pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/firefox140
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Jun 16 16:16:43 UTC 2026
Modified Files:
pkgsrc/www/firefox140: Makefile distinfo
Log Message:
firefox140: update to 140.12
Update during freeze approved by maya@.
Mozilla Foundation Security Advisory 2026-58
Security Vulnerabilities fixed in Firefox ESR 140.12
Announced
June 16, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.12
#CVE-2026-12289: Privilege escalation in the Graphics: WebRender component
Reporter
choeseyeong
Impact
high
References
Bug 2023443
#CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12
Reporter
jayjayjazz
Impact
high
References
Bug 2024852
#CVE-2026-12291: Use-after-free in the Networking: HTTP component
Reporter
Zijie Zhao
Impact
high
References
Bug 2036929
#CVE-2026-12292: Incorrect boundary conditions in the Web Audio component
Reporter
Zijie Zhao
Impact
high
References
Bug 2038465
#CVE-2026-12294: Sandbox escape in the DOM: Workers component
Reporter
Quy Pham
Impact
high
References
Bug 2039873
#CVE-2026-12295: Sandbox escape in the DOM: Navigation component
Reporter
Yaqoub Aldurayhim
Impact
high
References
Bug 2040160
#CVE-2026-12298: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Haruka Yamazaki
Impact
high
References
Bug 2041981
#CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component
Reporter
Yaqoub Aldurayhim
Impact
high
References
Bug 2040515
#CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component
Reporter
zx
Impact
high
References
Bug 2041610
#CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component
Reporter
Hyeonjun Ahn
Impact
high
References
Bug 2043139
#CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Michael Froman
Impact
high
References
Bug 2044738
#CVE-2026-12302: Mitigation bypass in the DOM: Security component
Reporter
lebr0nli
Impact
moderate
References
Bug 2034489
#CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component
Reporter
Yaqoub Aldurayhim
Impact
moderate
References
Bug 2034944
#CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Zijie Zhao
Impact
moderate
References
Bug 2037290
#CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Mihalis Haatainen
Impact
moderate
References
Bug 2037323
#CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Atsushi Sada
Impact
moderate
References
Bug 2038133
#CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Mihalis Haatainen
Impact
moderate
References
Bug 2038302
#CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Yaqoub Aldurayhim
Impact
moderate
References
Bug 2038476
#CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Carl Pearson
Impact
moderate
References
Bug 2039707
#CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component
Reporter
Yaqoub Aldurayhim
Impact
moderate
References
Bug 2040177
#CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12
Reporter
Rintaro Kawasugi
Impact
moderate
References
Bug 2040383
#CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component
Reporter
evyatar
Impact
moderate
References
Bug 2040477
#CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12
Reporter
satyamasd
Impact
moderate
References
Bug 2041856
#CVE-2026-12315: Mitigation bypass in the DOM: Security component
Reporter
Nguyen Minh
Impact
moderate
References
Bug 2042058
#CVE-2026-12330: Incorrect boundary conditions in the Internationalization component
Reporter
Mozilla Fuzzing Team
Impact
moderate
References
Bug 2029326
#CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component
Reporter
Mihalis Haatainen
Impact
low
References
Bug 2038444
#CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component
Reporter
Securin
Impact
low
References
Bug 2039443
#CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Reporter
Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team
Impact
moderate
Description
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.
References
Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
#CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Reporter
Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run arbitrary code.
References
High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/firefox140/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox140/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/firefox140/Makefile
diff -u pkgsrc/www/firefox140/Makefile:1.18 pkgsrc/www/firefox140/Makefile:1.19
--- pkgsrc/www/firefox140/Makefile:1.18 Thu Jun 11 07:17:47 2026
+++ pkgsrc/www/firefox140/Makefile Tue Jun 16 16:16:43 2026
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.18 2026/06/11 07:17:47 wiz Exp $
+# $NetBSD: Makefile,v 1.19 2026/06/16 16:16:43 gutteridge Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH= 140.11
+MOZ_BRANCH= 140.12
MOZ_BRANCH_MINOR= .0esr
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox140-/}
-PKGREVISION= 1
CATEGORIES= www
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
Index: pkgsrc/www/firefox140/distinfo
diff -u pkgsrc/www/firefox140/distinfo:1.17 pkgsrc/www/firefox140/distinfo:1.18
--- pkgsrc/www/firefox140/distinfo:1.17 Thu May 21 15:34:06 2026
+++ pkgsrc/www/firefox140/distinfo Tue Jun 16 16:16:43 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.17 2026/05/21 15:34:06 gutteridge Exp $
+$NetBSD: distinfo,v 1.18 2026/06/16 16:16:43 gutteridge Exp $
-BLAKE2s (firefox-140.11.0esr.source.tar.xz) = 567b3ce95be1e3809dbd1d4e36a9b4fed544bd4b8e3bf24fff238daf0743bfaf
-SHA512 (firefox-140.11.0esr.source.tar.xz) = d06adb3ef4de1324e3d61872d70de31ab08ac013f33903549bed28c6ebcc5b4dee94bb36388282c1935d77d1a564079f3adbf08d6bb80284a899cbb3d861300c
-Size (firefox-140.11.0esr.source.tar.xz) = 637083992 bytes
+BLAKE2s (firefox-140.12.0esr.source.tar.xz) = 5aa6d7e2025eda47afca489720e6511c9aa29875699d021fc03068eaeb2b1486
+SHA512 (firefox-140.12.0esr.source.tar.xz) = 3d598dd964bca074d11b71f84d586811b0a736bdd4d1e6cedb9286c56b1e11584e85ca1d0369c9b2f8d9e4d0eaf014d1b9232a96e71ac25f71fa9ed0807f642d
+Size (firefox-140.12.0esr.source.tar.xz) = 641934156 bytes
BLAKE2s (nodejs-output-140.0.4.tgz) = 7ebb5993c8c9d7d5492afdb9fa7fef74fec7753fb0b14673817f24faf4a7fca4
SHA512 (nodejs-output-140.0.4.tgz) = e421b0b6be8b5b8dfda705eefcf4573a1270df9012dca5eac9ba0ac2af2bcc47dd66b1057106f8c2336a10bdcc39b9f852041dd33da9e7a8929d981dbb4e1fb4
Size (nodejs-output-140.0.4.tgz) = 245385 bytes
Home |
Main Index |
Thread Index |
Old Index