Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2026-02-24 18:30:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Tue Feb 24 18:30:41 2026 rev:29 rq:1334755 version:140.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2026-02-17 16:47:08.070891588 +0100 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1977/MozillaFirefox.changes 2026-02-24 18:30:42.082501928 +0100 @@ -1,0 +2,96 @@ +Tue Feb 24 13:56:01 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.8.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.8 + https://www.mozilla.org/security/advisories/mfsa2026-15 + MFSA 2026-15 (boo#1258568) + * CVE-2026-2757 (bmo#2001637) + Incorrect boundary conditions in the WebRTC: Audio/Video + component + * CVE-2026-2758 (bmo#2009608) + Use-after-free in the JavaScript: GC component + * CVE-2026-2759 (bmo#2010933) + Incorrect boundary conditions in the Graphics: ImageLib + component + * CVE-2026-2760 (bmo#2011062) + Sandbox escape due to incorrect boundary conditions in the + Graphics: WebRender component + * CVE-2026-2761 (bmo#2011063) + Sandbox escape in the Graphics: WebRender component + * CVE-2026-2762 (bmo#2011649) + Integer overflow in the JavaScript: Standard Library + component + * CVE-2026-2763 (bmo#2012018) + Use-after-free in the JavaScript Engine component + * CVE-2026-2764 (bmo#2012608) + JIT miscompilation, use-after-free in the JavaScript Engine: + JIT component + * CVE-2026-2765 (bmo#2013562) + Use-after-free in the JavaScript Engine component + * CVE-2026-2766 (bmo#2013583) + Use-after-free in the JavaScript Engine: JIT component + * CVE-2026-2767 (bmo#2013741) + Use-after-free in the JavaScript: WebAssembly component + * CVE-2026-2768 (bmo#2014101) + Sandbox escape in the Storage: IndexedDB component + * CVE-2026-2769 (bmo#2014550) + Use-after-free in the Storage: IndexedDB component + * CVE-2026-2770 (bmo#2014585) + Use-after-free in the DOM: Bindings (WebIDL) component + * CVE-2026-2771 (bmo#2014593) + Undefined behavior in the DOM: Core & HTML component + * CVE-2026-2772 (bmo#2014827) + Use-after-free in the Audio/Video: Playback component + * CVE-2026-2773 (bmo#2014832) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-2774 (bmo#2014883) + Integer overflow in the Audio/Video component + * CVE-2026-2775 (bmo#2015199) + Mitigation bypass in the DOM: HTML Parser component + * CVE-2026-2776 (bmo#2015266) + Sandbox escape due to incorrect boundary conditions in the + Telemetry component in External Software + * CVE-2026-2777 (bmo#2015305) + Privilege escalation in the Messaging System component + * CVE-2026-2778 (bmo#2016358) + Sandbox escape due to incorrect boundary conditions in the + DOM: Core & HTML component + * CVE-2026-2779 (bmo#1164141) + Incorrect boundary conditions in the Networking: JAR + component + * CVE-2026-2780 (bmo#2007829) + Privilege escalation in the Netmonitor component + * CVE-2026-2781 (bmo#2009552) + Integer overflow in the Libraries component in NSS + * CVE-2026-2782 (bmo#2010743) + Privilege escalation in the Netmonitor component + * CVE-2026-2783 (bmo#2010943) + Information disclosure due to JIT miscompilation in the + JavaScript Engine: JIT component + * CVE-2026-2784 (bmo#2012984) + Mitigation bypass in the DOM: Security component + * CVE-2026-2785 (bmo#2013549) + Invalid pointer in the JavaScript Engine component + * CVE-2026-2786 (bmo#2013612) + Use-after-free in the JavaScript Engine component + * CVE-2026-2787 (bmo#2014560) + Use-after-free in the DOM: Window and Location component + * CVE-2026-2788 (bmo#2014824) + Incorrect boundary conditions in the Audio/Video: GMP + component + * CVE-2026-2789 (bmo#2015179) + Use-after-free in the Graphics: ImageLib component + * CVE-2026-2790 (bmo#2008426) + Same-origin policy bypass in the Networking: JAR component + * CVE-2026-2791 (bmo#2015220) + Mitigation bypass in the Networking: Cache component + * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, + bmo#2012331) + Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird + ESR 140.8, Firefox 148 and Thunderbird 148 + * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) + Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR + 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.7.1esr.source.tar.xz firefox-140.7.1esr.source.tar.xz.asc l10n-140.7.1esr.tar.xz New: ---- firefox-140.8.0esr.source.tar.xz firefox-140.8.0esr.source.tar.xz.asc l10n-140.8.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.5VxAJU/_old 2026-02-24 18:31:19.972079862 +0100 +++ /var/tmp/diff_new_pack.5VxAJU/_new 2026-02-24 18:31:19.972079862 +0100 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.7.1 -%define orig_version 140.7.1 +%define mainver %major.8.0 +%define orig_version 140.8.0 %define orig_suffix esr %define update_channel esr %define branding 1 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.5VxAJU/_old 2026-02-24 18:31:20.132086527 +0100 +++ /var/tmp/diff_new_pack.5VxAJU/_new 2026-02-24 18:31:20.140086860 +0100 @@ -1,4 +1,100 @@ ------------------------------------------------------------------- +Tue Feb 24 13:56:01 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.8.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.8 + https://www.mozilla.org/security/advisories/mfsa2026-15 + MFSA 2026-15 (boo#1258568) + * CVE-2026-2757 (bmo#2001637) + Incorrect boundary conditions in the WebRTC: Audio/Video + component + * CVE-2026-2758 (bmo#2009608) + Use-after-free in the JavaScript: GC component + * CVE-2026-2759 (bmo#2010933) + Incorrect boundary conditions in the Graphics: ImageLib + component + * CVE-2026-2760 (bmo#2011062) + Sandbox escape due to incorrect boundary conditions in the + Graphics: WebRender component + * CVE-2026-2761 (bmo#2011063) + Sandbox escape in the Graphics: WebRender component + * CVE-2026-2762 (bmo#2011649) + Integer overflow in the JavaScript: Standard Library + component + * CVE-2026-2763 (bmo#2012018) + Use-after-free in the JavaScript Engine component + * CVE-2026-2764 (bmo#2012608) + JIT miscompilation, use-after-free in the JavaScript Engine: + JIT component + * CVE-2026-2765 (bmo#2013562) + Use-after-free in the JavaScript Engine component + * CVE-2026-2766 (bmo#2013583) + Use-after-free in the JavaScript Engine: JIT component + * CVE-2026-2767 (bmo#2013741) + Use-after-free in the JavaScript: WebAssembly component + * CVE-2026-2768 (bmo#2014101) + Sandbox escape in the Storage: IndexedDB component + * CVE-2026-2769 (bmo#2014550) + Use-after-free in the Storage: IndexedDB component + * CVE-2026-2770 (bmo#2014585) + Use-after-free in the DOM: Bindings (WebIDL) component + * CVE-2026-2771 (bmo#2014593) + Undefined behavior in the DOM: Core & HTML component + * CVE-2026-2772 (bmo#2014827) + Use-after-free in the Audio/Video: Playback component + * CVE-2026-2773 (bmo#2014832) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-2774 (bmo#2014883) + Integer overflow in the Audio/Video component + * CVE-2026-2775 (bmo#2015199) + Mitigation bypass in the DOM: HTML Parser component + * CVE-2026-2776 (bmo#2015266) + Sandbox escape due to incorrect boundary conditions in the + Telemetry component in External Software + * CVE-2026-2777 (bmo#2015305) + Privilege escalation in the Messaging System component + * CVE-2026-2778 (bmo#2016358) + Sandbox escape due to incorrect boundary conditions in the + DOM: Core & HTML component + * CVE-2026-2779 (bmo#1164141) + Incorrect boundary conditions in the Networking: JAR + component + * CVE-2026-2780 (bmo#2007829) + Privilege escalation in the Netmonitor component + * CVE-2026-2781 (bmo#2009552) + Integer overflow in the Libraries component in NSS + * CVE-2026-2782 (bmo#2010743) + Privilege escalation in the Netmonitor component + * CVE-2026-2783 (bmo#2010943) + Information disclosure due to JIT miscompilation in the + JavaScript Engine: JIT component + * CVE-2026-2784 (bmo#2012984) + Mitigation bypass in the DOM: Security component + * CVE-2026-2785 (bmo#2013549) + Invalid pointer in the JavaScript Engine component + * CVE-2026-2786 (bmo#2013612) + Use-after-free in the JavaScript Engine component + * CVE-2026-2787 (bmo#2014560) + Use-after-free in the DOM: Window and Location component + * CVE-2026-2788 (bmo#2014824) + Incorrect boundary conditions in the Audio/Video: GMP + component + * CVE-2026-2789 (bmo#2015179) + Use-after-free in the Graphics: ImageLib component + * CVE-2026-2790 (bmo#2008426) + Same-origin policy bypass in the Networking: JAR component + * CVE-2026-2791 (bmo#2015220) + Mitigation bypass in the Networking: Cache component + * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, + bmo#2012331) + Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird + ESR 140.8, Firefox 148 and Thunderbird 148 + * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) + Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR + 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 + +------------------------------------------------------------------- Mon Feb 16 10:29:19 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.7.1 ESR ++++++ firefox-140.7.1esr.source.tar.xz -> firefox-140.8.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.7.1esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1977/firefox-140.8.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.5VxAJU/_old 2026-02-24 18:31:20.324094522 +0100 +++ /var/tmp/diff_new_pack.5VxAJU/_new 2026-02-24 18:31:20.328094690 +0100 @@ -1,4 +1,100 @@ ------------------------------------------------------------------- +Tue Feb 24 13:56:01 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.8.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.8 + https://www.mozilla.org/security/advisories/mfsa2026-15 + MFSA 2026-15 (boo#1258568) + * CVE-2026-2757 (bmo#2001637) + Incorrect boundary conditions in the WebRTC: Audio/Video + component + * CVE-2026-2758 (bmo#2009608) + Use-after-free in the JavaScript: GC component + * CVE-2026-2759 (bmo#2010933) + Incorrect boundary conditions in the Graphics: ImageLib + component + * CVE-2026-2760 (bmo#2011062) + Sandbox escape due to incorrect boundary conditions in the + Graphics: WebRender component + * CVE-2026-2761 (bmo#2011063) + Sandbox escape in the Graphics: WebRender component + * CVE-2026-2762 (bmo#2011649) + Integer overflow in the JavaScript: Standard Library + component + * CVE-2026-2763 (bmo#2012018) + Use-after-free in the JavaScript Engine component + * CVE-2026-2764 (bmo#2012608) + JIT miscompilation, use-after-free in the JavaScript Engine: + JIT component + * CVE-2026-2765 (bmo#2013562) + Use-after-free in the JavaScript Engine component + * CVE-2026-2766 (bmo#2013583) + Use-after-free in the JavaScript Engine: JIT component + * CVE-2026-2767 (bmo#2013741) + Use-after-free in the JavaScript: WebAssembly component + * CVE-2026-2768 (bmo#2014101) + Sandbox escape in the Storage: IndexedDB component + * CVE-2026-2769 (bmo#2014550) + Use-after-free in the Storage: IndexedDB component + * CVE-2026-2770 (bmo#2014585) + Use-after-free in the DOM: Bindings (WebIDL) component + * CVE-2026-2771 (bmo#2014593) + Undefined behavior in the DOM: Core & HTML component + * CVE-2026-2772 (bmo#2014827) + Use-after-free in the Audio/Video: Playback component + * CVE-2026-2773 (bmo#2014832) + Incorrect boundary conditions in the Web Audio component + * CVE-2026-2774 (bmo#2014883) + Integer overflow in the Audio/Video component + * CVE-2026-2775 (bmo#2015199) + Mitigation bypass in the DOM: HTML Parser component + * CVE-2026-2776 (bmo#2015266) + Sandbox escape due to incorrect boundary conditions in the + Telemetry component in External Software + * CVE-2026-2777 (bmo#2015305) + Privilege escalation in the Messaging System component + * CVE-2026-2778 (bmo#2016358) + Sandbox escape due to incorrect boundary conditions in the + DOM: Core & HTML component + * CVE-2026-2779 (bmo#1164141) + Incorrect boundary conditions in the Networking: JAR + component + * CVE-2026-2780 (bmo#2007829) + Privilege escalation in the Netmonitor component + * CVE-2026-2781 (bmo#2009552) + Integer overflow in the Libraries component in NSS + * CVE-2026-2782 (bmo#2010743) + Privilege escalation in the Netmonitor component + * CVE-2026-2783 (bmo#2010943) + Information disclosure due to JIT miscompilation in the + JavaScript Engine: JIT component + * CVE-2026-2784 (bmo#2012984) + Mitigation bypass in the DOM: Security component + * CVE-2026-2785 (bmo#2013549) + Invalid pointer in the JavaScript Engine component + * CVE-2026-2786 (bmo#2013612) + Use-after-free in the JavaScript Engine component + * CVE-2026-2787 (bmo#2014560) + Use-after-free in the DOM: Window and Location component + * CVE-2026-2788 (bmo#2014824) + Incorrect boundary conditions in the Audio/Video: GMP + component + * CVE-2026-2789 (bmo#2015179) + Use-after-free in the Graphics: ImageLib component + * CVE-2026-2790 (bmo#2008426) + Same-origin policy bypass in the Networking: JAR component + * CVE-2026-2791 (bmo#2015220) + Mitigation bypass in the Networking: Cache component + * CVE-2026-2792 (bmo#2008912, bmo#2010050, bmo#2010275, + bmo#2012331) + Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird + ESR 140.8, Firefox 148 and Thunderbird 148 + * CVE-2026-2793 (bmo#2015196, bmo#2016423, bmo#2016498) + Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR + 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 + +------------------------------------------------------------------- Mon Feb 16 10:29:19 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.7.1 ESR ++++++ l10n-140.7.1esr.tar.xz -> l10n-140.8.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.5VxAJU/_old 2026-02-24 18:31:20.648108017 +0100 +++ /var/tmp/diff_new_pack.5VxAJU/_new 2026-02-24 18:31:20.656108350 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.7.1" +VERSION="140.8.0" VERSION_SUFFIX="esr" -PREV_VERSION="140.7.0" +PREV_VERSION="140.7.1" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="b52fd675e52fc0313972c4d53bd33baa216c241d" -RELEASE_TIMESTAMP="20260212191416" +RELEASE_TAG="b23aff4bbac16e44f2a9d3127c18616acfef6166" +RELEASE_TIMESTAMP="20260217105505"
