head 1.11; access; symbols pkgsrc-2026Q1:1.7.0.2 pkgsrc-2026Q1-base:1.7 pkgsrc-2025Q4:1.3.0.2 pkgsrc-2025Q4-base:1.3; locks; strict; comment @# @; 1.11 date 2026.05.07.20.26.58; author gutteridge; state Exp; branches; next 1.10; commitid XRj7WFXFWKjZgVEG; 1.10 date 2026.04.30.18.53.28; author gutteridge; state Exp; branches; next 1.9; commitid 7Gz0JGlbSAFPY0EG; 1.9 date 2026.04.21.13.42.05; author gutteridge; state Exp; branches; next 1.8; commitid o3kdrOd9YkUWxPCG; 1.8 date 2026.04.09.18.39.26; author gutteridge; state Exp; branches; next 1.7; commitid BEtXPJpXhu6NzjBG; 1.7 date 2026.03.24.13.12.35; author gutteridge; state Exp; branches 1.7.2.1; next 1.6; commitid 6JagGGgB0euBhezG; 1.6 date 2026.02.24.14.09.03; author gutteridge; state Exp; branches; next 1.5; commitid SH9T16YZNSRLuDvG; 1.5 date 2026.02.17.00.29.00; author gutteridge; state Exp; branches; next 1.4; commitid qx1AFRB8N4AobFuG; 1.4 date 2026.01.13.17.23.35; author gutteridge; state Exp; branches; next 1.3; commitid 0b3AROnKPEzWUfqG; 1.3 date 2025.12.11.11.05.21; author leot; state Exp; branches 1.3.2.1; next 1.2; commitid Jl8MdNyMAsEOSYlG; 1.2 date 2025.11.12.19.48.59; author leot; state Exp; branches; next 1.1; commitid ANMYmanhMW3AIiiG; 1.1 date 2025.10.19.11.57.41; author leot; state Exp; branches; next ; commitid hTfKKiEqnifUSafG; 1.7.2.1 date 2026.04.10.19.09.35; author bsiegert; state Exp; branches; next 1.7.2.2; commitid FTTeGhuFkwkjIrBG; 1.7.2.2 date 2026.04.26.19.35.21; author bsiegert; state Exp; branches; next 1.7.2.3; commitid M5E5QUqdg03glvDG; 1.7.2.3 date 2026.05.02.19.26.59; author bsiegert; state Exp; branches; next 1.7.2.4; commitid idHf729mVYiq6hEG; 1.7.2.4 date 2026.05.08.11.16.50; author maya; state Exp; branches; next ; commitid HGEyfAIx2h2kc0FG; 1.3.2.1 date 2026.01.14.18.58.46; author maya; state Exp; branches; next 1.3.2.2; commitid xVspYetx9XpZpoqG; 1.3.2.2 date 2026.02.28.20.14.29; author bsiegert; state Exp; branches; next ; commitid nTJO074MkAchobwG; desc @@ 1.11 log @firefox140-l10n: update to 140.10.2 @ text @# $NetBSD: Makefile,v 1.10 2026/04/30 18:53:28 gutteridge Exp $ FIREFOX_VER= 140.10.2esr PKGNAME= firefox140-l10n-${FIREFOX_VER:S/b/beta/:S/esr//} DISTNAME= # empty CATEGORIES= www #MASTER_SITES= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/linux-i686/xpi/} MASTER_SITES= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/linux-i686/xpi/} MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://www.mozilla.com/en-US/firefox/ COMMENT= Language packs for www/firefox140 LICENSE= mpl-2.0 # as of 140.4.0esr DEPENDS+= firefox140>=${PKGVERSION_NOREV}:../../www/firefox140 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${FIREFOX_LOCALES:=.xpi} NO_BUILD= yes INSTALLATION_DIRS= lib/firefox140/distribution/extensions FIREFOX_LOCALES= \ ach af an ar ast az be bg bn br bs ca-valencia ca cak cs cy \ da de dsb \ el en-CA en-GB en-US eo es-AR es-CL es-ES es-MX et eu \ fa ff fi fr fur fy-NL ga-IE gd gl gn gu-IN \ he hi-IN hr hsb hu hy-AM ia id is it ja ka kab kk km kn ko \ lij lt lv mk mr ms my nb-NO ne-NP nl nn-NO oc \ pa-IN pl pt-BR pt-PT rm ro ru sat sc sco si sk skr sl son sq sr \ sv-SE szl ta te th tl tr trs uk ur uz vi xh zh-CN zh-TW EXTENSIONS_DIR= ${PREFIX}/lib/firefox140/distribution/extensions do-install: .for locale in ${FIREFOX_LOCALES} ${INSTALL_DATA} ${WRKSRC}/${locale}.xpi \ ${DESTDIR}${EXTENSIONS_DIR}/langpack-${locale}@@firefox.mozilla.org.xpi .endfor .if make(list-licenses) .include "list-licenses.mk" .endif .include "../../mk/bsd.pkg.mk" @ 1.10 log @firefox140-l10n: update to 140.10.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2026/04/21 13:42:05 gutteridge Exp $ d3 1 a3 1 FIREFOX_VER= 140.10.1esr @ 1.9 log @firefox140-l10n: update to 140.10 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2026/04/09 18:39:26 gutteridge Exp $ d3 1 a3 1 FIREFOX_VER= 140.10.0esr @ 1.8 log @firefox140-l10n: update to 140.9.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2026/03/24 13:12:35 gutteridge Exp $ d3 1 a3 1 FIREFOX_VER= 140.9.1esr @ 1.7 log @firefox140-l10n: update to 140.9 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2026/02/24 14:09:03 gutteridge Exp $ d3 1 a3 1 FIREFOX_VER= 140.9.0esr @ 1.7.2.1 log @Pullup ticket #7074 - requested by gutteridge www/firefox140: security fix www/firefox140-l10n: dependent update Revisions pulled up: - www/firefox140-l10n/Makefile 1.8 - www/firefox140-l10n/distinfo 1.8 - www/firefox140/Makefile 1.13 - www/firefox140/distinfo 1.12 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 9 18:37:06 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Log Message: firefox140: update to 140.9.1 Mozilla Foundation Security Advisory 2026-27 Security Vulnerabilities fixed in Firefox ESR 140.9.1 Announced April 7, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.9.1 #CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Grap= hics: Text component Reporter Sajeeb Lohani Impact high References Bug 2017867 #CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox E= SR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.= 2 Reporter Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing= Team Impact high Description Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Th= underbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of the= se bugs showed evidence of memory corruption and=20 we presume that with enough effort some of these could have been exploited = to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, = Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 #CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbir= d ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 Reporter Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing= Team Impact high Description Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0,= Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidenc= e of memory corruption and we presume that with=20 enough effort some of these could have been exploited to run arbitrary code= . References Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.= 1, Firefox 149.0.2 and Thunderbird 149.0.2 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 9 18:39:26 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.9.1 @ text @d1 1 a1 1 # $NetBSD$ d3 1 a3 1 FIREFOX_VER= 140.9.1esr @ 1.7.2.2 log @Pullup ticket #7083 - requested by gutteridge www/firefox140: security fix www/firefox140-l10n: dependent update Revisions pulled up: - www/firefox140-l10n/Makefile 1.9 - www/firefox140-l10n/distinfo 1.9 - www/firefox140/Makefile 1.14 - www/firefox140/distinfo 1.13 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Apr 21 13:40:08 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Log Message: firefox140: update to 140.10 Mozilla Foundation Security Advisory 2026-32 Security Vulnerabilities fixed in Firefox ESR 140.10 Announced April 21, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.10 #CVE-2026-6746: Use-after-free in the DOM: Core & HTML component Reporter Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic Impact high References Bug 2014596 #CVE-2026-6747: Use-after-free in the WebRTC component Reporter Nan Wang Impact high References Bug 2021769 #CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component Reporter Inseo An Impact high References Bug 2022604 #CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component Reporter Inseo An Impact high References Bug 2022610 #CVE-2026-6750: Privilege escalation in the Graphics: WebRender component Reporter choeseyeong Impact high References Bug 2023407 #CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component Reporter Joren Afman Impact high References Bug 2025883 #CVE-2026-6752: Incorrect boundary conditions in the WebRTC component Reporter jmwebdevelopement Impact high References Bug 2027499 #CVE-2026-6753: Incorrect boundary conditions in the WebRTC component Reporter jmwebdevelopement Impact high References Bug 2027501 #CVE-2026-6754: Use-after-free in the JavaScript Engine component Reporter Xuehao Guo Impact high References Bug 2027541 #CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component Reporter Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic Impact moderate References Bug 2013588 #CVE-2026-6759: Use-after-free in the Widget: Cocoa component Reporter Steven Michaud Impact moderate References Bug 2016164 #CVE-2026-6761: Privilege escalation in the Networking component Reporter kiyong Impact moderate References Bug 2017857 #CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component Reporter Farras Givari Impact moderate References Bug 2021080 #CVE-2026-6763: Mitigation bypass in the File Handling component Reporter Tomoya Nakanishi Impact moderate References Bug 2021666 #CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component Reporter Florian Impact moderate References Bug 2022162 #CVE-2026-6765: Information disclosure in the Form Autofill component Reporter ABDULAZIZ ALASAIQAH Impact moderate References Bug 2022419 #CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS Reporter Haruto Kimura Impact moderate References Bug 2023207 #CVE-2026-6767: Other issue in the Libraries component in NSS Reporter Haruto Kimura Impact moderate References Bug 2023209 #CVE-2026-6769: Privilege escalation in the Debugger component Reporter Tomoya Nakanishi Impact moderate References Bug 2023753 #CVE-2026-6770: Other issue in the Storage: IndexedDB component Reporter Dai Impact moderate References Bug 2024220 #CVE-2026-6771: Mitigation bypass in the DOM: Security component Reporter Rayhan Hanaputra Impact moderate References Bug 2025067 #CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS Reporter sseehra Impact moderate References Bug 2026089 #CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component Reporter Nan Wang Impact low References Bug 2021770 #CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 Reporter Andrew McCreight, Ashley Zebrowski, Brian Grinstead, Christian Holler, Maurice Dauer, Tom Schuster and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 #CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 Reporter Alex Franchuk, Andrew McCreight, Brian Grinstead, Christian Holler, Jan de Mooij, Maurice Dauer, Sebastian Hengst, Tom Schuster and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Apr 21 13:42:06 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.10 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7.2.1 2026/04/10 19:09:35 bsiegert Exp $ d3 1 a3 1 FIREFOX_VER= 140.10.0esr @ 1.7.2.3 log @Pullup ticket #7087 - requested by gutteridge www/firefox140: security fix www/firefox140-l10n: dependent update Revisions pulled up: - www/firefox140-l10n/Makefile 1.10 - www/firefox140-l10n/distinfo 1.10 - www/firefox140/Makefile 1.15 - www/firefox140/distinfo 1.14-1.15 - www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c 1.1-1.2 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 30 18:51:23 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Added Files: pkgsrc/www/firefox140/patches: patch-media_ffvpx_libavcodec_parser__list.c Log Message: firefox140: update to 140.10.1 Mozilla Foundation Security Advisory 2026-36 Security Vulnerabilities fixed in Firefox ESR 140.10.1 Announced April 28, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.10.1 #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component Reporter Xuehao Guo Impact high References Bug 2027433 #CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component Reporter The Mozilla Fuzzing Team Impact moderate References Bug 2029461 #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team Impact critical Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 #CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 30 18:53:28 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.10.1 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu Apr 30 21:47:25 UTC 2026 Modified Files: pkgsrc/www/firefox140: distinfo pkgsrc/www/firefox140/patches: patch-media_ffvpx_libavcodec_parser__list.c Log Message: firefox140: note new patch added was already fixed upstream @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7.2.2 2026/04/26 19:35:21 bsiegert Exp $ d3 1 a3 1 FIREFOX_VER= 140.10.1esr @ 1.7.2.4 log @Pullup ticket #7102 - requested by gutteridge www/firefox140: Security fix www/firefox140-l10n: Security fix Revisions pulled up: - www/firefox140-l10n/Makefile 1.11 - www/firefox140-l10n/distinfo 1.11 - www/firefox140/Makefile 1.16 - www/firefox140/distinfo 1.16 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu May 7 20:25:32 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Log Message: firefox140: update to 140.10.2 Mozilla Foundation Security Advisory 2026-41 Security Vulnerabilities fixed in Firefox ESR 140.10.2 Announced May 7, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.10.2 #CVE-2026-8090: Use-after-free in the DOM: Networking component Reporter Kevin Brosnan Impact high References Bug 2034352 #CVE-2026-8094: Other issue in the WebRTC component Reporter Michael Froman Impact high References Bug 2035939 #CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox E= SR 140.10.2 and Firefox 150.0.2 Reporter Andrew McCreight, Christian Holler, Lee Salzman, Maurice Dauer, Tom Sch= uster, Wayne Mery and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 an= d Firefox 150.0.1. Some of these bugs showed evidence of memory corruption = and we presume that with enough effort some of=20 these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 = and Firefox 150.0.2 --- Module Name: pkgsrc Committed By: gutteridge Date: Thu May 7 20:26:58 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.10.2 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7.2.3 2026/05/02 19:26:59 bsiegert Exp $ d3 1 a3 1 FIREFOX_VER= 140.10.2esr @ 1.6 log @firefox140-l10n: update to 140.8.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2026/02/17 00:29:00 gutteridge Exp $ d3 1 a3 1 FIREFOX_VER= 140.8.0esr @ 1.5 log @firefox140-l10n: update to 140.7.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2026/01/13 17:23:35 gutteridge Exp $ d3 1 a3 1 FIREFOX_VER= 140.7.1esr @ 1.4 log @firefox140-l10n: update to 140.7.0 Sync with www/firefox140 version. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2025/12/11 11:05:21 leot Exp $ d3 1 a3 1 FIREFOX_VER= 140.7.0esr @ 1.3 log @firefox140{,-l10n}: Update to 140.6.0 Changes: 140.6.0 - Security fixes (MFSA2025-94) Discussed with PMC and ok by during carefulperiod 2, thanks! @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2025/11/12 19:48:59 leot Exp $ d3 1 a3 1 FIREFOX_VER= 140.6.0esr @ 1.3.2.1 log @Pullup ticket #7044 - requested by gutteridge www/firefox140: Security fix www/firefox140-l10n: Security fix Revisions pulled up: - www/firefox140-l10n/Makefile 1.4 - www/firefox140-l10n/distinfo 1.4 - www/firefox140/Makefile 1.8 - www/firefox140/distinfo 1.8 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Jan 13 17:20:06 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Log Message: firefox140: update to 140.7.0 Mozilla Foundation Security Advisory 2026-03 Security Vulnerabilities fixed in Firefox ESR 140.7 Announced January 13, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.7 #CVE-2026-0877: Mitigation bypass in the DOM: Security component Reporter mingijung Impact high References Bug 1999257 #CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component Reporter Oskar L Impact high References Bug 2003989 #CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component Reporter Oskar L Impact high References Bug 2004602 #CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component Reporter Oskar L Impact high References Bug 2005014 #CVE-2026-0882: Use-after-free in the IPC component Reporter Randell Jesup Impact high References Bug 1924125 #CVE-2025-14327: Spoofing issue in the Downloads Panel component Reporter Caro Kann Impact moderate References Bug 1970743 #CVE-2026-0883: Information disclosure in the Networking component Reporter Vladislav Plyatsok Impact moderate References Bug 1989340 #CVE-2026-0884: Use-after-free in the JavaScript Engine component Reporter Gary Kwong and Nan Wang Impact moderate References Bug 2003588 #CVE-2026-0885: Use-after-free in the JavaScript: GC component Reporter Irvan Kurniawan Impact moderate References Bug 2003607 #CVE-2026-0886: Incorrect boundary conditions in the Graphics component Reporter Oskar L Impact moderate References Bug 2005658 #CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component Reporter Lyra Rebane Impact moderate References Bug 2006500 #CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component Reporter Edgar Chen Impact low References Bug 2005081 #CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 Reporter Andrew McCreight, Dennis Jackson and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Jan 13 17:23:35 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.7.0 Sync with www/firefox140 version. @ text @d1 1 a1 1 # $NetBSD$ d3 1 a3 1 FIREFOX_VER= 140.7.0esr @ 1.3.2.2 log @Pullup ticket #7045 - requested by gutteridge www/firefox140: security fix www/firefox140-l10n: dependent update Revisions pulled up: - www/firefox140-l10n/Makefile 1.6 - www/firefox140-l10n/distinfo 1.6 - www/firefox140/Makefile 1.11 - www/firefox140/distinfo 1.10 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Feb 24 14:07:55 UTC 2026 Modified Files: pkgsrc/www/firefox140: Makefile distinfo Log Message: firefox140: update to 140.8 Mozilla Foundation Security Advisory 2026-15 Security Vulnerabilities fixed in Firefox ESR 140.8 Announced February 24, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.8 #CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component Reporter Igor Morgenstern Impact high References Bug 2001637 #CVE-2026-2758: Use-after-free in the JavaScript: GC component Reporter Gary Kwong Impact high References Bug 2009608 #CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component Reporter stevej Impact high References Bug 2010933 #CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component Reporter Oskar L Impact high References Bug 2011062 #CVE-2026-2761: Sandbox escape in the Graphics: WebRender component Reporter Oskar L Impact high References Bug 2011063 #CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component Reporter André Bargull Impact high References Bug 2011649 #CVE-2026-2763: Use-after-free in the JavaScript Engine component Reporter Information to follow Impact high References Bug 2012018 #CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component Reporter Information to follow Impact high References Bug 2012608 #CVE-2026-2765: Use-after-free in the JavaScript Engine component Reporter Information to follow Impact high References Bug 2013562 #CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component Reporter Information to follow Impact high References Bug 2013583 #CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component Reporter Sajeeb Lohani Impact high References Bug 2013741 #CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component Reporter Sajeeb Lohani Impact high References Bug 2014101 #CVE-2026-2769: Use-after-free in the Storage: IndexedDB component Reporter Information to follow Impact high References Bug 2014550 #CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component Reporter Information to follow Impact high References Bug 2014585 #CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component Reporter Information to follow Impact high References Bug 2014593 #CVE-2026-2772: Use-after-free in the Audio/Video: Playback component Reporter Information to follow Impact high References Bug 2014827 #CVE-2026-2773: Incorrect boundary conditions in the Web Audio component Reporter Information to follow Impact high References Bug 2014832 #CVE-2026-2774: Integer overflow in the Audio/Video component Reporter Information to follow Impact high References Bug 2014883 #CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component Reporter Information to follow Impact high References Bug 2015199 #CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software Reporter Sajeeb Lohani Impact high References Bug 2015266 #CVE-2026-2777: Privilege escalation in the Messaging System component Reporter Richard Belisle Impact high References Bug 2015305 #CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component Reporter Sajeeb Lohani Impact high References Bug 2016358 #CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component Reporter Alex Mayorga Impact moderate References Bug 1164141 #CVE-2026-2780: Privilege escalation in the Netmonitor component Reporter RyotaK Impact moderate References Bug 2007829 #CVE-2026-2781: Integer overflow in the Libraries component in NSS Reporter Clay Ver Valen Impact moderate References Bug 2009552 #CVE-2026-2782: Privilege escalation in the Netmonitor component Reporter Cody Impact moderate References Bug 2010743 #CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component Reporter x0e Impact moderate References Bug 2010943 #CVE-2026-2784: Mitigation bypass in the DOM: Security component Reporter D. Santos Impact moderate References Bug 2012984 #CVE-2026-2785: Invalid pointer in the JavaScript Engine component Reporter Information to follow Impact moderate References Bug 2013549 #CVE-2026-2786: Use-after-free in the JavaScript Engine component Reporter Information to follow Impact moderate References Bug 2013612 #CVE-2026-2787: Use-after-free in the DOM: Window and Location component Reporter Information to follow Impact moderate References Bug 2014560 #CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component Reporter Information to follow Impact moderate References Bug 2014824 #CVE-2026-2789: Use-after-free in the Graphics: ImageLib component Reporter Information to follow Impact moderate References Bug 2015179 #CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component Reporter Surya Dev Singh Impact low References Bug 2008426 #CVE-2026-2791: Mitigation bypass in the Networking: Cache component Reporter Information to follow Impact low References Bug 2015220 #CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 Reporter Andrew McCreight, Maurice Dauer, Olli Pettay, Ryan Hunt Impact high Description Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 #CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 Reporter Andrew McCreight, Christian Holler Impact high Description Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 --- Module Name: pkgsrc Committed By: gutteridge Date: Tue Feb 24 14:09:03 UTC 2026 Modified Files: pkgsrc/www/firefox140-l10n: Makefile distinfo Log Message: firefox140-l10n: update to 140.8.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3.2.1 2026/01/14 18:58:46 maya Exp $ d3 1 a3 1 FIREFOX_VER= 140.8.0esr @ 1.2 log @firefox140-l10n: Update to 140.5.0 ESR Sync with www/firefox140 version. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2025/10/19 11:57:41 leot Exp $ d3 1 a3 1 FIREFOX_VER= 140.5.0esr @ 1.1 log @firefox140-l10n: Import firefox140-l10n-140.4.0 as www/firefox140-l10n This package contains language packs for www/firefox140. Based on www/firefox-l10n but adjusted for 140 ESR. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.292 2025/07/23 13:58:25 ryoon Exp $ d3 1 a3 1 FIREFOX_VER= 140.4.0esr @