pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/firefox128
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Jul 22 23:38:54 UTC 2025
Modified Files:
pkgsrc/www/firefox128: Makefile distinfo
Log Message:
firefox128: update to 128.13.0
Mozilla Foundation Security Advisory 2025-58
Security Vulnerabilities fixed in Firefox ESR 128.13
Announced
July 22, 2025
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 128.13
#CVE-2025-8027: JavaScript engine only wrote partial return value to stack
Reporter
Nan Wang
Impact
high
Description
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits.
References
Bug 1968423
#CVE-2025-8028: Large branch table could lead to truncated instruction
Reporter
Gary Kwong
Impact
high
Description
On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address.
References
Bug 1971581
#CVE-2025-8029: javascript: URLs executed on object and embed tags
Reporter
Mirko Brodesser
Impact
moderate
Description
Firefox executed javascript: URLs when used in object and embed tags.
References
Bug 1928021
#CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command
Reporter
Ameen Basha M K
Impact
moderate
Description
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.
References
Bug 1968414
#CVE-2025-8031: Incorrect URL stripping in CSP reports
Reporter
Tom Schuster
Impact
moderate
Description
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials.
References
Bug 1971719
#CVE-2025-8032: XSLT documents could bypass CSP
Reporter
Joe Turki
Impact
moderate
Description
XSLT document loading did not correctly propagate the source document which bypassed its CSP.
References
Bug 1974407
#CVE-2025-8033: Incorrect JavaScript state machine for generators
Reporter
Shaheen Fazim
Impact
low
Description
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref.
References
Bug 1973990
#CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
Reporter
the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
#CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
Reporter
the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/www/firefox128/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox128/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/firefox128/Makefile
diff -u pkgsrc/www/firefox128/Makefile:1.27 pkgsrc/www/firefox128/Makefile:1.28
--- pkgsrc/www/firefox128/Makefile:1.27 Tue Jun 24 20:26:36 2025
+++ pkgsrc/www/firefox128/Makefile Tue Jul 22 23:38:54 2025
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2025/06/24 20:26:36 bsiegert Exp $
+# $NetBSD: Makefile,v 1.28 2025/07/22 23:38:54 gutteridge Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH= 128.12
+MOZ_BRANCH= 128.13
MOZ_BRANCH_MINOR= .0esr
DISTNAME= firefox-${FIREFOX_VER}.source
Index: pkgsrc/www/firefox128/distinfo
diff -u pkgsrc/www/firefox128/distinfo:1.17 pkgsrc/www/firefox128/distinfo:1.18
--- pkgsrc/www/firefox128/distinfo:1.17 Tue Jun 24 20:26:36 2025
+++ pkgsrc/www/firefox128/distinfo Tue Jul 22 23:38:54 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.17 2025/06/24 20:26:36 bsiegert Exp $
+$NetBSD: distinfo,v 1.18 2025/07/22 23:38:54 gutteridge Exp $
-BLAKE2s (firefox-128.12.0esr.source.tar.xz) = 65926aceb69965238ae5e2e8b0cdbbc8d7c6f8d6009e56688ebab00ff4c472ca
-SHA512 (firefox-128.12.0esr.source.tar.xz) = 442d0b2b6ce02adcd878975f01e86548ca8fe93840185d77a1acb41ec99440c7abfdc8757e6f30d60593dcf2c7f50563b6ea6ccd4d239beea01305615b73c359
-Size (firefox-128.12.0esr.source.tar.xz) = 560934320 bytes
+BLAKE2s (firefox-128.13.0esr.source.tar.xz) = 5124b6be09d48b9e2991c0f6ab38b2120c3bdbef7f6847c8df37ceb30adcb829
+SHA512 (firefox-128.13.0esr.source.tar.xz) = 9e6f3af535e0904219bcac947d458789cc43cbfaf476ac287328323662391eaaadeff57b244599acf3626a2fadc0bc41b70d07e33ca6af4412006ad01ceff034
+Size (firefox-128.13.0esr.source.tar.xz) = 560782432 bytes
BLAKE2s (nodejs-output-128.0.tgz) = a55b907ebe308948b99b9150d2530204c8fe2a5fda5ac371dd1163a6db43bcbc
SHA512 (nodejs-output-128.0.tgz) = fba59ec14c43556749cac7a9233278e8dcd7779d5ba530ede67009bf1887c5d72dd31e3f440164b646738b465d852b882522caf7ed9aa4f81f53e588bdd3adec
Size (nodejs-output-128.0.tgz) = 227482 bytes
Home |
Main Index |
Thread Index |
Old Index