|
1 ------------------------------------------------------------------- |
|
2 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org |
|
3 |
|
4 - update to 24.0 (bnc#840485) |
|
5 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
|
6 Miscellaneous memory safety hazards |
|
7 * MFSA 2013-77/CVE-2013-1720 (bmo#888820) |
|
8 Improper state in HTML5 Tree Builder with templates |
|
9 * MFSA 2013-78/CVE-2013-1721 (bmo#890277) |
|
10 Integer overflow in ANGLE library |
|
11 * MFSA 2013-79/CVE-2013-1722 (bmo#893308) |
|
12 Use-after-free in Animation Manager during stylesheet cloning |
|
13 * MFSA 2013-80/CVE-2013-1723 (bmo#891292) |
|
14 NativeKey continues handling key messages after widget is destroyed |
|
15 * MFSA 2013-81/CVE-2013-1724 (bmo#894137) |
|
16 Use-after-free with select element |
|
17 * MFSA 2013-82/CVE-2013-1725 (bmo#876762) |
|
18 Calling scope for new Javascript objects can lead to memory corruption |
|
19 * MFSA 2013-85/CVE-2013-1728 (bmo#883686) |
|
20 Uninitialized data in IonMonkey |
|
21 * MFSA 2013-88/CVE-2013-1730 (bmo#851353) |
|
22 Compartment mismatch re-attaching XBL-backed nodes |
|
23 * MFSA 2013-89/CVE-2013-1732 (bmo#883514) |
|
24 Buffer overflow with multi-column, lists, and floats |
|
25 * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) |
|
26 Memory corruption involving scrolling |
|
27 * MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
|
28 User-defined properties on DOM proxies get the wrong "this" object |
|
29 * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) |
|
30 GC hazard with default compartments and frame chain restoration |
|
31 - require NSPR 4.10 and NSS 3.15.1 |
|
32 |
|
33 ------------------------------------------------------------------- |
|
34 Fri Aug 2 10:56:43 UTC 2013 - wr@rosenauer.org |
|
35 |
|
36 - update to 17.0.8esr (bnc#833389) |
|
37 * MFSA 2013-63/CVE-2013-1701 |
|
38 Miscellaneous memory safety hazards |
|
39 * MFSA 2013-68/CVE-2013-1709 (bmo#838253) |
|
40 Document URI misrepresentation and masquerading |
|
41 * MFSA 2013-69/CVE-2013-1710 (bmo#871368) |
|
42 CRMF requests allow for code execution and XSS attacks |
|
43 * MFSA 2013-72/CVE-2013-1713 (bmo#887098) |
|
44 Wrong principal used for validating URI for some Javascript |
|
45 components |
|
46 * MFSA 2013-73/CVE-2013-1714 (bmo#879787) |
|
47 Same-origin bypass with web workers and XMLHttpRequest |
|
48 * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) |
|
49 Local Java applets may read contents of local file system |
|
50 |
|
51 ------------------------------------------------------------------- |
|
52 Mon Jun 24 15:26:27 UTC 2013 - wr@rosenauer.org |
|
53 |
|
54 - update to 17.0.7esr (bnc#825935) |
|
55 * MFSA 2013-49/CVE-2013-1682 |
|
56 Miscellaneous memory safety hazards |
|
57 * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 |
|
58 Memory corruption found using Address Sanitizer |
|
59 * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) |
|
60 Privileged content access and execution via XBL |
|
61 * MFSA 2013-53/CVE-2013-1690 (bmo#857883) |
|
62 Execution of unmapped memory through onreadystatechange event |
|
63 * MFSA 2013-54/CVE-2013-1692 (bmo#866915) |
|
64 Data in the body of XHR HEAD requests leads to CSRF attacks |
|
65 * MFSA 2013-55/CVE-2013-1693 (bmo#711043) |
|
66 SVG filters can lead to information disclosure |
|
67 * MFSA 2013-56/CVE-2013-1694 (bmo#848535) |
|
68 PreserveWrapper has inconsistent behavior |
|
69 * MFSA 2013-59/CVE-2013-1697 (bmo#858101) |
|
70 XrayWrappers can be bypassed to run user defined methods in a |
|
71 privileged context |
|
72 |
|
73 ------------------------------------------------------------------- |
|
74 Tue Jun 4 16:24:51 UTC 2013 - dvaleev@suse.com |
|
75 |
|
76 - Fix build on powerpc (ppc-xpcshell.patch) |
|
77 |
|
78 ------------------------------------------------------------------- |
|
79 Fri May 10 17:27:23 UTC 2013 - wr@rosenauer.org |
|
80 |
|
81 - update to 17.0.6esr (bnc#819204) |
|
82 * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 |
|
83 Miscellaneous memory safety hazards |
|
84 * MFSA 2013-42/CVE-2013-1670 (bmo#853709) |
|
85 Privileged access for content level constructor |
|
86 * MFSA 2013-46/CVE-2013-1674 (bmo#860971) |
|
87 Use-after-free with video and onresize event |
|
88 * MFSA 2013-47/CVE-2013-1675 (bmo#866825) |
|
89 Uninitialized functions in DOMSVGZoomEvent |
|
90 * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ |
|
91 CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 |
|
92 Memory corruption found using Address Sanitizer |
|
93 |
|
94 ------------------------------------------------------------------- |
|
95 Fri Mar 29 16:27:59 UTC 2013 - wr@rosenauer.org |
|
96 |
|
97 - update to 17.0.5esr (bnc#813026) |
|
98 * requires NSPR 4.9.5 and NSS 3.14.3 |
|
99 * MFSA 2013-30/CVE-2013-0788 |
|
100 Miscellaneous memory safety hazards |
|
101 * MFSA 2013-31/CVE-2013-0800 (bmo#825721) |
|
102 Out-of-bounds write in Cairo library |
|
103 * MFSA 2013-35/CVE-2013-0796 (bmo#827106) |
|
104 WebGL crash with Mesa graphics driver on Linux |
|
105 * MFSA 2013-36/CVE-2013-0795 (bmo#825697) |
|
106 Bypass of SOW protections allows cloning of protected nodes |
|
107 * MFSA 2013-37/CVE-2013-0794 (bmo#626775) |
|
108 Bypass of tab-modal dialog origin disclosure |
|
109 * MFSA 2013-38/CVE-2013-0793 (bmo#803870) |
|
110 Cross-site scripting (XSS) using timed history navigations |
|
111 |
|
112 ------------------------------------------------------------------- |
|
113 Fri Mar 8 09:00:09 UTC 2013 - wr@rosenauer.org |
|
114 |
|
115 - update to 17.0.4esr (bnc#808243) |
|
116 * MFSA 2013-29/CVE-2013-0787 (bmo#848644) |
|
117 Use-after-free in HTML Editor |
|
118 |
|
119 ------------------------------------------------------------------- |
|
120 Sat Feb 16 17:38:21 UTC 2013 - wr@rosenauer.org |
|
121 |
|
122 - update to 17.0.3esr (bnc#804248) |
|
123 * MFSA 2013-21/CVE-2013-0783 |
|
124 Miscellaneous memory safety hazards |
|
125 * MFSA 2013-24/CVE-2013-0773 (bmo#809652) |
|
126 Web content bypass of COW and SOW security wrappers |
|
127 * MFSA 2013-25/CVE-2013-0774 (bmo#827193) |
|
128 Privacy leak in JavaScript Workers |
|
129 * MFSA 2013-26/CVE-2013-0775 (bmo#831095) |
|
130 Use-after-free in nsImageLoadingContent |
|
131 * MFSA 2013-27/CVE-2013-0776 (bmo#796475) |
|
132 Phishing on HTTPS connection through malicious proxy |
|
133 * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 |
|
134 Use-after-free, out of bounds read, and buffer overflow issues |
|
135 found using Address Sanitizer |
|
136 |
|
137 ------------------------------------------------------------------- |
|
138 Sat Jan 5 14:46:06 UTC 2013 - wr@rosenauer.org |
|
139 |
|
140 - update to 17.0.2esr (bnc#796895) |
|
141 * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 |
|
142 Miscellaneous memory safety hazards |
|
143 * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 |
|
144 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 |
|
145 Use-after-free and buffer overflow issues found using Address Sanitizer |
|
146 * MFSA 2013-03/CVE-2013-0768 (bmo#815795) |
|
147 Buffer Overflow in Canvas |
|
148 * MFSA 2013-04/CVE-2012-0759 (bmo#802026) |
|
149 URL spoofing in addressbar during page loads |
|
150 * MFSA 2013-05/CVE-2013-0744 (bmo#814713) |
|
151 Use-after-free when displaying table with many columns and column groups |
|
152 * MFSA 2013-07/CVE-2013-0764 (bmo#804237) |
|
153 Crash due to handling of SSL on threads |
|
154 * MFSA 2013-08/CVE-2013-0745 (bmo#794158) |
|
155 AutoWrapperChanger fails to keep objects alive during garbage collection |
|
156 * MFSA 2013-09/CVE-2013-0746 (bmo#816842) |
|
157 Compartment mismatch with quickstubs returned values |
|
158 * MFSA 2013-10/CVE-2013-0747 (bmo#733305) |
|
159 Event manipulation in plugin handler to bypass same-origin policy |
|
160 * MFSA 2013-11/CVE-2013-0748 (bmo#806031) |
|
161 Address space layout leaked in XBL objects |
|
162 * MFSA 2013-12/CVE-2013-0750 (bmo#805121) |
|
163 Buffer overflow in Javascript string concatenation |
|
164 * MFSA 2013-13/CVE-2013-0752 (bmo#805024) |
|
165 Memory corruption in XBL with XML bindings containing SVG |
|
166 * MFSA 2013-14/CVE-2013-0757 (bmo#813901) |
|
167 Chrome Object Wrapper (COW) bypass through changing prototype |
|
168 * MFSA 2013-15/CVE-2013-0758 (bmo#813906) |
|
169 Privilege escalation through plugin objects |
|
170 * MFSA 2013-16/CVE-2013-0753 (bmo#814001) |
|
171 Use-after-free in serializeToStream |
|
172 * MFSA 2013-17/CVE-2013-0754 (bmo#814026) |
|
173 Use-after-free in ListenerManager |
|
174 * MFSA 2013-18/CVE-2013-0755 (bmo#814027) |
|
175 Use-after-free in Vibrate |
|
176 * MFSA 2013-19/CVE-2013-0756 (bmo#814029) |
|
177 Use-after-free in Javascript Proxy objects |
|
178 - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) |
|
179 - build on SLE11 |
|
180 * mozilla-gcc43-enums.patch |
|
181 * mozilla-gcc43-template_hacks.patch |
|
182 * mozilla-gcc43-templates_instantiation.patch |
|
183 |
1 ------------------------------------------------------------------- |
184 ------------------------------------------------------------------- |
2 Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org |
185 Thu Nov 29 20:04:34 UTC 2012 - wr@rosenauer.org |
3 |
186 |
4 - update to 17.0.1 |
187 - update to 17.0.1 |
5 * regression/compatibility fixes |
188 * regression/compatibility fixes |