#2028876, bmo#2028882,
+    bmo#2029062, bmo#2029309, bmo#2029414, bmo#2029422,
+    bmo#2029428, bmo#2029447, bmo#2029732, bmo#2029785,
+    bmo#2029793, bmo#2029813, bmo#2029899, bmo#2031028,
+    bmo#2031457, bmo#2032039, bmo#2033610, bmo#2033854,
+    bmo#2034498, bmo#2034628, bmo#2034978, bmo#2035966,
+    bmo#2036668, bmo#2036905, bmo#2036930)
+    Memory safety bugs fixed in Firefox ESR 140.11 and Firefox
+    151
+  * CVE-2026-8975 (bmo#1860195, bmo#2029325, bmo#2029429,
+    bmo#2029910, bmo#2035915, bmo#2038669, bmo#2038678)
+    Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR
+    140.11 and Firefox 151
+- Refresh mozilla-silence-no-return-type.patch
+- Remove now obsolete mozilla-bmo2031958.patch
+
+-------------------------------------------------------------------
firefox-esr.changes: same change

Old:
----
  firefox-140.10.2esr.source.tar.xz
  firefox-140.10.2esr.source.tar.xz.asc
  l10n-140.10.2esr.tar.xz
  mozilla-bmo2031958.patch

New:
----
  firefox-140.11.0esr.source.tar.xz
  firefox-140.11.0esr.source.tar.xz.asc
  l10n-140.11.0esr.tar.xz

----------(Old B)----------
  Old:/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/MozillaFirefox.changes-- 
Refresh mozilla-silence-no-return-type.patch
/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/MozillaFirefox.changes:- 
Remove now obsolete mozilla-bmo2031958.patch
/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/MozillaFirefox.changes-
--
/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/firefox-esr.changes-- Refresh 
mozilla-silence-no-return-type.patch
/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/firefox-esr.changes:- Remove 
now obsolete mozilla-bmo2031958.patch
/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/firefox-esr.changes-
----------(Old E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firefox-esr.spec ++++++
--- /var/tmp/diff_new_pack.DrXMzu/_old  2026-05-19 17:52:07.748999922 +0200
+++ /var/tmp/diff_new_pack.DrXMzu/_new  2026-05-19 17:52:07.748999922 +0200
@@ -41,8 +41,8 @@
 # major 69
 # mainver %%major.99
 %define major          140
-%define mainver        %major.10.2
-%define orig_version   140.10.2
+%define mainver        %major.11.0
+%define orig_version   140.11.0
 %define orig_suffix    esr
 %define update_channel esr
 %define branding       1
@@ -249,7 +249,6 @@
 Patch20:        one_swizzle_to_rule_them_all.patch
 Patch21:        svg-rendering.patch
 Patch24:        mozilla-bmo1746799.patch
-Patch25:        mozilla-bmo2031958.patch
 Patch26:        mozilla-bmo1999625.patch
 Patch27:        mozilla-bmo2016618.patch
 # Firefox/browser

++++++ MozillaFirefox.changes.txt ++++++
--- /var/tmp/diff_new_pack.DrXMzu/_old  2026-05-19 17:52:07.969009024 +0200
+++ /var/tmp/diff_new_pack.DrXMzu/_new  2026-05-19 17:52:07.977009355 +0200
@@ -1,4 +1,78 @@
 -------------------------------------------------------------------
+Tue May 19 12:41:51 UTC 2026 - Manfred Hollstein <[email protected]>
+
+- Firefox Extended Support Release 140.11.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.11.0
+  https://www.mozilla.org/security/advisories/mfsa2026-48
+  MFSA 2026-48 (boo#1265212)
+  * CVE-2026-8946 (bmo#2029070)
+    Incorrect boundary conditions in the Audio/Video: Web Codecs
+    component
+  * CVE-2026-8388 (bmo#2036978)
+    Incorrect boundary conditions in the JavaScript Engine: JIT
+    component
+  * CVE-2026-8947 (bmo#2038439)
+    Use-after-free in the DOM: Bindings (WebIDL) component
+  * CVE-2026-8391 (bmo#2038575)
+    Other issue in the JavaScript Engine component
+  * CVE-2026-8401 (bmo#2038679)
+    Sandbox escape in the Profile Backup component
+  * CVE-2026-8949 (bmo#1355639)
+    Integer overflow in the Widget: Win32 component
+  * CVE-2026-8950 (bmo#1965430)
+    Same-origin policy bypass in the Networking: HTTP component
+  * CVE-2026-8953 (bmo#2029511)
+    Sandbox escape due to use-after-free in the Disability Access
+    APIs component
+  * CVE-2026-8954 (bmo#2030747)
+    Incorrect boundary conditions, integer overflow in the
+    Audio/Video component
+  * CVE-2026-8955 (bmo#2031064)
+    Privilege escalation in the DOM: Workers component
+  * CVE-2026-8956 (bmo#2032427)
+    Integer overflow in the Networking: JAR component
+  * CVE-2026-8957 (bmo#2033850)
+    Privilege escalation in the Enterprise Policies component
+  * CVE-2026-8958 (bmo#2034713)
+    Information disclosure, sandbox escape in the Security:
+    Process Sandboxing component
+  * CVE-2026-8959 (bmo#2034754)
+    Sandbox escape due to incorrect boundary conditions in the
+    Widget: Win32 component
+  * CVE-2026-8961 (bmo#1962625)
+    Spoofing issue in the Form Autofill component
+  * CVE-2026-8962 (bmo#2004804)
+    Mitigation bypass in the DOM: Security component
+  * CVE-2026-8968 (bmo#2030467)
+    Denial-of-service due to invalid pointer in the Audio/Video:
+    Web Codecs component
+  * CVE-2026-8970 (bmo#2032174)
+    Privilege escalation in the Security component
+  * CVE-2026-8974 (bmo#1784128, bmo#1883230, bmo#1983677,
+    bmo#2022390, bmo#2023116, bmo#2023657, bmo#2024255,
+    bmo#2024418, bmo#2024441, bmo#2024447, bmo#2024966,
+    bmo#2025412, bmo#2025467, bmo#2025940, bmo#2025950,
+    bmo#2025956, bmo#2026284, bmo#2027247, bmo#2027255,
+    bmo#2027288, bmo#2027306, bmo#2027322, bmo#2027332,
+    bmo#2027333, bmo#2028266, bmo#2028292, bmo#2028319,
+    bmo#2028526, bmo#2028870, bmo#2028876, bmo#2028882,
+    bmo#2029062, bmo#2029309, bmo#2029414, bmo#2029422,
+    bmo#2029428, bmo#2029447, bmo#2029732, bmo#2029785,
+    bmo#2029793, bmo#2029813, bmo#2029899, bmo#2031028,
+    bmo#2031457, bmo#2032039, bmo#2033610, bmo#2033854,
+    bmo#2034498, bmo#2034628, bmo#2034978, bmo#2035966,
+    bmo#2036668, bmo#2036905, bmo#2036930)
+    Memory safety bugs fixed in Firefox ESR 140.11 and Firefox
+    151
+  * CVE-2026-8975 (bmo#1860195, bmo#2029325, bmo#2029429,
+    bmo#2029910, bmo#2035915, bmo#2038669, bmo#2038678)
+    Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR
+    140.11 and Firefox 151
+- Refresh mozilla-silence-no-return-type.patch
+- Remove now obsolete mozilla-bmo2031958.patch
+
+-------------------------------------------------------------------
 Thu May  7 14:24:15 UTC 2026 - Manfred Hollstein <[email protected]>
 
 - Firefox Extended Support Release 140.10.2 ESR

++++++ firefox-140.10.2esr.source.tar.xz -> firefox-140.11.0esr.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/firefox-esr/firefox-140.10.2esr.source.tar.xz 
/work/SRC/openSUSE:Factory/.firefox-esr.new.1966/firefox-140.11.0esr.source.tar.xz
 differ: char 15, line 1

++++++ firefox-esr.changes.txt ++++++
--- /var/tmp/diff_new_pack.DrXMzu/_old  2026-05-19 17:52:08.209018954 +0200
+++ /var/tmp/diff_new_pack.DrXMzu/_new  2026-05-19 17:52:08.217019285 +0200
@@ -1,4 +1,78 @@
 -------------------------------------------------------------------
+Tue May 19 12:41:51 UTC 2026 - Manfred Hollstein <[email protected]>
+
+- Firefox Extended Support Release 140.11.0 ESR
+  * Fixed: Various security fixes.
+- Mozilla Firefox ESR 140.11.0
+  https://www.mozilla.org/security/advisories/mfsa2026-48
+  MFSA 2026-48 (boo#1265212)
+  * CVE-2026-8946 (bmo#2029070)
+    Incorrect boundary conditions in the Audio/Video: Web Codecs
+    component
+  * CVE-2026-8388 (bmo#2036978)
+    Incorrect boundary conditions in the JavaScript Engine: JIT
+    component
+  * CVE-2026-8947 (bmo#2038439)
+    Use-after-free in the DOM: Bindings (WebIDL) component
+  * CVE-2026-8391 (bmo#2038575)
+    Other issue in the JavaScript Engine component
+  * CVE-2026-8401 (bmo#2038679)
+    Sandbox escape in the Profile Backup component
+  * CVE-2026-8949 (bmo#1355639)
+    Integer overflow in the Widget: Win32 component
+  * CVE-2026-8950 (bmo#1965430)
+    Same-origin policy bypass in the Networking: HTTP component
+  * CVE-2026-8953 (bmo#2029511)
+    Sandbox escape due to use-after-free in the Disability Access
+    APIs component
+  * CVE-2026-8954 (bmo#2030747)
+    Incorrect boundary conditions, integer overflow in the
+    Audio/Video component
+  * CVE-2026-8955 (bmo#2031064)
+    Privilege escalation in the DOM: Workers component
+  * CVE-2026-8956 (bmo#2032427)
+    Integer overflow in the Networking: JAR component
+  * CVE-2026-8957 (bmo#2033850)
+    Privilege escalation in the Enterprise Policies component
+  * CVE-2026-8958 (bmo#2034713)
+    Information disclosure, sandbox escape in the Security:
+    Process Sandboxing component
+  * CVE-2026-8959 (bmo#2034754)
+    Sandbox escape due to incorrect boundary conditions in the
+    Widget: Win32 component
+  * CVE-2026-8961 (bmo#1962625)
+    Spoofing issue in the Form Autofill component
+  * CVE-2026-8962 (bmo#2004804)
+    Mitigation bypass in the DOM: Security component
+  * CVE-2026-8968 (bmo#2030467)
+    Denial-of-service due to invalid pointer in the Audio/Video:
+    Web Codecs component
+  * CVE-2026-8970 (bmo#2032174)
+    Privilege escalation in the Security component
+  * CVE-2026-8974 (bmo#1784128, bmo#1883230, bmo#1983677,
+    bmo#2022390, bmo#2023116, bmo#2023657, bmo#2024255,
+    bmo#2024418, bmo#2024441, bmo#2024447, bmo#2024966,
+    bmo#2025412, bmo#2025467, bmo#2025940, bmo#2025950,
+    bmo#2025956, bmo#2026284, bmo#2027247, bmo#2027255,
+    bmo#2027288, bmo#2027306, bmo#2027322, bmo#2027332,
+    bmo#2027333, bmo#2028266, bmo#2028292, bmo#2028319,
+    bmo#2028526, bmo#2028870, bmo#2028876, bmo#2028882,
+    bmo#2029062, bmo#2029309, bmo#2029414, bmo#2029422,
+    bmo#2029428, bmo#2029447, bmo#2029732, bmo#2029785,
+    bmo#2029793, bmo#2029813, bmo#2029899, bmo#2031028,
+    bmo#2031457, bmo#2032039, bmo#2033610, bmo#2033854,
+    bmo#2034498, bmo#2034628, bmo#2034978, bmo#2035966,
+    bmo#2036668, bmo#2036905, bmo#2036930)
+    Memory safety bugs fixed in Firefox ESR 140.11 and Firefox
+    151
+  * CVE-2026-8975 (bmo#1860195, bmo#2029325, bmo#2029429,
+    bmo#2029910, bmo#2035915, bmo#2038669, bmo#2038678)
+    Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR
+    140.11 and Firefox 151
+- Refresh mozilla-silence-no-return-type.patch
+- Remove now obsolete mozilla-bmo2031958.patch
+
+-------------------------------------------------------------------
 Thu May  7 14:24:15 UTC 2026 - Manfred Hollstein <[email protected]>
 
 - Firefox Extended Support Release 140.10.2 ESR

++++++ l10n-140.10.2esr.tar.xz -> l10n-140.11.0esr.tar.xz ++++++

++++++ mozilla-silence-no-return-type.patch ++++++
--- /var/tmp/diff_new_pack.DrXMzu/_old  2026-05-19 17:52:08.657037489 +0200
+++ /var/tmp/diff_new_pack.DrXMzu/_new  2026-05-19 17:52:08.661037654 +0200
@@ -747,7 +747,7 @@
 diff --git 
a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 
b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 --- 
a/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
 +++ 
b/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc
-@@ -39,16 +39,17 @@ ScreenCastPortal::CaptureSourceType Scre
+@@ -41,16 +41,17 @@ ScreenCastPortal::CaptureSourceType Scre
    switch (type) {
      case CaptureType::kScreen:
        return ScreenCastPortal::CaptureSourceType::kScreen;
@@ -763,8 +763,8 @@
      : ScreenCastPortal(type,
                         notifier,
                         OnProxyRequested,
-                        OnSourcesRequestResponseSignal,
-                        this) {}
+                        OnSourcesRequestResponseSignal) {}
+ 
 diff --git a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc 
b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
 --- a/third_party/libwebrtc/modules/pacing/bitrate_prober.cc
 +++ b/third_party/libwebrtc/modules/pacing/bitrate_prober.cc

++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.DrXMzu/_old  2026-05-19 17:52:08.777042454 +0200
+++ /var/tmp/diff_new_pack.DrXMzu/_new  2026-05-19 17:52:08.793043116 +0200
@@ -1,11 +1,11 @@
 PRODUCT="firefox"
 CHANNEL="esr140"
-VERSION="140.10.2"
+VERSION="140.11.0"
 VERSION_SUFFIX="esr"
-PREV_VERSION="140.10.1"
+PREV_VERSION="140.10.2"
 PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140";
-RELEASE_TAG="6220f392be743517c45c0a46b455d7a57c0b9891"
-RELEASE_TIMESTAMP="20260506114755"
+RELEASE_TAG="2e36c464a92f1942683abbed6ceb442308db5eb0"
+RELEASE_TIMESTAMP="20260514160037"

commit firefox-esr for openSUSE:Factory

Reply via email to