pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/firefox140
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Mar 24 13:11:35 UTC 2026
Modified Files:
pkgsrc/www/firefox140: Makefile distinfo
Log Message:
firefox140: update to 140.9
Mozilla Foundation Security Advisory 2026-22
Security Vulnerabilities fixed in Firefox ESR 140.9
Announced
March 24, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.9
#CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component
Reporter
Oskar L
Impact
high
References
Bug 2011129
#CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2016349
#CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2016351
#CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2016368
#CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2016373
#CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2016374
#CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2016375
#CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component
Reporter
Fabius Artrel
Impact
high
References
Bug 2017512
#CVE-2026-4692: Sandbox escape in the Responsive Design Mode component
Reporter
Tom Ritter
Impact
high
References
Bug 2017643
#CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2018102
#CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component
Reporter
Sajeeb Lohani
Impact
high
References
Bug 2018430
#CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component
Reporter
Atte Kettunen
Impact
high
References
Bug 2020030
#CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component
Reporter
Sota Wada
Impact
high
References
Bug 2020190
#CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component
Reporter
Lorenzo
Impact
high
References
Bug 2020422
#CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component
Reporter
maxpl0it working with Trend Micro Zero Day Initiative
Impact
high
References
Bug 2020906
#CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component
Reporter
Matej Smycka
Impact
high
References
Bug 2021863
#CVE-2026-4700: Mitigation bypass in the Networking: HTTP component
Reporter
pizzahunthack1
Impact
moderate
References
Bug 2003766
#CVE-2026-4701: Use-after-free in the JavaScript Engine component
Reporter
Gary Kwong
Impact
moderate
References
Bug 2009303
#CVE-2026-4702: JIT miscompilation in the JavaScript Engine component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
moderate
References
Bug 2013560
#CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
moderate
References
Bug 2014868
#CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
moderate
References
Bug 2014873
#CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component
Reporter
Jun Yang
Impact
moderate
References
Bug 2015091
#CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component
Reporter
Sajeeb Lohani
Impact
moderate
References
Bug 2015267
#CVE-2026-4708: Incorrect boundary conditions in the Graphics component
Reporter
Sajeeb Lohani
Impact
moderate
References
Bug 2015268
#CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component
Reporter
Sajeeb Lohani
Impact
moderate
References
Bug 2016329
#CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component
Reporter
Sajeeb Lohani
Impact
moderate
References
Bug 2016370
#CVE-2026-4711: Use-after-free in the Widget: Cocoa component
Reporter
Josh Aas
Impact
moderate
References
Bug 2017002
#CVE-2026-4712: Information disclosure in the Widget: Cocoa component
Reporter
Josh Aas
Impact
moderate
References
Bug 2017666
#CVE-2026-4713: Incorrect boundary conditions in the Graphics component
Reporter
Sajeeb Lohani
Impact
moderate
References
Bug 2018113
#CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component
Reporter
Sajeeb Lohani
Impact
moderate
References
Bug 2018126
#CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component
Reporter
Jun Yang
Impact
moderate
References
Bug 2018405
#CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
Reporter
Pwn2addr
Impact
moderate
References
Bug 2018592
#CVE-2026-4717: Privilege escalation in the Netmonitor component
Reporter
Satoki Tsuji
Impact
moderate
References
Bug 2021695
#CVE-2025-59375: Denial-of-service in the XML component
Reporter
Jan Horak
Impact
low
References
Bug 1988467
#CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
low
References
Bug 2014864
#CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component
Reporter
Sajeeb Lohani
Impact
low
References
Bug 2016367
#CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
Reporter
Christian Holler, Gabriele Svelto, Tom Schuster and the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
#CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
Reporter
Christian Holler, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/firefox140/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox140/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/firefox140/Makefile
diff -u pkgsrc/www/firefox140/Makefile:1.11 pkgsrc/www/firefox140/Makefile:1.12
--- pkgsrc/www/firefox140/Makefile:1.11 Tue Feb 24 14:07:55 2026
+++ pkgsrc/www/firefox140/Makefile Tue Mar 24 13:11:35 2026
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.11 2026/02/24 14:07:55 gutteridge Exp $
+# $NetBSD: Makefile,v 1.12 2026/03/24 13:11:35 gutteridge Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH= 140.8
+MOZ_BRANCH= 140.9
MOZ_BRANCH_MINOR= .0esr
DISTNAME= firefox-${FIREFOX_VER}.source
Index: pkgsrc/www/firefox140/distinfo
diff -u pkgsrc/www/firefox140/distinfo:1.10 pkgsrc/www/firefox140/distinfo:1.11
--- pkgsrc/www/firefox140/distinfo:1.10 Tue Feb 24 14:07:55 2026
+++ pkgsrc/www/firefox140/distinfo Tue Mar 24 13:11:35 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.10 2026/02/24 14:07:55 gutteridge Exp $
+$NetBSD: distinfo,v 1.11 2026/03/24 13:11:35 gutteridge Exp $
-BLAKE2s (firefox-140.8.0esr.source.tar.xz) = ddbe76491a3a5af88432b96b26a2ebb656819a780f2249d5198b4a8b94ac41ad
-SHA512 (firefox-140.8.0esr.source.tar.xz) = 3baca73c5c264884afa4b1d76ded4417119640e1161b8fed4ca406f0ec44e7f685258f5085f473dc9eff9057a6548a9b59cec3c696358dd1032503aa75f91d05
-Size (firefox-140.8.0esr.source.tar.xz) = 633564864 bytes
+BLAKE2s (firefox-140.9.0esr.source.tar.xz) = 75f692405065815d77747a641f067694ec99a82548df0f326dada4f6963ccfa7
+SHA512 (firefox-140.9.0esr.source.tar.xz) = bc03fd2a73d00a88bd0a3c9eeaefe618ffb34226fb7bc2fac4a02246ff29fe038423bf77538273ee6fac25fb1e3e4fa98bb522026ae3427a0ad5f41d2ec6ba98
+Size (firefox-140.9.0esr.source.tar.xz) = 630445704 bytes
BLAKE2s (nodejs-output-140.0.4.tgz) = 7ebb5993c8c9d7d5492afdb9fa7fef74fec7753fb0b14673817f24faf4a7fca4
SHA512 (nodejs-output-140.0.4.tgz) = e421b0b6be8b5b8dfda705eefcf4573a1270df9012dca5eac9ba0ac2af2bcc47dd66b1057106f8c2336a10bdcc39b9f852041dd33da9e7a8929d981dbb4e1fb4
Size (nodejs-output-140.0.4.tgz) = 245385 bytes
Home |
Main Index |
Thread Index |
Old Index