Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox42
changeset 886 2e9f984bca7f
parent 885 ee3c462047d5
child 889 de3a92aed259 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Oct 31 20:58:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sun Dec 06 22:08:01 2015 +0100
@@ -1,4 +1,12 @@
 -------------------------------------------------------------------
+Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org
+
+- Add desktop menu action for private browsing window to desktop
+  file (boo#954747)
+- remove obsolete patch mozilla-bmo1005535.patch completely from
+  source package to avoid automatic check failures
+
+-------------------------------------------------------------------
 Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org
 
 - update to Firefox 42.0 (bnc#952810)
@@ -9,7 +17,49 @@
   * WebRTC improvements
   * Indicator added to tabs that play audio with one-click muting
   * Media Source Extension for HTML5 video available for all sites
-- requires NSPR 4.10.10 and NSS 3.19.4
+  security fixes:
+  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
+    Miscellaneous memory safety hazards
+  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
+    Information disclosure through NTLM authentication
+  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
+    CSP bypass due to permissive Reader mode whitelist
+  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
+    Firefox for Android addressbar can be removed after fullscreen mode
+  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
+    Reading sensitive profile files through local HTML file on Android
+  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
+    disabling scripts in Add-on SDK panels has no effect
+  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
+    Trailing whitespace in IP address hostnames can bypass same-origin policy
+  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
+    Buffer overflow during image interactions in canvas
+  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
+    Android intents can be used on Firefox for Android to open privileged files
+  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
+    XSS attack through intents on Firefox for Android
+  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
+    Crash when accessing HTML tables with accessibility tools on OS X
+  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
+    CORS preflight is bypassed when non-standard Content-Type headers
+    are received
+  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
+    Memory corruption in libjar through zip files
+  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
+    Certain escaped characters in host of Location-header are being
+    treated as non-escaped
+  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
+    JavaScript garbage collection crash with Java applet
+  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
+    (bmo#1188010, bmo#1204061, bmo#1204155)
+    Vulnerabilities found through code inspection
+  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
+    Mixed content WebSocket policy bypass through workers
+  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
+    (bmo#1202868, bmo#1205157)
+    NSS and NSPR memory corruption issues
+    (fixed in mozilla-nspr and mozilla-nss packages)
+- requires NSPR >= 4.10.10 and NSS >= 3.19.4
 - removed obsolete patches
   * mozilla-arm-disable-edsp.patch
   * mozilla-icu-strncat.patch
mozilla