Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox67
changeset 1094 a25638dad81d
parent 1093 3942c205588b
child 1096 4c248180e576 
--- a/MozillaFirefox/MozillaFirefox.changes	Wed May 15 19:43:42 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Thu May 23 09:16:13 2019 +0200
@@ -1,5 +1,5 @@
 -------------------------------------------------------------------
-Tue May 14 10:34:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 67.0
   * Firefox 67 will be able to run different Firefox installs side by side
@@ -19,6 +19,56 @@
     own avatar
   * Enable FIDO U2F API, and permit registrations for Google Accounts
   * Enabled AV1 support on Linux
+  MFSA 2019-13
+  * CVE-2019-9815 (bmo#1546544)
+    Disable hyperthreading on content JavaScript threads on macOS
+  * CVE-2019-9816 (bmo#1536768)
+    Type confusion with object groups and UnboxedObjects
+  * CVE-2019-9817 (bmo#1540221)
+    Stealing of cross-domain images using canvas
+  * CVE-2019-9818 (bmo#1542581) (Windows only)
+    Use-after-free in crash generation server
+  * CVE-2019-9819 (bmo#1532553)
+    Compartment mismatch with fetch API
+  * CVE-2019-9820 (bmo#1536405)
+    Use-after-free of ChromeEventHandler by DocShell
+  * CVE-2019-9821 (bmo#1539125)
+    Use-after-free in AssertWorkerThread
+  * CVE-2019-11691 (bmo#1542465)
+    Use-after-free in XMLHttpRequest
+  * CVE-2019-11692 (bmo#1544670)
+    Use-after-free removing listeners in the event listener manager
+  * CVE-2019-11693 (bmo#1532525)
+    Buffer overflow in WebGL bufferdata on Linux
+  * CVE-2019-7317 (bmo#1542829)
+    Use-after-free in png_image_free of libpng library
+  * CVE-2019-11694 (bmo#1534196) (Windows only)
+    Uninitialized memory memory leakage in Windows sandbox
+  * CVE-2019-11695 (bmo#1445844)
+    Custom cursor can render over user interface outside of web content
+  * CVE-2019-11696 (bmo#1392955)
+    Java web start .JNLP files are not recognized as executable files
+    for download prompts
+  * CVE-2019-11697 (bmo#1440079)
+    Pressing key combinations can bypass installation prompt delays and
+    install extensions
+  * CVE-2019-11698 (bmo#1543191)
+    Theft of user history data through drag and drop of hyperlinks
+    to and from bookmarks
+  * CVE-2019-11700 (bmo#1549833) (Windows only)
+    res: protocol can be used to open known local files
+  * CVE-2019-11699 (bmo#1528939)
+    Incorrect domain name highlighting during page navigation
+  * CVE-2019-11701 (bmo#1518627)
+    webcal: protocol default handler loads vulnerable web page
+  * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
+    bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
+    Memory safety bugs fixed in Firefox 67
+  * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
+    bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
+    bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
+    bmo#1532465, bmo#1533554, bmo#1541580)
+    Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
 - requires
   * rust/cargo >= 1.32
   * mozilla-nspr >= 4.21
@@ -28,6 +78,12 @@
 - KDE integration for default browser detection is broken in this revision
 
 -------------------------------------------------------------------
+Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix armv7 build with:
+  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+
+-------------------------------------------------------------------
 Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
 
 - Mozilla Firefox 66.0.5
mozilla