diff -r ce8a98f8d8d7 -r 7b1e775ff77a MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 05 20:50:55 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Mar 11 16:31:55 2017 +0100 @@ -1,16 +1,66 @@ ------------------------------------------------------------------- +Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org + +- reenable ALSA support which was removed by default upstream + +------------------------------------------------------------------- Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org -- update to Firefox 52.0 +- update to Firefox 52.0 (boo#1028391) * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. - * Windows 8 touch screen support for multiprocess Firefox * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers + * MFSA 2017-05 + CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP + (bmo#1334933) + CVE-2017-5401: Memory Corruption when handling ErrorResult + (bmo#1328861) + CVE-2017-5402: Use-after-free working with events in FontFace + objects (bmo#1334876) + CVE-2017-5403: Use-after-free using addRange to add range to an + incorrect root object (bmo#1340186) + CVE-2017-5404: Use-after-free working with ranges in selections + (bmo#1340138) + CVE-2017-5406: Segmentation fault in Skia with canvas operations + (bmo#1306890) + CVE-2017-5407: Pixel and history stealing via floating-point + timing side channel with SVG filters (bmo#1336622) + CVE-2017-5410: Memory corruption during JavaScript garbage + collection incremental sweeping (bmo#1330687) + CVE-2017-5408: Cross-origin reading of video captions in violation + of CORS (bmo#1313711) + CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) + CVE-2017-5413: Segmentation fault during bidirectional operations + (bmo#1337504) + CVE-2017-5414: File picker can choose incorrect default directory + (bmo#1319370) + CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) + CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) + CVE-2017-5417: Addressbar spoofing by draging and dropping URLs + (bmo#791597) + CVE-2017-5426: Gecko Media Plugin sandbox is not started if + seccomp-bpf filter is running (bmo#1257361) + CVE-2017-5427: Non-existent chrome.manifest file loaded during + startup (bmo#1295542) + CVE-2017-5418: Out of bounds read when parsing HTTP digest + authorization responses (bmo#1338876) + CVE-2017-5419: Repeated authentication prompts lead to DOS + attack (bmo#1312243) + CVE-2017-5420: Javascript: URLs can obfuscate addressbar + location (bmo#1284395) + CVE-2017-5405: FTP response codes can cause use of + uninitialized values for ports (bmo#1336699) + CVE-2017-5421: Print preview spoofing (bmo#1301876) + CVE-2017-5422: DOS attack by using view-source: protocol + repeatedly in one hyperlink (bmo#1295002) + CVE-2017-5399: Memory safety bugs fixed in Firefox 52 + CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and + Firefox ESR 45.8 - removed obsolete patches * mozilla-binutils-visibility.patch * mozilla-check_return.patch