1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Thu Nov 9 15:01:30 UTC 2017 - wr@rosenauer.org |
2 Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 57.0b14 |
4 - update to Firefox 57.0 (boo#1068101) |
5 * Firefox Quantum |
5 * Firefox Quantum |
6 * Photon UI |
6 * Photon UI |
|
7 * Unified address and search bar |
7 * AMD VP9 hardware video decoder support |
8 * AMD VP9 hardware video decoder support |
8 * Added support for Date/Time input |
9 * Added support for Date/Time input |
9 * stricter security sandbox blocking filesystem reading and |
10 * stricter security sandbox blocking filesystem reading and |
10 writing on Linux systems |
11 writing on Linux systems |
11 * middle mouse paste in the content area no longer navigates to |
12 * middle mouse paste in the content area no longer navigates to |
12 URLs by default on Unix systems |
13 URLs by default on Unix systems |
|
14 MFSA 2017-24 |
|
15 * CVE-2017-7828 (bmo#1406750. bmo#1412252) |
|
16 Use-after-free of PressShell while restyling layout |
|
17 * CVE-2017-7830 (bmo#1408990) |
|
18 Cross-origin URL information leak through Resource Timing API |
|
19 * CVE-2017-7831 (bmo#1392026) |
|
20 Information disclosure of exposed properties on JavaScript proxy |
|
21 objects |
|
22 * CVE-2017-7832 (bmo#1408782) |
|
23 Domain spoofing through use of dotless 'i' character followed |
|
24 by accent markers |
|
25 * CVE-2017-7833 (bmo#1370497) |
|
26 Domain spoofing with Arabic and Indic vowel marker characters |
|
27 * CVE-2017-7834 (bmo#1358009) |
|
28 data: URLs opened in new tabs bypass CSP protections |
|
29 * CVE-2017-7835 (bmo#1402363) |
|
30 Mixed content blocking incorrectly applies with redirects |
|
31 * CVE-2017-7836 (bmo#1401339) |
|
32 Pingsender dynamically loads libcurl on Linux and OS X |
|
33 * CVE-2017-7837 (bmo#1325923) |
|
34 SVG loaded as <img> can use meta tags to set cookies |
|
35 * CVE-2017-7838 (bmo#1399540) |
|
36 Failure of individual decoding of labels in international domain |
|
37 names triggers punycode display of entire IDN |
|
38 * CVE-2017-7839 (bmo#1402896) |
|
39 Control characters before javascript: URLs defeats self-XSS |
|
40 prevention mechanism |
|
41 * CVE-2017-7840 (bmo#1366420) |
|
42 Exported bookmarks do not strip script elements from user-supplied |
|
43 tags |
|
44 * CVE-2017-7842 (bmo#1397064) |
|
45 Referrer Policy is not always respected for <link> elements |
|
46 * CVE-2017-7827 |
|
47 Memory safety bugs fixed in Firefox 57 |
|
48 * CVE-2017-7826 |
|
49 Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 |
13 - requires NSPR 4.17, NSS 3.33 and rustc 1.19 |
50 - requires NSPR 4.17, NSS 3.33 and rustc 1.19 |
14 - rebased patches |
51 - rebased patches |
15 - added mozilla-bindgen-systemlibs.patch to allow stylo build |
52 - added mozilla-bindgen-systemlibs.patch to allow stylo build |
16 with system libs (bmo#1341234) |
53 with system libs (bmo#1341234) |
17 - removed mozilla-language.patch since the whole locale code |
54 - removed mozilla-language.patch since the whole locale code |