1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Dec 13 12:48:28 UTC 2015 - wr@rosenauer.org |
2 Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 43.0b9 |
4 - update to Firefox 43.0 (bnc#959277) |
5 * Improved API support for m4v video playback |
5 * Improved API support for m4v video playback |
6 * Users can opt-in to receive search suggestions from the Awesome Bar |
6 * Users can opt-in to receive search suggestions from the Awesome Bar |
7 * WebRTC streaming on multiple monitors |
7 * WebRTC streaming on multiple monitors |
8 * User selectable second block list for Private Browsing's Tracking |
8 * User selectable second block list for Private Browsing's Tracking |
9 Protection |
9 Protection |
|
10 security fixes: |
|
11 * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 |
|
12 Miscellaneous memory safety hazards |
|
13 * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) |
|
14 Crash with JavaScript variable assignment with unboxed objects |
|
15 * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
16 Same-origin policy violation using perfomance.getEntries and |
|
17 history navigation |
|
18 * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) |
|
19 Firefox allows for control characters to be set in cookies |
|
20 * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
21 Use-after-free in WebRTC when datachannel is used after being |
|
22 destroyed |
|
23 * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
24 Integer overflow allocating extremely large textures |
|
25 * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) |
|
26 Cross-origin information leak through web workers error events |
|
27 * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) |
|
28 Hash in data URI is incorrectly parsed |
|
29 * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) |
|
30 DOS due to malformed frames in HTTP/2 |
|
31 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) |
|
32 Linux file chooser crashes on malformed images due to flaws in |
|
33 Jasper library |
|
34 * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 |
|
35 (bmo#1201183, bmo#1178033, bmo#1199400) |
|
36 Buffer overflows found through code inspection |
|
37 * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
38 Underflow through code inspection |
|
39 * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
40 Integer overflow in MP4 playback in 64-bit versions |
|
41 * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
42 Integer underflow and buffer overflow processing MP4 metadata in |
|
43 libstagefright |
|
44 * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) |
|
45 Privilege escalation vulnerabilities in WebExtension APIs |
|
46 * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
47 Cross-site reading attack through data and view-source URIs |
10 - rebased patches |
48 - rebased patches |
11 |
49 |
12 ------------------------------------------------------------------- |
50 ------------------------------------------------------------------- |
13 Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
51 Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
14 |
52 |