head 1.4; access; symbols pkgsrc-2026Q1:1.2.0.2; locks; strict; comment @ * @; 1.4 date 2026.05.21.15.34.06; author gutteridge; state dead; branches; next 1.3; commitid 7T50CRi41dfkcHGG; 1.3 date 2026.05.07.21.01.30; author gutteridge; state Exp; branches; next 1.2; commitid JOvYSrfevXNBsVEG; 1.2 date 2026.04.30.21.47.25; author gutteridge; state Exp; branches 1.2.2.1; next 1.1; commitid AL03i2xn9GmUV1EG; 1.1 date 2026.04.30.18.51.23; author gutteridge; state Exp; branches; next ; commitid yKrZQOCM2JcYX0EG; 1.2.2.1 date 2026.04.30.21.47.25; author bsiegert; state dead; branches; next 1.2.2.2; commitid idHf729mVYiq6hEG; 1.2.2.2 date 2026.05.02.19.26.59; author bsiegert; state Exp; branches; next 1.2.2.3; commitid idHf729mVYiq6hEG; 1.2.2.3 date 2026.05.24.09.00.09; author bsiegert; state dead; branches; next ; commitid EtMrmv36WTnxV2HG; desc @@ 1.4 log @firefox140: update to 140.11 Mozilla Foundation Security Advisory 2026-48 Security Vulnerabilities fixed in Firefox ESR 140.11 Announced May 19, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.11 #CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component Reporter zx Impact high References Bug 2029070 #CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component Reporter ggwhyp Impact high References Bug 2036978 #CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component Reporter Satoki Tsuji Impact high References Bug 2038439 #CVE-2026-8391: Other issue in the JavaScript Engine component Reporter ggwhyp Impact high References Bug 2038575 #CVE-2026-8401: Sandbox escape in the Profile Backup component Reporter ggwhyp Impact high References Bug 2038679 #CVE-2026-8949: Integer overflow in the Widget: Win32 component Reporter q1 Impact moderate References Bug 1355639 #CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component Reporter Jakub Szymsza Impact moderate References Bug 1965430 #CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access APIs component Reporter stevej Impact moderate References Bug 2029511 #CVE-2026-8954: Incorrect boundary conditions, integer overflow in the Audio/Video component Reporter Ameen Basha M K Impact moderate References Bug 2030747 #CVE-2026-8955: Privilege escalation in the DOM: Workers component Reporter lebr0nli Impact moderate References Bug 2031064 #CVE-2026-8956: Integer overflow in the Networking: JAR component Reporter Yaqoub Aldurayhim Impact moderate References Bug 2032427 #CVE-2026-8957: Privilege escalation in the Enterprise Policies component Reporter Mateusz Dobrzyński Impact moderate References Bug 2033850 #CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process Sandboxing component Reporter Yaqoub Aldurayhim Impact moderate References Bug 2034713 #CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component Reporter Ameen Basha M K Impact moderate References Bug 2034754 #CVE-2026-8961: Spoofing issue in the Form Autofill component Reporter Hafiizh Impact low References Bug 1962625 #CVE-2026-8962: Mitigation bypass in the DOM: Security component Reporter Manojkumar Jaganathan Impact low References Bug 2004804 #CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component Reporter Tristan Madani Impact low References Bug 2030467 #CVE-2026-8970: Privilege escalation in the Security component Reporter pakhunov.anton.n Impact low References Bug 2032174 #CVE-2026-8974: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 Reporter Nika Layzell, Randell Jesup, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team Impact moderate Description Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 #CVE-2026-8975: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 Reporter Andrew McCreight, Valentin Gosu, Nika Layzell, Tom Schuster and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 @ text @$NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.3 2026/05/07 21:01:30 gutteridge Exp $ Fix build failure due to incompatible pointer types. https://github.com/mozilla-firefox/firefox/commit/930757b47bf1ce3522468f384570634032f0500b --- media/ffvpx/libavcodec/parser_list.c.orig 2026-04-27 16:08:57.000000000 +0000 +++ media/ffvpx/libavcodec/parser_list.c @@@@ -1,6 +1,6 @@@@ #include "config_components.h" -static const AVCodecParser * const parser_list[] = { +static const FFCodecParser * const parser_list[] = { #if CONFIG_VP8_PARSER &ff_vp8_parser, #endif @ 1.3 log @firefox140: address CVS keyword substitution glitch @ text @d1 1 a1 1 $NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.2 2026/04/30 21:47:25 gutteridge Exp $ @ 1.2 log @firefox140: note new patch added was already fixed upstream @ text @d1 1 a1 1 $NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.1 2026/04/30 18:51:23 gutteridge Exp $ @ 1.2.2.1 log @file patch-media_ffvpx_libavcodec_parser__list.c was added on branch pkgsrc-2026Q1 on 2026-05-02 19:26:59 +0000 @ text @d1 15 @ 1.2.2.2 log @Pullup ticket #7087 - requested by gutteridge www/firefox140: security fix www/firefox140-l10n: dependent update Revisions pulled up: - www/firefox140-l10n/Makefile 1.10 - www/firefox140-l10n/distinfo 1.10 - www/firefox140/Makefile 1.15 - www/firefox140/distinfo 1.14-1.15 - www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c 1.1-1.2 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 30 18:51:23 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Added Files: pkgsrc/www/firefox140/patches: patch-media_ffvpx_libavcodec_parser__list.c Log Message: firefox140: update to 140.10.1 Mozilla Foundation Security Advisory 2026-36 Security Vulnerabilities fixed in Firefox ESR 140.10.1 Announced April 28, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.10.1 #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component Reporter Xuehao Guo Impact high References Bug 2027433 #CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component Reporter The Mozilla Fuzzing Team Impact moderate References Bug 2029461 #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team Impact critical Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 #CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 30 18:53:28 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.10.1 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 30 21:47:25 UTC 2026 Modified Files: pkgsrc/www/firefox140: distinfo pkgsrc/www/firefox140/patches: patch-media_ffvpx_libavcodec_parser__list.c Log Message: firefox140: note new patch added was already fixed upstream @ text @a0 15 $NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.1 2026/04/30 18:51:23 gutteridge Exp $ Fix build failure due to incompatible pointer types. https://github.com/mozilla-firefox/firefox/commit/930757b47bf1ce3522468f384570634032f0500b --- media/ffvpx/libavcodec/parser_list.c.orig 2026-04-27 16:08:57.000000000 +0000 +++ media/ffvpx/libavcodec/parser_list.c @@@@ -1,6 +1,6 @@@@ #include "config_components.h" -static const AVCodecParser * const parser_list[] = { +static const FFCodecParser * const parser_list[] = { #if CONFIG_VP8_PARSER &ff_vp8_parser, #endif @ 1.2.2.3 log @Pullup ticket #7127 - requested by gutteridge www/firefox140: security fix www/firefox140-l10n: dependent update Revisions pulled up: - www/firefox140-l10n/Makefile 1.12 - www/firefox140-l10n/distinfo 1.12 - www/firefox140/Makefile 1.17 - www/firefox140/distinfo 1.17 - www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c deleted --- Module Name: pkgsrc Committed By: gutteridge Date: Thu May 21 15:34:06 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Removed Files: pkgsrc/www/firefox140/patches: patch-media_ffvpx_libavcodec_parser__list.c Log Message: firefox140: update to 140.11 Mozilla Foundation Security Advisory 2026-48 Security Vulnerabilities fixed in Firefox ESR 140.11 Announced May 19, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.11 #CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component Reporter zx Impact high References Bug 2029070 #CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component Reporter ggwhyp Impact high References Bug 2036978 #CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component Reporter Satoki Tsuji Impact high References Bug 2038439 #CVE-2026-8391: Other issue in the JavaScript Engine component Reporter ggwhyp Impact high References Bug 2038575 #CVE-2026-8401: Sandbox escape in the Profile Backup component Reporter ggwhyp Impact high References Bug 2038679 #CVE-2026-8949: Integer overflow in the Widget: Win32 component Reporter q1 Impact moderate References Bug 1355639 #CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component Reporter Jakub Szymsza Impact moderate References Bug 1965430 #CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access APIs component Reporter stevej Impact moderate References Bug 2029511 #CVE-2026-8954: Incorrect boundary conditions, integer overflow in the Audio/Video component Reporter Ameen Basha M K Impact moderate References Bug 2030747 #CVE-2026-8955: Privilege escalation in the DOM: Workers component Reporter lebr0nli Impact moderate References Bug 2031064 #CVE-2026-8956: Integer overflow in the Networking: JAR component Reporter Yaqoub Aldurayhim Impact moderate References Bug 2032427 #CVE-2026-8957: Privilege escalation in the Enterprise Policies component Reporter Mateusz Dobrzyński Impact moderate References Bug 2033850 #CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process Sandboxing component Reporter Yaqoub Aldurayhim Impact moderate References Bug 2034713 #CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component Reporter Ameen Basha M K Impact moderate References Bug 2034754 #CVE-2026-8961: Spoofing issue in the Form Autofill component Reporter Hafiizh Impact low References Bug 1962625 #CVE-2026-8962: Mitigation bypass in the DOM: Security component Reporter Manojkumar Jaganathan Impact low References Bug 2004804 #CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component Reporter Tristan Madani Impact low References Bug 2030467 #CVE-2026-8970: Privilege escalation in the Security component Reporter pakhunov.anton.n Impact low References Bug 2032174 #CVE-2026-8974: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 Reporter Nika Layzell, Randell Jesup, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team Impact moderate Description Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 #CVE-2026-8975: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 Reporter Andrew McCreight, Valentin Gosu, Nika Layzell, Tom Schuster and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu May 21 15:35:54 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.11 @ text @d1 1 a1 1 $NetBSD: patch-media_ffvpx_libavcodec_parser__list.c,v 1.2.2.2 2026/05/02 19:26:59 bsiegert Exp $ @ 1.1 log @firefox140: update to 140.10.1 Mozilla Foundation Security Advisory 2026-36 Security Vulnerabilities fixed in Firefox ESR 140.10.1 Announced April 28, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.10.1 #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component Reporter Xuehao Guo Impact high References Bug 2027433 #CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component Reporter The Mozilla Fuzzing Team Impact moderate References Bug 2029461 #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team Impact critical Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 #CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 @ text @d1 1 a1 1 $NetBSD$ d4 1 a4 1 error: initialization of 'const AVCodecParser *' from incompatible pointer type 'const FFCodecParser *' @