|
1 ------------------------------------------------------------------- |
|
2 Sat Nov 21 08:12:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org> |
|
3 |
|
4 - Add/Enable GNOME search provider |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Sun Nov 15 12:16:53 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
8 |
|
9 - Mozilla Firefox 83.0 |
|
10 * major update for SpiderMonkey improving performance significantly |
|
11 * optional HTTPS-Only mode |
|
12 * more improvements |
|
13 https://www.mozilla.org/en-US/firefox/83.0/releasenotes/ |
|
14 MFSA 2020-50 (bsc#1178824)) |
|
15 * CVE-2020-26951 (bmo#1667113) |
|
16 Parsing mismatches could confuse and bypass security |
|
17 sanitizer for chrome privileged code |
|
18 * CVE-2020-26952 (bmo#1667685) |
|
19 Out of memory handling of JITed, inlined functions could lead |
|
20 to a memory corruption |
|
21 * CVE-2020-16012 (bmo#1642028) |
|
22 Variable time processing of cross-origin images during |
|
23 drawImage calls |
|
24 * CVE-2020-26953 (bmo#1656741) |
|
25 Fullscreen could be enabled without displaying the security UI |
|
26 * CVE-2020-26954 (bmo#1657026) |
|
27 Local spoofing of web manifests for arbitrary pages in |
|
28 Firefox for Android |
|
29 * CVE-2020-26955 (bmo#1663261) |
|
30 Cookies set during file downloads are shared between normal |
|
31 and Private Browsing Mode in Firefox for Android |
|
32 * CVE-2020-26956 (bmo#1666300) |
|
33 XSS through paste (manual and clipboard API) |
|
34 * CVE-2020-26957 (bmo#1667179) |
|
35 OneCRL was not working in Firefox for Android |
|
36 * CVE-2020-26958 (bmo#1669355) |
|
37 Requests intercepted through ServiceWorkers lacked MIME type |
|
38 restrictions |
|
39 * CVE-2020-26959 (bmo#1669466) |
|
40 Use-after-free in WebRequestService |
|
41 * CVE-2020-26960 (bmo#1670358) |
|
42 Potential use-after-free in uses of nsTArray |
|
43 * CVE-2020-15999 (bmo#1672223) |
|
44 Heap buffer overflow in freetype |
|
45 * CVE-2020-26961 (bmo#1672528) |
|
46 DoH did not filter IPv4 mapped IP Addresses |
|
47 * CVE-2020-26962 (bmo#610997) |
|
48 Cross-origin iframes supported login autofill |
|
49 * CVE-2020-26963 (bmo#1314912) |
|
50 History and Location interfaces could have been used to hang |
|
51 the browser |
|
52 * CVE-2020-26964 (bmo#1658865) |
|
53 Firefox for Android's Remote Debugging via USB could have |
|
54 been abused by untrusted apps on older versions of Android |
|
55 * CVE-2020-26965 (bmo#1661617) |
|
56 Software keyboards may have remembered typed passwords |
|
57 * CVE-2020-26966 (bmo#1663571) |
|
58 Single-word search queries were also broadcast to local |
|
59 network |
|
60 * CVE-2020-26967 (bmo#1665820) |
|
61 Mutation Observers could break or confuse Firefox Screenshots |
|
62 feature |
|
63 * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, |
|
64 bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, |
|
65 bmo#1671923) |
|
66 Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 |
|
67 * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872, |
|
68 bmo#1668876) |
|
69 Memory safety bugs fixed in Firefox 83 |
|
70 - requires |
|
71 NSS >= 3.58 |
|
72 nodejs >= 10.22.1 |
|
73 - removed obsolete mozilla-ppc-altivec_static_inline.patch |
|
74 - disable LTO on TW because of ICEs in gcc |
|
75 |
1 ------------------------------------------------------------------- |
76 ------------------------------------------------------------------- |
2 Mon Nov 9 10:15:52 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
77 Mon Nov 9 10:15:52 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
3 |
78 |
4 - Mozilla Firefox 82.0.3 |
79 - Mozilla Firefox 82.0.3 |
|
80 MSFA 2020-49 |
|
81 * CVE-2020-26950 (bmo#1675905) |
|
82 Write side effects in MCallGetProperty opcode not accounted for |
5 |
83 |
6 ------------------------------------------------------------------- |
84 ------------------------------------------------------------------- |
7 Mon Nov 2 09:00:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
85 Mon Nov 2 09:00:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
8 |
86 |
9 - Mozilla Firefox 82.0.2 |
87 - Mozilla Firefox 82.0.2 |
10 * few bugfixes for introduced regressions |
88 * few bugfixes for introduced regressions |
|
89 |
|
90 ------------------------------------------------------------------- |
|
91 Sun Nov 1 20:15:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org> |
|
92 |
|
93 - Enable GNOME search provider |
11 |
94 |
12 ------------------------------------------------------------------- |
95 ------------------------------------------------------------------- |
13 Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
96 Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
14 |
97 |
15 - Mozilla Firefox 82.0 |
98 - Mozilla Firefox 82.0 |