--- a/MozillaFirefox/MozillaFirefox.changes Sun Oct 20 14:25:55 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Fri Oct 25 11:19:31 2019 +0200
@@ -1,4 +1,50 @@
-------------------------------------------------------------------
+Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 70.0
+ * more privacy protections from Enhanced Tracking Protection
+ * Firefox Lockwise passwordmanager
+ * Improvements to core engine components, for better browsing on more sites
+ * Improved privacy and security indicators
+ MFSA 2019-34
+ * CVE-2018-6156 (bmo#1480088)
+ Heap buffer overflow in FEC processing in WebRTC
+ * CVE-2019-15903 (bmo#1584907)
+ Heap overflow in expat library in XML_GetCurrentLineNumber
+ * CVE-2019-11757 (bmo#1577107)
+ Use-after-free when creating index updates in IndexedDB
+ * CVE-2019-11759 (bmo#1577953)
+ Stack buffer overflow in HKDF output
+ * CVE-2019-11760 (bmo#1577719)
+ Stack buffer overflow in WebRTC networking
+ * CVE-2019-11761 (bmo#1561502)
+ Unintended access to a privileged JSONView object
+ * CVE-2019-11762 (bmo#1582857)
+ document.domain-based origin isolation has same-origin-property violation
+ * CVE-2019-11763 (bmo#1584216)
+ Incorrect HTML parsing results in XSS bypass technique
+ * CVE-2019-11765 (bmo#1562582)
+ Incorrect permissions could be granted to a website
+ * CVE-2019-17000 (bmo#1441468)
+ CSP bypass using object tag with data: URI
+ * CVE-2019-17001 (bmo#1587976)
+ CSP bypass using object tag when script-src 'none' is specified
+ * CVE-2019-17002 (bmo#1561056)
+ upgrade-insecure-requests was not being honored for links dragged and dropped
+ * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
+ bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
+ bmo#1583463, bmo#1586599)
+ Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
+- requires
+ rust/cargo >= 1.36
+ NSPR >= 4.22
+ NSS >= 3.46.1
+ rust-cbindgen >= 0.9.1
+- removed obsolete patches
+ mozilla-bmo1573381.patch
+ mozilla-nestegg-big-endian.patch
+
+-------------------------------------------------------------------
Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 69.0.3