1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org |
2 Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 48.0 (boo#) |
4 - update to Firefox 48.0 (boo#991809) |
5 * requires NSS 3.24 |
5 * requires NSS 3.24 |
6 * Process separation (e10s) is enabled for some of you |
6 * Process separation (e10s) is enabled for some of you |
7 * Add-ons that have not been verified and signed by Mozilla will not load |
7 * Add-ons that have not been verified and signed by Mozilla will not load |
8 * WebRTC embetterments |
8 * WebRTC embetterments |
9 * The media parser has been redeveloped using the Rust programming |
9 * The media parser has been redeveloped using the Rust programming |
10 language |
10 language |
11 * better Canvas performance with speedy Skia support |
11 * better Canvas performance with speedy Skia support |
|
12 security fixes: |
|
13 * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 |
|
14 Miscellaneous memory safety hazards |
|
15 * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) |
|
16 Favicon network connection can persist when page is closed |
|
17 * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) |
|
18 Buffer overflow rendering SVG with bidirectional content |
|
19 * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) |
|
20 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 |
|
21 * MFSA 2016-66/CVE-2016-5251 (bmo#1255570) |
|
22 Location bar spoofing via data URLs with malformed/invalid mediatypes |
|
23 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) |
|
24 Stack underflow during 2D graphics rendering |
|
25 * MFSA 2016-68/CVE-2016-0718 (bmo#1236923) |
|
26 Out-of-bounds read during XML parsing in Expat library |
|
27 * MFSA 2016-69/CVE-2016-5253 (bmo#1246944) |
|
28 Arbitrary file manipulation by local user through Mozilla updater |
|
29 and callback application path parameter (Windows-only) |
|
30 * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) |
|
31 Use-after-free when using alt key and toplevel menus |
|
32 * MFSA 2016-71/CVE-2016-5255 (bmo#1212356) |
|
33 Crash in incremental garbage collection in JavaScript |
|
34 * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) |
|
35 Use-after-free in DTLS during WebRTC session shutdown |
|
36 * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) |
|
37 Use-after-free in service workers with nested sync events |
|
38 * MFSA 2016-74/CVE-2016-5260 (bmo#1280294) |
|
39 Form input type change from password to text can store plain |
|
40 text password in session restore file |
|
41 * MFSA 2016-75/CVE-2016-5261 (bmo#1287266) |
|
42 Integer overflow in WebSockets during data buffering |
|
43 * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) |
|
44 Scripts on marquee tag can execute in sandboxed iframes |
|
45 * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) |
|
46 Buffer overflow in ClearKey Content Decryption Module (CDM) |
|
47 during video playback |
|
48 * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) |
|
49 Type confusion in display transformation |
|
50 * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) |
|
51 Use-after-free when applying SVG effects |
|
52 * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) |
|
53 Same-origin policy violation using local HTML file and saved shortcut file |
|
54 * MFSA 2016-81/CVE-2016-5266 (bmo#1226977) |
|
55 Information disclosure and local file manipulation through drag and drop |
|
56 * MFSA 2016-82/CVE-2016-5267 (bmo#1284372) |
|
57 Addressbar spoofing with right-to-left characters on Firefox for Android |
|
58 (Android only) |
|
59 * MFSA 2016-83/CVE-2016-5268 (bmo#1253673) |
|
60 Spoofing attack through text injection into internal error pages |
|
61 * MFSA 2016-84/CVE-2016-5250 (bmo#1254688) |
|
62 Information disclosure through Resource Timing API during page navigation |
12 - removed obsolete mozilla-gcc6.patch |
63 - removed obsolete mozilla-gcc6.patch |
13 |
64 |
14 ------------------------------------------------------------------- |
65 ------------------------------------------------------------------- |
15 Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com |
66 Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com |
16 |
67 |