Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox74
changeset 1123 7fa561e5d7c7
parent 1122 a9cd24eaa361
child 1124 f890ebd6b627 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Mar 07 09:48:10 2020 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Mon Mar 30 21:49:01 2020 +0200
@@ -1,4 +1,59 @@
 -------------------------------------------------------------------
+Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
+  to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
+  (bsc#1167132)
+
+-------------------------------------------------------------------
+Sat Mar  7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 74.0
+  * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
+  MFSA 2020-08 (bsc#1166238)
+  * CVE-2020-6805 (bmo#1610880)
+    Use-after-free when removing data about origins
+  * CVE-2020-6806 (bmo#1612308)
+    BodyStream::OnInputStreamReady was missing protections against
+    state confusion
+  * CVE-2020-6807 (bmo#1614971)
+    Use-after-free in cubeb during stream destruction
+  * CVE-2020-6808 (bmo#1247968)
+    URL Spoofing via javascript: URL
+  * CVE-2020-6809 (bmo#1420296)
+    Web Extensions with the all-urls permission could access local
+    files
+  * CVE-2020-6810 (bmo#1432856)
+    Focusing a popup while in fullscreen could have obscured the
+    fullscreen notification
+  * CVE-2020-6811 (bmo#1607742)
+    Devtools' 'Copy as cURL' feature did not fully escape
+    website-controlled data, potentially leading to command injection
+  * CVE-2019-20503 (bmo#1613765)
+    Out of bounds reads in sctp_load_addresses_from_init
+  * CVE-2020-6812 (bmo#1616661)
+    The names of AirPods with personally identifiable information
+    were exposed to websites with camera or microphone permission
+  * CVE-2020-6813 (bmo#1605814)
+    @import statements in CSS could bypass the Content Security
+    Policy nonce feature
+  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
+    bmo#1614339)
+    Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
+  * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
+    bmo#1612431)
+    Memory and script safety bugs fixed in Firefox 74
+- requires
+  * NSPR 4.25
+  * NSS 3.50
+  * rust-cbindgen 0.13.0
+- removed obsolete patches
+  mozilla-bmo1610814.patch
+  mozilla-cubeb-noreturn.patch
+- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
+  (bmo#1609538, boo#1166471)
+
+-------------------------------------------------------------------
 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - big endian fixes
mozilla