--- a/MozillaFirefox/MozillaFirefox.changes Mon Dec 14 00:04:31 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sat Dec 19 17:31:28 2015 +0100
@@ -1,12 +1,50 @@
-------------------------------------------------------------------
-Sun Dec 13 12:48:28 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 43.0b9
+Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
* Users can opt-in to receive search suggestions from the Awesome Bar
* WebRTC streaming on multiple monitors
* User selectable second block list for Private Browsing's Tracking
Protection
+ security fixes:
+ * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
+ Miscellaneous memory safety hazards
+ * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
+ Crash with JavaScript variable assignment with unboxed objects
+ * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+ Same-origin policy violation using perfomance.getEntries and
+ history navigation
+ * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
+ Firefox allows for control characters to be set in cookies
+ * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+ Use-after-free in WebRTC when datachannel is used after being
+ destroyed
+ * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+ Integer overflow allocating extremely large textures
+ * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
+ Cross-origin information leak through web workers error events
+ * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
+ Hash in data URI is incorrectly parsed
+ * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
+ DOS due to malformed frames in HTTP/2
+ * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
+ Linux file chooser crashes on malformed images due to flaws in
+ Jasper library
+ * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
+ (bmo#1201183, bmo#1178033, bmo#1199400)
+ Buffer overflows found through code inspection
+ * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+ Underflow through code inspection
+ * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+ Integer overflow in MP4 playback in 64-bit versions
+ * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+ Integer underflow and buffer overflow processing MP4 metadata in
+ libstagefright
+ * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
+ Privilege escalation vulnerabilities in WebExtension APIs
+ * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+ Cross-site reading attack through data and view-source URIs
- rebased patches
-------------------------------------------------------------------