|
1 ------------------------------------------------------------------- |
|
2 Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 49.0 (boo#999701) |
|
5 new features |
|
6 * Updated Firefox Login Manager to allow HTTPS pages to use saved |
|
7 HTTP logins. |
|
8 * Added features to Reader Mode that make it easier on the eyes and |
|
9 the ears |
|
10 * Improved video performance for users on systems that support |
|
11 SSE3 without hardware acceleration |
|
12 * Added context menu controls to HTML5 audio and video that let users |
|
13 loops files or play files at 1.25x speed |
|
14 * Improvements in about:memory reports for tracking font memory usage |
|
15 security related |
|
16 * MFSA 2016-85 |
|
17 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in |
|
18 mozilla::net::IsValidReferrerPolicy |
|
19 CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in |
|
20 nsCaseTransformTextRunFactory::TransformString |
|
21 CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in |
|
22 PropertyProvider::GetSpacingInternal |
|
23 CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin |
|
24 CVE-2016-5273 (bmo#1280387) - crash in |
|
25 mozilla::a11y::HyperTextAccessible::GetChildOffset |
|
26 CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in |
|
27 mozilla::a11y::DocAccessible::ProcessInvalidationList |
|
28 CVE-2016-5274 (bmo#1282076) - use-after-free in |
|
29 nsFrameManager::CaptureFrameState |
|
30 CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick |
|
31 CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in |
|
32 mozilla::gfx::FilterSupport::ComputeSourceNeededRegions |
|
33 CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in |
|
34 nsBMPEncoder::AddImageFrame |
|
35 CVE-2016-5279 (bmo#1249522) - Full local path of files is available |
|
36 to web pages after drag and drop |
|
37 CVE-2016-5280 (bmo#1289970) - Use-after-free in |
|
38 mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap |
|
39 CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength |
|
40 CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons |
|
41 from non-whitelisted schemes |
|
42 CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can |
|
43 reveal cross-origin data |
|
44 CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration |
|
45 CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 |
|
46 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 |
|
47 - removed obsolete patches: |
|
48 * mozilla-aarch64-48bit-va.patch |
|
49 * mozilla-exclude-nametablecpp.patch |
|
50 * mozilla-old_configure-bmo1282843.patch |
|
51 - added patch mozilla-skia-overflow.patch (bmo#1304114) |
|
52 - requires NSS 3.25 |
|
53 |
1 ------------------------------------------------------------------- |
54 ------------------------------------------------------------------- |
2 Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com |
55 Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com |
3 |
56 |
4 - Mozilla Firefox 48.0.2: |
57 - Mozilla Firefox 48.0.2: |
5 * Mitigate a startup crash issue caused on Windows (bmo#1291738) |
58 * Mitigate a startup crash issue caused on Windows (bmo#1291738) |