diff -r 012a5adf5c74 -r 427ae22e730e MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 16 18:25:23 2014 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Mar 18 22:50:41 2014 +0100 @@ -1,9 +1,38 @@ ------------------------------------------------------------------- Sun Mar 16 13:39:15 UTC 2014 - wr@rosenauer.org -- update to Firefox 28.0 (bnc#) +- update to Firefox 28.0 (bnc#868603) + * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 + Miscellaneous memory safety hazards + * MFSA 2014-17/CVE-2014-1497 (bmo#966311) + Out of bounds read during WAV file decoding + * MFSA 2014-18/CVE-2014-1498 (bmo#935618) + crypto.generateCRMFRequest does not validate type of key + * MFSA 2014-19/CVE-2014-1499 (bmo#961512) + Spoofing attack on WebRTC permission prompt + * MFSA 2014-20/CVE-2014-1500 (bmo#956524) + onbeforeunload and Javascript navigation DOS + * MFSA 2014-22/CVE-2014-1502 (bmo#972622) + WebGL content injection from one domain to rendering in another + * MFSA 2014-23/CVE-2014-1504 (bmo#911547) + Content Security Policy for data: documents not preserved by + session restore + * MFSA 2014-26/CVE-2014-1508 (bmo#963198) + Information disclosure through polygon rendering in MathML + * MFSA 2014-27/CVE-2014-1509 (bmo#966021) + Memory corruption in Cairo during PDF font rendering + * MFSA 2014-28/CVE-2014-1505 (bmo#941887) + SVG filters information disclosure through feDisplacementMap + * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) + Privilege escalation using WebIDL-implemented APIs + * MFSA 2014-30/CVE-2014-1512 (bmo#982957) + Use-after-free in TypeObject + * MFSA 2014-31/CVE-2014-1513 (bmo#982974) + Out-of-bounds read/write through neutering ArrayBuffer objects + * MFSA 2014-32/CVE-2014-1514 (bmo#983344) + Out-of-bounds write through TypedArrayObject after neutering - requires NSPR 4.10.3 and NSS 3.15.5 -- new build dependency: +- new build dependency (and recommends): * libpulse - update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com) - rebased patches