diff options
| author | Ian Eure <ian@retrospec.tv> | 2024-11-06 06:26:00 -0800 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2024-11-06 17:23:35 +0100 |
| commit | 280aa6b57d7b741a7d8b076e1afa3dff23569332 (patch) | |
| tree | 394db3dcebdbeaf522f59b0514fab41584bfdcdc /gnu/tests/emacs.scm | |
| parent | 0ad0f8a1fa9c711f4df5908ebf800a9400f5bbc9 (diff) | |
| download | guix-280aa6b57d7b741a7d8b076e1afa3dff23569332.tar.gz guix-280aa6b57d7b741a7d8b076e1afa3dff23569332.zip | |
gnu: librewolf: Update to 132.0-1 [security fixes].
New upstream version. The 132.0-2-1 release switches to the firefox-l10n
repository, necessitating rework of locale handling.
131.0.3-1 fixes CVEs:
CVE-2024-9936: Undefined behavior in selection node cache
132.0-1 fixes CVEs:
CVE-2024-10458: Permission leak via embed or object elements
CVE-2024-10459: Use-after-free in layout with accessibility
CVE-2024-10460: Confusing display of origin for external protocol
handler prompt
CVE-2024-10461: XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
CVE-2024-10462: Origin of permission prompt could be spoofed by long
URL
CVE-2024-10463: Cross origin video frame leak
CVE-2024-10468: Race conditions in IndexedDB
CVE-2024-10464: History interface could have been used to cause a
Denial of Service condition in the browser
CVE-2024-10465: Clipboard "paste" button persisted across tabs
CVE-2024-10466: DOM push subscription message could hang Firefox
CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird
132, Firefox ESR 128.4, and Thunderbird 128.4
* gnu/packages/librewolf.scm (librewolf): Update to 132.0-1.
Change-Id: I4afbcb496a8b0a329254762259cd1598d574761e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu/tests/emacs.scm')
0 files changed, 0 insertions, 0 deletions