New release (95.0.1).

New release (95.0).
Security fixes:
2021-43536: URL leakage when navigating while executing asynchronous function
2021-43537: Heap buffer overflow when using structured clone
2021-43538: Missing fullscreen and pointer lock notification when requesting both
2021-43539: GC rooting failure when calling wasm instance methods
2021-0010: Use-after-free in fullscreen objects on MacOS
2021-43540: WebExtensions could have installed persistent ServiceWorkers
2021-43541: External protocol handler parameters were unescaped
2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
2021-43543: Bypass of CSP sandbox directive when embedding
2021-43544: Receiving a malicious URL as text through a SEND intent could have led to XSS
2021-43545: Denial of Service when using the Location API in a loop
2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4

New release (94.0.2).

New release (94.0).
Security fixes:
2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
2021-38504: Use-after-free in file picker dialog
2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
2021-0003: Universal XSS in Firefox for Android via QR Code URLs
2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
2021-0004: Web Extensions could access pre-redirect URL when their context menu was triggered by a user
2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
2021-0005: 'Copy Image Link' context menu action could have been abused to see authentication tokens
2021-0006: URL Parsing may incorrectly parse internationalized domains
2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3

New release (93.0).
Security fixes:
2021-38496: Use-after-free in MessageTask
2021-38497: Validation message could have been overlaid on another origin
2021-38498: Use-after-free of nsLanguageAtomService object
2021-32810: Data race in crossbeam-deque
2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
2021-38499: Memory safety bugs fixed in Firefox 93

New release (92.0.1).

New release (92.0).
Security fixes:
2021-29993: Handling custom intents could lead to crashes and UI spoofs
2021-38491: Mixed-Content-Blocking was unable to check opaque origins
2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer
2021-38493: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
2021-38494: Memory safety bugs fixed in Firefox 92

Rebuild with llvm12.0.

New release (91.0.2).

New release (91.0.1).
Security fixes:
2021-29991: Header Splitting possible with HTTP/3 Responses

New release (91.0).
Security fixes:
2021-29986: Race condition when resolving DNS names could have led to memory corruption
2021-29981: Live range splitting could have led to conflicting assignments in the JIT
2021-29988: Memory corruption as a result of incorrect style treatment
2021-29983: Firefox for Android could get stuck in fullscreen mode
2021-29984: Incorrect instruction reordering during JIT optimization
2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
2021-29987: Users could have been tricked into accepting unwanted permissions on Linux
2021-29985: Use-after-free media channels
2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion
2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
2021-29990: Memory safety bugs fixed in Firefox 91

New release (90.0.2).

New release (90.0.1).

New release (90.0).
Move rpm-build-firefox from firefox to separate package.
Security fixes:
2021-29970: Use-after-free in accessibility features of a document
2021-29971: Granted permissions only compared host; omitting scheme and port on Android
2021-30547: Out of bounds write in ANGLE
2021-29972: Use of out-of-date library included use-after-free vulnerability
2021-29973: Password autofill on HTTP websites was enabled without user interaction on Android
2021-29974: HSTS errors could be overridden when network partitioning was enabled
2021-29975: Text message could be overlaid on top of another website
2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
2021-29977: Memory safety bugs fixed in Firefox 90

Enable searching system- and account-global directories for extensions (ALT#40364).

New release (89.0.2).