--- a/MozillaFirefox/MozillaFirefox.changes Tue Jun 26 07:37:04 2018 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Mon Dec 10 22:33:01 2018 +0100
@@ -1,7 +1,124 @@
-------------------------------------------------------------------
+Mon Dec 10 21:25:38 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 60.4.0esr:
+ MFSA 2018-29
+- requires NSS >= 3.36.6
+
+-------------------------------------------------------------------
+Tue Oct 23 20:35:31 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 60.3.0esr:
+ * Various stability and regression fixes
+ MFSA 2018-27 bsc#1112852
+ * CVE-2018-12392 bmo#1492823
+ Crash with nested event loops
+ * CVE-2018-12393 bmo#1495011
+ Integer overflow during Unicode conversion while loading
+ JavaScript
+ * CVE-2018-12395 bmo#1467523
+ WebExtension bypass of domain restrictions through header
+ rewriting
+ * CVE-2018-12396 bmo#1483602
+ WebExtension content scripts can execute in disallowed
+ contexts
+ * CVE-2018-12397 bmo#1487478
+ WebExtension local file access vulnerability
+ * CVE-2018-12389 bmo#1498460, bmo#1499198
+ Memory safety bugs fixed in Firefox ESR 60.3
+ * CVE-2018-12390 bmo#1487098 bmo#1487660 bmo#1490234 bmo#1496159
+ bmo#1443748 bmo#1496340 bmo#1483905 bmo#1493347 bmo#1488803
+ bmo#1498701 bmo#1498482 bmo#1442010 bmo#1495245 bmo#1483699
+ bmo#1469486 bmo#1484905 bmo#1490561 bmo#1492524 bmo#1481844
+ Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
+
+-------------------------------------------------------------------
+Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 60.2.2esr:
+ MFSA 2018-24
+ * CVE-2018-12386 (bsc#1110506, bmo#1493900)
+ Type confusion in JavaScript allowed remote code execution
+ * CVE-2018-12387 (bsc#1110507, bmo#1493903)
+ Array.prototype.push stack pointer vulnerability may enable
+ exploits in the sandboxed content process
+
+-------------------------------------------------------------------
+Thu Sep 27 10:51:37 UTC 2018 - olaf@aepfle.de
+
+- Avoid undefined behavior in IPC fd-passing code with
+ mozilla-bmo1436242.patch (boo#1094767, bmo#1436242)
+
+-------------------------------------------------------------------
+Fri Sep 21 22:46:56 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 60.2.1esr:
+ MFSA 2018-23
+ * CVE-2018-12385 (boo#1109363, bmo#1490585)
+ Crash in TransportSecurityInfo due to cached data
+ * CVE-2018-12383 (boo#1107343, bmo#1475775)
+ Setting a master password did not delete unencrypted
+ previously stored passwords
+ * Fixed a startup crash affecting users migrating from older ESR
+ releases
+ * Clean up old NSS DB files after upgrading
+
+-------------------------------------------------------------------
+Wed Sep 5 19:39:44 UTC 2018 - security@suse.com
+
+- Mozilla Firefox 60.2.0esr:
+ MFSA 2018-21 (bsc#1107343)
+ * CVE-2018-12377 (bmo#1470260)
+ Use-after-free in refresh driver timers
+ * CVE-2018-12378 (bmo#1459383)
+ Use-after-free in IndexedDB
+ * CVE-2017-16541 (bsc#1066489, bmo#1412081)
+ Proxy bypass using automount and autofs
+ * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
+ bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
+ bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
+ bmo#80521)
+ Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
+- unfuzz mozilla-kde.patch
+
+-------------------------------------------------------------------
Sat Jun 23 13:10:32 UTC 2018 - wr@rosenauer.org
- update to Firefox 60.1.0esr
+ MFSA 2018-16 (bsc#1098998)
+ * CVE-2018-12359 (bmo#1459162)
+ Buffer overflow using computed size of canvas element
+ * CVE-2018-12360 (bmo#1459693)
+ Use-after-free when using focus()
+ * CVE-2018-12361 (bmo#1463244)
+ Integer overflow in SwizzleData
+ * CVE-2018-12362 (bmo#1452375)
+ Integer overflow in SSSE3 scaler
+ * CVE-2018-5156 (bmo#1453127)
+ Media recorder segmentation fault when track type is changed during capture
+ * CVE-2018-12363 (bmo#1464784)
+ Use-after-free when appending DOM nodes
+ * CVE-2018-12364 (bmo#1436241)
+ CSRF attacks through 307 redirects and NPAPI plugins
+ * CVE-2018-12365 (bmo#1459206)
+ Compromised IPC child process can list local filenames
+ * CVE-2018-12371 (bmo#1465686)
+ Integer overflow in Skia library during edge builder allocation
+ * CVE-2018-12366 (bmo#1464039)
+ Invalid data handling during QCMS transformations
+ * CVE-2018-12367 (bmo#1462891)
+ Timing attack mitigation of PerformanceNavigationTiming
+ * CVE-2018-12369 (bmo#1454909)
+ WebExtension security permission checks bypassed by embedded experiments
+ * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
+ bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
+ bmo#1463884)
+ Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
+ bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
+ bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
+ bmo#1464079,bmo#1463494,bmo#1458048)
+ Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- remove obsolete patches
mozilla-enable-csd.patch
mozilla-fix-skia-aarch64.patch