|
1 ------------------------------------------------------------------- |
|
2 Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - Mozilla Firefox 70.0 |
|
5 * more privacy protections from Enhanced Tracking Protection |
|
6 * Firefox Lockwise passwordmanager |
|
7 * Improvements to core engine components, for better browsing on more sites |
|
8 * Improved privacy and security indicators |
|
9 MFSA 2019-34 |
|
10 * CVE-2018-6156 (bmo#1480088) |
|
11 Heap buffer overflow in FEC processing in WebRTC |
|
12 * CVE-2019-15903 (bmo#1584907) |
|
13 Heap overflow in expat library in XML_GetCurrentLineNumber |
|
14 * CVE-2019-11757 (bmo#1577107) |
|
15 Use-after-free when creating index updates in IndexedDB |
|
16 * CVE-2019-11759 (bmo#1577953) |
|
17 Stack buffer overflow in HKDF output |
|
18 * CVE-2019-11760 (bmo#1577719) |
|
19 Stack buffer overflow in WebRTC networking |
|
20 * CVE-2019-11761 (bmo#1561502) |
|
21 Unintended access to a privileged JSONView object |
|
22 * CVE-2019-11762 (bmo#1582857) |
|
23 document.domain-based origin isolation has same-origin-property violation |
|
24 * CVE-2019-11763 (bmo#1584216) |
|
25 Incorrect HTML parsing results in XSS bypass technique |
|
26 * CVE-2019-11765 (bmo#1562582) |
|
27 Incorrect permissions could be granted to a website |
|
28 * CVE-2019-17000 (bmo#1441468) |
|
29 CSP bypass using object tag with data: URI |
|
30 * CVE-2019-17001 (bmo#1587976) |
|
31 CSP bypass using object tag when script-src 'none' is specified |
|
32 * CVE-2019-17002 (bmo#1561056) |
|
33 upgrade-insecure-requests was not being honored for links dragged and dropped |
|
34 * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223, |
|
35 bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950, |
|
36 bmo#1583463, bmo#1586599) |
|
37 Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 |
|
38 - requires |
|
39 rust/cargo >= 1.36 |
|
40 NSPR >= 4.22 |
|
41 NSS >= 3.46.1 |
|
42 rust-cbindgen >= 0.9.1 |
|
43 - removed obsolete patches |
|
44 mozilla-bmo1573381.patch |
|
45 mozilla-nestegg-big-endian.patch |
|
46 |
|
47 ------------------------------------------------------------------- |
|
48 Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
49 |
|
50 - Mozilla Firefox 69.0.3 |
|
51 * Fixed Yahoo mail users being prompted to download files when |
|
52 clicking on emails (bmo#1582848) |
|
53 - devel package build can easily be disabled now |
|
54 |
|
55 ------------------------------------------------------------------- |
|
56 Thu Oct 3 08:40:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
57 |
|
58 - Mozilla Firefox 69.0.2 |
|
59 * Fixed a crash when editing files on Office 365 websites (bmo#1579858) |
|
60 * Fixed a Linux-only crash when changing the playback speed while |
|
61 watching YouTube videos (bmo#1582222) |
|
62 - updated supported locale list |
|
63 - Allow to build without profile guided optimizations (boo#1040589) |
|
64 (contributed by Bernhard Wiedemann) |
|
65 - Make build verbose (contributed by Martin Liška) |
|
66 - remove obsolete kde.js setting (boo#1151186) and related patch |
|
67 firefox-add-kde.js-in-order-to-survive-PGO-build.patch |
|
68 - update create-tar.sh to latest revision and adjusted tar_stamps |
|
69 - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO) |
|
70 - extension preferences moved from branding package to core package |
|
71 (packaging but not branding specific) |
|
72 |
|
73 ------------------------------------------------------------------- |
|
74 Thu Sep 19 13:31:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
75 |
|
76 - Mozilla Firefox 69.0.1 |
|
77 * Fixed external programs launching in the background when clicking |
|
78 a link from inside Firefox to launch them (bmo#1570845) |
|
79 * Usability improvements to the Add-ons Manager for users with |
|
80 screen readers (bmo#1567600) |
|
81 * Fixed the Captive Portal notification bar not being dismissable |
|
82 in some situations after login is complete (bmo#1578633) |
|
83 * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454) |
|
84 * Fixed missing stacks in the Developer Tools Performance section |
|
85 (bmo#1578354) |
|
86 MFSA 2019-31 |
|
87 * CVE-2019-11754 (bmo#1580506) |
|
88 Pointer Lock is enabled with no user notification |
|
89 - disable DOH by default |
|
90 |
|
91 ------------------------------------------------------------------- |
|
92 Thu Sep 5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
93 |
|
94 - Mozilla Firefox 69.0 |
|
95 * Enhanced Tracking Protection (ETP) for stronger privacy protections |
|
96 * Block Autoplay feature is enhanced to give users the option to block |
|
97 any video |
|
98 * Users in the US or using the en-US browser, can get a new “New Tab” |
|
99 page experience connecting to the best of Pocket's content. |
|
100 * Support for the Web Authentication HmacSecret extension via |
|
101 Windows Hello introduced. |
|
102 * Support for receiving multiple video codecs with this release makes |
|
103 it easier for WebRTC conferencing services to mix video from |
|
104 different clients. |
|
105 MFSA 2019-25 (boo#1149324) |
|
106 * CVE-2019-11741 (bmo#1539595) |
|
107 Isolate addons.mozilla.org and accounts.firefox.com |
|
108 * CVE-2019-5849 (bmo#1555838) |
|
109 Out-of-bounds read in Skia |
|
110 * CVE-2019-11737 (bmo#1388015) |
|
111 Content security policy directives ignore port and path if host is a wildcard |
|
112 * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641) |
|
113 Memory safety bugs fixed in Firefox 69 |
|
114 * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, |
|
115 bmo#1565744,bmo#1568858,bmo#1570358) |
|
116 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 |
|
117 * CVE-2019-11740 (bmo#1563133,bmo#1573160) |
|
118 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 |
|
119 - requires |
|
120 * rust/cargo >= 1.35 |
|
121 * rust-cbindgen >= 0.9.0 |
|
122 * mozilla-nss >= 3.45 |
|
123 - rebased patches |
|
124 |
|
125 ------------------------------------------------------------------- |
|
126 Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
127 |
|
128 - added a bunch of patches mainly for big endian platforms |
|
129 * mozilla-bmo1504834-part1.patch |
|
130 * mozilla-bmo1504834-part2.patch |
|
131 * mozilla-bmo1504834-part3.patch |
|
132 * mozilla-bmo1511604.patch |
|
133 * mozilla-bmo1554971.patch |
|
134 * mozilla-bmo1573381.patch |
|
135 * mozilla-nestegg-big-endian.patch |
|
136 * mozilla-bmo1512162.patch |
|
137 |
|
138 ------------------------------------------------------------------- |
|
139 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
140 |
|
141 - Mozilla Firefox 68.1.0 |
|
142 MFSA 2019-26 |
|
143 * CVE-2019-11751 (bmo#1572838; Windows only) |
|
144 Malicious code execution through command line parameters |
|
145 * CVE-2019-11746 (bmo#1564449) |
|
146 Use-after-free while manipulating video |
|
147 * CVE-2019-11744 (bmo#1562033) |
|
148 XSS by breaking out of title and textarea elements using innerHTML |
|
149 * CVE-2019-11742 (bmo#1559715) |
|
150 Same-origin policy violation with SVG filters and canvas to steal |
|
151 cross-origin images |
|
152 * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only)) |
|
153 File manipulation and privilege escalation in Mozilla Maintenance Service |
|
154 * CVE-2019-11753 (bmo#1574980; Windows only) |
|
155 Privilege escalation with Mozilla Maintenance Service in custom |
|
156 Firefox installation location |
|
157 * CVE-2019-11752 (bmo#1501152) |
|
158 Use-after-free while extracting a key value in IndexedDB |
|
159 * CVE-2019-9812 (bmo#1538008, bmo#1538015) |
|
160 Sandbox escape through Firefox Sync |
|
161 * CVE-2019-11743 (bmo#1560495) |
|
162 Cross-origin access to unload event attributes |
|
163 * CVE-2019-11748 (bmo#1564588) |
|
164 Persistence of WebRTC permissions in a third party context |
|
165 * CVE-2019-11749 (bmo#1565374) |
|
166 Camera information available without prompting using getUserMedia |
|
167 * CVE-2019-11750 (bmo#1568397) |
|
168 Type confusion in Spidermonkey |
|
169 * CVE-2019-11738 (bmo#1452037) |
|
170 Content security policy bypass through hash-based sources in directives |
|
171 * CVE-2019-11747 (bmo#1564481) |
|
172 'Forget about this site' removes sites from pre-loaded HSTS list |
|
173 * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, |
|
174 bmo#1565744,bmo#1568858,bmo#1570358) |
|
175 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 |
|
176 * CVE-2019-11740 (bmo#1563133,bmo#1573160) |
|
177 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 |
|
178 - switched package to ESR branch |
|
179 - added mozilla-bmo1568145.patch to make builds reproducible |
|
180 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch |
|
181 |
|
182 ------------------------------------------------------------------- |
|
183 Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> |
|
184 |
|
185 - Mozilla Firefox 68.0.2: |
|
186 * Fixed a bug causing some special characters to be cut off from |
|
187 the end of the search terms when searching from the URL bar |
|
188 (bmo#1560228) |
|
189 * Allow fonts to be loaded via file:// URLs when opening a page |
|
190 locally (bmo#1565942) |
|
191 * Printing emails from the Outlook web app no longer prints only |
|
192 the header and footer (bmo#1567105) |
|
193 * Fixed a bug causing some images not to be displayed on reload, |
|
194 including on Google Maps (bmo# 1565542) |
|
195 * Fixed an error when starting external applications configured |
|
196 as URI handlers (bmo#1567614) |
|
197 MFSA 2019-24 (boo#1145665) |
|
198 * CVE-2019-11733: Stored passwords in 'Saved Logins' can be |
|
199 copied without master password entry (bmo#1565780) |
|
200 - drop fix-build-after-y2038-changes-in-glibc.patch, upstream |
|
201 |
|
202 ------------------------------------------------------------------- |
|
203 Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de> |
|
204 |
|
205 - Fix crash when typing in the URL bar on ppc64le (bmo#1512162). |
|
206 The upstream patch doesn't resolve the issue on TW, but compiling |
|
207 with -O1 does. Do this until we have a proper fix. |
|
208 |
|
209 ------------------------------------------------------------------- |
|
210 Thu Aug 1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
211 |
|
212 - Update build constraints to fix arm builds |
|
213 |
|
214 ------------------------------------------------------------------- |
|
215 Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
216 |
|
217 - Mozilla Firefox 68.0.1 |
|
218 * Fixed missing Full Screen button when watching videos in full |
|
219 screen mode on HBO GO (bmo#1562837) |
|
220 * Fixed a bug causing incorrect messages to appear for some |
|
221 locales when sites try to request the use of the Storage |
|
222 Access API (bmo#1558503) |
|
223 * Users in Russian regions may have their default search engine |
|
224 changed (bmo#1565315) |
|
225 * Built-in search engines in some locales do not function |
|
226 correctly (bmo#1565779) |
|
227 * SupportMenu policy doesn't always work (bmo#1553290) |
|
228 * Allow the privacy.file_unique_origin pref to be controlled by |
|
229 policy (bmo#1563759) |
|
230 |
|
231 ------------------------------------------------------------------- |
|
232 Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com> |
|
233 |
|
234 - add fix-build-after-y2038-changes-in-glibc.patch |
|
235 |
|
236 ------------------------------------------------------------------- |
|
237 Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com> |
|
238 |
|
239 - Generate langpacks sequentially to avoid file corruption |
|
240 from racy file writes (boo#1137970) |
|
241 |
|
242 ------------------------------------------------------------------- |
|
243 Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
244 |
|
245 - Mozilla Firefox 68.0 |
|
246 * Dark mode in reader view |
|
247 * Improved extension security and discovery |
|
248 * Cryptomining and fingerprinting protections are added to strict |
|
249 content blocking settings in Privacy & Security preferences |
|
250 * Camera and microphone access now require an HTTPS connection |
|
251 MFSA 2019-21 (bsc#1140868) |
|
252 * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) |
|
253 Sandbox escape via installation of malicious languagepack |
|
254 * CVE-2019-11711 (bmo#1552541) |
|
255 Script injection within domain through inner window reuse |
|
256 * CVE-2019-11712 (bmo#1543804) |
|
257 Cross-origin POST requests can be made with NPAPI plugins by |
|
258 following 308 redirects |
|
259 * CVE-2019-11713 (bmo#1528481) |
|
260 Use-after-free with HTTP/2 cached stream |
|
261 * CVE-2019-11714 (bmo#1542593) |
|
262 NeckoChild can trigger crash when accessed off of main thread |
|
263 * CVE-2019-11729 (bmo#1515342) |
|
264 Empty or malformed p256-ECDH public keys may trigger a segmentation fault |
|
265 * CVE-2019-11715 (bmo#1555523) |
|
266 HTML parsing error can contribute to content XSS |
|
267 * CVE-2019-11716 (bmo#1552632) |
|
268 globalThis not enumerable until accessed |
|
269 * CVE-2019-11717 (bmo#1548306) |
|
270 Caret character improperly escaped in origins |
|
271 * CVE-2019-11718 (bmo#1408349) |
|
272 Activity Stream writes unsanitized content to innerHTML |
|
273 * CVE-2019-11719 (bmo#1540541) |
|
274 Out-of-bounds read when importing curve25519 private key |
|
275 * CVE-2019-11720 (bmo#1556230) |
|
276 Character encoding XSS vulnerability |
|
277 * CVE-2019-11721 (bmo#1256009) |
|
278 Domain spoofing through unicode latin 'kra' character |
|
279 * CVE-2019-11730 (bmo#1558299) |
|
280 Same-origin policy treats all files in a directory as having the |
|
281 same-origin |
|
282 * CVE-2019-11723 (bmo#1528335) |
|
283 Cookie leakage during add-on fetching across private browsing boundaries |
|
284 * CVE-2019-11724 (bmo#1512511) |
|
285 Retired site input.mozilla.org has remote troubleshooting permissions |
|
286 * CVE-2019-11725 (bmo#1483510) |
|
287 Websocket resources bypass safebrowsing protections |
|
288 * CVE-2019-11727 (bmo#1552208) |
|
289 PKCS#1 v1.5 signatures can be used for TLS 1.3 |
|
290 * CVE-2019-11728 (bmo#1552993) |
|
291 Port scanning through Alt-Svc header |
|
292 * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692, |
|
293 bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848, |
|
294 bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180) |
|
295 Memory safety bugs fixed in Firefox 68 |
|
296 * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 |
|
297 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) |
|
298 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 |
|
299 - requires |
|
300 * NSS 3.44.1 |
|
301 * rust/cargo 1.34 |
|
302 * rust-cbindgen 0.8.7 |
|
303 - rebased patches |
|
304 * mozilla-aarch64-startup-crash.patch |
|
305 * mozilla-kde.patch |
|
306 * mozilla-nongnome-proxies.patch |
|
307 * firefox-kde.patch |
|
308 - use new create-tar.sh and add tar_stamps for package definitions |
|
309 - added patches imported from SLE flavour |
|
310 * mozilla-gcc-internal-compiler-error.patch |
|
311 * mozilla-bmo1005535.patch |
|
312 * mozilla-ppc-altivec_static_inline.patch |
|
313 * mozilla-reduce-rust-debuginfo.patch |
|
314 * mozilla-s390-bigendian.patch |
|
315 * mozilla-s390-context.patch |
|
316 |
|
317 ------------------------------------------------------------------- |
|
318 Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
319 |
|
320 - Enable PGO for x86_64. |
|
321 * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch |
|
322 |
|
323 ------------------------------------------------------------------- |
|
324 Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
325 |
|
326 - Mozilla Firefox 67.0.4 |
|
327 MFSA 2019-19 (boo#1138872) |
|
328 * CVE-2019-11708 (bmo#1559858) |
|
329 sandbox escape using Prompt:Open |
|
330 |
|
331 ------------------------------------------------------------------- |
|
332 Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
333 |
|
334 - Mozilla Firefox 67.0.3 |
|
335 MFSA 2019-18 (boo#1138614) |
|
336 * CVE-2019-11707 (bmo#1544386) |
|
337 Type confusion in Array.pop |
|
338 |
|
339 ------------------------------------------------------------------- |
|
340 Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
341 |
|
342 - Mozilla Firefox 67.0.2 |
|
343 * Fixed: Fix JavaScript error ("TypeError: data is null in |
|
344 PrivacyFilter.jsm") in console which may significantly degrade |
|
345 sessionstore reliability and performance (bmo#1553413) |
|
346 * Fixed: Proxy authentication dialog box repeatedly pops up |
|
347 asking to authenticate after upgrading to Firefox 67 (bmo#1548804) |
|
348 * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's |
|
349 implementation (bmo#1551282) |
|
350 * Fixed: Starting in safe mode on Linux or macOS causes Firefox |
|
351 to think on the subsequent launch that the profile is too |
|
352 recent to be used with this version of Firefox (bmo#1556612) |
|
353 * Fixed: Linux distribution users can't easily install/use |
|
354 additional/different languages using the built-in preferences |
|
355 UI (bmo#1554744) |
|
356 * Fixed: Developer tools users can't copy the href/src content |
|
357 from various HTML tags via the context menu in the Inspector |
|
358 markup view (bmo#1552275) |
|
359 * Fixed: Custom home page is broken with clearing data on shutdown |
|
360 settings applied (bmo#1554167) |
|
361 * Fixed: Performance-regression for eclipse RAP based applications |
|
362 (bmo#1555962) |
|
363 * Fixed: macOS 10.15 crash fix (bmo#1556076) |
|
364 * Fixed: Can't start two downloads in parallel via <a download> |
|
365 anymore (bmo#1542912) |
|
366 |
|
367 ------------------------------------------------------------------- |
|
368 Thu Jun 6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
369 |
|
370 - Mozilla Firefox 67.0.1 |
|
371 * enable enhanced tracking protection by default for new users |
|
372 * upgrade of Facebook container to version 2.0 |
|
373 * new version of Firefox Lockwise (password management) |
|
374 * new version of Firefox Monitor |
|
375 * Firefox Send improvements |
|
376 |
|
377 ------------------------------------------------------------------- |
|
378 Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
379 |
|
380 - Mozilla Firefox 67.0 |
|
381 * Firefox 67 will be able to run different Firefox installs side by side |
|
382 https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/ |
|
383 * Tabs can now be pinned from the Page Actions menu in the address bar |
|
384 * Users can block known cryptominers and fingerprinters in the |
|
385 Custom settings or their Content Blocking preferences |
|
386 * The Import Data from Another Browser feature is now also available |
|
387 from the File menu |
|
388 * Firefox will now protect you against running older versions which |
|
389 can lead to data corruption and stability issues |
|
390 * Easier access to your list of saved logins from the main menu and |
|
391 login autocomplete |
|
392 * We’ve added a toolbar menu for your Firefox Account to provide more |
|
393 transparency for when you are synced, sharing data across devices |
|
394 and with Firefox. Personalize the appearance of the menu with your |
|
395 own avatar |
|
396 * Enable FIDO U2F API, and permit registrations for Google Accounts |
|
397 * Enabled AV1 support on Linux |
|
398 MFSA 2019-13 (boo#1135824) |
|
399 * CVE-2019-9815 (bmo#1546544) |
|
400 Disable hyperthreading on content JavaScript threads on macOS |
|
401 * CVE-2019-9816 (bmo#1536768) |
|
402 Type confusion with object groups and UnboxedObjects |
|
403 * CVE-2019-9817 (bmo#1540221) |
|
404 Stealing of cross-domain images using canvas |
|
405 * CVE-2019-9818 (bmo#1542581) (Windows only) |
|
406 Use-after-free in crash generation server |
|
407 * CVE-2019-9819 (bmo#1532553) |
|
408 Compartment mismatch with fetch API |
|
409 * CVE-2019-9820 (bmo#1536405) |
|
410 Use-after-free of ChromeEventHandler by DocShell |
|
411 * CVE-2019-9821 (bmo#1539125) |
|
412 Use-after-free in AssertWorkerThread |
|
413 * CVE-2019-11691 (bmo#1542465) |
|
414 Use-after-free in XMLHttpRequest |
|
415 * CVE-2019-11692 (bmo#1544670) |
|
416 Use-after-free removing listeners in the event listener manager |
|
417 * CVE-2019-11693 (bmo#1532525) |
|
418 Buffer overflow in WebGL bufferdata on Linux |
|
419 * CVE-2019-7317 (bmo#1542829) |
|
420 Use-after-free in png_image_free of libpng library |
|
421 * CVE-2019-11694 (bmo#1534196) (Windows only) |
|
422 Uninitialized memory memory leakage in Windows sandbox |
|
423 * CVE-2019-11695 (bmo#1445844) |
|
424 Custom cursor can render over user interface outside of web content |
|
425 * CVE-2019-11696 (bmo#1392955) |
|
426 Java web start .JNLP files are not recognized as executable files |
|
427 for download prompts |
|
428 * CVE-2019-11697 (bmo#1440079) |
|
429 Pressing key combinations can bypass installation prompt delays and |
|
430 install extensions |
|
431 * CVE-2019-11698 (bmo#1543191) |
|
432 Theft of user history data through drag and drop of hyperlinks |
|
433 to and from bookmarks |
|
434 * CVE-2019-11700 (bmo#1549833) (Windows only) |
|
435 res: protocol can be used to open known local files |
|
436 * CVE-2019-11699 (bmo#1528939) |
|
437 Incorrect domain name highlighting during page navigation |
|
438 * CVE-2019-11701 (bmo#1518627) |
|
439 webcal: protocol default handler loads vulnerable web page |
|
440 * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159, |
|
441 bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) |
|
442 Memory safety bugs fixed in Firefox 67 |
|
443 * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136, |
|
444 bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, |
|
445 bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, |
|
446 bmo#1532465, bmo#1533554, bmo#1541580) |
|
447 Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 |
|
448 - requires |
|
449 * rust/cargo >= 1.32 |
|
450 * mozilla-nspr >= 4.21 |
|
451 * mozilla-nss >= 3.43 |
|
452 * rust-cbindgen >= 0.8.2 |
|
453 - rebased patches |
|
454 - KDE integration for default browser detection is broken in this revision |
|
455 |
|
456 ------------------------------------------------------------------- |
|
457 Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
458 |
|
459 - Fix armv7 build with: |
|
460 * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch |
|
461 |
|
462 ------------------------------------------------------------------- |
|
463 Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
464 |
|
465 - Mozilla Firefox 66.0.5 |
|
466 * Fixed: Further improvements to re-enable web extensions which |
|
467 had been disabled for users with a master password set (bmo#1549249) |
|
468 |
|
469 ------------------------------------------------------------------- |
|
470 Sun May 5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
471 |
|
472 - Mozilla Firefox 66.0.4 (boo#1134126) |
|
473 * fix extension certificate chain |
|
474 https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/ |
|
475 |
|
476 ------------------------------------------------------------------- |
|
477 Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
478 |
|
479 - Mozilla Firefox 66.0.3 |
|
480 * Fixed: Address bar on tablets running Windows 10 now behaves |
|
481 correctly (bmo#1498973) |
|
482 * Fixed: Performance issues with some HTML5 games (bmo#1537609) |
|
483 * Fixed a bug with keypress events in IBM cloud applications |
|
484 (bmo#1538970) |
|
485 * Fix for keypress events in some Microsoft cloud applications |
|
486 (bmo#1539618) |
|
487 * Changed: Updated Baidu search plugin |
|
488 |
|
489 ------------------------------------------------------------------- |
|
490 Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
491 |
|
492 - Mozilla Firefox 66.0.2 |
|
493 * Fixed Web compatibility issues with Office 365, iCloud and |
|
494 IBM WebMail caused by recent changes to the handling of |
|
495 keyboard events (bmo#1538966) |
|
496 * Crash fixes (bmo#1521370, bmo#1539118) |
|
497 |
|
498 ------------------------------------------------------------------- |
|
499 Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
500 |
|
501 - Add patch to fix aarch64 build: |
|
502 * mozilla-fix-aarch64-libopus.patch (bmo#1539737) |
|
503 |
|
504 ------------------------------------------------------------------- |
|
505 Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
506 |
|
507 - Mozilla Firefox 66.0.1 |
|
508 MFSA 2019-09 (bsc#1130262) |
|
509 * CVE-2019-9810 (bmo#1537924) |
|
510 IonMonkey MArraySlice has incorrect alias information |
|
511 * CVE-2019-9813 (bmo#1538006) |
|
512 Ionmonkey type confusion with __proto__ mutations |
|
513 |
|
514 ------------------------------------------------------------------- |
|
515 Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
516 |
|
517 - Mozilla Firefox 66.0 |
|
518 * Increased content processes to 8 |
|
519 * Added capability to search through open tabs from the tab overflow menu |
|
520 * New backend for the storage.local WebExtensions API, providing |
|
521 I/O performance improvements when the extension updates a small |
|
522 subset of the stored data |
|
523 * WebExtension keyboard shortcuts can now be managed or overridden |
|
524 from about:addons |
|
525 * Improved scrolling behavior: Firefox will now attempt to keep content |
|
526 from jumping around while a page is loading by supporting scroll |
|
527 anchoring |
|
528 * New about:privatebrowsing with search |
|
529 * A certificate error page now notifies the user of the name of the |
|
530 certificate issuer that breaks HTTPs connections on intercepted |
|
531 connections to help troubleshooting possible anti-virus software |
|
532 issues. |
|
533 * Fixed an performance issue some Linux users experienced with the |
|
534 Downloads panel (bmo#1517101) |
|
535 * Firefox now blocks all autoplay media with sound by default. Users |
|
536 can add individual sites to an exceptions list or turn the blocking |
|
537 off. |
|
538 * System title bar is hidden by default to match Gnome guideline |
|
539 MFSA 2019-07 (bsc#1129821) |
|
540 * CVE-2019-9790 (bmo#1525145) |
|
541 Use-after-free when removing in-use DOM elements |
|
542 * CVE-2019-9791 (bmo#1530958) |
|
543 Type inference is incorrect for constructors entered through on-stack |
|
544 replacement with IonMonkey |
|
545 * CVE-2019-9792 (bmo#1532599) |
|
546 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script |
|
547 * CVE-2019-9793 (bmo#1528829) |
|
548 Improper bounds checks when Spectre mitigations are disabled |
|
549 * CVE-2019-9794 (bmo#1530103) (Windows only) |
|
550 Command line arguments not discarded during execution |
|
551 * CVE-2019-9795 (bmo#1514682) |
|
552 Type-confusion in IonMonkey JIT compiler |
|
553 * CVE-2019-9796 (bmo#1531277) |
|
554 Use-after-free with SMIL animation controller |
|
555 * CVE-2019-9797 (bmo#1528909) |
|
556 Cross-origin theft of images with createImageBitmap |
|
557 * CVE-2019-9798 (bmo#1527534) (Android only) |
|
558 Library is loaded from world writable APITRACE_LIB location |
|
559 * CVE-2019-9799 (bmo#1505678) |
|
560 Information disclosure via IPC channel messages |
|
561 * CVE-2019-9801 (bmo#1527717) (Windows only) |
|
562 Windows programs that are not 'URL Handlers' are exposed to web content |
|
563 * CVE-2019-9802 (bmo#1415508) |
|
564 Chrome process information leak |
|
565 * CVE-2019-9803 (bmo#1515863, bmo#1437009) |
|
566 Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation |
|
567 * CVE-2019-9804 (bmo#1518026) (MacOS only) |
|
568 Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS |
|
569 * CVE-2019-9805 (bmo#1521360) |
|
570 Potential use of uninitialized memory in Prio |
|
571 * CVE-2019-9806 (bmo#1525267) |
|
572 Denial of service through successive FTP authorization prompts |
|
573 * CVE-2019-9807 (bmo#1362050) |
|
574 Text sent through FTP connection can be incorporated into alert messages |
|
575 * CVE-2019-9809 (bmo#1282430, bmo#1523249) |
|
576 Denial of service through FTP modal alert error messages |
|
577 * CVE-2019-9808 (bmo#1434634) |
|
578 WebRTC permissions can display incorrect origin with data: and blob: URLs |
|
579 * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337, |
|
580 bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579, |
|
581 bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821 |
|
582 Memory safety bugs fixed in Firefox 66 |
|
583 * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665, |
|
584 bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203 |
|
585 Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 |
|
586 - updated build/runtime requirements |
|
587 * mozilla-nss >= 3.42.1 |
|
588 * cargo/rust >= 1.31 |
|
589 * rust-cbindgen >= 0.6.8 |
|
590 * nasm >= 2.13 (new) |
|
591 - removed obsolete patch |
|
592 * mozilla-bmo256180.patch |
|
593 |
1 ------------------------------------------------------------------- |
594 ------------------------------------------------------------------- |
2 Tue Mar 5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com> |
595 Tue Mar 5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com> |
3 |
596 |
4 - Do not hardcode nodejs8 but leave the prefer to the distribution |
597 - Do not hardcode nodejs8 but leave the prefer to the distribution |
5 (Tumbleweed staging wants to switch to nodejs10) |
598 (Tumbleweed staging wants to switch to nodejs10) |