SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mozjs102-102.7.0-lp153.16.1.x86_64.rpm :

* Tue Jan 17 2023 Bjørn Lie - Update to version 102.7.0: + Various stability, functionality, and security fixes. + CVE-2022-46871: libusrsctp library out of date. + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux. + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows. + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation. + CVE-2023-23602: Content Security Policy wasn\'t being correctly applied to WebSockets in WebWorkers. + CVE-2022-46877: Fullscreen notification bypass. + CVE-2023-23603: Calls to console.log allowed bypasing Content Security Policy via format directive. + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7.
* Wed Dec 14 2022 Bjørn Lie - Update to version 102.6.0: + Various stability, functionality, and security fixes. + CVE-2022-46880: Use-after-free in WebGL. + CVE-2022-46872: Arbitrary file read from a compromised content process. + CVE-2022-46881: Memory corruption in WebGL. + CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions. + CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS. + CVE-2022-46882: Use-after-free in WebGL. + CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6.
* Fri Nov 18 2022 Bjørn Lie - Update to version 102.5.0: + Various stability, functionality, and security fixes. + CVE-2022-45403: Service Workers might have learned size of cross-origin media files. + CVE-2022-45404: Fullscreen notification bypass. + CVE-2022-45405: Use-after-free in InputStream implementation. + CVE-2022-45406: Use-after-free of a JavaScript Realm. + CVE-2022-45408: Fullscreen notification bypass via windowName. + CVE-2022-45409: Use-after-free in Garbage Collection. + CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy. + CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers. + CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers. + CVE-2022-45416: Keystroke Side-Channel Leakage. + CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI. + CVE-2022-45420: Iframe contents could be rendered outside the iframe. + CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5.
* Tue Oct 18 2022 Bjørn Lie - Update to version 102.4.0: + Various stability, functionality, and security fixes. + CVE-2022-42927: Same-origin policy violation could have leaked cross-origin URLs. + CVE-2022-42928: Memory Corruption in JS Engine. + CVE-2022-42929: Denial of Service via window.print. + CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4.
* Tue Sep 27 2022 Fabian Vogt - Adjust name of ICU data file to fix build on big-endian platforms
* Tue Sep 20 2022 Bjørn Lie - Update to version 102.3.0: + Various stability, functionality, and security fixes. + CVE-2022-3266: Out of bounds read when decoding H264. + CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages. + CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads. + CVE-2022-40958: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix. + CVE-2022-40956: Content-Security-Policy base-uri bypass. + CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64. + CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3.
* Fri Aug 26 2022 Bjørn Lie - Initial packaging for openSUSE.
  
ICM