--- a/MozillaFirefox/MozillaFirefox.changes Mon Apr 17 15:11:09 2017 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Sun Apr 23 14:52:15 2017 +0200
@@ -15,6 +15,86 @@
* Media playback on new tabs is blocked until the tab is visible
* Permission notifications have a cleaner design and cannot be
easily missed
+ MFSA 2017-10
+ * CVE-2017-5456 (bmo#1344415)
+ Sandbox escape allowing local file system access
+ * CVE-2017-5442 (bmo#1347979)
+ Use-after-free during style changes
+ * CVE-2017-5443 (bmo#1342661)
+ Out-of-bounds write during BinHex decoding
+ * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+ bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+ Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+ Firefox ESR 52.1
+ * CVE-2017-5464 (bmo#1347075)
+ Memory corruption with accessibility and DOM manipulation
+ * CVE-2017-5465 (bmo#1347617)
+ Out-of-bounds read in ConvolvePixel
+ * CVE-2017-5466 (bmo#1353975)
+ Origin confusion when reloading isolated data:text/html URL
+ * CVE-2017-5467 (bmo#1347262)
+ Memory corruption when drawing Skia content
+ * CVE-2017-5460 (bmo#1343642)
+ Use-after-free in frame selection
+ * CVE-2017-5461 (bmo#1344380)
+ Out-of-bounds write in Base64 encoding in NSS
+ * CVE-2017-5448 (bmo#1346648)
+ Out-of-bounds write in ClearKeyDecryptor
+ * CVE-2017-5449 (bmo#1340127)
+ Crash during bidirectional unicode manipulation with animation
+ * CVE-2017-5446 (bmo#1343505)
+ Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+ * CVE-2017-5447 (bmo#1343552)
+ Out-of-bounds read during glyph processing
+ * CVE-2017-5444 (bmo#1344461)
+ Buffer overflow while parsing application/http-index-format content
+ * CVE-2017-5445 (bmo#1344467)
+ Uninitialized values used while parsing application/http-index-format
+ content
+ * CVE-2017-5468 (bmo#1329521)
+ Incorrect ownership model for Private Browsing information
+ * CVE-2017-5469 (bmo#1292534)
+ Potential Buffer overflow in flex-generated code
+ * CVE-2017-5440 (bmo#1336832)
+ Use-after-free in txExecutionState destructor during XSLT processing
+ * CVE-2017-5441 (bmo#1343795)
+ Use-after-free with selection during scroll events
+ * CVE-2017-5439 (bmo#1336830)
+ Use-after-free in nsTArray Length() during XSLT processing
+ * CVE-2017-5438 (bmo#1336828)
+ Use-after-free in nsAutoPtr during XSLT processing
+ * CVE-2017-5437 (bmo#1343453)
+ Vulnerabilities in Libevent library
+ * CVE-2017-5436 (bmo#1345461)
+ Out-of-bounds write with malicious font in Graphite 2
+ * CVE-2017-5435 (bmo#1350683)
+ Use-after-free during transaction processing in the editor
+ * CVE-2017-5434 (bmo#1349946)
+ Use-after-free during focus handling
+ * CVE-2017-5433 (bmo#1347168)
+ Use-after-free in SMIL animation functions
+ * CVE-2017-5432 (bmo#1346654)
+ Use-after-free in text input selection
+ * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+ bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
+ bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
+ bmo#1349719, bmo#1353476)
+ Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+ * CVE-2017-5459 (bmo#1333858)
+ Buffer overflow in WebGL
+ * CVE-2017-5458 (bmo#1229426)
+ Drag and drop of javascript: URLs can allow for self-XSS
+ * CVE-2017-5455 (bmo#1341191)
+ Sandbox escape through internal feed reader APIs
+ * CVE-2017-5454 (bmo#1349276)
+ Sandbox escape allowing file system read access through file picker
+ * CVE-2017-5451 (bmo#1273537)
+ Addressbar spoofing with onblur event
+ * CVE-2017-5453 (bmo#1321247)
+ HTML injection into RSS Reader feed preview page through
+ TITLE element
+ * CVE-2017-5462 (bmo#1345089)
+ DRBG flaw in NSS
- removed browser(npapi) provides as these plugins are deprecated
- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
Leap 42