1 -------------------------------------------------------------------

     2 Fri Mar  8 08:36:26 UTC 2013 - wr@rosenauer.org

     3 

     4 - update to Firefox 17.0.4 (bnc#808243)

     5   * MFSA 2013-29/CVE-2013-0787 (bmo#848644)

     6     Use-after-free in HTML Editor

     7 

     8 -------------------------------------------------------------------

     9 Sat Feb 16 17:16:35 UTC 2013 - wr@rosenauer.org

    10 

    11 - update to Firefox 17.0.3esr (bnc#804248)

    12   * MFSA 2013-21/CVE-2013-0783

    13     Miscellaneous memory safety hazards

    14   * MFSA 2013-24/CVE-2013-0773 (bmo#809652)

    15     Web content bypass of COW and SOW security wrappers

    16   * MFSA 2013-25/CVE-2013-0774 (bmo#827193)

    17     Privacy leak in JavaScript Workers

    18   * MFSA 2013-26/CVE-2013-0775 (bmo#831095)

    19     Use-after-free in nsImageLoadingContent

    20   * MFSA 2013-27/CVE-2013-0776 (bmo#796475)

    21     Phishing on HTTPS connection through malicious proxy

    22   * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782

    23     Use-after-free, out of bounds read, and buffer overflow issues

    24     found using Address Sanitizer

    25 

    30   * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770

    31     Miscellaneous memory safety hazards

    32   * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767

    33     CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829

    34     Use-after-free and buffer overflow issues found using Address Sanitizer

    35   * MFSA 2013-03/CVE-2013-0768 (bmo#815795)

    36     Buffer Overflow in Canvas

    37   * MFSA 2013-04/CVE-2012-0759 (bmo#802026)

    38     URL spoofing in addressbar during page loads

    39   * MFSA 2013-05/CVE-2013-0744 (bmo#814713)

    40     Use-after-free when displaying table with many columns and column groups

    41   * MFSA 2013-07/CVE-2013-0764 (bmo#804237)

    42     Crash due to handling of SSL on threads

    43   * MFSA 2013-08/CVE-2013-0745 (bmo#794158)

    44     AutoWrapperChanger fails to keep objects alive during garbage collection

    45   * MFSA 2013-09/CVE-2013-0746 (bmo#816842)

    46     Compartment mismatch with quickstubs returned values

    47   * MFSA 2013-10/CVE-2013-0747 (bmo#733305)

    48     Event manipulation in plugin handler to bypass same-origin policy

    49   * MFSA 2013-11/CVE-2013-0748 (bmo#806031)

    50     Address space layout leaked in XBL objects

    51   * MFSA 2013-12/CVE-2013-0750 (bmo#805121)

    52     Buffer overflow in Javascript string concatenation

    53   * MFSA 2013-13/CVE-2013-0752 (bmo#805024)

    54     Memory corruption in XBL with XML bindings containing SVG

    55   * MFSA 2013-14/CVE-2013-0757 (bmo#813901)

    56     Chrome Object Wrapper (COW) bypass through changing prototype

    57   * MFSA 2013-15/CVE-2013-0758 (bmo#813906)

    58     Privilege escalation through plugin objects

    59   * MFSA 2013-16/CVE-2013-0753 (bmo#814001)

    60     Use-after-free in serializeToStream

    61   * MFSA 2013-17/CVE-2013-0754 (bmo#814026)

    62     Use-after-free in ListenerManager

    63   * MFSA 2013-18/CVE-2013-0755 (bmo#814027)

    64     Use-after-free in Vibrate

    65   * MFSA 2013-19/CVE-2013-0756 (bmo#814029)

    66     Use-after-free in Javascript Proxy objects

    67 - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)