Pullup ticket #6580 - requested by nia
www/firefox91: security fix

Revisions pulled up:
- www/firefox91/Makefile                                        1.12
- www/firefox91/distinfo                                        1.9
- www/firefox91/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h 1.2

---
  Module Name: pkgsrc
  Committed By: ryoon
  Date: Wed Jan 26 13:38:07 UTC 2022

  Modified Files:
  pkgsrc/www/firefox91: Makefile distinfo
  pkgsrc/www/firefox91/patches:
      patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h

  Log Message:
  firefox91: Update to 91.5.0

  Changelog:
  Security fixes:
  #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen
  #CVE-2022-22743: Browser window spoof using fullscreen mode
  #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode
  #CVE-2022-22741: Browser window spoof using fullscreen mode
  #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
  #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
  #CVE-2022-22737: Race condition when playing audio files
  #CVE-2021-4140: Iframe sandbox bypass with XSLT
  #CVE-2022-22748: Spoofed origin on external protocol launch dialog
  #CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
    event
  #CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
  #CVE-2022-22747: Crash when handling empty pkcs7 sequence
  #CVE-2022-22739: Missing throttling on external protocol launch dialog
  #CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5

(bsiegert)