diff -r 4c248180e576 -r 840132a4a9b3 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Jul 08 12:56:52 2019 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Jul 10 08:14:34 2019 +0200 @@ -1,4 +1,79 @@ ------------------------------------------------------------------- +Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Firefox 68.0 + * Dark mode in reader view + * Improved extension security and discovery + * Cryptomining and fingerprinting protections are added to strict + content blocking settings in Privacy & Security preferences + * Camera and microphone access now require an HTTPS connection + MFSA 2019-21 (bsc#1140868) + * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) + Sandbox escape via installation of malicious languagepack + * CVE-2019-11711 (bmo#1552541) + Script injection within domain through inner window reuse + * CVE-2019-11712 (bmo#1543804) + Cross-origin POST requests can be made with NPAPI plugins by + following 308 redirects + * CVE-2019-11713 (bmo#1528481) + Use-after-free with HTTP/2 cached stream + * CVE-2019-11714 (bmo#1542593) + NeckoChild can trigger crash when accessed off of main thread + * CVE-2019-11729 (bmo#1515342) + Empty or malformed p256-ECDH public keys may trigger a segmentation fault + * CVE-2019-11715 (bmo#1555523) + HTML parsing error can contribute to content XSS + * CVE-2019-11716 (bmo#1552632) + globalThis not enumerable until accessed + * CVE-2019-11717 (bmo#1548306) + Caret character improperly escaped in origins + * CVE-2019-11718 (bmo#1408349) + Activity Stream writes unsanitized content to innerHTML + * CVE-2019-11719 (bmo#1540541) + Out-of-bounds read when importing curve25519 private key + * CVE-2019-11720 (bmo#1556230) + Character encoding XSS vulnerability + * CVE-2019-11721 (bmo#1256009) + Domain spoofing through unicode latin 'kra' character + * CVE-2019-11730 (bmo#1558299) + Same-origin policy treats all files in a directory as having the + same-origin + * CVE-2019-11723 (bmo#1528335) + Cookie leakage during add-on fetching across private browsing boundaries + * CVE-2019-11724 (bmo#1512511) + Retired site input.mozilla.org has remote troubleshooting permissions + * CVE-2019-11725 (bmo#1483510) + Websocket resources bypass safebrowsing protections + * CVE-2019-11727 (bmo#1552208) + PKCS#1 v1.5 signatures can be used for TLS 1.3 + * CVE-2019-11728 (bmo#1552993) + Port scanning through Alt-Svc header + * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692, + bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848, + bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180) + Memory safety bugs fixed in Firefox 68 + * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 + bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) + Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 +- requires + * NSS 3.44.1 + * rust/cargo 1.34 + * rust-cbindgen 0.8.7 +- rebased patches + * mozilla-aarch64-startup-crash.patch + * mozilla-kde.patch + * mozilla-nongnome-proxies.patch + * firefox-kde.patch +- use new create-tar.sh and add tar_stamps for package definitions +- added patches imported from SLE flavour + * mozilla-gcc-internal-compiler-error.patch + * mozilla-bmo1005535.patch + * mozilla-ppc-altivec_static_inline.patch + * mozilla-reduce-rust-debuginfo.patch + * mozilla-s390-bigendian.patch + * mozilla-s390-context.patch + +------------------------------------------------------------------- Mon Jul 2 14:15:17 UTC 2019 - Martin Liška - Enable PGO for x86_64.