---
- branch: MAIN
  date: Tue Jan 24 17:59:28 UTC 2023
  files:
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/www/firefox102/Makefile
    pathrev: pkgsrc/www/firefox102/Makefile@1.15
    type: modified
  - new: '1.10'
    old: '1.9'
    path: pkgsrc/www/firefox102/distinfo
    pathrev: pkgsrc/www/firefox102/distinfo@1.10
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/www/firefox102-l10n/Makefile
    pathrev: pkgsrc/www/firefox102-l10n/Makefile@1.9
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/www/firefox102-l10n/distinfo
    pathrev: pkgsrc/www/firefox102-l10n/distinfo@1.8
    type: modified
  id: 20230124T175928Z.aaf1d6b8db807aa1d517d7fda62627bf36972482
  log: |
    firefox102: Update to 102.7.0

    Security Vulnerabilities fixed in Firefox ESR 102.7

        #CVE-2022-46871: libusrsctp library out of date

        #CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux

        #CVE-2023-23599: Malicious command could be hidden in devtools output on
        Windows

        #CVE-2023-23601: URL being dragged from cross-origin iframe into same tab
        triggers navigation

        #CVE-2023-23602: Content Security Policy wasn't being correctly applied to
        WebSockets in WebWorkers

        #CVE-2022-46877: Fullscreen notification bypass

        #CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content
        Security Policy via format directive

        #CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR
        102.7
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www'
  unixtime: '1674583168'
  user: nia