pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/firefox140

Module Name:    pkgsrc
Committed By:   gutteridge
Date:           Tue Apr 21 13:40:08 UTC 2026

Modified Files:
        pkgsrc/www/firefox140: Makefile distinfo

Log Message:
firefox140: update to 140.10

Mozilla Foundation Security Advisory 2026-32
Security Vulnerabilities fixed in Firefox ESR 140.10

Announced
    April 21, 2026
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 140.10

#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component

Reporter
    Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
    high

References

    Bug 2014596

#CVE-2026-6747: Use-after-free in the WebRTC component

Reporter
    Nan Wang
Impact
    high

References

    Bug 2021769

#CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component

Reporter
    Inseo An
Impact
    high

References

    Bug 2022604

#CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

Reporter
    Inseo An
Impact
    high

References

    Bug 2022610

#CVE-2026-6750: Privilege escalation in the Graphics: WebRender component

Reporter
    choeseyeong
Impact
    high

References

    Bug 2023407

#CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component

Reporter
    Joren Afman
Impact
    high

References

    Bug 2025883

#CVE-2026-6752: Incorrect boundary conditions in the WebRTC component

Reporter
    jmwebdevelopement
Impact
    high

References

    Bug 2027499

#CVE-2026-6753: Incorrect boundary conditions in the WebRTC component

Reporter
    jmwebdevelopement
Impact
    high

References

    Bug 2027501

#CVE-2026-6754: Use-after-free in the JavaScript Engine component

Reporter
    Xuehao Guo
Impact
    high

References

    Bug 2027541

#CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component

Reporter
    Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
    moderate

References

    Bug 2013588

#CVE-2026-6759: Use-after-free in the Widget: Cocoa component

Reporter
    Steven Michaud
Impact
    moderate

References

    Bug 2016164

#CVE-2026-6761: Privilege escalation in the Networking component

Reporter
    kiyong
Impact
    moderate

References

    Bug 2017857

#CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component

Reporter
    Farras Givari
Impact
    moderate

References

    Bug 2021080

#CVE-2026-6763: Mitigation bypass in the File Handling component

Reporter
    Tomoya Nakanishi
Impact
    moderate

References

    Bug 2021666

#CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component

Reporter
    Florian
Impact
    moderate

References

    Bug 2022162

#CVE-2026-6765: Information disclosure in the Form Autofill component

Reporter
    ABDULAZIZ ALASAIQAH
Impact
    moderate

References

    Bug 2022419

#CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS

Reporter
    Haruto Kimura
Impact
    moderate

References

    Bug 2023207

#CVE-2026-6767: Other issue in the Libraries component in NSS

Reporter
    Haruto Kimura
Impact
    moderate

References

    Bug 2023209

#CVE-2026-6769: Privilege escalation in the Debugger component

Reporter
    Tomoya Nakanishi
Impact
    moderate

References

    Bug 2023753

#CVE-2026-6770: Other issue in the Storage: IndexedDB component

Reporter
    Dai
Impact
    moderate

References

    Bug 2024220

#CVE-2026-6771: Mitigation bypass in the DOM: Security component

Reporter
    Rayhan Hanaputra
Impact
    moderate

References

    Bug 2025067

#CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS

Reporter
    sseehra
Impact
    moderate

References

    Bug 2026089

#CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component

Reporter
    Nan Wang
Impact
    low

References

    Bug 2021770

#CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Reporter
    Andrew McCreight, Ashley Zebrowski, Brian Grinstead, Christian Holler, Maurice Dauer, Tom Schuster and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume 
that with enough effort some of these could have been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

#CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Reporter
    Alex Franchuk, Andrew McCreight, Brian Grinstead, Christian Holler, Jan de Mooij, Maurice Dauer, Sebastian Hengst, Tom Schuster and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort 
some of these could have been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/firefox140/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox140/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/www/firefox140/Makefile
diff -u pkgsrc/www/firefox140/Makefile:1.13 pkgsrc/www/firefox140/Makefile:1.14
--- pkgsrc/www/firefox140/Makefile:1.13 Thu Apr  9 18:37:06 2026
+++ pkgsrc/www/firefox140/Makefile      Tue Apr 21 13:40:08 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.13 2026/04/09 18:37:06 gutteridge Exp $
+# $NetBSD: Makefile,v 1.14 2026/04/21 13:40:08 gutteridge Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            140.9
-MOZ_BRANCH_MINOR=      .1esr
+MOZ_BRANCH=            140.10
+MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox140-/}

Index: pkgsrc/www/firefox140/distinfo
diff -u pkgsrc/www/firefox140/distinfo:1.12 pkgsrc/www/firefox140/distinfo:1.13
--- pkgsrc/www/firefox140/distinfo:1.12 Thu Apr  9 18:37:06 2026
+++ pkgsrc/www/firefox140/distinfo      Tue Apr 21 13:40:08 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2026/04/09 18:37:06 gutteridge Exp $
+$NetBSD: distinfo,v 1.13 2026/04/21 13:40:08 gutteridge Exp $
 
-BLAKE2s (firefox-140.9.1esr.source.tar.xz) = 0602c185e37132155cbd4b9bc9b795295b99bc81eb2bf7c282bf5b29b21aa0d9
-SHA512 (firefox-140.9.1esr.source.tar.xz) = 119a4e4e536fd4534adcc4a546a988e553285f9326bf16e9771854ec2dc7d039a729aedc5925623e172260a5e154172c56a011f131068736eb2a89a8de611840
-Size (firefox-140.9.1esr.source.tar.xz) = 634745800 bytes
+BLAKE2s (firefox-140.10.0esr.source.tar.xz) = 94fea47829730dbdb974dfdd694d214a86de37f21bf6a6aa98437f34e410c5ee
+SHA512 (firefox-140.10.0esr.source.tar.xz) = 56b274df21d0a908e826af6dda89a42b77fb0f597b75542b0330d448ae22be07a3636a3187ff1b488e466cc8c5264a8a75f79901354a49e35a3e99dcb0852514
+Size (firefox-140.10.0esr.source.tar.xz) = 636605480 bytes
 BLAKE2s (nodejs-output-140.0.4.tgz) = 7ebb5993c8c9d7d5492afdb9fa7fef74fec7753fb0b14673817f24faf4a7fca4
 SHA512 (nodejs-output-140.0.4.tgz) = e421b0b6be8b5b8dfda705eefcf4573a1270df9012dca5eac9ba0ac2af2bcc47dd66b1057106f8c2336a10bdcc39b9f852041dd33da9e7a8929d981dbb4e1fb4
 Size (nodejs-output-140.0.4.tgz) = 245385 bytes
Home | Main Index | Thread Index | Old Index