1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Tue Sep 11 09:26:09 UTC 2012 - wr@rosenauer.org |
2 Tue Nov 20 20:15:23 UTC 2012 - wr@rosenauer.org |
3 |
3 |
4 - update to 16.0b2 |
4 - update to 17.0 (bnc#790140) |
|
5 * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 |
|
6 Miscellaneous memory safety hazards |
|
7 * MFSA 2012-92/CVE-2012-4202 (bmo#758200) |
|
8 Buffer overflow while rendering GIF images |
|
9 * MFSA 2012-93/CVE-2012-4201 (bmo#747607) |
|
10 evalInSanbox location context incorrectly applied |
|
11 * MFSA 2012-94/CVE-2012-5836 (bmo#792857) |
|
12 Crash when combining SVG text on path with CSS |
|
13 * MFSA 2012-95/CVE-2012-4203 (bmo#765628) |
|
14 Javascript: URLs run in privileged context on New Tab page |
|
15 * MFSA 2012-96/CVE-2012-4204 (bmo#778603) |
|
16 Memory corruption in str_unescape |
|
17 * MFSA 2012-97/CVE-2012-4205 (bmo#779821) |
|
18 XMLHttpRequest inherits incorrect principal within sandbox |
|
19 * MFSA 2012-99/CVE-2012-4208 (bmo#798264) |
|
20 XrayWrappers exposes chrome-only properties when not in chrome |
|
21 compartment |
|
22 * MFSA 2012-100/CVE-2012-5841 (bmo#805807) |
|
23 Improper security filtering for cross-origin wrappers |
|
24 * MFSA 2012-101/CVE-2012-4207 (bmo#801681) |
|
25 Improper character decoding in HZ-GB-2312 charset |
|
26 * MFSA 2012-102/CVE-2012-5837 (bmo#800363) |
|
27 Script entered into Developer Toolbar runs with chrome privileges |
|
28 * MFSA 2012-103/CVE-2012-4209 (bmo#792405) |
|
29 Frames can shadow top.location |
|
30 * MFSA 2012-104/CVE-2012-4210 (bmo#796866) |
|
31 CSS and HTML injection through Style Inspector |
|
32 * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ |
|
33 CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ |
|
34 CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 |
|
35 Use-after-free and buffer overflow issues found using Address |
|
36 Sanitizer |
|
37 * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 |
|
38 Use-after-free, buffer overflow, and memory corruption issues |
|
39 found using Address Sanitizer |
|
40 - rebased patches |
|
41 - disabled WebRTC since build is broken (bmo#776877) |
|
42 |
|
43 ------------------------------------------------------------------- |
|
44 Wed Oct 24 08:28:49 UTC 2012 - wr@rosenauer.org |
|
45 |
|
46 - update to 16.0.2 (bnc#786522) |
|
47 * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 |
|
48 (bmo#800666, bmo#793121, bmo#802557) |
|
49 Fixes for Location object issues |
|
50 |
|
51 ------------------------------------------------------------------- |
|
52 Thu Oct 11 01:50:19 UTC 2012 - wr@rosenauer.org |
|
53 |
|
54 - update to 16.0.1 (bnc#783533) |
|
55 * MFSA 2012-88/CVE-2012-4191 (bmo#798045) |
|
56 Miscellaneous memory safety hazards |
|
57 * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) |
|
58 defaultValue security checks not applied |
|
59 |
|
60 ------------------------------------------------------------------- |
|
61 Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org |
|
62 |
|
63 - update to 16.0 (bnc#783533) |
|
64 * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 |
|
65 Miscellaneous memory safety hazards |
|
66 * MFSA 2012-75/CVE-2012-3984 (bmo#575294) |
|
67 select element persistance allows for attacks |
|
68 * MFSA 2012-76/CVE-2012-3985 (bmo#655649) |
|
69 Continued access to initial origin after setting document.domain |
|
70 * MFSA 2012-77/CVE-2012-3986 (bmo#775868) |
|
71 Some DOMWindowUtils methods bypass security checks |
|
72 * MFSA 2012-79/CVE-2012-3988 (bmo#725770) |
|
73 DOS and crash with full screen and history navigation |
|
74 * MFSA 2012-80/CVE-2012-3989 (bmo#783867) |
|
75 Crash with invalid cast when using instanceof operator |
|
76 * MFSA 2012-81/CVE-2012-3991 (bmo#783260) |
|
77 GetProperty function can bypass security checks |
|
78 * MFSA 2012-82/CVE-2012-3994 (bmo#765527) |
|
79 top object and location property accessible by plugins |
|
80 * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) |
|
81 Chrome Object Wrapper (COW) does not disallow acces to privileged |
|
82 functions or properties |
|
83 * MFSA 2012-84/CVE-2012-3992 (bmo#775009) |
|
84 Spoofing and script injection through location.hash |
|
85 * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ |
|
86 CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 |
|
87 Use-after-free, buffer overflow, and out of bounds read issues |
|
88 found using Address Sanitizer |
|
89 * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ |
|
90 CVE-2012-4188 |
|
91 Heap memory corruption issues found using Address Sanitizer |
|
92 * MFSA 2012-87/CVE-2012-3990 (bmo#787704) |
|
93 Use-after-free in the IME State Manager |
|
94 - requires NSPR 4.9.2 |
|
95 - removed upstreamed mozilla-crashreporter-restart-args.patch |
|
96 - updated translations-other with new languages |
5 |
97 |
6 ------------------------------------------------------------------- |
98 ------------------------------------------------------------------- |
7 Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org |
99 Sun Aug 26 13:48:04 UTC 2012 - wr@rosenauer.org |
8 |
100 |
9 - update to 15.0 (bnc#777588) |
101 - update to 15.0 (bnc#777588) |