pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/firefox140



Module Name:    pkgsrc
Committed By:   gutteridge
Date:           Tue Jun 16 16:16:43 UTC 2026

Modified Files:
        pkgsrc/www/firefox140: Makefile distinfo

Log Message:
firefox140: update to 140.12

Update during freeze approved by maya@.

Mozilla Foundation Security Advisory 2026-58
Security Vulnerabilities fixed in Firefox ESR 140.12

Announced
    June 16, 2026
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 140.12

#CVE-2026-12289: Privilege escalation in the Graphics: WebRender component

Reporter
    choeseyeong
Impact
    high

References

    Bug 2023443

#CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    jayjayjazz
Impact
    high

References

    Bug 2024852

#CVE-2026-12291: Use-after-free in the Networking: HTTP component

Reporter
    Zijie Zhao
Impact
    high

References

    Bug 2036929

#CVE-2026-12292: Incorrect boundary conditions in the Web Audio component

Reporter
    Zijie Zhao
Impact
    high

References

    Bug 2038465

#CVE-2026-12294: Sandbox escape in the DOM: Workers component

Reporter
    Quy Pham
Impact
    high

References

    Bug 2039873

#CVE-2026-12295: Sandbox escape in the DOM: Navigation component

Reporter
    Yaqoub Aldurayhim
Impact
    high

References

    Bug 2040160

#CVE-2026-12298: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Haruka Yamazaki
Impact
    high

References

    Bug 2041981

#CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component

Reporter
    Yaqoub Aldurayhim
Impact
    high

References

    Bug 2040515

#CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component

Reporter
    zx
Impact
    high

References

    Bug 2041610

#CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component

Reporter
    Hyeonjun Ahn
Impact
    high

References

    Bug 2043139

#CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Michael Froman
Impact
    high

References

    Bug 2044738

#CVE-2026-12302: Mitigation bypass in the DOM: Security component

Reporter
    lebr0nli
Impact
    moderate

References

    Bug 2034489

#CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component

Reporter
    Yaqoub Aldurayhim
Impact
    moderate

References

    Bug 2034944

#CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Zijie Zhao
Impact
    moderate

References

    Bug 2037290

#CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Mihalis Haatainen
Impact
    moderate

References

    Bug 2037323

#CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Atsushi Sada
Impact
    moderate

References

    Bug 2038133

#CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Mihalis Haatainen
Impact
    moderate

References

    Bug 2038302

#CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Yaqoub Aldurayhim
Impact
    moderate

References

    Bug 2038476

#CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Carl Pearson
Impact
    moderate

References

    Bug 2039707

#CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component

Reporter
    Yaqoub Aldurayhim
Impact
    moderate

References

    Bug 2040177

#CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    Rintaro Kawasugi
Impact
    moderate

References

    Bug 2040383

#CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component

Reporter
    evyatar
Impact
    moderate

References

    Bug 2040477

#CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12

Reporter
    satyamasd
Impact
    moderate

References

    Bug 2041856

#CVE-2026-12315: Mitigation bypass in the DOM: Security component

Reporter
    Nguyen Minh
Impact
    moderate

References

    Bug 2042058

#CVE-2026-12330: Incorrect boundary conditions in the Internationalization component

Reporter
    Mozilla Fuzzing Team
Impact
    moderate

References

    Bug 2029326

#CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component

Reporter
    Mihalis Haatainen
Impact
    low

References

    Bug 2038444

#CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component

Reporter
    Securin
Impact
    low

References

    Bug 2039443

#CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Reporter
    Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team
Impact
    moderate

Description

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough 
effort some of these could have been exploited to run arbitrary code.
References

    Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

#CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Reporter
    Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume 
that with enough effort some of these could have been exploited to run arbitrary code.
References

    High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/firefox140/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox140/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox140/Makefile
diff -u pkgsrc/www/firefox140/Makefile:1.18 pkgsrc/www/firefox140/Makefile:1.19
--- pkgsrc/www/firefox140/Makefile:1.18 Thu Jun 11 07:17:47 2026
+++ pkgsrc/www/firefox140/Makefile      Tue Jun 16 16:16:43 2026
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.18 2026/06/11 07:17:47 wiz Exp $
+# $NetBSD: Makefile,v 1.19 2026/06/16 16:16:43 gutteridge Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
-MOZ_BRANCH=            140.11
+MOZ_BRANCH=            140.12
 MOZ_BRANCH_MINOR=      .0esr
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//:S/firefox-/firefox140-/}
-PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}

Index: pkgsrc/www/firefox140/distinfo
diff -u pkgsrc/www/firefox140/distinfo:1.17 pkgsrc/www/firefox140/distinfo:1.18
--- pkgsrc/www/firefox140/distinfo:1.17 Thu May 21 15:34:06 2026
+++ pkgsrc/www/firefox140/distinfo      Tue Jun 16 16:16:43 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.17 2026/05/21 15:34:06 gutteridge Exp $
+$NetBSD: distinfo,v 1.18 2026/06/16 16:16:43 gutteridge Exp $
 
-BLAKE2s (firefox-140.11.0esr.source.tar.xz) = 567b3ce95be1e3809dbd1d4e36a9b4fed544bd4b8e3bf24fff238daf0743bfaf
-SHA512 (firefox-140.11.0esr.source.tar.xz) = d06adb3ef4de1324e3d61872d70de31ab08ac013f33903549bed28c6ebcc5b4dee94bb36388282c1935d77d1a564079f3adbf08d6bb80284a899cbb3d861300c
-Size (firefox-140.11.0esr.source.tar.xz) = 637083992 bytes
+BLAKE2s (firefox-140.12.0esr.source.tar.xz) = 5aa6d7e2025eda47afca489720e6511c9aa29875699d021fc03068eaeb2b1486
+SHA512 (firefox-140.12.0esr.source.tar.xz) = 3d598dd964bca074d11b71f84d586811b0a736bdd4d1e6cedb9286c56b1e11584e85ca1d0369c9b2f8d9e4d0eaf014d1b9232a96e71ac25f71fa9ed0807f642d
+Size (firefox-140.12.0esr.source.tar.xz) = 641934156 bytes
 BLAKE2s (nodejs-output-140.0.4.tgz) = 7ebb5993c8c9d7d5492afdb9fa7fef74fec7753fb0b14673817f24faf4a7fca4
 SHA512 (nodejs-output-140.0.4.tgz) = e421b0b6be8b5b8dfda705eefcf4573a1270df9012dca5eac9ba0ac2af2bcc47dd66b1057106f8c2336a10bdcc39b9f852041dd33da9e7a8929d981dbb4e1fb4
 Size (nodejs-output-140.0.4.tgz) = 245385 bytes



Home | Main Index | Thread Index | Old Index