diff -r 390088186660 -r 3af93b7e5e3d MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Fri Jun 19 08:18:57 2015 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Jul 18 14:48:41 2015 +0200 @@ -1,11 +1,56 @@ ------------------------------------------------------------------- -Wed Jun 19 10:48:49 UTC 2015 - wr@rosenauer.org - -- update to Firefox 39.0b6 +Sat Jul 18 12:47:47 UTC 2015 - wr@rosenauer.org + +- update to Firefox 40.0b5 + +------------------------------------------------------------------- +Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org + +- update to Firefox 39.0 (bnc#935979) + * Share Hello URLs with social networks + * Support for 'switch' role in ARIA 1.1 (web accessibility) + * SafeBrowsing malware detection lookups enabled for downloads + (Mac OS X and Linux) + * Support for new Unicode 8.0 skin tone emoji + * Removed support for insecure SSLv3 for network communications + * Disable use of RC4 except for temporarily whitelisted hosts + * NPAPI Plug-in performance improved via asynchronous initialization + security fixes: + * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 + Miscellaneous memory safety hazards + * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) + Local files or privileged URLs in pages can be opened into new tabs + * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) + Type confusion in Indexed Database Manager + * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) + Out-of-bound read while computing an oscillator rendering range in Web Audio + * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) + Use-after-free in Content Policy due to microtask execution error + * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) + ECDSA signature validation fails to handle some signatures correctly + (this fix is shipped by NSS 3.19.1 externally) + * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) + Use-after-free in workers while using XMLHttpRequest + * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 + CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 + Vulnerabilities found through code inspection + * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) + Key pinning is ignored when overridable errors are encountered + * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) + OS X crash reports may contain entered key press information + (not relevant under Linux) + * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) + Privilege escalation in PDF.js + * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) + NSS accepts export-length DHE keys with regular DHE cipher suites + (this fix is shipped by NSS 3.19.1 externally) + * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) + NSS incorrectly permits skipping of ServerKeyExchange + (this fix is shipped by NSS 3.19.1 externally) - dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further - rebased patches -- require NSS 3.19.1 +- require NSS 3.19.2 ------------------------------------------------------------------- Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de