Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2026-01-13 21:35:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Tue Jan 13 21:35:22 2026 rev:26 rq:1327021 version:140.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2025-12-12 21:43:03.725602020 +0100 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1928/MozillaFirefox.changes 2026-01-13 21:35:45.826968272 +0100 @@ -1,0 +2,42 @@ +Tue Jan 13 08:08:33 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.7.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.7 + https://www.mozilla.org/security/advisories/mfsa2026-03 + MFSA 2026-03 (boo#1256340) + * CVE-2026-0877 (bmo#1999257) + Mitigation bypass in the DOM: Security component + * CVE-2026-0878 (bmo#2003989) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2026-0879 (bmo#2004602) + Sandbox escape due to incorrect boundary conditions in the + Graphics component + * CVE-2026-0880 (bmo#2005014) + Sandbox escape due to integer overflow in the Graphics + component + * CVE-2026-0882 (bmo#1924125) + Use-after-free in the IPC component + * CVE-2025-14327 (bmo#1970743) + Spoofing issue in the Downloads Panel component + * CVE-2026-0883 (bmo#1989340) + Information disclosure in the Networking component + * CVE-2026-0884 (bmo#2003588) + Use-after-free in the JavaScript Engine component + * CVE-2026-0885 (bmo#2003607) + Use-after-free in the JavaScript: GC component + * CVE-2026-0886 (bmo#2005658) + Incorrect boundary conditions in the Graphics component + * CVE-2026-0887 (bmo#2006500) + Clickjacking issue, information disclosure in the PDF Viewer + component + * CVE-2026-0890 (bmo#2005081) + Spoofing issue in the DOM: Copy & Paste and Drag & Drop + component + * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, + bmo#2003278) + Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird + ESR 140.7, Firefox 147 and Thunderbird 147 + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.6.0esr.source.tar.xz firefox-140.6.0esr.source.tar.xz.asc l10n-140.6.0esr.tar.xz New: ---- firefox-140.7.0esr.source.tar.xz firefox-140.7.0esr.source.tar.xz.asc l10n-140.7.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.rQ4wQ9/_old 2026-01-13 21:36:02.355650957 +0100 +++ /var/tmp/diff_new_pack.rQ4wQ9/_new 2026-01-13 21:36:02.359651122 +0100 @@ -1,8 +1,8 @@ # # spec file for package firefox-esr # -# Copyright (c) 2025 SUSE LLC -# Copyright (c) 2006-2025 Wolfgang Rosenauer <[email protected]> +# Copyright (c) 2026 SUSE LLC +# Copyright (c) 2006-2026 Wolfgang Rosenauer <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.6.0 -%define orig_version 140.6.0 +%define mainver %major.7.0 +%define orig_version 140.7.0 %define orig_suffix esr %define update_channel esr %define branding 1 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.rQ4wQ9/_old 2026-01-13 21:36:02.479656079 +0100 +++ /var/tmp/diff_new_pack.rQ4wQ9/_new 2026-01-13 21:36:02.487656409 +0100 @@ -1,4 +1,46 @@ ------------------------------------------------------------------- +Tue Jan 13 08:08:33 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.7.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.7 + https://www.mozilla.org/security/advisories/mfsa2026-03 + MFSA 2026-03 (boo#1256340) + * CVE-2026-0877 (bmo#1999257) + Mitigation bypass in the DOM: Security component + * CVE-2026-0878 (bmo#2003989) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2026-0879 (bmo#2004602) + Sandbox escape due to incorrect boundary conditions in the + Graphics component + * CVE-2026-0880 (bmo#2005014) + Sandbox escape due to integer overflow in the Graphics + component + * CVE-2026-0882 (bmo#1924125) + Use-after-free in the IPC component + * CVE-2025-14327 (bmo#1970743) + Spoofing issue in the Downloads Panel component + * CVE-2026-0883 (bmo#1989340) + Information disclosure in the Networking component + * CVE-2026-0884 (bmo#2003588) + Use-after-free in the JavaScript Engine component + * CVE-2026-0885 (bmo#2003607) + Use-after-free in the JavaScript: GC component + * CVE-2026-0886 (bmo#2005658) + Incorrect boundary conditions in the Graphics component + * CVE-2026-0887 (bmo#2006500) + Clickjacking issue, information disclosure in the PDF Viewer + component + * CVE-2026-0890 (bmo#2005081) + Spoofing issue in the DOM: Copy & Paste and Drag & Drop + component + * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, + bmo#2003278) + Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird + ESR 140.7, Firefox 147 and Thunderbird 147 + +------------------------------------------------------------------- Thu Dec 11 20:59:32 UTC 2025 - Manfred Hollstein <[email protected]> * Remove the Build1 tag from the last changes entry; no other change * ++++++ firefox-140.6.0esr.source.tar.xz -> firefox-140.7.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.6.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1928/firefox-140.7.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.rQ4wQ9/_old 2026-01-13 21:36:02.615661697 +0100 +++ /var/tmp/diff_new_pack.rQ4wQ9/_new 2026-01-13 21:36:02.619661861 +0100 @@ -1,4 +1,46 @@ ------------------------------------------------------------------- +Tue Jan 13 08:08:33 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.7.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.7 + https://www.mozilla.org/security/advisories/mfsa2026-03 + MFSA 2026-03 (boo#1256340) + * CVE-2026-0877 (bmo#1999257) + Mitigation bypass in the DOM: Security component + * CVE-2026-0878 (bmo#2003989) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2026-0879 (bmo#2004602) + Sandbox escape due to incorrect boundary conditions in the + Graphics component + * CVE-2026-0880 (bmo#2005014) + Sandbox escape due to integer overflow in the Graphics + component + * CVE-2026-0882 (bmo#1924125) + Use-after-free in the IPC component + * CVE-2025-14327 (bmo#1970743) + Spoofing issue in the Downloads Panel component + * CVE-2026-0883 (bmo#1989340) + Information disclosure in the Networking component + * CVE-2026-0884 (bmo#2003588) + Use-after-free in the JavaScript Engine component + * CVE-2026-0885 (bmo#2003607) + Use-after-free in the JavaScript: GC component + * CVE-2026-0886 (bmo#2005658) + Incorrect boundary conditions in the Graphics component + * CVE-2026-0887 (bmo#2006500) + Clickjacking issue, information disclosure in the PDF Viewer + component + * CVE-2026-0890 (bmo#2005081) + Spoofing issue in the DOM: Copy & Paste and Drag & Drop + component + * CVE-2026-0891 (bmo#1964722, bmo#2000981, bmo#2003100, + bmo#2003278) + Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird + ESR 140.7, Firefox 147 and Thunderbird 147 + +------------------------------------------------------------------- Thu Dec 11 20:59:32 UTC 2025 - Manfred Hollstein <[email protected]> * Remove the Build1 tag from the last changes entry; no other change * ++++++ l10n-140.6.0esr.tar.xz -> l10n-140.7.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.rQ4wQ9/_old 2026-01-13 21:36:02.879672601 +0100 +++ /var/tmp/diff_new_pack.rQ4wQ9/_new 2026-01-13 21:36:02.883672766 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.6.0" +VERSION="140.7.0" VERSION_SUFFIX="esr" -PREV_VERSION="140.5.0" +PREV_VERSION="140.6.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="18556c0b079c839f4d15597a57b0f048fdadcedd" -RELEASE_TIMESTAMP="20251201132345" +RELEASE_TAG="82e96a128bf5e3e7dd6e5180c9528f623ba5e0f7" +RELEASE_TIMESTAMP="20260106170501"
