Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox68
changeset 1097 840132a4a9b3
parent 1096 4c248180e576
child 1098 538cbf0bbdca 
--- a/MozillaFirefox/MozillaFirefox.changes	Mon Jul 08 12:56:52 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Jul 10 08:14:34 2019 +0200
@@ -1,4 +1,79 @@
 -------------------------------------------------------------------
+Mon Jul  8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.0
+  * Dark mode in reader view
+  * Improved extension security and discovery
+  * Cryptomining and fingerprinting protections are added to strict
+    content blocking settings in Privacy & Security preferences
+  * Camera and microphone access now require an HTTPS connection
+  MFSA 2019-21 (bsc#1140868)
+  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
+    Sandbox escape via installation of malicious languagepack
+  * CVE-2019-11711 (bmo#1552541)
+    Script injection within domain through inner window reuse
+  * CVE-2019-11712 (bmo#1543804)
+    Cross-origin POST requests can be made with NPAPI plugins by
+    following 308 redirects
+  * CVE-2019-11713 (bmo#1528481)
+    Use-after-free with HTTP/2 cached stream
+  * CVE-2019-11714 (bmo#1542593)
+    NeckoChild can trigger crash when accessed off of main thread
+  * CVE-2019-11729 (bmo#1515342)
+    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+  * CVE-2019-11715 (bmo#1555523)
+    HTML parsing error can contribute to content XSS
+  * CVE-2019-11716 (bmo#1552632)
+    globalThis not enumerable until accessed
+  * CVE-2019-11717 (bmo#1548306)
+    Caret character improperly escaped in origins
+  * CVE-2019-11718 (bmo#1408349)
+    Activity Stream writes unsanitized content to innerHTML
+  * CVE-2019-11719 (bmo#1540541)
+    Out-of-bounds read when importing curve25519 private key
+  * CVE-2019-11720 (bmo#1556230)
+    Character encoding XSS vulnerability
+  * CVE-2019-11721 (bmo#1256009)
+    Domain spoofing through unicode latin 'kra' character
+  * CVE-2019-11730 (bmo#1558299)
+    Same-origin policy treats all files in a directory as having the
+    same-origin
+  * CVE-2019-11723 (bmo#1528335)
+    Cookie leakage during add-on fetching across private browsing boundaries
+  * CVE-2019-11724 (bmo#1512511)
+    Retired site input.mozilla.org has remote troubleshooting permissions
+  * CVE-2019-11725 (bmo#1483510)
+    Websocket resources bypass safebrowsing protections
+  * CVE-2019-11727 (bmo#1552208)
+    PKCS#1 v1.5 signatures can be used for TLS 1.3
+  * CVE-2019-11728 (bmo#1552993)
+    Port scanning through Alt-Svc header
+  * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
+    bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
+    bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
+    Memory safety bugs fixed in Firefox 68
+  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
+    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
+    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
+- requires
+  * NSS 3.44.1
+  * rust/cargo 1.34
+  * rust-cbindgen 0.8.7
+- rebased patches
+  * mozilla-aarch64-startup-crash.patch
+  * mozilla-kde.patch
+  * mozilla-nongnome-proxies.patch
+  * firefox-kde.patch
+- use new create-tar.sh and add tar_stamps for package definitions
+- added patches imported from SLE flavour
+  * mozilla-gcc-internal-compiler-error.patch
+  * mozilla-bmo1005535.patch
+  * mozilla-ppc-altivec_static_inline.patch
+  * mozilla-reduce-rust-debuginfo.patch
+  * mozilla-s390-bigendian.patch
+  * mozilla-s390-context.patch
+
+-------------------------------------------------------------------
 Mon Jul  2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
 
 - Enable PGO for x86_64.
mozilla