Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 867 3af93b7e5e3d
parent 866 28eb9d3ab7e8
child 868 284da266ec46 
--- a/MozillaFirefox/MozillaFirefox.changes	Fri Jun 19 08:18:57 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat Jul 18 14:48:41 2015 +0200
@@ -1,11 +1,56 @@
 -------------------------------------------------------------------
-Wed Jun 19 10:48:49 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 39.0b6
+Sat Jul 18 12:47:47 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0b5
+
+-------------------------------------------------------------------
+Wed Jul  1 06:43:02 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 39.0 (bnc#935979)
+  * Share Hello URLs with social networks
+  * Support for 'switch' role in ARIA 1.1 (web accessibility)
+  * SafeBrowsing malware detection lookups enabled for downloads
+    (Mac OS X and Linux)
+  * Support for new Unicode 8.0 skin tone emoji
+  * Removed support for insecure SSLv3 for network communications
+  * Disable use of RC4 except for temporarily whitelisted hosts
+  * NPAPI Plug-in performance improved via asynchronous initialization
+  security fixes:
+  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
+    Miscellaneous memory safety hazards
+  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
+    Local files or privileged URLs in pages can be opened into new tabs
+  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
+    Type confusion in Indexed Database Manager
+  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
+    Out-of-bound read while computing an oscillator rendering range in Web Audio
+  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
+    Use-after-free in Content Policy due to microtask execution error
+  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
+    ECDSA signature validation fails to handle some signatures correctly
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
+    Use-after-free in workers while using XMLHttpRequest
+  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
+    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
+    Vulnerabilities found through code inspection
+  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
+    Key pinning is ignored when overridable errors are encountered
+  * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
+    OS X crash reports may contain entered key press information
+    (not relevant under Linux)
+  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
+    Privilege escalation in PDF.js
+  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
+    NSS accepts export-length DHE keys with regular DHE cipher suites
+    (this fix is shipped by NSS 3.19.1 externally)
+  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
+    NSS incorrectly permits skipping of ServerKeyExchange
+    (this fix is shipped by NSS 3.19.1 externally)
 - dropped mozilla-prefer_plugin_pref.patch as this feature is
   likely not worth maintaining further
 - rebased patches
-- require NSS 3.19.1
+- require NSS 3.19.2
 
 -------------------------------------------------------------------
 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de
mozilla