Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox84
changeset 1152 4cfe46c9a944
parent 1151 8df86bf11fc1
child 1153 fdd746757dda 
--- a/MozillaFirefox/MozillaFirefox.changes	Thu Dec 10 14:36:59 2020 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sun Dec 27 10:49:49 2020 +0100
@@ -1,4 +1,55 @@
 -------------------------------------------------------------------
+Sun Dec 13 18:18:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 84.0
+  * Firefox 84 is the final release to support Adobe Flash
+  * WebRender is enabled by default when run on GNOME-based X11
+    Linux desktops
+  MFSA 2020-54 (bsc#1180039))
+  * CVE-2020-16042 (bmo#1679003)
+    Operations on a BigInt could have caused uninitialized memory
+    to be exposed
+  * CVE-2020-26971 (bmo#1663466)
+    Heap buffer overflow in WebGL
+  * CVE-2020-26972 (bmo#1671382)
+    Use-After-Free in WebGL
+  * CVE-2020-26973 (bmo#1680084)
+    CSS Sanitizer performed incorrect sanitization
+  * CVE-2020-26974 (bmo#1681022)
+    Incorrect cast of StyleGenericFlexBasis resulted in a heap
+    use-after-free
+  * CVE-2020-26975 (bmo#1661071)
+    Malicious applications on Android could have induced Firefox
+    for Android into sending arbitrary attacker-specified headers
+  * CVE-2020-26976 (bmo#1674343)
+    HTTPS pages could have been intercepted by a registered
+    service worker when they should not have been
+  * CVE-2020-26977 (bmo#1676311)
+    URL spoofing via unresponsive port in Firefox for Android
+  * CVE-2020-26978 (bmo#1677047)
+    Internal network hosts could have been probed by a malicious
+    webpage
+  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
+    When entering an address in the address or search bars, a
+    website could have redirected the user before they were
+    navigated to the intended url
+  * CVE-2020-35111 (bmo#1657916)
+    The proxy.onRequest API did not catch view-source URLs
+  * CVE-2020-35112 (bmo#1661365)
+    Opening an extension-less download may have inadvertently
+    launched an executable instead
+  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
+    Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
+  * CVE-2020-35114 (bmo#1607449, bmo#1640416, bmo#1656459,
+    bmo#1669914, bmo#1673567)
+    Memory safety bugs fixed in Firefox 84
+- requires
+  NSS >= 3.59
+  rust >= 1.44
+  rust-cbindgen >= 0.15.0
+- remove revert-795c8762b16b.patch and replace with mozilla-pgo.patch
+
+-------------------------------------------------------------------
 Sat Nov 21 08:12:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org>
 
 - Add/Enable GNOME search provider
mozilla