Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox58
changeset 1026 963c89cda54b
parent 1023 fce335a42db7
child 1027 7071f6ebfda6
equal deleted inserted replaced
1025:108497b98e44 1026:963c89cda54b 
     1 -------------------------------------------------------------------
 
     1 -------------------------------------------------------------------
 
     2 Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org
 
     2 Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
 
     3 
     3 
     4 - update to Firefox 58.0b15
 
     4 - update to Firefox 58.0 (bsc#1077291)
 
     5   * Added Nepali (ne-NP) locale
 
     5   * Added Nepali (ne-NP) locale
 
     6   * Added support for form autofill for credit card
 
     6   * Added support for form autofill for credit card
 
     7   * Optimize page load by caching JavaScript internal representation
 
     7   * Optimize page load by caching JavaScript internal representation
 
       
     8   MFSA 2018-02
 
       
     9   * CVE-2018-5091 (bmo#1423086)
 
       
    10     Use-after-free with DTMF timers
 
       
    11   * CVE-2018-5092 (bmo#1418074)
 
       
    12     Use-after-free in Web Workers
 
       
    13   * CVE-2018-5093 (bmo#1415291)
 
       
    14     Buffer overflow in WebAssembly during Memory/Table resizing
 
       
    15   * CVE-2018-5094 (bmo#1415883)
 
       
    16     Buffer overflow in WebAssembly with garbage collection on
 
       
    17     uninitialized memory
 
       
    18   * CVE-2018-5095 (bmo#1418447)
 
       
    19     Integer overflow in Skia library during edge builder allocation
 
       
    20   * CVE-2018-5097 (bmo#1387427)
 
       
    21     Use-after-free when source document is manipulated during XSLT
 
       
    22   * CVE-2018-5098 (bmo#1399400)
 
       
    23     Use-after-free while manipulating form input elements
 
       
    24   * CVE-2018-5099 (bmo#1416878)
 
       
    25     Use-after-free with widget listener
 
       
    26   * CVE-2018-5100 (bmo#1417405)
 
       
    27     Use-after-free when IsPotentiallyScrollable arguments are freed
 
       
    28     from memory
 
       
    29   * CVE-2018-5101 (bmo#1417661)
 
       
    30     Use-after-free with floating first-letter style elements
 
       
    31   * CVE-2018-5102 (bmo#1419363)
 
       
    32     Use-after-free in HTML media elements
 
       
    33   * CVE-2018-5103 (bmo#1423159)
 
       
    34     Use-after-free during mouse event handling
 
       
    35   * CVE-2018-5104 (bmo#1425000)
 
       
    36     Use-after-free during font face manipulation
 
       
    37   * CVE-2018-5105 (bmo#1390882)
 
       
    38     WebExtensions can save and execute files on local file system
 
       
    39     without user prompts
 
       
    40   * CVE-2018-5106 (bmo#1408708)
 
       
    41     Developer Tools can expose style editor information cross-origin
 
       
    42     through service worker
 
       
    43   * CVE-2018-5107 (bmo#1379276)
 
       
    44     Printing process will follow symlinks for local file access
 
       
    45   * CVE-2018-5108 (bmo#1421099)
 
       
    46     Manually entered blob URL can be accessed by subsequent private browsing tabs
 
       
    47   * CVE-2018-5109 (bmo#1405599)
 
       
    48     Audio capture prompts and starts with incorrect origin attribution
 
       
    49   * CVE-2018-5110 (bmo#1423275) (affects only OS X)
 
       
    50     Cursor can be made invisible on OS X
 
       
    51   * CVE-2018-5111 (bmo#1321619)
 
       
    52     URL spoofing in addressbar through drag and drop
 
       
    53   * CVE-2018-5112 (bmo#1425224)
 
       
    54     Extension development tools panel can open a non-relative URL in the panel
 
       
    55   * CVE-2018-5113 (bmo#1425267)
 
       
    56     WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
 
       
    57   * CVE-2018-5114 (bmo#1421324)
 
       
    58     The old value of a cookie changed to HttpOnly remains accessible to scripts
 
       
    59   * CVE-2018-5115 (bmo#1409449)
 
       
    60     Background network requests can open HTTP authentication in unrelated foreground tabs
 
       
    61   * CVE-2018-5116 (bmo#1396399)
 
       
    62     WebExtension ActiveTab permission allows cross-origin frame content access
 
       
    63   * CVE-2018-5117 (bmo#1395508)
 
       
    64     URL spoofing with right-to-left text aligned left-to-right
 
       
    65   * CVE-2018-5118 (bmo#1420049)
 
       
    66     Activity Stream images can attempt to load local content through file:
 
       
    67   * CVE-2018-5119 (bmo#1420507)
 
       
    68     Reader view will load cross-origin content in violation of CORS headers
 
       
    69   * CVE-2018-5121 (bmo#1402368) (affects only OS X)
 
       
    70     OS X Tibetan characters render incompletely in the addressbar
 
       
    71   * CVE-2018-5122 (bmo#1413841)
 
       
    72     Potential integer overflow in DoCrypt
 
       
    73   * CVE-2018-5090
 
       
    74     Memory safety bugs fixed in Firefox 58
 
       
    75   * CVE-2018-5089
 
       
    76     Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
 
     8 - requires NSS 3.34.1
 
    77 - requires NSS 3.34.1
 
     9 - requires rust 1.21
 
    78 - requires rust 1.21
 
    10 - removed obsolete patches:
 
    79 - removed obsolete patches:
 
    11   mozilla-bindgen-systemlibs.patch
 
    80   mozilla-bindgen-systemlibs.patch
 
    12   mozilla-bmo1360278.patch
 
    81   mozilla-bmo1360278.patch
mozilla