Backport ESR 102.4 security fixes to 91.13-based Tor Browser

Advisories: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42927

CVE-2022-42927: Same-origin policy violation could have leaked cross-origin URLs

https://bugzilla.mozilla.org/show_bug.cgi?id=1789128

CVE-2022-42928: Memory Corruption in JS Engine

https://bugzilla.mozilla.org/show_bug.cgi?id=1791520

CVE-2022-42929: Denial of Service via window.print

https://bugzilla.mozilla.org/show_bug.cgi?id=1789439

CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

https://bugzilla.mozilla.org/show_bug.cgi?id=1789729
https://bugzilla.mozilla.org/show_bug.cgi?id=1791363 // not required, fixes bug introduced in Firefox 98 which was not backported to ESR 91
https://bugzilla.mozilla.org/show_bug.cgi?id=1792041

CVE-2022-40674: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

https://bugzilla.mozilla.org/show_bug.cgi?id=1791598

Edited Oct 19, 2022 by morgan

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information