1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org |
2 Fri Feb 9 12:23:34 UTC 2018 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 58.0b15 |
4 - update to Firefox 59.0b8 |
|
5 - requires NSPR 4.18 and NSS 3.35 |
|
6 - requires rust >= 1.22.1 |
|
7 |
|
8 ------------------------------------------------------------------- |
|
9 Fri Feb 9 12:06:31 UTC 2018 - wr@rosenauer.org |
|
10 |
|
11 - correct requires and provides handling (boo#1076907) |
|
12 |
|
13 ------------------------------------------------------------------- |
|
14 Tue Feb 6 07:03:42 UTC 2018 - fstrba@suse.com |
|
15 |
|
16 - Added patch: |
|
17 * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still |
|
18 or again?) not working in Firefox 58 due to sandboxing. |
|
19 |
|
20 ------------------------------------------------------------------- |
|
21 Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org |
|
22 |
|
23 - update to Firefox 58.0.1 |
|
24 MFSA 2018-05 |
|
25 * Arbitrary code execution through unsanitized browser UI (bmo#1432966) |
|
26 - use correct language packs |
|
27 - readd mozilla-enable-csd.patch as it only lands for FF59 upstream |
|
28 - allow larger number of nested elements (mozilla-bmo256180.patch) |
|
29 |
|
30 ------------------------------------------------------------------- |
|
31 Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org |
|
32 |
|
33 - update to Firefox 58.0 (bsc#1077291) |
5 * Added Nepali (ne-NP) locale |
34 * Added Nepali (ne-NP) locale |
6 * Added support for form autofill for credit card |
35 * Added support for form autofill for credit card |
7 * Optimize page load by caching JavaScript internal representation |
36 * Optimize page load by caching JavaScript internal representation |
|
37 MFSA 2018-02 |
|
38 * CVE-2018-5091 (bmo#1423086) |
|
39 Use-after-free with DTMF timers |
|
40 * CVE-2018-5092 (bmo#1418074) |
|
41 Use-after-free in Web Workers |
|
42 * CVE-2018-5093 (bmo#1415291) |
|
43 Buffer overflow in WebAssembly during Memory/Table resizing |
|
44 * CVE-2018-5094 (bmo#1415883) |
|
45 Buffer overflow in WebAssembly with garbage collection on |
|
46 uninitialized memory |
|
47 * CVE-2018-5095 (bmo#1418447) |
|
48 Integer overflow in Skia library during edge builder allocation |
|
49 * CVE-2018-5097 (bmo#1387427) |
|
50 Use-after-free when source document is manipulated during XSLT |
|
51 * CVE-2018-5098 (bmo#1399400) |
|
52 Use-after-free while manipulating form input elements |
|
53 * CVE-2018-5099 (bmo#1416878) |
|
54 Use-after-free with widget listener |
|
55 * CVE-2018-5100 (bmo#1417405) |
|
56 Use-after-free when IsPotentiallyScrollable arguments are freed |
|
57 from memory |
|
58 * CVE-2018-5101 (bmo#1417661) |
|
59 Use-after-free with floating first-letter style elements |
|
60 * CVE-2018-5102 (bmo#1419363) |
|
61 Use-after-free in HTML media elements |
|
62 * CVE-2018-5103 (bmo#1423159) |
|
63 Use-after-free during mouse event handling |
|
64 * CVE-2018-5104 (bmo#1425000) |
|
65 Use-after-free during font face manipulation |
|
66 * CVE-2018-5105 (bmo#1390882) |
|
67 WebExtensions can save and execute files on local file system |
|
68 without user prompts |
|
69 * CVE-2018-5106 (bmo#1408708) |
|
70 Developer Tools can expose style editor information cross-origin |
|
71 through service worker |
|
72 * CVE-2018-5107 (bmo#1379276) |
|
73 Printing process will follow symlinks for local file access |
|
74 * CVE-2018-5108 (bmo#1421099) |
|
75 Manually entered blob URL can be accessed by subsequent private browsing tabs |
|
76 * CVE-2018-5109 (bmo#1405599) |
|
77 Audio capture prompts and starts with incorrect origin attribution |
|
78 * CVE-2018-5110 (bmo#1423275) (affects only OS X) |
|
79 Cursor can be made invisible on OS X |
|
80 * CVE-2018-5111 (bmo#1321619) |
|
81 URL spoofing in addressbar through drag and drop |
|
82 * CVE-2018-5112 (bmo#1425224) |
|
83 Extension development tools panel can open a non-relative URL in the panel |
|
84 * CVE-2018-5113 (bmo#1425267) |
|
85 WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow |
|
86 * CVE-2018-5114 (bmo#1421324) |
|
87 The old value of a cookie changed to HttpOnly remains accessible to scripts |
|
88 * CVE-2018-5115 (bmo#1409449) |
|
89 Background network requests can open HTTP authentication in unrelated foreground tabs |
|
90 * CVE-2018-5116 (bmo#1396399) |
|
91 WebExtension ActiveTab permission allows cross-origin frame content access |
|
92 * CVE-2018-5117 (bmo#1395508) |
|
93 URL spoofing with right-to-left text aligned left-to-right |
|
94 * CVE-2018-5118 (bmo#1420049) |
|
95 Activity Stream images can attempt to load local content through file: |
|
96 * CVE-2018-5119 (bmo#1420507) |
|
97 Reader view will load cross-origin content in violation of CORS headers |
|
98 * CVE-2018-5121 (bmo#1402368) (affects only OS X) |
|
99 OS X Tibetan characters render incompletely in the addressbar |
|
100 * CVE-2018-5122 (bmo#1413841) |
|
101 Potential integer overflow in DoCrypt |
|
102 * CVE-2018-5090 |
|
103 Memory safety bugs fixed in Firefox 58 |
|
104 * CVE-2018-5089 |
|
105 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 |
8 - requires NSS 3.34.1 |
106 - requires NSS 3.34.1 |
9 - requires rust 1.21 |
107 - requires rust 1.21 |
10 - removed obsolete patches: |
108 - removed obsolete patches: |
11 mozilla-bindgen-systemlibs.patch |
109 mozilla-bindgen-systemlibs.patch |
12 mozilla-bmo1360278.patch |
110 mozilla-bmo1360278.patch |