|
Contains fixes for:
CVE-2025-6424: Use-after-free in FontFaceSet
CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed
a persistent UUID
CVE-2025-6426: No warning when opening executable terminal files on
macOS
CVE-2025-6427: connect-src Content Security Policy restriction could
be bypassed
CVE-2025-6428: Firefox for Android opened URLs specified in a link
querystring parameter
CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding
of youtube.com
CVE-2025-6430: Content-Disposition header ignored when a file is
included in an embed or object tag
CVE-2025-6431: The prompt in Firefox for Android that asks before
opening a link in an external application could be
bypassed
CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy
CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a
webpage with an invalid TLS certificate
CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking
delay
CVE-2025-6435: Save as in Devtools could download files without
sanitizing the extension
CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird
140
* gnu/packages/librewolf.scm (librewolf): Update to 140.0.2-1.
* gnu/packages/patches/librewolf-use-system-wide-dir.patch: Adjust.
Change-Id: I786706575e04f32054f6a1142d606eb3ba6b22e3
|
