Opened 8 weeks ago
Closed 7 weeks ago
#20056 closed enhancement (fixed)
firefox-128.0esr
| Reported by: | Owned by: | Douglas R. Reno | |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The start of a new ESR series.
The only changes from 128.0 are that the version is reported as 128.0esr and some of the shipped json files have changes (no idea what those do).
Change History (5)
comment:1 by , 8 weeks ago
comment:2 by , 7 weeks ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 7 weeks ago
| Priority: | normal → elevated |
|---|
comment:4 by , 7 weeks ago
The release notes for this version of ESR are very long. They can be found at https://www.mozilla.org/en-US/firefox/128.0esr/releasenotes/
One of the most notable items in here is "Firefox now defaults to the Wayland compositor when available instead of XWayland. This brings support for touchpad & touchscreen gestures, swipe-to-nav, per-monitor DPI settings, better graphics performance, and more."
Security fixes:
- CVE-2024-6606: Out-of-bounds read in clipboard component (High)
- CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
- CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock. (Moderate)
- CVE-2024-6609: Memory corruption in NSS (Moderate)
- CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
- CVE-2024-6601: Race condition in permission assignment (Moderate)
- CVE-2024-6602: Memory corruption in NSS (Moderate)
- CVE-2024-6603: Memory corruption in thread creation (Moderate)
- CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
- CVE-2024-6612: CSP violation leakage when using devtools (Low)
- CVE-2024-6613: Incorrect listing of stack frames (Low)
- CVE-2024-6614: Incorrect listing of stack frames (Low)
- CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
- CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)
Note that for users who wish to stay on the last ESR, a new release of that was issued alongside this. That would be Firefox-115.13.0esr. That one has the following fixes:
- CVE-2024-6601: Race condition in permission assignment (Moderate)
- CVE-2024-6602: Memory corruption in NSS (Moderate)
- CVE-2024-6603: Memory corruption in thread creation (Moderate)
- CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
comment:5 by , 7 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at e463031f7499b372a5ed0cfa301c44cb6a40b9c1
SA-12.1-074 issued
Builds fine in 12.1 and 12.2-dev. LLVM-18, WebRTC, and ARM changes are no longer needed for dev.