---
- branch: MAIN
  date: Fri Jul 22 08:16:40 UTC 2022
  files:
  - new: '1.22'
    old: '1.21'
    path: pkgsrc/www/firefox91/Makefile
    pathrev: pkgsrc/www/firefox91/Makefile@1.22
    type: modified
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/www/firefox91/distinfo
    pathrev: pkgsrc/www/firefox91/distinfo@1.15
    type: modified
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/www/firefox91-l10n/Makefile
    pathrev: pkgsrc/www/firefox91-l10n/Makefile@1.13
    type: modified
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/www/firefox91-l10n/distinfo
    pathrev: pkgsrc/www/firefox91-l10n/distinfo@1.15
    type: modified
  id: 20220722T081640Z.22bb515ef8ab582bade4f1bd0dd1014f5c19475d
  log: |
    firefox91: update to 91.11.0

                      Mozilla Foundation Security Advisory 2022-25

    Security Vulnerabilities fixed in Firefox ESR 91.11

        #CVE-2022-34479: A popup window could be resized in a way to overlay the
        address bar with web content

        #CVE-2022-34470: Use-after-free in nsSHistory

        #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
        via retargeted javascript: URI

        #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

        #CVE-2022-31744: CSP bypass enabling stylesheet injection

        #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
        blocked

        #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
        prompt

        #CVE-2022-2200: Undesired attributes could be set as part of prototype
        pollution

        #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
        91.11
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www'
  unixtime: '1658477800'
  user: nia