1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Tue Mar 6 08:27:05 UTC 2018 - wr@rosenauer.org |
2 Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 59.0 |
4 - update to Firefox 59.0 |
|
5 * Performance enhancements |
|
6 * Drag-and-drop to rearrange Top Sites on the Firefox Home page |
|
7 * added features for Firefox Screenshots |
|
8 * Enhanced WebExtensions API |
|
9 * Improved RTC capabilities |
|
10 MFSA 2018-06 (bsc#1085130) |
|
11 * CVE-2018-5127 (bmo#1430557) |
|
12 Buffer overflow manipulating SVG animatedPathSegList |
|
13 * CVE-2018-5128 (bmo#1431336) |
|
14 Use-after-free manipulating editor selection ranges |
|
15 * CVE-2018-5129 (bmo#1428947) |
|
16 Out-of-bounds write with malformed IPC messages |
|
17 * CVE-2018-5130 (bmo#1433005) |
|
18 Mismatched RTP payload type can trigger memory corruption |
|
19 * CVE-2018-5131 (bmo#1440775) |
|
20 Fetch API improperly returns cached copies of no-store/no-cache resources |
|
21 * CVE-2018-5132 (bmo#1408194) |
|
22 WebExtension Find API can search privileged pages |
|
23 * CVE-2018-5133 (bmo#1430511, bmo#1430974) |
|
24 Value of the app.support.baseURL preference is not properly sanitized |
|
25 * CVE-2018-5134 (bmo#1429379) |
|
26 WebExtensions may use view-source: URLs to bypass content restrictions |
|
27 * CVE-2018-5135 (bmo#1431371) |
|
28 WebExtension browserAction can inject scripts into unintended contexts |
|
29 * CVE-2018-5136 (bmo#1419166) |
|
30 Same-origin policy violation with data: URL shared workers |
|
31 * CVE-2018-5137 (bmo#1432870) |
|
32 Script content can access legacy extension non-contentaccessible resources |
|
33 * CVE-2018-5138 (bmo#1432624) (Android only) |
|
34 Android Custom Tab address spoofing through long domain names |
|
35 * CVE-2018-5140 (bmo#1424261) |
|
36 Moz-icon images accessible to web content through moz-icon: protocol |
|
37 * CVE-2018-5141 (bmo#1429093) |
|
38 DOS attack through notifications Push API |
|
39 * CVE-2018-5142 (bmo#1366357) |
|
40 Media Capture and Streams API permissions display incorrect origin |
|
41 with data: and blob: URLs |
|
42 * CVE-2018-5143 (bmo#1422643) |
|
43 Self-XSS pasting javascript: URL with embedded tab into addressbar |
|
44 * CVE-2018-5126 |
|
45 Memory safety bugs fixed in Firefox 59 |
|
46 * CVE-2018-5125 |
|
47 Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 |
5 - requires NSPR 4.18 and NSS 3.35 |
48 - requires NSPR 4.18 and NSS 3.35 |
6 - requires rust >= 1.22.1 |
49 - requires rust >= 1.22.1 |
7 - removed obsolete patches: |
50 - removed obsolete patches: |
8 mozilla-alsa-sandbox.patch |
51 mozilla-alsa-sandbox.patch |
9 mozilla-enable-csd.patch |
52 mozilla-enable-csd.patch |
26 ------------------------------------------------------------------- |
69 ------------------------------------------------------------------- |
27 Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org |
70 Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org |
28 |
71 |
29 - update to Firefox 58.0.1 |
72 - update to Firefox 58.0.1 |
30 MFSA 2018-05 |
73 MFSA 2018-05 |
31 * Arbitrary code execution through unsanitized browser UI (bmo#1432966) |
74 * Arbitrary code execution through unsanitized browser UI (bmo#1432966) |
32 - use correct language packs |
75 - use correct language packs |
33 - readd mozilla-enable-csd.patch as it only lands for FF59 upstream |
76 - readd mozilla-enable-csd.patch as it only lands for FF59 upstream |
34 - allow larger number of nested elements (mozilla-bmo256180.patch) |
77 - allow larger number of nested elements (mozilla-bmo256180.patch) |
35 |
78 |
36 ------------------------------------------------------------------- |
79 ------------------------------------------------------------------- |