diff -r 54482415d6bd -r 15a995ab86c6 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Thu Sep 05 08:04:53 2019 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Sep 05 08:05:37 2019 +0200 @@ -1,7 +1,56 @@ ------------------------------------------------------------------- +Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer + +- added a bunch of patches mainly for big endian platforms + * mozilla-bmo1504834-part1.patch + * mozilla-bmo1504834-part2.patch + * mozilla-bmo1504834-part3.patch + * mozilla-bmo1511604.patch + * mozilla-bmo1554971.patch + * mozilla-bmo1573381.patch + * mozilla-nestegg-big-endian.patch + +------------------------------------------------------------------- Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer - Mozilla Firefox 68.1.0 + MFSA 2019-26 + * CVE-2019-11751 (bmo#1572838; Windows only) + Malicious code execution through command line parameters + * CVE-2019-11746 (bmo#1564449) + Use-after-free while manipulating video + * CVE-2019-11744 (bmo#1562033) + XSS by breaking out of title and textarea elements using innerHTML + * CVE-2019-11742 (bmo#1559715) + Same-origin policy violation with SVG filters and canvas to steal + cross-origin images + * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only)) + File manipulation and privilege escalation in Mozilla Maintenance Service + * CVE-2019-11753 (bmo#1574980; Windows only) + Privilege escalation with Mozilla Maintenance Service in custom + Firefox installation location + * CVE-2019-11752 (bmo#1501152) + Use-after-free while extracting a key value in IndexedDB + * CVE-2019-9812 (bmo#1538008, bmo#1538015) + Sandbox escape through Firefox Sync + * CVE-2019-11743 (bmo#1560495) + Cross-origin access to unload event attributes + * CVE-2019-11748 (bmo#1564588) + Persistence of WebRTC permissions in a third party context + * CVE-2019-11749 (bmo#1565374) + Camera information available without prompting using getUserMedia + * CVE-2019-11750 (bmo#1568397) + Type confusion in Spidermonkey + * CVE-2019-11738 (bmo#1452037) + Content security policy bypass through hash-based sources in directives + * CVE-2019-11747 (bmo#1564481) + 'Forget about this site' removes sites from pre-loaded HSTS list + * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, + bmo#1565744,bmo#1568858,bmo#1570358) + Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 + * CVE-2019-11740 (bmo#1563133,bmo#1573160) + Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 +- switched package to ESR branch - added mozilla-bmo1568145.patch to make builds reproducible - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch