firefox-115.1.0 (was 115.0.3)

[Bruce Dubbs]

New point version.

[ken@…]

At the moment this seems to only be for esr. There is a link on the Release Notes page, but it 404s.

diffing from 115.0.2esr, the only changes are to the version, milestones, and the commit for the sourcestamp.

[Douglas R. Reno]

This appears to be Windows specific (and only for people that use certain Antivirus software): ​https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/

[ken@…]

115.1.0esr is now available.

[ken@…]

I'm getting 404 for 115.1.0 at ​https://www.mozilla.org/en-US/firefox/releases/

[Douglas R. Reno]

I just got the official Mozilla release announcement about two hours ago, the versioning is weird

They are at ​https://www.mozilla.org/en-US/firefox/115.1esr/releasenotes/

[Douglas R. Reno]

There are quite a few high fixes sitting in there

[ken@…]

Replying to Douglas R. Reno:

There are quite a few high fixes sitting in there

Thanks, for some reason the links that google gives me for 115-series seem to always 404.

[ken@…]

​https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/

eight items rated as High:

CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions High

CVE-2023-4046: Incorrect value used during WASM compilation

CVE-2023-4047: Potential permissions request bypass via clickjacking

CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions

CVE-2023-4049: Fix potential race conditions when releasing platform objects

CVE-2023-4050: Stack buffer overflow in StorageManager

CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

CVE-2023-4057: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

But the first cannot apply to BLFS because we lack the packages (and static libz.a) needed to use wasm.

[ken@…]

Book updated at sha:f11dce689e 11.3-1213

[Bruce Dubbs]

Milestone renamed

[ken@…]

Security Advisory SA 11.3-068 created.