1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
2 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
3 |
3 |
4 - Mozilla Firefox 68.1.0 |
4 - Mozilla Firefox 68.1.0 |
|
5 MFSA 2019-26 |
|
6 * CVE-2019-11751 (bmo#1572838; Windows only) |
|
7 Malicious code execution through command line parameters |
|
8 * CVE-2019-11746 (bmo#1564449) |
|
9 Use-after-free while manipulating video |
|
10 * CVE-2019-11744 (bmo#1562033) |
|
11 XSS by breaking out of title and textarea elements using innerHTML |
|
12 * CVE-2019-11742 (bmo#1559715) |
|
13 Same-origin policy violation with SVG filters and canvas to steal |
|
14 cross-origin images |
|
15 * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only)) |
|
16 File manipulation and privilege escalation in Mozilla Maintenance Service |
|
17 * CVE-2019-11753 (bmo#1574980; Windows only) |
|
18 Privilege escalation with Mozilla Maintenance Service in custom |
|
19 Firefox installation location |
|
20 * CVE-2019-11752 (bmo#1501152) |
|
21 Use-after-free while extracting a key value in IndexedDB |
|
22 * CVE-2019-9812 (bmo#1538008, bmo#1538015) |
|
23 Sandbox escape through Firefox Sync |
|
24 * CVE-2019-11743 (bmo#1560495) |
|
25 Cross-origin access to unload event attributes |
|
26 * CVE-2019-11748 (bmo#1564588) |
|
27 Persistence of WebRTC permissions in a third party context |
|
28 * CVE-2019-11749 (bmo#1565374) |
|
29 Camera information available without prompting using getUserMedia |
|
30 * CVE-2019-11750 (bmo#1568397) |
|
31 Type confusion in Spidermonkey |
|
32 * CVE-2019-11738 (bmo#1452037) |
|
33 Content security policy bypass through hash-based sources in directives |
|
34 * CVE-2019-11747 (bmo#1564481) |
|
35 'Forget about this site' removes sites from pre-loaded HSTS list |
|
36 * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, |
|
37 bmo#1565744,bmo#1568858,bmo#1570358) |
|
38 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 |
|
39 * CVE-2019-11740 (bmo#1563133,bmo#1573160) |
|
40 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 |
|
41 - switched package to ESR branch |
5 - added mozilla-bmo1568145.patch to make builds reproducible |
42 - added mozilla-bmo1568145.patch to make builds reproducible |
6 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch |
43 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch |
7 |
44 |
8 ------------------------------------------------------------------- |
45 ------------------------------------------------------------------- |
9 Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> |
46 Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> |