655
|
1 |
-------------------------------------------------------------------
|
|
2 |
Fri Jun 21 05:49:58 UTC 2013 - wr@rosenauer.org
|
|
3 |
|
|
4 |
- update to 17.0.7esr (bnc#825935)
|
|
5 |
|
652
|
6 |
-------------------------------------------------------------------
|
|
7 |
Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org
|
|
8 |
|
|
9 |
- update to 17.0.6esr (bnc#819204)
|
|
10 |
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
|
|
11 |
Miscellaneous memory safety hazards
|
|
12 |
* MFSA 2013-42/CVE-2013-1670 (bmo#853709)
|
|
13 |
Privileged access for content level constructor
|
|
14 |
* MFSA 2013-46/CVE-2013-1674 (bmo#860971)
|
|
15 |
Use-after-free with video and onresize event
|
|
16 |
* MFSA 2013-47/CVE-2013-1675 (bmo#866825)
|
|
17 |
Uninitialized functions in DOMSVGZoomEvent
|
|
18 |
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
|
|
19 |
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
|
|
20 |
Memory corruption found using Address Sanitizer
|
|
21 |
|
638
|
22 |
-------------------------------------------------------------------
|
|
23 |
Fri Mar 29 16:27:59 UTC 2013 - wr@rosenauer.org
|
|
24 |
|
|
25 |
- update to 17.0.5esr (bnc#813026)
|
|
26 |
* requires NSPR 4.9.5 and NSS 3.14.3
|
|
27 |
* MFSA 2013-30/CVE-2013-0788
|
|
28 |
Miscellaneous memory safety hazards
|
|
29 |
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
|
|
30 |
Out-of-bounds write in Cairo library
|
|
31 |
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
|
|
32 |
WebGL crash with Mesa graphics driver on Linux
|
|
33 |
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
|
|
34 |
Bypass of SOW protections allows cloning of protected nodes
|
|
35 |
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
|
|
36 |
Bypass of tab-modal dialog origin disclosure
|
|
37 |
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
|
|
38 |
Cross-site scripting (XSS) using timed history navigations
|
|
39 |
|
|
40 |
-------------------------------------------------------------------
|
|
41 |
Fri Mar 8 09:00:09 UTC 2013 - wr@rosenauer.org
|
|
42 |
|
|
43 |
- update to 17.0.4esr (bnc#808243)
|
|
44 |
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
|
|
45 |
Use-after-free in HTML Editor
|
|
46 |
|
|
47 |
-------------------------------------------------------------------
|
|
48 |
Sat Feb 16 17:38:21 UTC 2013 - wr@rosenauer.org
|
|
49 |
|
|
50 |
- update to 17.0.3esr (bnc#804248)
|
|
51 |
* MFSA 2013-21/CVE-2013-0783
|
|
52 |
Miscellaneous memory safety hazards
|
|
53 |
* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
|
|
54 |
Web content bypass of COW and SOW security wrappers
|
|
55 |
* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
|
|
56 |
Privacy leak in JavaScript Workers
|
|
57 |
* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
|
|
58 |
Use-after-free in nsImageLoadingContent
|
|
59 |
* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
|
|
60 |
Phishing on HTTPS connection through malicious proxy
|
|
61 |
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
|
|
62 |
Use-after-free, out of bounds read, and buffer overflow issues
|
|
63 |
found using Address Sanitizer
|
|
64 |
|
|
65 |
-------------------------------------------------------------------
|
|
66 |
Sat Jan 5 14:46:06 UTC 2013 - wr@rosenauer.org
|
|
67 |
|
|
68 |
- update to 17.0.2esr (bnc#796895)
|
|
69 |
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
|
|
70 |
Miscellaneous memory safety hazards
|
|
71 |
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
|
|
72 |
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
|
|
73 |
Use-after-free and buffer overflow issues found using Address Sanitizer
|
|
74 |
* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
|
|
75 |
Buffer Overflow in Canvas
|
|
76 |
* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
|
|
77 |
URL spoofing in addressbar during page loads
|
|
78 |
* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
|
|
79 |
Use-after-free when displaying table with many columns and column groups
|
|
80 |
* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
|
|
81 |
Crash due to handling of SSL on threads
|
|
82 |
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
|
|
83 |
AutoWrapperChanger fails to keep objects alive during garbage collection
|
|
84 |
* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
|
|
85 |
Compartment mismatch with quickstubs returned values
|
|
86 |
* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
|
|
87 |
Event manipulation in plugin handler to bypass same-origin policy
|
|
88 |
* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
|
|
89 |
Address space layout leaked in XBL objects
|
|
90 |
* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
|
|
91 |
Buffer overflow in Javascript string concatenation
|
|
92 |
* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
|
|
93 |
Memory corruption in XBL with XML bindings containing SVG
|
|
94 |
* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
|
|
95 |
Chrome Object Wrapper (COW) bypass through changing prototype
|
|
96 |
* MFSA 2013-15/CVE-2013-0758 (bmo#813906)
|
|
97 |
Privilege escalation through plugin objects
|
|
98 |
* MFSA 2013-16/CVE-2013-0753 (bmo#814001)
|
|
99 |
Use-after-free in serializeToStream
|
|
100 |
* MFSA 2013-17/CVE-2013-0754 (bmo#814026)
|
|
101 |
Use-after-free in ListenerManager
|
|
102 |
* MFSA 2013-18/CVE-2013-0755 (bmo#814027)
|
|
103 |
Use-after-free in Vibrate
|
|
104 |
* MFSA 2013-19/CVE-2013-0756 (bmo#814029)
|
|
105 |
Use-after-free in Javascript Proxy objects
|
|
106 |
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
|
|
107 |
- build on SLE11
|
|
108 |
* mozilla-gcc43-enums.patch
|
|
109 |
* mozilla-gcc43-template_hacks.patch
|
|
110 |
* mozilla-gcc43-templates_instantiation.patch
|
|
111 |
|
|
112 |
-------------------------------------------------------------------
|
|
113 |
Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org
|
|
114 |
|
|
115 |
- update to 17.0.1
|
|
116 |
* regression/compatibility fixes
|
|
117 |
|
|
118 |
-------------------------------------------------------------------
|
|
119 |
Tue Nov 20 20:15:23 UTC 2012 - wr@rosenauer.org
|
|
120 |
|
|
121 |
- update to 17.0 (bnc#790140)
|
|
122 |
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
|
|
123 |
Miscellaneous memory safety hazards
|
|
124 |
* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
|
|
125 |
Buffer overflow while rendering GIF images
|
|
126 |
* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
|
|
127 |
evalInSanbox location context incorrectly applied
|
|
128 |
* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
|
|
129 |
Crash when combining SVG text on path with CSS
|
|
130 |
* MFSA 2012-95/CVE-2012-4203 (bmo#765628)
|
|
131 |
Javascript: URLs run in privileged context on New Tab page
|
|
132 |
* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
|
|
133 |
Memory corruption in str_unescape
|
|
134 |
* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
|
|
135 |
XMLHttpRequest inherits incorrect principal within sandbox
|
|
136 |
* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
|
|
137 |
XrayWrappers exposes chrome-only properties when not in chrome
|
|
138 |
compartment
|
|
139 |
* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
|
|
140 |
Improper security filtering for cross-origin wrappers
|
|
141 |
* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
|
|
142 |
Improper character decoding in HZ-GB-2312 charset
|
|
143 |
* MFSA 2012-102/CVE-2012-5837 (bmo#800363)
|
|
144 |
Script entered into Developer Toolbar runs with chrome privileges
|
|
145 |
* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
|
|
146 |
Frames can shadow top.location
|
|
147 |
* MFSA 2012-104/CVE-2012-4210 (bmo#796866)
|
|
148 |
CSS and HTML injection through Style Inspector
|
|
149 |
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
|
|
150 |
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
|
|
151 |
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
|
|
152 |
Use-after-free and buffer overflow issues found using Address
|
|
153 |
Sanitizer
|
|
154 |
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
|
|
155 |
Use-after-free, buffer overflow, and memory corruption issues
|
|
156 |
found using Address Sanitizer
|
|
157 |
- rebased patches
|
|
158 |
- disabled WebRTC since build is broken (bmo#776877)
|
|
159 |
|
|
160 |
-------------------------------------------------------------------
|
|
161 |
Wed Oct 24 08:28:49 UTC 2012 - wr@rosenauer.org
|
|
162 |
|
|
163 |
- update to 16.0.2 (bnc#786522)
|
|
164 |
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
|
|
165 |
(bmo#800666, bmo#793121, bmo#802557)
|
|
166 |
Fixes for Location object issues
|
|
167 |
|
|
168 |
-------------------------------------------------------------------
|
|
169 |
Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org
|
|
170 |
|
|
171 |
- update to 16.0.1 (bnc#783533)
|
|
172 |
* MFSA 2012-88/CVE-2012-4191 (bmo#798045)
|
|
173 |
Miscellaneous memory safety hazards
|
|
174 |
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
|
|
175 |
defaultValue security checks not applied
|
|
176 |
|
|
177 |
-------------------------------------------------------------------
|
|
178 |
Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org
|
|
179 |
|
|
180 |
- update to 16.0 (bnc#783533)
|
|
181 |
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
|
|
182 |
Miscellaneous memory safety hazards
|
|
183 |
* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
|
|
184 |
select element persistance allows for attacks
|
|
185 |
* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
|
|
186 |
Continued access to initial origin after setting document.domain
|
|
187 |
* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
|
|
188 |
Some DOMWindowUtils methods bypass security checks
|
|
189 |
* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
|
|
190 |
DOS and crash with full screen and history navigation
|
|
191 |
* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
|
|
192 |
Crash with invalid cast when using instanceof operator
|
|
193 |
* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
|
|
194 |
GetProperty function can bypass security checks
|
|
195 |
* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
|
|
196 |
top object and location property accessible by plugins
|
|
197 |
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
|
|
198 |
Chrome Object Wrapper (COW) does not disallow acces to privileged
|
|
199 |
functions or properties
|
|
200 |
* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
|
|
201 |
Spoofing and script injection through location.hash
|
|
202 |
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
|
|
203 |
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
|
|
204 |
Use-after-free, buffer overflow, and out of bounds read issues
|
|
205 |
found using Address Sanitizer
|
|
206 |
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
|
|
207 |
CVE-2012-4188
|
|
208 |
Heap memory corruption issues found using Address Sanitizer
|
|
209 |
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)
|
|
210 |
Use-after-free in the IME State Manager
|
|
211 |
- requires NSPR 4.9.2
|
|
212 |
- removed upstreamed mozilla-crashreporter-restart-args.patch
|
|
213 |
- updated translations-other with new languages
|
|
214 |
|
|
215 |
-------------------------------------------------------------------
|
|
216 |
Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org
|
|
217 |
|
|
218 |
- update to 15.0 (bnc#777588)
|
|
219 |
* MFSA 2012-57/CVE-2012-1970
|
|
220 |
Miscellaneous memory safety hazards
|
|
221 |
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
|
|
222 |
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
|
|
223 |
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
|
|
224 |
Use-after-free issues found using Address Sanitizer
|
|
225 |
* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
|
|
226 |
Location object can be shadowed using Object.defineProperty
|
|
227 |
* MFSA 2012-60/CVE-2012-3965 (bmo#769108)
|
|
228 |
Escalation of privilege through about:newtab
|
|
229 |
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
|
|
230 |
Memory corruption with bitmap format images with negative height
|
|
231 |
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
|
|
232 |
WebGL use-after-free and memory corruption
|
|
233 |
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
|
|
234 |
SVG buffer overflow and use-after-free issues
|
|
235 |
* MFSA 2012-64/CVE-2012-3971
|
|
236 |
Graphite 2 memory corruption
|
|
237 |
* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
|
|
238 |
Out-of-bounds read in format-number in XSLT
|
|
239 |
* MFSA 2012-66/CVE-2012-3973 (bmo#757128)
|
|
240 |
HTTPMonitor extension allows for remote debugging without explicit
|
|
241 |
activation
|
|
242 |
* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
|
|
243 |
DOMParser loads linked resources in extensions when parsing
|
|
244 |
text/html
|
|
245 |
* MFSA 2012-69/CVE-2012-3976 (bmo#768568)
|
|
246 |
Incorrect site SSL certificate data display
|
|
247 |
* MFSA 2012-70/CVE-2012-3978 (bmo#770429)
|
|
248 |
Location object security checks bypassed by chrome code
|
|
249 |
* MFSA 2012-72/CVE-2012-3980 (bmo#771859)
|
|
250 |
Web console eval capable of executing chrome-privileged code
|
|
251 |
- fix HTML5 video crash with GStreamer enabled (bmo#761030)
|
|
252 |
- fixed filelist
|
|
253 |
|
|
254 |
-------------------------------------------------------------------
|
|
255 |
Fri Aug 17 13:09:49 UTC 2012 - dmueller@suse.com
|
|
256 |
|
|
257 |
- fix build on ARM:
|
|
258 |
* disable crashreporter, it does not build
|
|
259 |
* reduce debuginfo during built to avoid running out of memory
|
|
260 |
|
|
261 |
-------------------------------------------------------------------
|
|
262 |
Sat Jul 14 19:33:44 UTC 2012 - wr@rosenauer.org
|
|
263 |
|
|
264 |
- update to 14.0.1 (bnc#771583)
|
|
265 |
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
|
|
266 |
Miscellaneous memory safety hazards
|
|
267 |
* MFSA 2012-43/CVE-2012-1950
|
|
268 |
Incorrect URL displayed in addressbar through drag and drop
|
|
269 |
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
|
|
270 |
Gecko memory corruption
|
|
271 |
* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
|
|
272 |
Spoofing issue with location
|
|
273 |
* MFSA 2012-46/CVE-2012-1966 (bmo#734076)
|
|
274 |
XSS through data: URLs
|
|
275 |
* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
|
|
276 |
Improper filtering of javascript in HTML feed-view
|
|
277 |
* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
|
|
278 |
use-after-free in nsGlobalWindow::PageHidden
|
|
279 |
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
|
|
280 |
Same-compartment Security Wrappers can be bypassed
|
|
281 |
* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
|
|
282 |
Out of bounds read in QCMS
|
|
283 |
* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
|
|
284 |
X-Frame-Options header ignored when duplicated
|
|
285 |
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
|
|
286 |
JSDependentString::undepend string conversion results in memory
|
|
287 |
corruption
|
|
288 |
* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
|
|
289 |
Content Security Policy 1.0 implementation errors cause data
|
|
290 |
leakage
|
|
291 |
* MFSA 2012-55/CVE-2012-1965 (bmo#758990)
|
|
292 |
feed: URLs with an innerURI inherit security context of page
|
|
293 |
* MFSA 2012-56/CVE-2012-1967 (bmo#758344)
|
|
294 |
Code execution through javascript: URLs
|
|
295 |
- license change from tri license to MPL-2.0
|
|
296 |
- require NSS 3.13.5
|
|
297 |
- PPC fixes:
|
|
298 |
* reenabled mozilla-yarr-pcre.patch to fix build for PPC
|
|
299 |
* add patches for bmo#750620 and bmo#746112
|
|
300 |
* fix xpcshell segfault on ppc
|
|
301 |
- build plugin-container on every arch
|
|
302 |
|
|
303 |
-------------------------------------------------------------------
|
|
304 |
Fri Jun 15 12:40:23 UTC 2012 - wr@rosenauer.org
|
|
305 |
|
|
306 |
- update to 13.0.1
|
|
307 |
* bugfix release
|
|
308 |
|
|
309 |
-------------------------------------------------------------------
|
|
310 |
Sat Jun 2 09:16:34 UTC 2012 - wr@rosenauer.org
|
|
311 |
|
|
312 |
- update to 13.0 (bnc#765204)
|
|
313 |
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
|
|
314 |
Miscellaneous memory safety hazards
|
|
315 |
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
|
|
316 |
Content Security Policy inline-script bypass
|
|
317 |
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
|
|
318 |
Information disclosure though Windows file shares and shortcut
|
|
319 |
files
|
|
320 |
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
|
|
321 |
Use-after-free while replacing/inserting a node in a document
|
|
322 |
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
|
|
323 |
Buffer overflow and use-after-free issues found using Address
|
|
324 |
Sanitizer
|
|
325 |
- require NSS 3.13.4
|
|
326 |
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
|
|
327 |
- reenabled crashreporter for Factory/12.2
|
|
328 |
(fixed in mozilla-gcc47.patch)
|
|
329 |
|
|
330 |
-------------------------------------------------------------------
|
|
331 |
Sat Apr 21 10:03:42 UTC 2012 - wr@rosenauer.org
|
|
332 |
|
|
333 |
- update to 12.0 (bnc#758408)
|
|
334 |
* rebased patches
|
|
335 |
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
|
|
336 |
Miscellaneous memory safety hazards
|
|
337 |
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
|
|
338 |
use-after-free in IDBKeyRange
|
|
339 |
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
|
|
340 |
Invalid frees causes heap corruption in gfxImageSurface
|
|
341 |
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
|
|
342 |
Potential XSS via multibyte content processing errors
|
|
343 |
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
|
|
344 |
Potential memory corruption during font rendering using cairo-dwrite
|
|
345 |
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
|
|
346 |
WebGL.drawElements may read illegal video memory due to
|
|
347 |
FindMaxUshortElement error
|
|
348 |
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
|
|
349 |
Page load short-circuit can lead to XSS
|
|
350 |
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
|
|
351 |
Ambiguous IPv6 in Origin headers may bypass webserver access
|
|
352 |
restrictions
|
|
353 |
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
|
|
354 |
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
|
|
355 |
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
|
|
356 |
Crash with WebGL content using textImage2D
|
|
357 |
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
|
|
358 |
Off-by-one error in OpenType Sanitizer
|
|
359 |
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
|
|
360 |
HTTP Redirections and remote content can be read by javascript errors
|
|
361 |
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
|
|
362 |
Potential site identity spoofing when loading RSS and Atom feeds
|
|
363 |
- added mozilla-libnotify.patch to allow fallback from libnotify
|
|
364 |
to xul based events if no notification-daemon is running
|
|
365 |
- gcc 4.7 fixes
|
|
366 |
* mozilla-gcc47.patch
|
|
367 |
* disabled crashreporter temporarily for Factory
|
|
368 |
|
|
369 |
-------------------------------------------------------------------
|
|
370 |
Fri Mar 9 21:49:05 UTC 2012 - wr@rosenauer.org
|
|
371 |
|
|
372 |
- update to version 11.0 (bnc#750044)
|
|
373 |
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
|
|
374 |
XSS with Drag and Drop and Javascript: URL
|
|
375 |
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
|
|
376 |
SVG issues found with Address Sanitizer
|
|
377 |
* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
|
|
378 |
XSS with multiple Content Security Policy headers
|
|
379 |
* MFSA 2012-16/CVE-2012-0458
|
|
380 |
Escalation of privilege with Javascript: URL as home page
|
|
381 |
* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
|
|
382 |
Crash when accessing keyframe cssText after dynamic modification
|
|
383 |
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
|
|
384 |
window.fullScreen writeable by untrusted content
|
|
385 |
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
|
|
386 |
CVE-2012-0463
|
|
387 |
Miscellaneous memory safety hazards
|
|
388 |
- fix build on ARM
|
|
389 |
- disable jemalloc on s390(x)
|
|
390 |
|
|
391 |
-------------------------------------------------------------------
|
|
392 |
Thu Feb 16 08:51:42 UTC 2012 - wr@rosenauer.org
|
|
393 |
|
|
394 |
- update to version 10.0.2 (bnc#747328)
|
|
395 |
* CVE-2011-3026 (bmo#727401)
|
|
396 |
libpng: integer overflow leading to heap-buffer overflow
|
|
397 |
|
|
398 |
-------------------------------------------------------------------
|
|
399 |
Thu Feb 9 10:20:49 UTC 2012 - wr@rosenauer.org
|
|
400 |
|
|
401 |
- update to version 10.0.1 (bnc#746616)
|
|
402 |
* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
|
|
403 |
use after free in nsXBLDocumentInfo::ReadPrototypeBindings
|
|
404 |
|
|
405 |
-------------------------------------------------------------------
|
|
406 |
Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com
|
|
407 |
|
|
408 |
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
|
|
409 |
is not supported, since PCRE doesnt build (bmo#691898)
|
|
410 |
- fix ppc64 build (bmo#703534)
|
|
411 |
|
|
412 |
-------------------------------------------------------------------
|
|
413 |
Mon Jan 30 09:43:21 UTC 2012 - wr@rosenauer.org
|
|
414 |
|
|
415 |
- update to version 10.0 (bnc#744275)
|
|
416 |
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
|
|
417 |
Miscellaneous memory safety hazards
|
|
418 |
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)
|
|
419 |
<iframe> element exposed across domains via name attribute
|
|
420 |
* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
|
|
421 |
Child nodes from nsDOMAttribute still accessible after removal
|
|
422 |
of nodes
|
|
423 |
* MFSA 2012-05/CVE-2012-0446 (bmo#705651)
|
|
424 |
Frame scripts calling into untrusted objects bypass security
|
|
425 |
checks
|
|
426 |
* MFSA 2012-06/CVE-2012-0447 (bmo#710079)
|
|
427 |
Uninitialized memory appended when encoding icon images may
|
|
428 |
cause information disclosure
|
|
429 |
* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
|
|
430 |
Potential Memory Corruption When Decoding Ogg Vorbis files
|
|
431 |
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
|
|
432 |
Crash with malformed embedded XSLT stylesheets
|
|
433 |
- removed obsolete ppc64 patch
|
|
434 |
- disable neon for ARM as it doesn't build correctly
|
|
435 |
|
|
436 |
-------------------------------------------------------------------
|
|
437 |
Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org
|
|
438 |
|
|
439 |
- update to Firefox 9.0.1
|
|
440 |
* (strongparent) parentNode of element gets lost (bmo#335998)
|
|
441 |
|
|
442 |
-------------------------------------------------------------------
|
|
443 |
Sun Dec 18 09:28:02 UTC 2011 - wr@rosenauer.org
|
|
444 |
|
|
445 |
- update to release 9.0 (bnc#737533)
|
|
446 |
* MFSA 2011-53/CVE-2011-3660
|
|
447 |
Miscellaneous memory safety hazards (rv:9.0)
|
|
448 |
* MFSA 2011-54/CVE-2011-3661 (bmo#691299)
|
|
449 |
Potentially exploitable crash in the YARR regular expression
|
|
450 |
library
|
|
451 |
* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
|
|
452 |
nsSVGValue out-of-bounds access
|
|
453 |
* MFSA 2011-56/CVE-2011-3663 (bmo#704482)
|
|
454 |
Key detection without JavaScript via SVG animation
|
|
455 |
* MFSA 2011-58/VE-2011-3665 (bmo#701259)
|
|
456 |
Crash scaling <video> to extreme sizes
|
|
457 |
|
|
458 |
-------------------------------------------------------------------
|
|
459 |
Sat Nov 12 15:20:49 UTC 2011 - wr@rosenauer.org
|
|
460 |
|
|
461 |
- fix ppc64 build
|
|
462 |
|
|
463 |
-------------------------------------------------------------------
|
|
464 |
Sun Nov 6 08:23:04 UTC 2011 - wr@rosenauer.org
|
|
465 |
|
|
466 |
- update to release 8.0 (bnc#728520)
|
|
467 |
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
|
|
468 |
Potential XSS against sites using Shift-JIS
|
|
469 |
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
|
|
470 |
Miscellaneous memory safety hazards
|
|
471 |
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
|
|
472 |
Memory corruption while profiling using Firebug
|
|
473 |
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
|
|
474 |
Code execution via NoWaiverWrapper
|
|
475 |
- rebased patches
|
|
476 |
|
|
477 |
-------------------------------------------------------------------
|
|
478 |
Fri Sep 30 10:59:54 UTC 2011 - wr@rosenauer.org
|
|
479 |
|
|
480 |
- update to minor release 7.0.1
|
|
481 |
* fixed staged addon updates
|
|
482 |
|
|
483 |
-------------------------------------------------------------------
|
|
484 |
Fri Sep 23 11:36:04 UTC 2011 - wr@rosenauer.org
|
|
485 |
|
|
486 |
- update to version 7.0 (bnc#720264)
|
|
487 |
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
|
|
488 |
Miscellaneous memory safety hazards
|
|
489 |
* MFSA 2011-39/CVE-2011-3000 (bmo#655389)
|
|
490 |
Defense against multiple Location headers due to CRLF Injection
|
|
491 |
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
|
|
492 |
Code installation through holding down Enter
|
|
493 |
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
|
|
494 |
Potentially exploitable WebGL crashes
|
|
495 |
* MFSA 2011-42/CVE-2011-3232 (bmo#653672)
|
|
496 |
Potentially exploitable crash in the YARR regular expression
|
|
497 |
library
|
|
498 |
* MFSA 2011-43/CVE-2011-3004 (bmo#653926)
|
|
499 |
loadSubScript unwraps XPCNativeWrapper scope parameter
|
|
500 |
* MFSA 2011-44/CVE-2011-3005 (bmo#675747)
|
|
501 |
Use after free reading OGG headers
|
|
502 |
* MFSA 2011-45
|
|
503 |
Inferring keystrokes from motion data
|
|
504 |
- removed obsolete mozilla-cairo-lcd.patch
|
|
505 |
- rebased patches
|
|
506 |
|
|
507 |
-------------------------------------------------------------------
|
|
508 |
Tue Sep 20 11:54:28 UTC 2011 - wr@rosenauer.org
|
|
509 |
|
|
510 |
- install xpt.py into SDK (mozilla-639554.patch) (bnc#639554)
|
|
511 |
|
|
512 |
-------------------------------------------------------------------
|
|
513 |
Wed Sep 14 13:07:39 UTC 2011 - wr@rosenauer.org
|
|
514 |
|
|
515 |
- initial xulrunner package
|
|
516 |
|