Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaFirefox-107.0-1.1 RPM for i686

From OpenSuSE Tumbleweed for i686

Name: MozillaFirefox Distribution: openSUSE Tumbleweed
Version: 107.0 Vendor: openSUSE
Release: 1.1 Build date: Thu Nov 17 18:39:53 2022
Group: Productivity/Networking/Web/Browsers Build host: lamb75
Size: 257179029 Source RPM: MozillaFirefox-107.0-1.1.src.rpm
Summary: Mozilla Firefox Web Browser
Mozilla Firefox is a standalone web browser, designed for standards
compliance and performance.  Its functionality can be enhanced via a
plethora of extensions.






* Tue Nov 15 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 107.0
    MFSA 2022-47 (bsc#1205270)
    * CVE-2022-45403 (bmo#1762078)
      Service Workers might have learned size of cross-origin media files
    * CVE-2022-45404 (bmo#1790815)
      Fullscreen notification bypass
    * CVE-2022-45405 (bmo#1791314)
      Use-after-free in InputStream implementation
    * CVE-2022-45406 (bmo#1791975)
      Use-after-free of a JavaScript Realm
    * CVE-2022-45407 (bmo#1793314)
      Loading fonts on workers was not thread-safe
    * CVE-2022-45408 (bmo#1793829)
      Fullscreen notification bypass via windowName
    * CVE-2022-45409 (bmo#1796901)
      Use-after-free in Garbage Collection
    * CVE-2022-45410 (bmo#1658869)
      ServiceWorker-intercepted requests bypassed SameSite cookie policy
    * CVE-2022-45411 (bmo#1790311)
      Cross-Site Tracing was possible via non-standard override headers
    * CVE-2022-45412 (bmo#1791029)
      Symlinks may resolve to partially uninitialized buffers
    * CVE-2022-45413 (bmo#1791201)
      SameSite=Strict cookies could have been sent cross-site via
      intent URLs
    * CVE-2022-40674 (bmo#1791598)
      Use-after-free vulnerability in expat
    * CVE-2022-45415 (bmo#1793551)
      Downloaded file may have been saved with malicious extension
    * CVE-2022-45416 (bmo#1793676)
      Keystroke Side-Channel Leakage
    * CVE-2022-45417 (bmo#1794508)
      Service Workers in Private Browsing Mode may have been
      written to disk
    * CVE-2022-45418 (bmo#1795815)
      Custom mouse cursor could have been drawn over browser UI
    * CVE-2022-45419 (bmo#1716082)
      Deleting a security exception did not take effect immediately
    * CVE-2022-45420 (bmo#1792643)
      Iframe contents could be rendered outside the iframe
    * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
      Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
  - requires
    * NSS >= 3.84
    * rust = 1.64
* Sat Nov 05 2022 Andreas Stieger <>
  - Mozilla Firefox 106.0.5
    * Addresses a crash experienced by users with Intel Gemini Lake
      CPUs (bmo#1702019)
  - Mozilla Firefox 106.0.4
    * Fixed an issue with DRM Video playback (bmo#1797292)
    * Fixed broken layout of datetime input when switching
      types (bmo#1797139)
* Tue Nov 01 2022 Andreas Stieger <>
  - Mozilla Firefox 106.0.3
    * Fixes for other platforms
* Thu Oct 27 2022 Andreas Stieger <>
  - Mozilla Firefox 106.0.2
    * Fix missing content on some PDF forms (bmo#1794351)
    * Fix column width for the Notification sub-panel in Settings
    * Fix a browser freeze with accessibility enabled on some sites
      such as the Proxmox Web UI (bmo#1793748)
    * Fix page reloading not working with Firefox View and not
      refreshing synced data (bmo#1792680, bmo#1794474)
* Sun Oct 23 2022 Andreas Stieger <>
  - Mozilla Firefox 106.0.1
    * Addresses a crash experienced by users with AMD Zen 1 CPUs
* Sun Oct 16 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 106.0
    * support editing of PDFs
    * introduced Firefox View
    * major WebRTC update
    - Better screen sharing for Windows and Linux Wayland users
    - RTP performance and reliability improvements
    - Richer statistics
    - Cross-browser and service compatibility improvements
    * detailed releasenotes
    MFSA 2022-44 (bsc#1204421)
    * CVE-2022-42927 (bmo#1789128)
      Same-origin policy violation could have leaked cross-origin URLs
    * CVE-2022-42928 (bmo#1791520)
      Memory Corruption in JS Engine
    * CVE-2022-42929 (bmo#1789439)
      Denial of Service via window.print
    * CVE-2022-42930 (bmo#1789503)
      Race condition in DOM Workers
    * CVE-2022-42931 (bmo#1780571)
      Username saved to a plaintext file on disk
    * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
      Memory safety bugs fixed in Firefox
  - added -msse2 flag to fix i386 build and workaround bmo#1795993
  - fixed used buildflags
  - renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
    as it was extended with changes for other archs
* Sat Oct 08 2022 Andreas Stieger <>
  - Mozilla Firefox 105.0.3:
    * Fixes for other platforms
* Wed Oct 05 2022 Andreas Stieger <>
  - Mozilla Firefox 105.0.2:
    * Fixed poor contrast on various menu items with certain
      themes on Linux systems (bmo#1792063)
    * Fixed the scrollbar appearing on the wrong side of
      `select` elements in right-to-left locales (bmo#1791219)
    * Fixed a possible deadlock when loading some sites in
      Troubleshoot Mode (bmo#1786259)
    * Fixed a bug causing some dynamic appearance changes to
      not appear when expected (bmo#1786521)
    * Fixed a bug causing theme styling to not be properly applied
      to sidebars for some add-ons in Private Browsing Mode
* Thu Sep 22 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 105.0.1
    * Reverted focus behavior for new windows back to the content
      area instead of the address bar (bmo#1784692)
  - added mozilla-i686-build.patch to avoid using avx2
* Sat Sep 17 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 105.0
    MFSA 2022-40 (bsc#1203477)
    * CVE-2022-40959 (bmo#1782211)
      Bypassing FeaturePolicy restrictions on transient pages
    * CVE-2022-40960 (bmo#1787633)
      Data-race when parsing non-UTF-8 URLs in threads
    * CVE-2022-40958 (bmo#1779993)
      Bypassing Secure Context restriction for cookies with __Host
      and __Secure prefix
    * CVE-2022-40961 (bmo#1784588)
      Stack-buffer overflow when initializing Graphics
    * CVE-2022-40956 (bmo#1770094)
      Content-Security-Policy base-uri bypass
    * CVE-2022-40957 (bmo#1777604)
      Incoherent instruction cache when building WASM on ARM64
    * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574,
      bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440)
      Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
  - requires
    NSS 3.82
    Rust 1.63 (1.61)
  - removed obsolete mozilla-glibc236.patch
* Fri Sep 09 2022 Guillaume GARDET <>
  - Adjust memory requirements to fix build on aarch64
* Wed Sep 07 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 104.0.2 (boo#1203177)
    * Fixed a bug making it impossible to use touch or a stylus to
      drag the scrollbar on pages (bmo#1787361)
    * Fixed an issue causing some users to crash in out-of-memory
      conditions (bmo#1774155)
    * Fixed an issue that would sometimes affect video & audio playback
      when loaded via a cross-origin iframe src attribute (bmo#1781759)
    * Fixed an issue that would sometimes affect video & audio playback
      when served with Content-Security-Policy: sandbox (bmo#1781063)
* Thu Sep 01 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 104.0.1
    * Addresses an issue with Youtube video playback that was
      affecting some users (boo#1203003)
* Sun Aug 21 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 104.0
    MFSA 2022-33 (bsc#1202645)
    * CVE-2022-38472 (bmo#1769155)
      Address bar spoofing via XSLT error handling
    * CVE-2022-38473 (bmo#1771685)
      Cross-origin XSLT Documents would have inherited the parent's
    * CVE-2022-38474 (bmo#1719511)
      Recording notification not shown when microphone was
      recording on Android
    * CVE-2022-38475 (bmo#1773266)
      Attacker could write a value to a zero-length array
    * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
      Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
    * CVE-2022-38478 (bmo#1770630, bmo#1776658)
      Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
      and Firefox ESR 91.13
  - requires
    NSPR 4.34.1
    NSS 3.81
    rust 1.62
* Sat Aug 13 2022 Wolfgang Rosenauer <>
  - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
* Tue Aug 09 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 103.0.2
    * Fixed menu shortcuts for users of the JAWS screen reader
    * Fixed an occasional non-overridable certificate error when
      accessing device configuration pages
* Tue Aug 02 2022 Andreas Schwab <>
  - The --disable-elf-hack option only exists on ARM and X86
* Mon Aug 01 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 103.0.1
    * Enabled hardware acceleration on newer AMD cards.
    * Fixed a crash on Firefox shutdown caused by a bug in the
      audio manager
* Wed Jul 27 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 103.0
    MFSA 2022-28 (bsc#1201758)
    * CVE-2022-36319 (bmo#1737722)
      Mouse Position spoofing with CSS transforms
    * CVE-2022-36317 (bmo#1759951)
      Long URL would hang Firefox for Android
    * CVE-2022-36318 (bmo#1771774)
      Directory indexes for bundled resources reflected URL
    * CVE-2022-36314 (bmo#1773894)
      Opening local <code>.lnk</code> files could cause unexpected
      network loads
    * CVE-2022-36315 (bmo#1762520)
      Preload Cache Bypasses Subresource Integrity
    * CVE-2022-36316 (bmo#1768583)
      Performance API leaked whether a cross-site resource is
    * CVE-2022-36320 (bmo#1759794, bmo#1760998)
      Memory safety bugs fixed in Firefox 103
    * CVE-2022-2505 (bmo#1769739, bmo#1772824)
      Memory safety bugs fixed in Firefox 103 and 102.1
  - requires
    NSS >= 3.80
    rust = 1.61
    rust-cbindgen >= 0.24.3
* Wed Jul 13 2022 Guillaume GARDET <>
  - Move %limit_build set before mozilla config to actually set the
    value of %jobs to MOZ_MAKE_FLAGS to fix build on aarch64
* Wed Jul 06 2022 Andreas Stieger <>
  - Firefox 102.0.1:
    * Fixed: Fixed bookmarks sidebar flashing white when opened in
      dark mode (bmo#1776157)
    * Fixed: Fixed multilingual spell checking not working with
      content in both English and a non-Latin alphabet
    * Fixed: Developer tools:  Fixed an issue where the console
      output keep getting scrolled to the bottom when the last
      visible message is an evaluation result (bmo#1776262)
    * Fixed: Fixed *Delete cookies and site data when Firefox is
      closed* checkbox getting disabled on startup (bmo#1777419)
    * Fixed: Various stability fixes
* Sat Jun 25 2022 Wolfgang Rosenauer <>
  - Firefox 102.0
    * You can now disable automatic opening of the download panel
      every time a new download starts
    * Firefox now mitigates query parameter tracking when navigating
      sites in ETP strict mode
    * Improved security by moving audio decoding into a separate
      process with stricter sandboxing, thus improving process isolation
    MFSA 2022-24 (bsc#1200793)
    * CVE-2022-34479 (bmo#1745595)
      A popup window could be resized in a way to overlay the
      address bar with web content
    * CVE-2022-34470 (bmo#1765951)
      Use-after-free in nsSHistory
    * CVE-2022-34468 (bmo#1768537)
      CSP sandbox header without `allow-scripts` can be bypassed
      via retargeted javascript: URI
    * CVE-2022-34482 (bmo#845880)
      Drag and drop of malicious image could have led to malicious
      executable and potential code execution
    * CVE-2022-34483 (bmo#1335845)
      Drag and drop of malicious image could have led to malicious
      executable and potential code execution
    * CVE-2022-34476 (bmo#1387919)
      ASN.1 parser could have been tricked into accepting malformed ASN.1
    * CVE-2022-34481 (bmo#1483699, bmo#1497246)
      Potential integer overflow in ReplaceElementsAt
    * CVE-2022-34474 (bmo#1677138)
      Sandboxed iframes could redirect to external schemes
    * CVE-2022-34469 (bmo#1721220)
      TLS certificate errors on HSTS-protected domains could be
      bypassed by the user on Firefox for Android
    * CVE-2022-34471 (bmo#1766047)
      Compromised server could trick a browser into an addon downgrade
    * CVE-2022-34472 (bmo#1770123)
      Unavailable PAC file resulted in OCSP requests being blocked
    * CVE-2022-34478 (bmo#1773717)
      Microsoft protocols can be attacked if a user accepts a prompt
    * CVE-2022-2200 (bmo#1771381)
      Undesired attributes could be set as part of prototype pollution
    * CVE-2022-34480 (bmo#1454072)
      Free of uninitialized pointer in lg_init
    * CVE-2022-34477 (bmo#1731614)
      MediaError message property leaked information on cross-
      origin same-site pages
    * CVE-2022-34475 (bmo#1757210)
      HTML Sanitizer could have been bypassed via same-origin
      script via use tags
    * CVE-2022-34473 (bmo#1770888)
      HTML Sanitizer could have been bypassed via use tags
    * CVE-2022-34484 (bmo#1763634, bmo#1772651)
      Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
    * CVE-2022-34485 (bmo#1768409, bmo#1768578)
      Memory safety bugs fixed in Firefox 102
  - requires
    NSPR >= 4.34
    NSS >= 3.79
    rust = 1.60
  - switch out skia-patches with webrender-patches for big endian
    * mozilla-bmo1504834-part2.patch
    * mozilla-bmo1504834-part4.patch
    * mozilla-bmo1626236.patch
    * one_swizzle_to_rule_them_all.patch
    * svg-rendering.patch
  - add some more returns to the no-return-patch
* Fri Jun 10 2022 Andreas Stieger <>
  - Mozilla Firefox 101.0.1:
    * Fixed context menus not appearing when right-clicking
      Picture-in-Picture windows on some Linux systems (bmo#1771914)
    * Various stability fixes
* Sun May 29 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 101.0
    * Reading is now easier with the prefers-contrast media query,
      which allows sites to detect if the user has requested that web
      content is presented with a higher (or lower) contrast
    * All non-configured MIME types can now be assigned a custom
      action upon download completion
    * allows users to use as many microphones as you want, at the
      same time, during video conferencing. The most exciting benefit
      is that you can easily switch your microphones at any time
      (if your conferencing service provider enables this flexibility)
    MFSA 2022-20 (bsc#1200027)
    * CVE-2022-31736 (bmo#1735923)
      Cross-Origin resource's length leaked
    * CVE-2022-31737 (bmo#1743767)
      Heap buffer overflow in WebGL
    * CVE-2022-31738 (bmo#1756388)
      Browser window spoof using fullscreen mode
    * CVE-2022-31739 (bmo#1765049)
      Attacker-influenced path traversal when saving downloaded files
    * CVE-2022-31740 (bmo#1766806)
      Register allocation problem in WASM on arm64
    * CVE-2022-31741 (bmo#1767590)
      Uninitialized variable leads to invalid memory read
    * CVE-2022-31742 (bmo#1730434)
      Querying a WebAuthn token with a large number of allowCredential
      entries may have leaked cross-origin information
    * CVE-2022-31743 (bmo#1747388)
      HTML Parsing incorrectly ended HTML comments prematurely
    * CVE-2022-31744 (bmo#1757604)
      CSP bypass enabling stylesheet injection
    * CVE-2022-31745 (bmo#1760944)
      Incorrect Assertion caused by unoptimized array shift operations
    * CVE-2022-1919 (bmo#1761275)
      Memory Corruption when manipulating webp images
    * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
      bmo#1767365, bmo#1768559, bmo#1768734)
      Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
    * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469,
      bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973,
      bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869)
      Memory safety bugs fixed in Firefox 101
  - requires
    * NSS 3.78.1
    * rust-cbindgen 0.23.0
    * rust 1.59
* Fri May 20 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 100.0.2
    MFSA 2022-19 (bsc#1199768)
    * CVE-2022-1802 (bmo#1770137)
      Prototype pollution in Top-Level Await implementation
    * CVE-2022-1529 (bmo#1770048)
      Untrusted input used in JavaScript object indexing, leading
      to prototype pollution
* Wed May 18 2022 Andreas Stieger <>
  - Mozilla Firefox 100.0.1:
    * Fixed: Fixed an issue with subtitles in Picture-in-Picture
      mode while using Netflix (bmo#1768818)
    * Fixed: Fixed an issue where some commands were unavailable in
      the Picture-in-Picture window (bmo#1768201)
* Sun May 01 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 100.0
    * subtitle support in PiP
    * spell checking supports multiple languages in parallel
    * more details here
    MFSA 2022-16 (boo#1198970)
    * CVE-2022-29914 (bmo#1746448)
      Fullscreen notification bypass using popups
    * CVE-2022-29909 (bmo#1755081)
      Bypassing permission prompt in nested browsing contexts
    * CVE-2022-29916 (bmo#1760674)
      Leaking browser history with CSS variables
    * CVE-2022-29911 (bmo#1761981)
      iframe Sandbox bypass
    * CVE-2022-29912 (bmo#1692655)
      Reader mode bypassed SameSite cookies
    * CVE-2022-29910 (bmo#1757138)
      Firefox for Android forgot HTTP Strict Transport Security
    * CVE-2022-29915 (bmo#1751678)
      Leaking cross-origin redirect through the Performance API
    * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
      bmo#1762614, bmo#1762620, bmo#1764778)
      Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
    * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
      bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
      bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
      Memory safety bugs fixed in Firefox 100
  - requires NSS 3.77
* Tue Apr 12 2022 Andreas Stieger <>
  - Mozilla Firefox 99.0.1
    * Fixed an issue with text rendering in Bengali (bmo#1763368)
    * Fixed a selection issue in the Download panel with drag and
      drop (bmo#1762723)
    * Fixed: Fixed an issue preventing Zoom gallery mode for users
      who go to URLs instead of URLs
* Mon Apr 04 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 99.0
    * You can now toggle Narrate in ReaderMode with the keyboard
      shortcut "n."
    * You can find added support for search—with or without
      diacritics—in the PDF viewer.
    * The Linux sandbox has been strengthened: processes exposed to web
      content no longer have access to the X Window system (X11).
    * Firefox now supports credit card autofill and capture in
      Germany and France.
    MFSA 2022-13 (bsc#1197903)
    * CVE-2022-1097 (bmo#1745667)
      Use-after-free in NSSToken objects
    * CVE-2022-28281 (bmo#1755621)
      Out of bounds write due to unexpected WebAuthN Extensions
    * CVE-2022-28282 (bmo#1751609)
      Use-after-free in DocumentL10n::TranslateDocument
    * CVE-2022-28283 (bmo#1754066)
      Missing security checks for fetching sourceMapURL
    * CVE-2022-28284 (bmo#1754522)
      Script could be executed via svg's use element
    * CVE-2022-28285 (bmo#1756957)
      Incorrect AliasSet used in JIT Codegen
    * CVE-2022-28286 (bmo#1735265)
      iframe contents could be rendered outside the border
    * CVE-2022-28287 (bmo#1741515)
      Text Selection could crash Firefox
    * CVE-2022-24713 (bmo#1758509)
      Denial of Service via complex regular expressions
    * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
      bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
      Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
    * CVE-2022-28288 (bmo#1746415, bmo#1746495, bmo#1746500,
      bmo#1747282, bmo#1748759, bmo#1749056, bmo#1749786,
      bmo#1751679, bmo#1752120, bmo#1756010, bmo#1756017,
      bmo#1757213, bmo#1757258, bmo#1757427)
      Memory safety bugs fixed in Firefox 99
  - requires NSS >= 3.76.1
  - remove obsolete patch
    * mozilla-bmo1756347.patch
    * mozilla-bmo1757571.patch
  - update
* Thu Mar 24 2022 Andreas Stieger <>
  - MozillaFirefox 98.0.2:
    * Fixed: Fixed an issue preventing users from typing in Address
      Bar after opening new tab and pressing cmd + enter
    * Fixed: Fixed an issue causing some users to crash in out-of-
      memory conditions (bmo#1757618)
    * Fixed: Fixed an issue in session history which caused some
      sites to fail to load (bmo#1758664)
    * Fixed: Fixed an add-on specific compatibility issue
* Wed Mar 23 2022 Simon Vogl <>
  - Change mozilla-kde.patch to follow the GNOME registry
    behavior for new MIME types to avoid opening downloaded files
    without any inquiries (bsc#1197319)
* Tue Mar 22 2022 Guillaume GARDET <>
  - Add patch to fix start-up on aarch64:
    * mozilla-bmo1757571.patch
* Thu Mar 17 2022 Dirk Müller <>
  - exclude slow cpus for building
* Thu Mar 17 2022 Martin Sirringhaus <>
  - Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
    faster buildhosts, as the others struggle to build FF.
* Mon Mar 14 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 98.0.1:
    * Yandex and have been removed as optional search
      providers in the drop-down search menu in Firefox
* Tue Mar 08 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 98.0
    * Firefox has a new optimized download flow
    * other changes as documented here
    MFSA 2022-10 (bsc#1196900)
    * CVE-2022-26383 (bmo#1742421)
      Browser window spoof using fullscreen mode
    * CVE-2022-26384 (bmo#1744352)
      iframe allow-scripts sandbox bypass
    * CVE-2022-26387 (bmo#1752979)
      Time-of-check time-of-use bug when verifying add-on signatures
    * CVE-2022-26381 (bmo#1736243)
      Use-after-free in text reflows
    * CVE-2022-26382 (bmo#1741888)
      Autofill Text could be exfiltrated via side-channel attacks
    * CVE-2022-26385 (bmo#1747526)
      Use-after-free in thread shutdown
    * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
      bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
      Memory safety bugs fixed in Firefox 98
  - requires NSS 3.75
  - add mozilla-bmo1756347.patch to fix i586 build
* Fri Feb 18 2022 Andreas Stieger <>
  - Mozilla Firefox 97.0.1
    * Fixed: Fixed an issue where TikTok videos would fail to load
      when selected from a user's profile page (bmo#1750973)
    * Fixed: Fixed an issue which led to Picture-in-Picture mode
      being unable to be toggled on Hulu (bmo#1753401)
    * Fixed: Works around problems with WebRoot SecureAnywhere
      antivirus rendering Firefox unusable in some situations
    * Fixed: Fixed an issue causing users to see the Restore
      Session screen unexpectedly when starting Firefox
* Mon Feb 14 2022 Luciano Santos <>
  - Remove bashisms ("source" and "function" keywords) from to ally with the #!/bin/sh shebang. If the end user
    has either dash-sh package or busybox-sh to handle Bourn Shell
    scripts rather than having bash-sh package, the script would
    fail. Using "." instead of "source" and "create_langpack_link()"
    function definition is enough to keep both sides sane,
* Tue Feb 08 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 97.0
    MFSA 2022-04 (bsc#1195682)
    * CVE-2022-22753 (bmo#1732435)
      Privilege Escalation to SYSTEM on Windows via Maintenance Service
    * CVE-2022-22754 (bmo#1750565)
      Extensions could have bypassed permission confirmation during update
    * CVE-2022-22755 (bmo#1309630)
      XSL could have allowed JavaScript execution after a tab was closed
    * CVE-2022-22756 (bmo#1317873)
      Drag and dropping an image could have resulted in the dropped
      object being an executable
    * CVE-2022-22757 (bmo#1720098)
      Remote Agent did not prevent local websites from connecting
    * CVE-2022-22758 (bmo#1728742)
      tel: links could have sent USSD codes to the dialer on
      Firefox for Android
    * CVE-2022-22759 (bmo#1739957)
      Sandboxed iframes could have executed script if the parent
      appended elements
    * CVE-2022-22760 (bmo#1740985, bmo#1748503)
      Cross-Origin responses could be distinguished between script
      and non-script content-types
    * CVE-2022-22761 (bmo#1745566)
      frame-ancestors Content Security Policy directive was not
      enforced for framed extension pages
    * CVE-2022-22762 (bmo#1743931)
      JavaScript Dialogs could have been displayed over other
      domains on Firefox for Android
    * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
      bmo#1748210, bmo#1748279)
      Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
    * CVE-2022-0511 (bmo#1713579, bmo#1735448, bmo#1743821, bmo#1746313,
      bmo#1746314, bmo#1746316, bmo#1746321, bmo#1746322, bmo#1746323,
      bmo#1746412, bmo#1746430, bmo#1746451, bmo#1746488, bmo#1746875,
      bmo#1746898, bmo#1746905, bmo#1746907, bmo#1746917, bmo#1747128,
      bmo#1747137, bmo#1747331, bmo#1747346, bmo#1747439, bmo#1747457,
      bmo#1747870, bmo#1749051, bmo#1749274, bmo#1749831)
      Memory safety bugs fixed in Firefox 97
  - requires NSS 3.74
  - requires rust 1.57
* Mon Feb 07 2022 Dirk Müller <>
  - remove memoryperjob and use %limit instead. this allows to
    adapt to more worker types, and lowers the time the package
    is stuck in "scheduling". raising memory above 8 to lower
    risk for LTO jobs to run OOM
  - add hack to disable -Wl,--gc-section which avoids a binutils
    segfault on x86
  - change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere
* Sun Jan 30 2022 Dirk Müller <>
  - disable ccache, this adds about 1 minute of build time and
    over 2 GB of disk space usage without benefit on OBS builds
  - build with rust-simd like upstream does
  - use -g1 for debuginfo generation as this is what upstream
    does as well and it saves ~ 2GB of writes
  - use %limit on x86_64 to scale down to less capable workers
  - disable install stripping so that debuginfo is useful
  - use autopatch
  - cleanup constraints to specify only jobs, physicalmemory
    and memoryperjob to be more flexible on which host to build
* Fri Jan 28 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 96.0.3 (bsc#1195230)
    * Fixed an issue that allowed unexpected data to be submitted in
      some of our search telemetry (bmo#1752317)
* Mon Jan 24 2022 Martin Liška <>
  - Enable -fimplicit-constexpr for GCC 12+.
* Thu Jan 20 2022 Andreas Stieger <>
  - Mozilla Firefox 96.0.2
    * Fix an issue that caused tab height to display inconsistently
      on Linux when audio was played (bmo#1714276)
    * Fix an issue that caused Lastpass dropdowns to appear blank in
      Private Browsing mode (bmo#1748158)
    * Fix a crash encountered when resizing a Facebook app
* Fri Jan 14 2022 Andreas Stieger <>
  - Mozilla Firefox 96.0.1
    * Fixed: Improvements to make the parsing of content-length
      headers more robust (bmo#1749957, boo#1194677)
* Sat Jan 08 2022 Wolfgang Rosenauer <>
  - Mozilla Firefox 96.0
    MFSA 2022-01 (bsc#1194547)
    * CVE-2022-22746 (bmo#1735071)
      Calling into reportValidity could have lead to fullscreen
      window spoof
    * CVE-2022-22743 (bmo#1739220)
      Browser window spoof using fullscreen mode
    * CVE-2022-22742 (bmo#1739923)
      Out-of-bounds memory access when inserting text in edit mode
    * CVE-2022-22741 (bmo#1740389)
      Browser window spoof using fullscreen mode
    * CVE-2022-22740 (bmo#1742334)
      Use-after-free of ChannelEventQueue::mOwner
    * CVE-2022-22738 (bmo#1742382)
      Heap-buffer-overflow in blendGaussianBlur
    * CVE-2022-22737 (bmo#1745874)
      Race condition when playing audio files
    * CVE-2021-4140 (bmo#1746720)
      Iframe sandbox bypass with XSLT
    * CVE-2022-22750 (bmo#1566608)
      IPC passing of resource handles could have lead to sandbox
    * CVE-2022-22749 (bmo#1705094)
      Lack of URL restrictions when scanning QR codes
    * CVE-2022-22748 (bmo#1705211)
      Spoofed origin on external protocol launch dialog
    * CVE-2022-22745 (bmo#1735856)
      Leaking cross-origin URLs through securitypolicyviolation
    * CVE-2022-22744 (bmo#1737252)
      The 'Copy as curl' feature in DevTools did not fully escape
      website-controlled data, potentially leading to command
    * CVE-2022-22747 (bmo#1735028)
      Crash when handling empty pkcs7 sequence
    * CVE-2022-22736 (bmo#1742692)
      Potential local privilege escalation when loading modules
      from the install directory.
    * CVE-2022-22739 (bmo#1744158)
      Missing throttling on external protocol launch dialog
    * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
      bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
      bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
      Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
    * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
      Memory safety bugs fixed in Firefox 96
  - removed obsolete patches
    * mozilla-bmo1745560.patch
    * mozilla-bmo1744896.patch
    * mozilla-sandbox-fips.patch
  - requires
    NSPR >= 4.33
    NSS  >= 3.73.1
* Tue Dec 28 2021 Bjørn Lie <>
  - Add upstream patches:
    * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
    * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
* Mon Dec 20 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 95.0.2
    * Addresses frequent crashes experienced by users with C/E/Z-Series
      "Bobcat" CPUs running on Windows 7, 8, and 8.1.
  - updated constraints for ppc and x86-64
* Fri Dec 17 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 95.0.1 (bsc#1193845)
    * Fixed frequent
      messages when trying to connect to various
      domains (bmo#1745600)
    * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
    * Fix for a frequent Windows shutdown crash (bmo#1738984)
    * Fix websites contrast issues for some Linux users with
      Dark mode set at OS level (bmo#1740518)
* Sat Dec 04 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 95.0
    * You can now move the Picture-in-Picture toggle button to the
      opposite side of the video. Simply look for the new context menu
      option Move Picture-in-Picture Toggle to Left (Right) Side.
    * To better protect Firefox users against side-channel attacks such
      as Spectre, Site Isolation is now enabled for all Firefox 95 users.
    MFSA 2021-52 (bsc#1193485)
    * CVE-2021-43536 (bmo#1730120)
      URL leakage when navigating while executing asynchronous
    * CVE-2021-43537 (bmo#1738237)
      Heap buffer overflow when using structured clone
    * CVE-2021-43538 (bmo#1739091)
      Missing fullscreen and pointer lock notification when
      requesting both
    * CVE-2021-43539 (bmo#1739683)
      GC rooting failure when calling wasm instance methods
    * MOZ-2021-0010 (bmo#1735852)
      Use-after-free in fullscreen objects on MacOS
    * CVE-2021-43540 (bmo#1636629)
      WebExtensions could have installed persistent ServiceWorkers
    * CVE-2021-43541 (bmo#1696685)
      External protocol handler parameters were unescaped
    * CVE-2021-43542 (bmo#1723281)
      XMLHttpRequest error codes could have leaked the existence of
      an external protocol handler
    * CVE-2021-43543 (bmo#1738418)
      Bypass of CSP sandbox directive when embedding
    * CVE-2021-43544 (bmo#1739934)
      Receiving a malicious URL as text through a SEND intent could
      have led to XSS
    * CVE-2021-43545 (bmo#1720926)
      Denial of Service when using the Location API in a loop
    * CVE-2021-43546 (bmo#1737751)
      Cursor spoofing could overlay user interface when native
      cursor is zoomed
    * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
      bmo#1737009, bmo#1739372, bmo#1739421)
      Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
  - requires
    NSS >= 3.72
* Thu Dec 02 2021 Andreas Stieger <>
  - remove x-scheme-handler/ftp from firefox.desktop boo#1193321
* Thu Nov 25 2021 Bjørn Lie <>
  - Drop unused libidl-devel BuildRequires.
* Tue Nov 23 2021 Andreas Stieger <>
  - Mozilla Firefox 94.0.2:
    * Update preference design for Firefox Suggest for improved clarity
    * Resolved general instability/crashes on Linux caused by a file
      descriptor leak when backgrounding tabs using WebGL
* Fri Nov 05 2021 Andreas Stieger <>
  - Mozilla Firefox 94.0.1:
    * fixes for other platforms
* Sat Oct 30 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 94.0
    MFSA 2021-48 (bsc#1192250)
    * CVE-2021-38503 (bmo#1729517)
      iframe sandbox rules did not apply to XSLT stylesheets
    * CVE-2021-38504 (bmo#1730156)
      Use-after-free in file picker dialog
    * CVE-2021-38505 (bmo#1730194)
      Windows 10 Cloud Clipboard may have recorded sensitive user data
    * CVE-2021-38506 (bmo#1730750)
      Firefox could be coaxed into going into fullscreen mode
      without notification or warning
    * CVE-2021-38507 (bmo#1730935)
      Opportunistic Encryption in HTTP2 could be used to bypass the
      Same-Origin-Policy on services hosted on other ports
    * MOZ-2021-0003 (bmo#1736886)
      Universal XSS in Firefox for Android via QR Code URLs
    * CVE-2021-38508 (bmo#1366818)
      Permission Prompt could be overlaid, resulting in user
      confusion and potential spoofing
    * MOZ-2021-0004 (bmo#1659155)
      Web Extensions could access pre-redirect URL when their
      context menu was triggered by a user
    * CVE-2021-38509 (bmo#1718571)
      Javascript alert box could have been spoofed onto an
      arbitrary domain
    * CVE-2021-38510 (bmo#1731779)
      Download Protections were bypassed by .inetloc files on Mac OS
    * MOZ-2021-0005 (bmo#1719203)
      'Copy Image Link' context menu action could have been abused
      to see authentication tokens
    * MOZ-2021-0006 (bmo#1724233)
      URL Parsing may incorrectly parse internationalized domains
    * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048, bmo#1735152)
      Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
  - removed obsolete patches
    * mozilla-bmo1602730.patch
    * mozilla-bmo1725828.patch
    * mozilla-bmo1729124.patch
  - requires
    NSS >= 3.71
    rust >= 1.53
  - fix Plasma detection (boo#1191825)
  - fix Link error "undefined hidden symbol:"
* Tue Oct 26 2021 Wolfgang Rosenauer <>
  - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
  - (re-)enable LTO on Tumbleweed
* Wed Oct 20 2021 Martin Sirringhaus <>
  - Rebase mozilla-sandbox-fips.patch to punch another hole in the
    sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
    from within the newly introduced socket process sandbox.
    This fixes bsc#1191815 and bsc#1190141
* Mon Oct 18 2021 Guillaume GARDET <>
  - Add patch to fix build on aarch64 (bmo#1729124)
    * mozilla-bmo1729124.patch
* Fri Oct 01 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 93.0
    * supports the new AVIF image format
    * PDF viewer now supports filling more forms (XFA-based forms)
    * now blocks downloads that rely on insecure connections,
      protecting against potentially malicious or unsafe downloads
    * Improved web compatibility for privacy protections with SmartBlock 3.0
    * Introducing a new referrer tracking protection in Strict Tracking
      Protection and Private Browsing
    * TLS ciphersuites that use 3DES have been disabled. Such
      ciphersuites can only be enabled when deprecated versions of
      TLS are also enabled
    * The download panel now follows the Firefox visual styles
    MFSA 2021-43 (bsc#1191332)
    * CVE-2021-38496 (bmo#1725335)
      Use-after-free in MessageTask
    * CVE-2021-38497 (bmo#1726621)
      Validation message could have been overlaid on another origin
    * CVE-2021-38498 (bmo#1729642)
      Use-after-free of nsLanguageAtomService object
    * CVE-2021-32810 (bmo#1729813)
      Data race in crossbeam-deque
    * CVE-2021-38500 (bmo#1725854, bmo#1728321)
      Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
      and Firefox ESR 91.2
    * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
      Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
    * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
      Memory safety bugs fixed in Firefox 93
  - removed obsolete mozilla-bmo1708709.patch
  - require NSS >= 3.70
  - allow to override wayland detection by defining MOZ_ENABLE_WAYLAND
    explicitely as 0 or 1
  - fix aarch64 build by updating constraints
  - add mozilla-bmo1725828.patch to fix widevine (bsc#1190842)
  - add mozilla-bmo531915.patch to fix build for i586
* Sat Sep 25 2021 Andreas Stieger <>
  - Mozilla Firefox 92.0.1
    * Fixed: Fixes an issue where audio playback was not working on
      some Linux systems (bmo#1730499)
    * Fixed: Fixes issues with the findbar close button on
      different operating systems (bmo#1728368)
* Mon Sep 06 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 92.0
    * More secure connections: Firefox can now automatically upgrade to
      HTTPS using HTTPS RR as Alt-Svc headers
    * Full-range color levels are now supported for video playback on
      many systems
    MFSA 2021-38 (bsc#1190269)
    * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
      bmo#1712242, bmo#1729259)
      Handling custom intents could lead to crashes and UI spoofs
    * CVE-2021-38491 (bmo#1551886)
      Mixed-Content-Blocking was unable to check opaque origins
    * CVE-2021-38492 (bmo#1721107)
      Navigating to `mk:` URL scheme could load Internet Explorer
    * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
      Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
      Firefox ESR 91.1
    * CVE-2021-38494 (bmo#1723920, bmo#1725638)
      Memory safety bugs fixed in Firefox 92
  - updated appdata
  - remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
    (does not apply anymore; unclear if obsolete)
  - bring back mozilla-silence-no-return-type.patch and
    run post-build-checks everywhere again
  - requires NSS 3.69.1
* Tue Aug 31 2021 Atri Bhattacharya <>
  - Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly
    repositioned due to rounding errors when font scaling != 1
    (bmo#1708709); patch taken from upstream bug report and rebased
    to apply cleanly against current version.
* Sun Aug 29 2021 Martin Liška <>
  - Bump using with GCC (tested locally).
* Fri Aug 27 2021 Andreas Stieger <>
  - Mozilla Firefox 91.0.2:
    * Fixed: Firefox no longer clears authentication data when
      purging trackers, to avoid repeatedly prompting for a
      password (bmo#1721084)
* Wed Aug 18 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 91.0.1
    * Fixed an issue causing buttons on the tab bar to be resized when
      loading certain websites (bmo#1704404)
    * Fixed an issue which caused tabs from private windows to be
      visible in non-private windows when viewing switch-to-tab results
      in the address bar panel (bmo#1720369)
    * Various stability fixes
    MFSA 2021-37 (bsc#1189547)
    * CVE-2021-29991 (bmo#1724896)
      Header Splitting possible with HTTP/3 Responses
* Mon Aug 09 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 91.0
    MFSA 2021-33 (bsc#1188891)
    * CVE-2021-29986 (bmo#1696138)
      Race condition when resolving DNS names could have led to
      memory corruption
    * CVE-2021-29981 (bmo#1707774)
      Live range splitting could have led to conflicting
      assignments in the JIT
    * CVE-2021-29988 (bmo#1717922)
      Memory corruption as a result of incorrect style treatment
    * CVE-2021-29983 (bmo#1719088)
      Firefox for Android could get stuck in fullscreen mode
    * CVE-2021-29984 (bmo#1720031)
      Incorrect instruction reordering during JIT optimization
    * CVE-2021-29980 (bmo#1722204)
      Uninitialized memory in a canvas object could have led to
      memory corruption
    * CVE-2021-29987 (bmo#1716129)
      Users could have been tricked into accepting unwanted
      permissions on Linux
    * CVE-2021-29985 (bmo#1722083)
      Use-after-free media channels
    * CVE-2021-29982 (bmo#1715318)
      Single bit data leak due to incorrect JIT optimization and
      type confusion
    * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
      bmo#1719998, bmo#1720568)
      Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
    * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
      bmo#1719319, bmo#1722073)
      Memory safety bugs fixed in Firefox 91
  - requires
    * rustc/cargo >= 1.51
    * NSPR >= 4.32
    * NSS >= 3.68
  - force-disable webrender on BE platforms
* Sat Jul 24 2021 Andreas Stieger <>
  - Mozilla Firefox 90.0.2:
    * Changed: Updates to support DoH Canada rollout (bmo#1713036)
    * Fixed: Fixed truncated output when printing (bmo#1720621)
    * Fixed: Fixed menu styling on some Gtk themes (bmo#1720441,
* Mon Jul 19 2021 Andreas Stieger <>
  - Mozilla Firefox 90.0.1 (boo#1188480):
    * Fixed: Fixed busy looping processing some HTTP3 responses
    * Fixed: Fixed transient errors authenticating with some smart
      cards (bmo#1715325)
    * Fixed: Fixed a rare crash on shutdown (bmo#1707057)
    * Fixed: Fixed a race on startup that caused about:support to
      end up empty after upgrade (bmo#1717894, boo#1188330)
* Sun Jul 11 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 90.0
    MFSA 2021-28 (bsc#1188275)
    * CVE-2021-29970 (bmo#1709976)
      Use-after-free in accessibility features of a document
    * CVE-2021-29971 (bmo#1713638)
      Granted permissions only compared host; omitting scheme and
      port on Android
    * CVE-2021-30547 (bmo#1715766)
      Out of bounds write in ANGLE
    * CVE-2021-29972 (bmo#1696816)
      Use of out-of-date library included use-after-free
    * CVE-2021-29973 (bmo#1701932)
      Password autofill on HTTP websites was enabled without user
      interaction on Android
    * CVE-2021-29974 (bmo#1704843)
      HSTS errors could be overridden when network partitioning was
    * CVE-2021-29975 (bmo#1713259)
      Text message could be overlaid on top of another website
    * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
      bmo#1711576, bmo#1714391)
      Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
    * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
      bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
      Memory safety bugs fixed in Firefox 90
  - requires
    NSPR 4.31
    NSS 3.66
  - Gtk2 support removed (was only for Flash plugin before)
* Wed Jun 23 2021 Andreas Stieger <>
  - Mozilla Firefox 89.0.2 (boo#1187648):
    * Fix occasional hangs with Software WebRender on Linux (bmo#1708224)
* Sat Jun 19 2021 Andreas Stieger <>
  - Mozilla Firefox 89.0.1 (boo#1187475):
    * Updated translations, including full Spanish (Mexico)
      localization and other improvements (bmo#1714946)
    * Fix various font related regressions (bmo#1694174)
    * Linux: Fix performance and stability regressions with
      WebRender (bmo#1715895, bmo#1715902)
    * Enterprise: Fix for the `DisableDeveloperTools` policy not
      having effect anymore (bmo#1715777)
    * Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
    * Various stability fixes
* Sat May 29 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 89.0
    * UI redesign
    * The Event Timing API is now supported
    * The CSS forced-colors media query is now supported
    MFSA 2021-23 (bsc#1186696)
    * CVE-2021-29965 (bmo#1709257)
      Password Manager on Firefox for Android susceptible to domain
    * CVE-2021-29960 (bmo#1675965)
      Filenames printed from private browsing mode incorrectly
      retained in preferences
    * CVE-2021-29961 (bmo#1700235)
      Firefox UI spoof using `<select>` elements and CSS scaling
    * CVE-2021-29963 (bmo#1705068)
      Shared cookies for search suggestions in private browsing mode
    * CVE-2021-29964 (bmo#1706501)
      Out of bounds-read when parsing a `WM_COPYDATA` message
    * CVE-2021-29959 (bmo#1395819)
      Devices could be re-enabled without additional permission prompt
    * CVE-2021-29962 (bmo#1701673)
      No rate-limiting for popups on Firefox for Android
    * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
      bmo#1704722, bmo#1706041)
      Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
    * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
      Memory safety bugs fixed in Firefox 89
  - require
    NSS >= 3.64
    rust-cbindgen >= 0.19.0
  - do not rely on nodejs10 packagename anymore
  - updated mozilla.keyring
  - switched TW/x86_64 to clang as the last platform due to
  - but LTO with clang is broken in TW so disable LTO for it
* Thu May 06 2021 Guillaume GARDET <>
  - Relax RAM and disk constraints for aarch64
* Wed May 05 2021 Andreas Stieger <>
  - Mozilla Firefox 88.0.1
    * Fixed: Resolved an issue caused by a recent Widevine plugin
      update which prevented some purchased video content from
      playing correctly (bmo#1705138)
    * Fixed: Fixed corruption of videos playing on Twitter or
      WebRTC calls on some Gen6 Intel graphics chipsets
    * Fixed: Fixed menulists in Preferences being unreadable for
      users with High Contrast Mode enabled (bmo#1706496)
    MFSA 2021-20 (bsc#1185633)
    * CVE-2021-29952 (bmo#1704227)
      Race condition in Web Render Components
  - devel package: move macros to /usr/lib/rpm/macros.d (boo#1185658)
* Sun May 02 2021 Wolfgang Rosenauer <>
  - add compatibility for libavcodec58_134
* Sun Apr 18 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 88.0
    * New: PDF forms now support JavaScript embedded in PDF files.
      Some PDF forms use JavaScript for validation and other
      interactive features
    * New: Print updates: Margin units are now localized
    * New: Smooth pinch-zooming using a touchpad is now supported
      on Linux
    * New: To protect against cross-site privacy leaks, Firefox now
      isolates data to the website that created it.
      Learn more
    * Changed: Firefox will not prompt for access to your
      microphone or camera if you’ve already granted access to the
      same device on the same site in the same tab within the past
      50 seconds. This new grace period reduces the number of times
      you’re prompted to grant device access
    * Changed: The ‘Take a Screenshot’ feature was removed from the
      Page Actions menu in the url bar. To take a screenshot,
      right-click to open the context menu. You can also add a
      screenshots shortcut directly to your toolbar via the
      Customize menu. Open the Firefox menu and select Customize…
    * Changed: FTP support has been disabled, and its full removal
      is planned for an upcoming release. Addressing this security
      risk reduces the likelihood of an attack while also removing
      support for a non-encrypted protocol
    * Developer: Introduced a new toggle button in the Network
      panel for switching between JSON formatted HTTP response and
      raw data (as received over the wire).
      !enter image description here
    * Enterprise: Various bug fixes and new policies have been
      implemented in the latest version of Firefox. You can see
      more details in the Firefox for Enterprise 88 Release Notes.
    * Fixed: Screen readers no longer incorrectly read content that
      websites have visually hidden, as in the case of articles in
      the Google Help panel
    MFSA 2021-16 (bsc#1184960)
    * CVE-2021-23994 (bmo#1699077)
      Out of bound write due to lazy initialization
    * CVE-2021-23995 (bmo#1699835)
      Use-after-free in Responsive Design Mode
    * CVE-2021-23996 (bmo#1701834)
      Content rendered outside of webpage viewport
    * CVE-2021-23997 (bmo#1701942)
      Use-after-free when freeing fonts from cache
    * CVE-2021-23998 (bmo#1667456)
      Secure Lock icon could have been spoofed
    * CVE-2021-23999 (bmo#1691153)
      Blob URLs may have been granted additional privileges
    * CVE-2021-24000 (bmo#1694698)
      requestPointerLock() could be applied to a tab different from
      the visible tab
    * CVE-2021-24001 (bmo#1694727)
      Testing code could have enabled session history manipulations
      by a compromised content process
    * CVE-2021-24002 (bmo#1702374)
      Arbitrary FTP command execution on FTP servers using an
      encoded URL
    * CVE-2021-29945 (bmo#1700690)
      Incorrect size computation in WebAssembly JIT could lead to
    * CVE-2021-29944 (bmo#1697604)
      HTML injection vulnerability in Firefox for Android's Reader View
    * CVE-2021-29946 (bmo#1698503)
      Port blocking could be bypassed
    * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476,
      bmo#1696886, bmo#1700091)
      Memory safety bugs fixed in Firefox 88
  - requires
    * NSPR 4.30
    * NSS 3.63.1
  - align wayland support logic
* Sat Mar 27 2021 Manfred Hollstein <>
  - Switch to clang_build globally; just on TW/x86_64 it does not work
    due to unreolved externals `__rust_probestack' - disable clang_build
  - useccache: Add conditionals to enable/disable ccache.
* Tue Mar 23 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 87.0
    * requires NSS 3.62
    * removed obsolete BigEndian ICU build workaround
    * rebased patches
    MFSA 2021-10 (bsc#1183942)
    * CVE-2021-23981 (bmo#1692832)
      Texture upload into an unbound backing buffer resulted in an
      out-of-bound read
    * CVE-2021-23982 (bmo#1677046)
      Internal network hosts could have been probed by a malicious
    * CVE-2021-23983 (bmo#1692684)
      Transitions for invalid ::marker properties resulted in memory
    * CVE-2021-23984 (bmo#1693664)
      Malicious extensions could have spoofed popup information
    * CVE-2021-23985 (bmo#1659129)
      Devtools remote debugging feature could have been enabled
      without indication to the user
    * CVE-2021-23986 (bmo#1692623)
      A malicious extension could have performed credential-less
      same origin policy violations
    * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
      Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
    * CVE-2021-23988 (bmo#1684994, bmo#1686653)
      Memory safety bugs fixed in Firefox 87
* Tue Mar 16 2021 Martin Liška <>
  - Set memory limits for DWZ to 4x.
* Sat Mar 13 2021 Andreas Stieger <>
  - Mozilla Firefox 86.0.1
    * Fixed: Fixed an issue on Apple Silicon machines that caused
      Firefox to be unresponsive after system sleep (bmo#1682713)
    * Fixed: Fixed an issue causing windows to gain or lose focus
      unexpectedly (bmo#1694927)
    * Fixed: Fixed truncation of date and time widgets due to
      incorrect width calculation (bmo#1695578)
    * Fixed: Fixed an issue causing unexpected behavior with
      extensions managing tab groups (bmo#1694699)
    * Fixed: Fixed a frequent Linux crash on browser launch
* Sun Feb 21 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 86.0
    * requires NSS >= 3.61
    * requires rust-cbindgen >= 0.16.0
    * Firefox now supports simultaneously watching multiple videos in
    * Total Cookie Protection to Strict Mode
    MSFA 2021-07 (bsc#1182614)
    * CVE-2021-23969 (bmo#1542194)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23970 (bmo#1681724)
      Multithreaded WASM triggered assertions validating separation
      of script domains
    * CVE-2021-23968 (bmo#1687342)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23974 (bmo#1528997, bmo#1683627)
      noscript elements could have led to an HTML Sanitizer bypass
    * CVE-2021-23971 (bmo#1678545)
      A website's Referrer-Policy could have been be overridden,
      potentially resulting in the full URL being sent as a Referrer
    * CVE-2021-23976 (bmo#1684627)
      Local spoofing of web manifests for arbitrary pages in
      Firefox for Android
    * CVE-2021-23977 (bmo#1684761)
      Malicious application could read sensitive data from Firefox
      for Android's application directories
    * CVE-2021-23972 (bmo#1683536)
      HTTP Auth phishing warning was omitted when a redirect is
    * CVE-2021-23975 (bmo#1685145)
      about:memory Measure function caused an incorrect pointer
    * CVE-2021-23973 (bmo#1690976)
      MediaError message property could have leaked information
      about cross-origin resources
    * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797)
      Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
    * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463,
      bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490,
      bmo#1684377, bmo#1684902)
      Memory safety bugs fixed in Firefox 86
  - updated (bsc#1182357)
  - removed obsolete mozilla-bmo1554971.patch
  - remove buildsymbols subpackage
    * we haven't done anything with it for years
    * mozilla is collecting those from our debuginfo packages
    * would require a local dump_syms tool
* Wed Feb 17 2021 Andreas Stieger <>
  - Mozilla Firefox 85.0.2
    * Fixed: Fixed a deadlock during startup (bmo#1679933)
* Wed Feb 17 2021 Michel Normand <>
  - Use %limit_build macros for PowerPC to avoid oom build failure
* Tue Feb 09 2021 Andreas Stieger <>
  - Mozilla Firefox 85.0.1
    MFSA 2021-06 (bsc#1181848)
    * MOZ-2021-0001 (bmo#1676636)
      Buffer overflow in depth pitch calculations for compressed
    * Fixed: Avoid printing an extra blank page at the end of some
      documents (bmo#1689789).
    * Fixed: Fixed a browser crash in case of unexpected Cache API
      state (bmo#1684838).
* Sun Jan 24 2021 Wolfgang Rosenauer <>
  - Mozilla Firefox 85.0
    * Adobe Flash is completely history
    * supercookie protection
    * new bookmark handling and features
    MFSA 2021-03 (bsc#1181414)
    * CVE-2021-23953 (bmo#1683940)
      Cross-origin information leakage via redirected PDF requests
    * CVE-2021-23954 (bmo#1684020)
      Type confusion when using logical assignment operators in
      JavaScript switch statements
    * CVE-2021-23955 (bmo#1684837)
      Clickjacking across tabs through misusing requestPointerLock
    * CVE-2021-23956 (bmo#1338637)
      File picker dialog could have been used to disclose a
      complete directory
    * CVE-2021-23957 (bmo#1584582)
      Iframe sandbox could have been bypassed on Android via the
      intent URL scheme
    * CVE-2021-23958 (bmo#1642747)
      Screen sharing permission leaked across tabs
    * CVE-2021-23959 (bmo#1659035)
      Cross-Site Scripting in error pages on Firefox for Android
    * CVE-2021-23960 (bmo#1675755)
      Use-after-poison for incorrectly redeclared JavaScript
      variables during GC
    * CVE-2021-23961 (bmo#1677940)
      More internal network hosts could have been probed by a
      malicious webpage
    * CVE-2021-23962 (bmo#1677194)
      Use-after-poison in
    * CVE-2021-23963 (bmo#1680793)
      Permission prompt inaccessible after asking for additional
    * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278,
      bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590,
      bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938,
      bmo#1683736, bmo#1685260, bmo#1685925)
      Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
    * CVE-2021-23965 (bmo#1670378, bmo#1673555, bmo#1676812, bmo#1678582,
      Memory safety bugs fixed in Firefox 85
  - requires NSS 3.60.1
  - requires rust 1.47
  - remove obsolete mozilla-pipewire-0-3.patch
* Mon Jan 11 2021 Matthias Mailänder <>
  - Fix AppStream screenshot links
* Thu Jan 07 2021 Andreas Stieger <>
  - Mozilla Firefox 84.0.2
    MFSA 2021-01 (bsc#1180623)
    * CVE-2020-16044 (bmo#1683964)
      Use-after-free write when handling a malicious COOKIE-ECHO
      SCTP chunk
* Sun Dec 27 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 84.0.1
    * Fixed problems loading secure websites and crashes for users
      with certain third-party PKCS11 modules and smartcards installed
      (bmo#1682881) (fixed in NSS 3.59.1)
    * Fixed a bug causing some Unity JS games to not load on Apple
      Silicon devices due to improper detection of the OS version
  - requires NSS 3.59.1
* Sun Dec 13 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 84.0
    * Firefox 84 is the final release to support Adobe Flash
    * WebRender is enabled by default when run on GNOME-based X11
      Linux desktops
    MFSA 2020-54 (bsc#1180039))
    * CVE-2020-16042 (bmo#1679003)
      Operations on a BigInt could have caused uninitialized memory
      to be exposed
    * CVE-2020-26971 (bmo#1663466)
      Heap buffer overflow in WebGL
    * CVE-2020-26972 (bmo#1671382)
      Use-After-Free in WebGL
    * CVE-2020-26973 (bmo#1680084)
      CSS Sanitizer performed incorrect sanitization
    * CVE-2020-26974 (bmo#1681022)
      Incorrect cast of StyleGenericFlexBasis resulted in a heap
    * CVE-2020-26975 (bmo#1661071)
      Malicious applications on Android could have induced Firefox
      for Android into sending arbitrary attacker-specified headers
    * CVE-2020-26976 (bmo#1674343)
      HTTPS pages could have been intercepted by a registered
      service worker when they should not have been
    * CVE-2020-26977 (bmo#1676311)
      URL spoofing via unresponsive port in Firefox for Android
    * CVE-2020-26978 (bmo#1677047)
      Internal network hosts could have been probed by a malicious
    * CVE-2020-26979 (bmo#1641287, bmo#1673299)
      When entering an address in the address or search bars, a
      website could have redirected the user before they were
      navigated to the intended url
    * CVE-2020-35111 (bmo#1657916)
      The proxy.onRequest API did not catch view-source URLs
    * CVE-2020-35112 (bmo#1661365)
      Opening an extension-less download may have inadvertently
      launched an executable instead
    * CVE-2020-35113 (bmo#1664831, bmo#1673589)
      Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
    * CVE-2020-35114 (bmo#1607449, bmo#1640416, bmo#1656459,
      bmo#1669914, bmo#1673567)
      Memory safety bugs fixed in Firefox 84
  - requires
    NSS >= 3.59
    rust >= 1.44
    rust-cbindgen >= 0.15.0
  - remove revert-795c8762b16b.patch and replace with mozilla-pgo.patch
* Sat Nov 21 2020 Kirill Kirillov <>
  - Add/Enable GNOME search provider
* Sun Nov 15 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 83.0
    * major update for SpiderMonkey improving performance significantly
    * optional HTTPS-Only mode
    * more improvements
    MFSA 2020-50 (bsc#1178824))
    * CVE-2020-26951 (bmo#1667113)
      Parsing mismatches could confuse and bypass security
      sanitizer for chrome privileged code
    * CVE-2020-26952 (bmo#1667685)
      Out of memory handling of JITed, inlined functions could lead
      to a memory corruption
    * CVE-2020-16012 (bmo#1642028)
      Variable time processing of cross-origin images during
      drawImage calls
    * CVE-2020-26953 (bmo#1656741)
      Fullscreen could be enabled without displaying the security UI
    * CVE-2020-26954 (bmo#1657026)
      Local spoofing of web manifests for arbitrary pages in
      Firefox for Android
    * CVE-2020-26955 (bmo#1663261)
      Cookies set during file downloads are shared between normal
      and Private Browsing Mode in Firefox for Android
    * CVE-2020-26956 (bmo#1666300)
      XSS through paste (manual and clipboard API)
    * CVE-2020-26957 (bmo#1667179)
      OneCRL was not working in Firefox for Android
    * CVE-2020-26958 (bmo#1669355)
      Requests intercepted through ServiceWorkers lacked MIME type
    * CVE-2020-26959 (bmo#1669466)
      Use-after-free in WebRequestService
    * CVE-2020-26960 (bmo#1670358)
      Potential use-after-free in uses of nsTArray
    * CVE-2020-15999 (bmo#1672223)
      Heap buffer overflow in freetype
    * CVE-2020-26961 (bmo#1672528)
      DoH did not filter IPv4 mapped IP Addresses
    * CVE-2020-26962 (bmo#610997)
      Cross-origin iframes supported login autofill
    * CVE-2020-26963 (bmo#1314912)
      History and Location interfaces could have been used to hang
      the browser
    * CVE-2020-26964 (bmo#1658865)
      Firefox for Android's Remote Debugging via USB could have
      been abused by untrusted apps on older versions of Android
    * CVE-2020-26965 (bmo#1661617)
      Software keyboards may have remembered typed passwords
    * CVE-2020-26966 (bmo#1663571)
      Single-word search queries were also broadcast to local
    * CVE-2020-26967 (bmo#1665820)
      Mutation Observers could break or confuse Firefox Screenshots
    * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
      bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
      Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
    * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872,
      Memory safety bugs fixed in Firefox 83
  - requires
    NSS >= 3.58
    nodejs >= 10.22.1
  - removed obsolete mozilla-ppc-altivec_static_inline.patch
  - disable LTO on TW because of ICEs in gcc
* Mon Nov 09 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 82.0.3
    MSFA 2020-49
    * CVE-2020-26950 (bmo#1675905)
      Write side effects in MCallGetProperty opcode not accounted for
* Mon Nov 02 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 82.0.2
    * few bugfixes for introduced regressions
* Sun Nov 01 2020 Kirill Kirillov <>
  - Enable GNOME search provider
* Thu Oct 15 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 82.0
    MFSA 2020-45 (bsc#1177872)
    * CVE-2020-15969 (bmo#1666570)
      Use-after-free in usersctp
    * CVE-2020-15254 (bmo#1668514)
      Undefined behavior in bounded channel of crossbeam rust crate
    * CVE-2020-15680 (bmo#1658881)
      Presence of external protocol handlers could be determined
      through image tags
    * CVE-2020-15681 (bmo#1666568)
      Multiple WASM threads may have overwritten each others' stub
      table entries
    * CVE-2020-15682 (bmo#1636654)
      The domain associated with the prompt to open an external
      protocol could be spoofed to display the incorrect origin
    * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
      bmo#1662760, bmo#1663439, bmo#1666140)
      Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
    * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
      Memory safety bugs fixed in Firefox 82
  - requires
    * NSPR 4.29
    * NSS 3.57
* Thu Oct 01 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 81.0.1
  - remove obsolete python2 build requires
* Wed Sep 30 2020 Guillaume GARDET <>
  - Increase disk requirements in _constraints to match current needs
* Fri Sep 18 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 81.0
    MFSA 2020-42 (bsc#1176756)
    * CVE-2020-15675 (bmo#1654211)
      Use-After-Free in WebGL
    * CVE-2020-15677 (bmo#1641487)
      Download origin spoofing via redirect
    * CVE-2020-15676 (bmo#1646140)
      XSS when pasting attacker-controlled data into a
      contenteditable element
    * CVE-2020-15678 (bmo#1660211)
      When recursing through layers while scrolling, an iterator
      may have become invalid, resulting in a potential use-after-
      free scenario
    * CVE-2020-15673 (bmo#1648493, bmo#1660800)
      Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
    * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
      Memory safety bugs fixed in Firefox 81
  - requires
    NSPR 4.28
    NSS 3.56
  - removed obsolete patches
    * mozilla-system-nspr.patch
    * mozilla-bmo1661715.patch
    * mozilla-silence-no-return-type.patch
  - skip post-build-checks for 15.0 and 15.1
  - add revert-795c8762b16b.patch to fix LTO builds with gcc
    (related to bmo#1644409)
  - require python3-curses as workaround to fix i586 build
* Thu Sep 17 2020 Guillaume GARDET <>
  - Use %limit_build macro again for aarch64 and armv7, instead of
    the new memoryperjob _constraints to use more workers
* Sat Sep 05 2020 Wolfgang Rosenauer <>
  - add mozilla-bmo1661715.patch to fix Flash plugin
* Wed Sep 02 2020 Manfred Hollstein <>
  - Mozilla Firefox 80.0.1: Bug fixes:
    * Fixed a performance regression when encountering new intermediate
      CA certificates (bmo#1661543)
    * Fixed crashes possibly related to GPU resets (bmo#1627616)
    * Fixed rendering on some sites using WebGL (bmo#1659225)
    * Fixed the zoom-in keyboard shortcut on Japanese language builds
    * Fixed download issues related to extensions and cookies
  - added mozilla-silence-no-return-type.patch
* Tue Aug 25 2020 Wolfgang Rosenauer <>
  - more whitelisting (/dev/random) for sandbox in relation to FIPS
  - improve langpack builds to use dedicated objdirs and make it
    parallel again
* Sat Aug 22 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 80.0
    MFSA 2020-36 (bsc#1175686)
    * CVE-2020-15663 (bmo#1643199)
      Downgrade attack on the Mozilla Maintenance Service could
      have resulted in escalation of privilege
    * CVE-2020-15664 (bmo#1658214)
      Attacker-induced prompt for extension installation
    * CVE-2020-12401 (bmo#1631573)
      Timing-attack on ECDSA signature generation
    * CVE-2020-6829 (bmo#1631583)
      P-384 and P-521 vulnerable to an electro-magnetic side
      channel attack on signature generation
    * CVE-2020-12400 (bmo#1623116)
      P-384 and P-521 vulnerable to a side channel attack on
      modular inversion
    * CVE-2020-15665 (bmo#1651636)
      Address bar not reset when choosing to stay on a page after
      the beforeunload dialog is shown
    * CVE-2020-15666 (bmo#1450853)
      MediaError message property leaks cross-origin response
    * CVE-2020-15667 (bmo#1653371)
      Heap overflow when processing an update file
    * CVE-2020-15668 (bmo#1651520)
      Data Race when reading certificate information
    * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
      Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
  - requires
    * NSPR 4.27
    * NSS 3.55
  - added mozilla-system-nspr.patch (bmo#1661096)
  - exclude ga-IE locale as it's failing to build
  - rollback parallelize locale build because it breaks bookmarks
  - preserve original default bookmark file during langpack build
  - add some ccache output during build
* Thu Aug 20 2020 Martin Liška <>
  - Use new memoryperjob _constraints instead of %limit_build macro.
* Mon Aug 10 2020 Wolfgang Rosenauer <>
  - use ccache for build
  - replace versioned RPM deps with requires_ge
  - parallelize locale build
* Thu Aug 06 2020 Yunhe Guo <>
  - Change *.appdata.xml location to latest AppStream standard
* Thu Jul 23 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 79.0
    MFSA 2020-30 (bsc#1174538)
    * CVE-2020-15652 (bmo#1634872)
      Potential leak of redirect targets when loading scripts in a worker
    * CVE-2020-6514 (bmo#1642792)
      WebRTC data channel leaks internal address to peer
    * CVE-2020-15655 (bmo#1645204)
      Extension APIs could be used to bypass Same-Origin Policy
    * CVE-2020-15653 (bmo#1521542)
      Bypassing iframe sandbox when allowing popups
    * CVE-2020-6463 (bmo#1635293)
      Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
    * CVE-2020-15656 (bmo#1647293)
      Type confusion for special arguments in IonMonkey
    * CVE-2020-15658 (bmo#1637745)
      Overriding file type when saving to disk
    * CVE-2020-15657 (bmo#1644954)
      DLL hijacking due to incorrect loading path
    * CVE-2020-15654 (bmo#1648333)
      Custom cursor can overlay user interface
    * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
      bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
      bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
      Memory safety bugs fixed in Firefox 79
  - updated dependency requirements:
    * mozilla-nspr >= 4.26
    * mozilla-nss >= 3.54
    * rust >= 1.43
    * rust-cbindgen >= 0.14.3
  - removed obsolete patch
* Tue Jul 21 2020 Wolfgang Rosenauer <>
  - fixed syntax issue in desktop file (boo#1174360)
* Fri Jul 17 2020 Wolfgang Rosenauer <>
  - Add mozilla-libavcodec58_91.patch to link against updated
    soversion of libavcodec (58.91) with ffmpeg >= 4.3.
    (patch provided by Atri Bhattacharya <>
  - enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
    (Plasma 5.19.3 is now in TW)
* Sat Jul 11 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 78.0.2
    * Fixed an accessibility regression in reader mode (bmo#1650922)
    * Made the address bar more resilient to data corruption in the
      user profile (bmo#1649981)
    * Fixed a regression opening certain external applications (bmo#1650162)
    MFSA 2020-28
    * CVE pending (bmo#1644076)
      X-Frame-Options bypass using object or embed tags
  - added desktop file actions
  - do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  - rework langpack integration (boo#1173991)
    * ship XPIs instead of directories
    * allow addon sideloading
    * mark signatures for langpacks non-mandatory
    * do not autodisable user profile scopes
  - Google API key is not usable for geolocation service
  - fix pipewire support for TW (boo#1172903)
* Wed Jul 01 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 78.0.1
    * Fixed an issue which could cause installed search engines to not
      be visible when upgrading from a previous release.
  - enable MOZ_USE_XINPUT2 for TW (boo#1173320)
* Sun Jun 28 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 78.0
    * startup notifications now using Gtk instead of libnotify
    * PDF downloads now show an option to open the PDF directly in Firefox
    * Protections Dashboard (about:protections)
    * WebRTC not interrupted by screensaver anymore
    * disabled TLS 1.0 and 1.1 by default
    MFSA 2020-24 (bsc#1173576)
    * CVE-2020-12415 (bmo#1586630)
      AppCache manifest poisoning due to url encoded character processing
    * CVE-2020-12416 (bmo#1639734)
      Use-after-free in WebRTC VideoBroadcaster
    * CVE-2020-12417 (bmo#1640737)
      Memory corruption due to missing sign-extension for ValueTags
      on ARM64
    * CVE-2020-12418 (bmo#1641303)
      Information disclosure due to manipulated URL object
    * CVE-2020-12419 (bmo#1643874)
      Use-after-free in nsGlobalWindowInner
    * CVE-2020-12420 (bmo#1643437)
      Use-After-Free when trying to connect to a STUN server
    * CVE-2020-12402 (bmo#1631597)
      RSA Key Generation vulnerable to side-channel attack
    * CVE-2020-12421 (bmo#1308251)
      Add-On updates did not respect the same certificate trust
      rules as software updates
    * CVE-2020-12422 (bmo#1450353)
      Integer overflow in nsJPEGEncoder::emptyOutputBuffer
    * CVE-2020-12423 (bmo#1642400)
      DLL Hijacking due to searching %PATH% for a library
    * CVE-2020-12424 (bmo#1562600)
      WebRTC permission prompt could have been bypassed by a
      compromised content process
    * CVE-2020-12425 (bmo#1634738)
      Out of bound read in Date.parse()
    * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
      Memory safety bugs fixed in Firefox 78
  - requires
    * NSS >= 3.53.1
    * nodejs >= 10.21
    * Gtk+3 >= 3.14
  - removed obsolete patches
    * mozilla-s390-bigendian.patch
    * mozilla-bmo1634646.patch
  - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
    WebRTC with pipewire support to enable screen sharing under
    Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
    appropriately (boo#1172903).
  - adding SLE12 compatibility in spec file
  - add patches for s390x
    * mozilla-bmo1602730.patch (bmo#1602730)
    * mozilla-bmo1626236.patch (bmo#1626236)
    * mozilla-bmo998749.patch (bmo#998749)
    * mozilla-s390x-skia-gradient.patch
  - update
  - Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure
* Wed Jun 10 2020 Guillaume GARDET <>
  - Exclude armv6, since it is unbuildable since about 3 years
* Wed Jun 03 2020 Andreas Stieger <>
  - Mozilla Firefox 77.0.1
    * Disable automatic selection of DNS over HTTPS providers during
      a test to enable wider deployment in a more controlled way
* Fri May 29 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 77.0
    * view and manage web certificates more easily on the new
      about:certificate page
    * improvements in accessibility
    * significant improvements to JavaScript debugging
    MFSA 2020-20 (bsc#1172402)
    * CVE-2020-12399 (bmo#1631576)
      Timing attack on DSA signatures in NSS library
      (fixed with external NSS >= 3.52.1)
    * CVE-2020-12405 (bmo#1631618)
      Use-after-free in SharedWorkerService
    * CVE-2020-12406 (bmo#1639590)
      JavaScript type confusion with NativeTypes
    * CVE-2020-12407 (bmo#1637112)
      WebRender leaking GPU memory when using border-image CSS
    * CVE-2020-12408 (bmo#1623888)
      URL spoofing when using IP addresses
    * CVE-2020-12409 (bmo#1619305, bmo#1632717)
      Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
    * CVE-2020-12411 (bmo#1620972, bmo#1625333)
      Memory safety bugs fixed in Firefox 77
  - requires
    * NSS >= 3.52.1
    * rust-cbindgen >= 1.14.1
    * clang >= 5
  - added mozilla-bmo1634646.patch as part of fixing PGO build
    (still not working)
* Wed May 13 2020 Michel Normand <>
  - change again _constraints for ppc64le use <physicalmemory>
    and increase limit_build in spec file to reduce max_jobs.
* Sat May 09 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 76.0.1
    * Fixed a bug causing some add-ons such as Amazon Assistant to see
      multiple onConnect events, impairing functionality (bmo#1635637)
* Fri May 01 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 76.0
    * Lockwise improvements
    * Improvements in Picture-in-Picture feature
    * Support Audio Worklets
    MFSA-2020-16 (bsc#1171186)
    * CVE-2020-12387 (bmo#1545345)
      Use-after-free during worker shutdown
    * CVE-2020-12388 (bmo#1618911)
      Sandbox escape with improperly guarded Access Tokens
    * CVE-2020-12389 (bmo#1554110)
      Sandbox escape with improperly separated process types
    * CVE-2020-6831 (bmo#1632241)
      Buffer overflow in SCTP chunk input validation
    * CVE-2020-12390 (bmo#1141959)
      Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
    * CVE-2020-12391 (bmo#1457100)
      Content-Security-Policy bypass using object elements
    * CVE-2020-12392 (bmo#1614468)
      Arbitrary local file access with 'Copy as cURL'
    * CVE-2020-12393 (bmo#1615471)
      Devtools' 'Copy as cURL' feature did not fully escape
      website-controlled data, potentially leading to command injection
    * CVE-2020-12394 (bmo#1628288)
      URL spoofing in location bar when unfocussed
    * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
      bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
      Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
    * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
      bmo#1622291, bmo#1627644)
      Memory safety bugs fixed in Firefox 76
  - requires
    * NSS >= 3.51.1
    * nasm >= 2.14
  - removed obsolete patch mozilla-bmo1622013.patch
  - fix URI creation for KDE file selector integration (boo#1160331)
* Tue Apr 07 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 75.0
    MFSA 2020-12 (bsc#1168874)
    * CVE-2020-6821 (bmo#1625404)
      Uninitialized memory could be read when using the WebGL
      copyTexSubImage method
    * CVE-2020-6822 (bmo#1544181)
      Out of bounds write in GMPDecodeData when processing large images
    * CVE-2020-6823 (bmo#1614919)
      Malicious Extension could obtain auth codes from OAuth login flows
    * CVE-2020-6824 (bmo#1621853)
      Generated passwords may be identical on the same site between
      separate private browsing sessions
    * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
      Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
    * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
      Memory safety bugs fixed in Firefox 75
  - removed obsolete patch
  - requires
    * rust >= 1.41
    * rust-cbindgen >= 0.13.1
    * mozilla-nss >= 3.51
    * nodejs10 >= 10.19
  - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
* Mon Apr 06 2020 Michel Normand <>
  - increase _constraints memory for ppc64le
* Fri Apr 03 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 74.0.1
    MFSA 2020-11 (boo#1168630)
    * CVE-2020-6819 (bmo#1620818)
      Use-after-free while running the nsDocShell destructor
    * CVE-2020-6820 (bmo#1626728)
      Use-after-free when handling a ReadableStream
* Wed Mar 25 2020 Marcus Meissner <>
  - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
    to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
* Sat Mar 07 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 74.0
    MFSA 2020-08 (bsc#1166238)
    * CVE-2020-6805 (bmo#1610880)
      Use-after-free when removing data about origins
    * CVE-2020-6806 (bmo#1612308)
      BodyStream::OnInputStreamReady was missing protections against
      state confusion
    * CVE-2020-6807 (bmo#1614971)
      Use-after-free in cubeb during stream destruction
    * CVE-2020-6808 (bmo#1247968)
      URL Spoofing via javascript: URL
    * CVE-2020-6809 (bmo#1420296)
      Web Extensions with the all-urls permission could access local
    * CVE-2020-6810 (bmo#1432856)
      Focusing a popup while in fullscreen could have obscured the
      fullscreen notification
    * CVE-2020-6811 (bmo#1607742)
      Devtools' 'Copy as cURL' feature did not fully escape
      website-controlled data, potentially leading to command injection
    * CVE-2019-20503 (bmo#1613765)
      Out of bounds reads in sctp_load_addresses_from_init
    * CVE-2020-6812 (bmo#1616661)
      The names of AirPods with personally identifiable information
      were exposed to websites with camera or microphone permission
    * CVE-2020-6813 (bmo#1605814)
      @import statements in CSS could bypass the Content Security
      Policy nonce feature
    * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
      Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
    * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
      Memory and script safety bugs fixed in Firefox 74
  - requires
    * NSPR 4.25
    * NSS 3.50
    * rust-cbindgen 0.13.0
  - removed obsolete patches
  - add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
    (bmo#1609538, boo#1166471)
* Wed Feb 26 2020 Wolfgang Rosenauer <>
  - big endian fixes
* Tue Feb 25 2020 Guillaume GARDET <>
  - Fix build on aarch64/armv7 with:
    * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
* Thu Feb 20 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 73.0.1
    * Resolved problems connecting to the RBC Royal Bank website
    * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
    * Fixed crashes when playing encrypted content on some Linux systems
      (bmo#1614535, boo#1164646)
  - start in wayland mode when running under wayland session
* Sun Feb 09 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 73.0
    * Added support for setting a default zoom level applicable for all
      web content
    * High-contrast mode has been updated to allow background images
    * Improved audio quality when playing back audio at a faster or
      slower speed
    * Added NextDNS as alternative option for DNS over HTTPS
    MFSA 2020-05 (bsc#1163368)
    * CVE-2020-6796 (bmo#1610426)
      Missing bounds check on shared memory read in the parent process
    * CVE-2020-6797 (bmo#1596668) (MacOS X only)
      Extensions granted permission could open arbitrary
      applications on Mac OSX
    * CVE-2020-6798 (bmo#1602944)
      Incorrect parsing of template tag could result in JavaScript injection
    * CVE-2020-6799 (bmo#1606596) (Windows only)
      Arbitrary code execution when opening pdf links from other
      applications, when Firefox is configured as default pdf reader
    * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
      Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
    * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
      Memory safety bugs fixed in Firefox 73
  - updated requirements
    * rust >= 1.39
    * NSS >= 3.49.2
    * rust-cbindgen >= 0.12.0
  - rebased patches
  - removed obsolete patch
    * mozilla-bmo1601707.patch
  - switched to cairo-gtk3-wayland build
    (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set)
  - disabled elfhack due to failing packager
  - disabled PGO due to build failure
* Tue Jan 28 2020 Stasiek Michalski <>
  - Use a symbolic icon from branding internals
  - Pixmaps no longer required for the desktops
* Wed Jan 22 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 72.0.2
    * Various stability fixes
    * Fixed issues opening files with spaces in their path (bmo#1601905)
    * Fixed a hang opening about:logins when a master password is set
    * Fixed a web compatibility issue with CSS Shadow Parts which
      shipped in Firefox 72 (bmo#1604989)
    * Fixed inconsistent playback performance for fullscreen 1080p
      videos on some systems (bmo#1608485)
* Tue Jan 21 2020 Guillaume GARDET <>
  - Fix build for aarch64/ppc64le (do not update config.sub file
    for libbacktrace)
* Wed Jan 08 2020 Wolfgang Rosenauer <>
  - Mozilla Firefox 72.0.1
    MFSA 2020-03 (bsc#1160498)
    * CVE-2019-17026 (bmo#1607443)
      IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  - Mozilla Firefox 72.0
    * block fingerprinting scripts by default
    * new notification pop-ups
    * Picture-in-picture video
    MFSA 2020-01 (bsc#1160305)
    * CVE-2019-17016 (bmo#1599181)
      Bypass of @namespace CSS sanitization during pasting
    * CVE-2019-17017 (bmo#1603055)
      Type Confusion in XPCVariant.cpp
    * CVE-2019-17020 (bmo#1597645)
      Content Security Policy not applied to XSL stylesheets applied
      to XML documents
    * CVE-2019-17022 (bmo#1602843)
      CSS sanitization does not escape HTML tags
    * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
      NSS may negotiate TLS 1.2 or below after a TLS 1.3
      HelloRetryRequest had been sent
    * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
      Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
    * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
      Memory safety bugs fixed in Firefox 72
  - update to skip compare-locales
  - requires NSPR 4.24 and NSS 3.48
  - removed usage of browser-plugins convention for NPAPI plugins
    from start wrapper and changed the RPM macro to the
    /usr/$LIB/mozilla/plugins location (boo#1160302)
* Mon Dec 02 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 71.0
    * Improvements to Lockwise, our integrated password manager
    * More information about Enhanced Tracking Protection in action
    * Native MP3 decoding on Windows, Linux, and macOS
    * Configuration page (about:config) reimplemented in HTML
    * New kiosk mode functionality, which allows maximum screen space
      for customer-facing displays
    MFSA 2019-36
    * CVE-2019-11756 (bmo#1508776)
      Use-after-free of SFTKSession object
    * CVE-2019-17008 (bmo#1546331)
      Use-after-free in worker destruction
    * CVE-2019-13722 (bmo#1580156) (Windows only)
      Stack corruption due to incorrect number of arguments in WebRTC code
    * CVE-2019-17014 (bmo#1322864)
      Dragging and dropping a cross-origin resource, incorrectly loaded
      as an image, could result in information disclosure
    * CVE-2019-17010 (bmo#1581084)
      Use-after-free when performing device orientation checks
    * CVE-2019-17005 (bmo#1584170)
      Buffer overflow in plain text serializer
    * CVE-2019-17011 (bmo#1591334)
      Use-after-free when retrieving a document in antitracking
    * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
      bmo#1580288, bmo#1585760, bmo#1592502)
      Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
    * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
      bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
      Memory safety bugs fixed in Firefox 71
  - requires
    NSPR >= 4.23
    NSS >= 3.47.1
    rust/cargo >= 1.37
  - reactivate webrtc for platforms where it was disabled
  - updated to cover buildid and origin repo information
    - > removed obsolete source-stamp.txt
  - removed obsolete patches
  - changed locale building procedure
    * removed obsolete compare-locales.tar.xz
  - added mozilla-bmo1601707.patch to fix gcc/LTO builds
    (bmo#1601707, boo#1158466)
  - added mozilla-bmo849632.patch to fix big endian issues in skia
    used for WebGL
* Fri Nov 01 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 70.0.1
    * Fix for an issue that caused some websites or page elements using
      dynamic JavaScript to fail to load. (bmo#1592136)
    * Title bar no longer shows in full screen view (bmo#1588747)
  - added mozilla-bmo1504834-part4.patch to fix some visual issues on
    big endian platforms
* Sun Oct 20 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 70.0
    * more privacy protections from Enhanced Tracking Protection
    * Firefox Lockwise passwordmanager
    * Improvements to core engine components, for better browsing on more sites
    * Improved privacy and security indicators
    MFSA 2019-34
    * CVE-2018-6156 (bmo#1480088)
      Heap buffer overflow in FEC processing in WebRTC
    * CVE-2019-15903 (bmo#1584907)
      Heap overflow in expat library in XML_GetCurrentLineNumber
    * CVE-2019-11757 (bmo#1577107)
      Use-after-free when creating index updates in IndexedDB
    * CVE-2019-11759 (bmo#1577953)
      Stack buffer overflow in HKDF output
    * CVE-2019-11760 (bmo#1577719)
      Stack buffer overflow in WebRTC networking
    * CVE-2019-11761 (bmo#1561502)
      Unintended access to a privileged JSONView object
    * CVE-2019-11762 (bmo#1582857)
      document.domain-based origin isolation has same-origin-property violation
    * CVE-2019-11763 (bmo#1584216)
      Incorrect HTML parsing results in XSS bypass technique
    * CVE-2019-11765 (bmo#1562582)
      Incorrect permissions could be granted to a website
    * CVE-2019-17000 (bmo#1441468)
      CSP bypass using object tag with data: URI
    * CVE-2019-17001 (bmo#1587976)
      CSP bypass using object tag when script-src 'none' is specified
    * CVE-2019-17002 (bmo#1561056)
      upgrade-insecure-requests was not being honored for links dragged and dropped
    * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
      bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
      bmo#1583463, bmo#1586599)
      Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
  - requires
      rust/cargo >= 1.36
      NSPR >= 4.22
      NSS >= 3.46.1
      rust-cbindgen >= 0.9.1
  - removed obsolete patches
* Sun Oct 13 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 69.0.3
    * Fixed Yahoo mail users being prompted to download files when
      clicking on emails (bmo#1582848)
  - devel package build can easily be disabled now
* Thu Oct 03 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 69.0.2
    * Fixed a crash when editing files on Office 365 websites (bmo#1579858)
    * Fixed a Linux-only crash when changing the playback speed while
      watching YouTube videos (bmo#1582222)
  - updated supported locale list
  - Allow to build without profile guided optimizations (boo#1040589)
    (contributed by Bernhard Wiedemann)
  - Make build verbose (contributed by Martin Liška)
  - remove obsolete kde.js setting (boo#1151186) and related patch
  - update to latest revision and adjusted tar_stamps
  - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
  - extension preferences moved from branding package to core package
    (packaging but not branding specific)
* Thu Sep 19 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 69.0.1
    * Fixed external programs launching in the background when clicking
      a link from inside Firefox to launch them (bmo#1570845)
    * Usability improvements to the Add-ons Manager for users with
      screen readers (bmo#1567600)
    * Fixed the Captive Portal notification bar not being dismissable
      in some situations after login is complete (bmo#1578633)
    * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
    * Fixed missing stacks in the Developer Tools Performance section
    MFSA 2019-31
    * CVE-2019-11754 (bmo#1580506)
      Pointer Lock is enabled with no user notification
  - disable DOH by default
* Thu Sep 05 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 69.0
    * Enhanced Tracking Protection (ETP) for stronger privacy protections
    * Block Autoplay feature is enhanced to give users the option to block
      any video
    * Users in the US or using the en-US browser, can get a new “New Tab”
      page experience connecting to the best of Pocket's content.
    * Support for the Web Authentication HmacSecret extension via
      Windows Hello introduced.
    * Support for receiving multiple video codecs with this release makes
      it easier for WebRTC conferencing services to mix video from
      different clients.
    MFSA 2019-25 (boo#1149324)
    * CVE-2019-11741 (bmo#1539595)
      Isolate and
    * CVE-2019-5849 (bmo#1555838)
      Out-of-bounds read in Skia
    * CVE-2019-11737 (bmo#1388015)
      Content security policy directives ignore port and path if host is a wildcard
    * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
      Memory safety bugs fixed in Firefox 69
    * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
      Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
    * CVE-2019-11740 (bmo#1563133,bmo#1573160)
      Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
  - requires
    * rust/cargo >= 1.35
    * rust-cbindgen >= 0.9.0
    * mozilla-nss >= 3.45
  - rebased patches
* Wed Sep 04 2019 Wolfgang Rosenauer <>
  - added a bunch of patches mainly for big endian platforms
    * mozilla-bmo1504834-part1.patch
    * mozilla-bmo1504834-part2.patch
    * mozilla-bmo1504834-part3.patch
    * mozilla-bmo1511604.patch
    * mozilla-bmo1554971.patch
    * mozilla-bmo1573381.patch
    * mozilla-nestegg-big-endian.patch
    * mozilla-bmo1512162.patch
* Fri Aug 30 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 68.1.0
    MFSA 2019-26
    * CVE-2019-11751 (bmo#1572838; Windows only)
      Malicious code execution through command line parameters
    * CVE-2019-11746 (bmo#1564449)
      Use-after-free while manipulating video
    * CVE-2019-11744 (bmo#1562033)
      XSS by breaking out of title and textarea elements using innerHTML
    * CVE-2019-11742 (bmo#1559715)
      Same-origin policy violation with SVG filters and canvas to steal
      cross-origin images
    * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
      File manipulation and privilege escalation in Mozilla Maintenance Service
    * CVE-2019-11753 (bmo#1574980; Windows only)
      Privilege escalation with Mozilla Maintenance Service in custom
      Firefox installation location
    * CVE-2019-11752 (bmo#1501152)
      Use-after-free while extracting a key value in IndexedDB
    * CVE-2019-9812 (bmo#1538008, bmo#1538015)
      Sandbox escape through Firefox Sync
    * CVE-2019-11743 (bmo#1560495)
      Cross-origin access to unload event attributes
    * CVE-2019-11748 (bmo#1564588)
      Persistence of WebRTC permissions in a third party context
    * CVE-2019-11749 (bmo#1565374)
      Camera information available without prompting using getUserMedia
    * CVE-2019-11750 (bmo#1568397)
      Type confusion in Spidermonkey
    * CVE-2019-11738 (bmo#1452037)
      Content security policy bypass through hash-based sources in directives
    * CVE-2019-11747 (bmo#1564481)
      'Forget about this site' removes sites from pre-loaded HSTS list
    * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
      Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
    * CVE-2019-11740 (bmo#1563133,bmo#1573160)
      Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
  - switched package to ESR branch
  - added mozilla-bmo1568145.patch to make builds reproducible
  - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
* Sun Aug 18 2019 Andreas Stieger <>
  - Mozilla Firefox 68.0.2:
    * Fixed a bug causing some special characters to be cut off from
      the end of the search terms when searching from the URL bar
    * Allow fonts to be loaded via file:// URLs when opening a page
      locally (bmo#1565942)
    * Printing emails from the Outlook web app no longer prints only
      the header and footer (bmo#1567105)
    * Fixed a bug causing some images not to be displayed on reload,
      including on Google Maps (bmo# 1565542)
    * Fixed an error when starting external applications configured
      as URI handlers (bmo#1567614)
    MFSA 2019-24 (boo#1145665)
    * CVE-2019-11733: Stored passwords in 'Saved Logins' can be
      copied without master password entry (bmo#1565780)
  - drop fix-build-after-y2038-changes-in-glibc.patch, upstream
* Fri Aug 16 2019 Jonathan Brielmaier <>
  - Fix crash when typing in the URL bar on ppc64le (bmo#1512162).
    The upstream patch doesn't resolve the issue on TW, but compiling
    with -O1 does. Do this until we have a proper fix.
* Thu Aug 01 2019 Guillaume GARDET <>
  - Update build constraints to fix arm builds
* Fri Jul 19 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 68.0.1
    * Fixed missing Full Screen button when watching videos in full
      screen mode on HBO GO (bmo#1562837)
    * Fixed a bug causing incorrect messages to appear for some
      locales when sites try to request the use of the Storage
      Access API (bmo#1558503)
    * Users in Russian regions may have their default search engine
      changed (bmo#1565315)
    * Built-in search engines in some locales do not function
      correctly (bmo#1565779)
    * SupportMenu policy doesn't always work (bmo#1553290)
    * Allow the privacy.file_unique_origin pref to be controlled by
      policy (bmo#1563759)
* Thu Jul 11 2019 Jiri Slaby <>
  - add fix-build-after-y2038-changes-in-glibc.patch
* Wed Jul 10 2019 Bernhard Wiedemann <>
  - Generate langpacks sequentially to avoid file corruption
    from racy file writes (boo#1137970)
* Mon Jul 08 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 68.0
    * Dark mode in reader view
    * Improved extension security and discovery
    * Cryptomining and fingerprinting protections are added to strict
      content blocking settings in Privacy & Security preferences
    * Camera and microphone access now require an HTTPS connection
    MFSA 2019-21 (bsc#1140868)
    * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
      Sandbox escape via installation of malicious languagepack
    * CVE-2019-11711 (bmo#1552541)
      Script injection within domain through inner window reuse
    * CVE-2019-11712 (bmo#1543804)
      Cross-origin POST requests can be made with NPAPI plugins by
      following 308 redirects
    * CVE-2019-11713 (bmo#1528481)
      Use-after-free with HTTP/2 cached stream
    * CVE-2019-11714 (bmo#1542593)
      NeckoChild can trigger crash when accessed off of main thread
    * CVE-2019-11729 (bmo#1515342)
      Empty or malformed p256-ECDH public keys may trigger a segmentation fault
    * CVE-2019-11715 (bmo#1555523)
      HTML parsing error can contribute to content XSS
    * CVE-2019-11716 (bmo#1552632)
      globalThis not enumerable until accessed
    * CVE-2019-11717 (bmo#1548306)
      Caret character improperly escaped in origins
    * CVE-2019-11718 (bmo#1408349)
      Activity Stream writes unsanitized content to innerHTML
    * CVE-2019-11719 (bmo#1540541)
      Out-of-bounds read when importing curve25519 private key
    * CVE-2019-11720 (bmo#1556230)
      Character encoding XSS vulnerability
    * CVE-2019-11721 (bmo#1256009)
      Domain spoofing through unicode latin 'kra' character
    * CVE-2019-11730 (bmo#1558299)
      Same-origin policy treats all files in a directory as having the
    * CVE-2019-11723 (bmo#1528335)
      Cookie leakage during add-on fetching across private browsing boundaries
    * CVE-2019-11724 (bmo#1512511)
      Retired site has remote troubleshooting permissions
    * CVE-2019-11725 (bmo#1483510)
      Websocket resources bypass safebrowsing protections
    * CVE-2019-11727 (bmo#1552208)
      PKCS#1 v1.5 signatures can be used for TLS 1.3
    * CVE-2019-11728 (bmo#1552993)
      Port scanning through Alt-Svc header
    * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
      bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
      bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
      Memory safety bugs fixed in Firefox 68
    * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
      bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
      Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
  - requires
    * NSS 3.44.1
    * rust/cargo 1.34
    * rust-cbindgen 0.8.7
  - rebased patches
    * mozilla-aarch64-startup-crash.patch
    * mozilla-kde.patch
    * mozilla-nongnome-proxies.patch
    * firefox-kde.patch
  - use new and add tar_stamps for package definitions
  - added patches imported from SLE flavour
    * mozilla-gcc-internal-compiler-error.patch
    * mozilla-bmo1005535.patch
    * mozilla-ppc-altivec_static_inline.patch
    * mozilla-reduce-rust-debuginfo.patch
    * mozilla-s390-bigendian.patch
    * mozilla-s390-context.patch
* Tue Jul 02 2019 Martin Liška <>
  - Enable PGO for x86_64.
    * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
* Thu Jun 20 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 67.0.4
    MFSA 2019-19 (boo#1138872)
    * CVE-2019-11708 (bmo#1559858)
      sandbox escape using Prompt:Open
* Tue Jun 18 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 67.0.3
    MFSA 2019-18 (boo#1138614)
    * CVE-2019-11707 (bmo#1544386)
      Type confusion in Array.pop
* Wed Jun 12 2019 Manfred Hollstein <>
  - Mozilla Firefox 67.0.2
    * Fixed: Fix JavaScript error ("TypeError: data is null in
      PrivacyFilter.jsm") in console which may significantly degrade
      sessionstore reliability and performance (bmo#1553413)
    * Fixed: Proxy authentication dialog box repeatedly pops up
      asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
    * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
      implementation (bmo#1551282)
    * Fixed: Starting in safe mode on Linux or macOS causes Firefox
      to think on the subsequent launch that the profile is too
      recent to be used with this version of Firefox (bmo#1556612)
    * Fixed: Linux distribution users can't easily install/use
      additional/different languages using the built-in preferences
      UI (bmo#1554744)
    * Fixed: Developer tools users can't copy the href/src content
      from various HTML tags via the context menu in the Inspector
      markup view (bmo#1552275)
    * Fixed: Custom home page is broken with clearing data on shutdown
      settings applied (bmo#1554167)
    * Fixed: Performance-regression for eclipse RAP based applications
    * Fixed: macOS 10.15 crash fix (bmo#1556076)
    * Fixed: Can't start two downloads in parallel via <a download>
      anymore (bmo#1542912)
* Thu Jun 06 2019 Manfred Hollstein <>
  - Mozilla Firefox 67.0.1
    * enable enhanced tracking protection by default for new users
    * upgrade of Facebook container to version 2.0
    * new version of Firefox Lockwise (password management)
    * new version of Firefox Monitor
    * Firefox Send improvements
* Sun May 19 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 67.0
    * Firefox 67 will be able to run different Firefox installs side by side
    * Tabs can now be pinned from the Page Actions menu in the address bar
    * Users can block known cryptominers and fingerprinters in the
      Custom settings or their Content Blocking preferences
    * The Import Data from Another Browser feature is now also available
      from the File menu
    * Firefox will now protect you against running older versions which
      can lead to data corruption and stability issues
    * Easier access to your list of saved logins from the main menu and
      login autocomplete
    * We’ve added a toolbar menu for your Firefox Account to provide more
      transparency for when you are synced, sharing data across devices
      and with Firefox. Personalize the appearance of the menu with your
      own avatar
    * Enable FIDO U2F API, and permit registrations for Google Accounts
    * Enabled AV1 support on Linux
    MFSA 2019-13 (boo#1135824)
    * CVE-2019-9815 (bmo#1546544)
      Disable hyperthreading on content JavaScript threads on macOS
    * CVE-2019-9816 (bmo#1536768)
      Type confusion with object groups and UnboxedObjects
    * CVE-2019-9817 (bmo#1540221)
      Stealing of cross-domain images using canvas
    * CVE-2019-9818 (bmo#1542581) (Windows only)
      Use-after-free in crash generation server
    * CVE-2019-9819 (bmo#1532553)
      Compartment mismatch with fetch API
    * CVE-2019-9820 (bmo#1536405)
      Use-after-free of ChromeEventHandler by DocShell
    * CVE-2019-9821 (bmo#1539125)
      Use-after-free in AssertWorkerThread
    * CVE-2019-11691 (bmo#1542465)
      Use-after-free in XMLHttpRequest
    * CVE-2019-11692 (bmo#1544670)
      Use-after-free removing listeners in the event listener manager
    * CVE-2019-11693 (bmo#1532525)
      Buffer overflow in WebGL bufferdata on Linux
    * CVE-2019-7317 (bmo#1542829)
      Use-after-free in png_image_free of libpng library
    * CVE-2019-11694 (bmo#1534196) (Windows only)
      Uninitialized memory memory leakage in Windows sandbox
    * CVE-2019-11695 (bmo#1445844)
      Custom cursor can render over user interface outside of web content
    * CVE-2019-11696 (bmo#1392955)
      Java web start .JNLP files are not recognized as executable files
      for download prompts
    * CVE-2019-11697 (bmo#1440079)
      Pressing key combinations can bypass installation prompt delays and
      install extensions
    * CVE-2019-11698 (bmo#1543191)
      Theft of user history data through drag and drop of hyperlinks
      to and from bookmarks
    * CVE-2019-11700 (bmo#1549833) (Windows only)
      res: protocol can be used to open known local files
    * CVE-2019-11699 (bmo#1528939)
      Incorrect domain name highlighting during page navigation
    * CVE-2019-11701 (bmo#1518627)
      webcal: protocol default handler loads vulnerable web page
    * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
      bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
      Memory safety bugs fixed in Firefox 67
    * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
      bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
      bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
      bmo#1532465, bmo#1533554, bmo#1541580)
      Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
  - requires
    * rust/cargo >= 1.32
    * mozilla-nspr >= 4.21
    * mozilla-nss >= 3.43
    * rust-cbindgen >= 0.8.2
  - rebased patches
  - KDE integration for default browser detection is broken in this revision
* Fri May 17 2019 Guillaume GARDET <>
  - Fix armv7 build with:
    * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
* Fri May 10 2019 Manfred Hollstein <>
  - Mozilla Firefox 66.0.5
    * Fixed: Further improvements to re-enable web extensions which
      had been disabled for users with a master password set (bmo#1549249)
* Sun May 05 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 66.0.4 (boo#1134126)
    * fix extension certificate chain
* Thu Apr 11 2019 Manfred Hollstein <>
  - Mozilla Firefox 66.0.3
    * Fixed: Address bar on tablets running Windows 10 now behaves
      correctly (bmo#1498973)
    * Fixed: Performance issues with some HTML5 games (bmo#1537609)
    * Fixed a bug with keypress events in IBM cloud applications
    * Fix for keypress events in some Microsoft cloud applications
    * Changed: Updated Baidu search plugin
* Thu Mar 28 2019 Manfred Hollstein <>
  - Mozilla Firefox 66.0.2
    * Fixed Web compatibility issues with Office 365, iCloud and
      IBM WebMail caused by recent changes to the handling of
      keyboard events (bmo#1538966)
    * Crash fixes (bmo#1521370, bmo#1539118)
* Thu Mar 28 2019 Guillaume GARDET <>
  - Add patch to fix aarch64 build:
    * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
* Fri Mar 22 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 66.0.1
    MFSA 2019-09 (bsc#1130262)
    * CVE-2019-9810 (bmo#1537924)
      IonMonkey MArraySlice has incorrect alias information
    * CVE-2019-9813 (bmo#1538006)
      Ionmonkey type confusion with __proto__ mutations
* Sun Mar 17 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 66.0
    * Increased content processes to 8
    * Added capability to search through open tabs from the tab overflow menu
    * New backend for the storage.local WebExtensions API, providing
      I/O performance improvements when the extension updates a small
      subset of the stored data
    * WebExtension keyboard shortcuts can now be managed or overridden
      from about:addons
    * Improved scrolling behavior: Firefox will now attempt to keep content
      from jumping around while a page is loading by supporting scroll
    * New about:privatebrowsing with search
    * A certificate error page now notifies the user of the name of the
      certificate issuer that breaks HTTPs connections on intercepted
      connections to help troubleshooting possible anti-virus software
    * Fixed an performance issue some Linux users experienced with the
      Downloads panel (bmo#1517101)
    * Firefox now blocks all autoplay media with sound by default. Users
      can add individual sites to an exceptions list or turn the blocking
    * System title bar is hidden by default to match Gnome guideline
    MFSA 2019-07 (bsc#1129821)
    * CVE-2019-9790 (bmo#1525145)
      Use-after-free when removing in-use DOM elements
    * CVE-2019-9791 (bmo#1530958)
      Type inference is incorrect for constructors entered through on-stack
      replacement with IonMonkey
    * CVE-2019-9792 (bmo#1532599)
      IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
    * CVE-2019-9793 (bmo#1528829)
      Improper bounds checks when Spectre mitigations are disabled
    * CVE-2019-9794 (bmo#1530103) (Windows only)
      Command line arguments not discarded during execution
    * CVE-2019-9795 (bmo#1514682)
      Type-confusion in IonMonkey JIT compiler
    * CVE-2019-9796 (bmo#1531277)
      Use-after-free with SMIL animation controller
    * CVE-2019-9797 (bmo#1528909)
      Cross-origin theft of images with createImageBitmap
    * CVE-2019-9798 (bmo#1527534) (Android only)
      Library is loaded from world writable APITRACE_LIB location
    * CVE-2019-9799 (bmo#1505678)
      Information disclosure via IPC channel messages
    * CVE-2019-9801 (bmo#1527717) (Windows only)
      Windows programs that are not 'URL Handlers' are exposed to web content
    * CVE-2019-9802 (bmo#1415508)
      Chrome process information leak
    * CVE-2019-9803 (bmo#1515863, bmo#1437009)
      Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
    * CVE-2019-9804 (bmo#1518026) (MacOS only)
      Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
    * CVE-2019-9805 (bmo#1521360)
      Potential use of uninitialized memory in Prio
    * CVE-2019-9806 (bmo#1525267)
      Denial of service through successive FTP authorization prompts
    * CVE-2019-9807 (bmo#1362050)
      Text sent through FTP connection can be incorporated into alert messages
    * CVE-2019-9809 (bmo#1282430, bmo#1523249)
      Denial of service through FTP modal alert error messages
    * CVE-2019-9808 (bmo#1434634)
      WebRTC permissions can display incorrect origin with data: and blob: URLs
    * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
      bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
      bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
      Memory safety bugs fixed in Firefox 66
    * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
      bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
      Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
  - updated build/runtime requirements
    * mozilla-nss >= 3.42.1
    * cargo/rust >= 1.31
    * rust-cbindgen >= 0.6.8
    * nasm >= 2.13 (new)
  - removed obsolete patch
    * mozilla-bmo256180.patch
* Tue Mar 05 2019 Stephan Kulow <>
  - Do not hardcode nodejs8 but leave the prefer to the distribution
    (Tumbleweed staging wants to switch to nodejs10)
* Fri Feb 15 2019 Guillaume GARDET <>
  - Update _constraints to avoid 'no space left' error seen on aarch64
* Wed Feb 13 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 65.0.1
    * Fixed accidental requests to when an addon
      recommendation doorhanger is shown (bmo#1526387)
    * Improved playback of interactive Netflix videos (bmo#1524500)
    * Fixed incorrect sizing of the "Clear Recent History" window in
      some situations (bmo#1523696)
    * Fixed audio & video delays while making WebRTC calls
      (bmo#1521577, bmo#1523817)
    * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
    * Fixed looping CONNECT requests when using WebSockets over HTTP/2
      from behind a proxy server (bmo#1523427)
    * Fixed the "Enter" key not working on password entry fields for
      certain Linux distributions (bmo#1523635)
    MFSA 2019-04 (bsc#1125330)
    * CVE-2018-18356 bmo#1525817
      Use-after-free in Skia
    * CVE-2019-5785 bmo#1525433
      Integer overflow in Skia
    * CVE-2018-18511 bmo#1526218
      Cross-origin theft of images with ImageBitmapRenderingContext
* Wed Feb 13 2019 Martin Liška <>
  - Enable LTO only for latest new toolchain (boo#1125038) for x86_64
    (with increased memory constraints)
* Sat Jan 26 2019 Wolfgang Rosenauer <>
  - Mozilla Firefox 65.0
    * Enhanced tracking protection
    * allow switching of UI locales within preferences
    * support for the WebP image format
    * "top"-like about:performance
    MFSA 2019-01 (bsc#1122983)
    * CVE-2018-18500 bmo#1510114
      Use-after-free parsing HTML5 stream
    * CVE-2018-18503 bmo#1509442
      Memory corruption with Audio Buffer
    * CVE-2018-18504 bmo#1496413
      Memory corruption and out-of-bounds read of texture client
    * CVE-2018-18505 bmo#1497749
      Privilege escalation through IPC channel messages
    * CVE-2018-18506 bmo#1503393
      Proxy Auto-Configuration file can define localhost access to be proxied
    * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
      bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
      bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
      Memory safety bugs fixed in Firefox 65
    * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
      bmo#1502871 bmo#1516738 bmo#1516514
      Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  - requires
    NSS 3.41
    rust/carge 1.30
    rust-cbindgen 0.6.7
  - rebased patches
  - remove workaround for build memory consumption on i586; other
    mitigations meanwhile introduced (mainly parallelity) will be
* Tue Jan 15 2019 Martin Liška <>
  - Increase disk constraint.
* Mon Jan 14 2019 Martin Liška <>
  - Remove -v from mach build in order to work-around bmo#1500436.
* Fri Jan 11 2019 Martin Liška <>
  - Set %clang_build to false on all architectures
  - Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
    it should not be needed anymore
  - Do not overwrite enable-optimize and when possible
    enable --enable-debug-symbols.
  - Add -v to mach in order to make build verbose.
* Wed Jan 09 2019
  - Mozilla Firefox 64.0.2:
    * Update the Japanese translation for missing strings (bmo#1513259)
    * Properly restore column sizes in developer tools inspector (bmo#1503175)
    * Fixed video stuttering on Youtube (bmo#1513511)
    * Fix updates for some lightweight themes (bmo#1508777)



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Dec 1 23:25:27 2022