Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox64
changeset 1082 821cfbe8efcc
parent 1081 9fec29d2ead2
child 1083 2f7023025374 
--- a/MozillaFirefox/MozillaFirefox.changes	Tue Dec 11 08:48:38 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Dec 12 12:15:16 2018 +0100
@@ -1,4 +1,61 @@
 -------------------------------------------------------------------
+Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to Firefox 64.0
+  * Better recommendations: You may see suggestions in regular browsing
+    mode for new and relevant Firefox features, services, and extensions
+    based on how you use the web (for US users only)
+  * Enhanced tab management: You can now select multiple tabs from the
+    tab bar and close, move, bookmark, or pin them quickly and easily
+  * Easier performance management: The new Task Manager page found at
+    about:performance lets you see how much energy each open tab consumes
+    and provides access to close tabs to conserve power
+  * Improved performance for Mac and Linux users, by enabling link time
+    optimization (Clang LTO).
+  * Added option to remove add-ons using the context menu on their
+    toolbar buttons
+  * RSS feed preview and live bookmarks are available only via add-ons
+  * TLS certificates issued by Symantec are no longer trusted by Firefox.
+    Website operators are strongly encouraged to replace any remaining
+    Symantec TLS certificates as soon as possible
+  MFSA 2018-29 (bsc#1119105)
+  * CVE-2018-12407 bmo#1505973
+    Buffer overflow with ANGLE library when using VertexBuffer11 module
+  * CVE-2018-17466 bmo#1488295
+    Buffer overflow and out-of-bounds read in ANGLE library with
+    TextureStorage11
+  * CVE-2018-18492 bmo#1499861
+    Use-after-free with select element
+  * CVE-2018-18493 bmo#1504452
+    Buffer overflow in accelerated 2D canvas with Skia
+  * CVE-2018-18494 bmo#1487964
+    Same-origin policy violation using location attribute and
+    performance.getEntries to steal cross-origin URLs
+  * CVE-2018-18495 bmo#1427585
+    WebExtension content scripts can be loaded in about: pages
+  * CVE-2018-18496 bmo#1422231 (Windows only)
+    Embedded feed preview page can be abused for clickjacking
+  * CVE-2018-18497 bmo#1488180
+    WebExtensions can load arbitrary URLs through pipe separators
+  * CVE-2018-18498 bmo#1500011
+    Integer overflow when calculating buffer sizes for images
+  * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886
+    bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490
+    bmo#1481745 bmo#1458129
+    Memory safety bugs fixed in Firefox 64
+  * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
+    bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
+    Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
+- requires
+  * rust/cargo >= 1.29
+  * mozilla-nss >= 3.40.1
+  * rust-cbindgen >= 0.6.4
+- rebased patches
+- removed obsolete patch
+  * mozilla-bmo1491289.patch
+- now uses clang primarily for compilation
+
+-------------------------------------------------------------------
 Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 
 - Remove --disable-elf-hack when not available: on aarch64 and ppc64*
mozilla