|
1 ------------------------------------------------------------------- |
|
2 Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - update to Firefox 64.0 |
|
5 * Better recommendations: You may see suggestions in regular browsing |
|
6 mode for new and relevant Firefox features, services, and extensions |
|
7 based on how you use the web (for US users only) |
|
8 * Enhanced tab management: You can now select multiple tabs from the |
|
9 tab bar and close, move, bookmark, or pin them quickly and easily |
|
10 * Easier performance management: The new Task Manager page found at |
|
11 about:performance lets you see how much energy each open tab consumes |
|
12 and provides access to close tabs to conserve power |
|
13 * Improved performance for Mac and Linux users, by enabling link time |
|
14 optimization (Clang LTO). |
|
15 * Added option to remove add-ons using the context menu on their |
|
16 toolbar buttons |
|
17 * RSS feed preview and live bookmarks are available only via add-ons |
|
18 * TLS certificates issued by Symantec are no longer trusted by Firefox. |
|
19 Website operators are strongly encouraged to replace any remaining |
|
20 Symantec TLS certificates as soon as possible |
|
21 MFSA 2018-29 (bsc#1119105) |
|
22 * CVE-2018-12407 bmo#1505973 |
|
23 Buffer overflow with ANGLE library when using VertexBuffer11 module |
|
24 * CVE-2018-17466 bmo#1488295 |
|
25 Buffer overflow and out-of-bounds read in ANGLE library with |
|
26 TextureStorage11 |
|
27 * CVE-2018-18492 bmo#1499861 |
|
28 Use-after-free with select element |
|
29 * CVE-2018-18493 bmo#1504452 |
|
30 Buffer overflow in accelerated 2D canvas with Skia |
|
31 * CVE-2018-18494 bmo#1487964 |
|
32 Same-origin policy violation using location attribute and |
|
33 performance.getEntries to steal cross-origin URLs |
|
34 * CVE-2018-18495 bmo#1427585 |
|
35 WebExtension content scripts can be loaded in about: pages |
|
36 * CVE-2018-18496 bmo#1422231 (Windows only) |
|
37 Embedded feed preview page can be abused for clickjacking |
|
38 * CVE-2018-18497 bmo#1488180 |
|
39 WebExtensions can load arbitrary URLs through pipe separators |
|
40 * CVE-2018-18498 bmo#1500011 |
|
41 Integer overflow when calculating buffer sizes for images |
|
42 * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886 |
|
43 bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490 |
|
44 bmo#1481745 bmo#1458129 |
|
45 Memory safety bugs fixed in Firefox 64 |
|
46 * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 |
|
47 bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 |
|
48 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 |
|
49 - requires |
|
50 * rust/cargo >= 1.29 |
|
51 * mozilla-nss >= 3.40.1 |
|
52 * rust-cbindgen >= 0.6.4 |
|
53 - rebased patches |
|
54 - removed obsolete patch |
|
55 * mozilla-bmo1491289.patch |
|
56 - now uses clang primarily for compilation |
|
57 |
1 ------------------------------------------------------------------- |
58 ------------------------------------------------------------------- |
2 Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
59 Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
3 |
60 |
4 - Remove --disable-elf-hack when not available: on aarch64 and ppc64* |
61 - Remove --disable-elf-hack when not available: on aarch64 and ppc64* |
5 |
62 |