Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox70
changeset 1112 8a4f5aea2475
parent 1111 97a6da6d7e29
child 1114 572ec48f3fe8 
--- a/MozillaFirefox/MozillaFirefox.changes	Sun Oct 20 14:25:55 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Fri Oct 25 11:19:31 2019 +0200
@@ -1,4 +1,50 @@
 -------------------------------------------------------------------
+Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 70.0
+  * more privacy protections from Enhanced Tracking Protection
+  * Firefox Lockwise passwordmanager
+  * Improvements to core engine components, for better browsing on more sites
+  * Improved privacy and security indicators
+  MFSA 2019-34
+  * CVE-2018-6156 (bmo#1480088)
+    Heap buffer overflow in FEC processing in WebRTC
+  * CVE-2019-15903 (bmo#1584907)
+    Heap overflow in expat library in XML_GetCurrentLineNumber
+  * CVE-2019-11757 (bmo#1577107)
+    Use-after-free when creating index updates in IndexedDB
+  * CVE-2019-11759 (bmo#1577953)
+    Stack buffer overflow in HKDF output
+  * CVE-2019-11760 (bmo#1577719)
+    Stack buffer overflow in WebRTC networking
+  * CVE-2019-11761 (bmo#1561502)
+    Unintended access to a privileged JSONView object
+  * CVE-2019-11762 (bmo#1582857)
+    document.domain-based origin isolation has same-origin-property violation
+  * CVE-2019-11763 (bmo#1584216)
+    Incorrect HTML parsing results in XSS bypass technique
+  * CVE-2019-11765 (bmo#1562582)
+    Incorrect permissions could be granted to a website
+  * CVE-2019-17000 (bmo#1441468)
+    CSP bypass using object tag with data: URI
+  * CVE-2019-17001 (bmo#1587976)
+    CSP bypass using object tag when script-src 'none' is specified
+  * CVE-2019-17002 (bmo#1561056)
+    upgrade-insecure-requests was not being honored for links dragged and dropped
+  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
+    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
+    bmo#1583463, bmo#1586599)
+    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
+- requires
+    rust/cargo >= 1.36
+    NSPR >= 4.22
+    NSS >= 3.46.1
+    rust-cbindgen >= 0.9.1
+- removed obsolete patches
+    mozilla-bmo1573381.patch
+    mozilla-nestegg-big-endian.patch
+
+-------------------------------------------------------------------
 Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 69.0.3
mozilla