diff -r 108497b98e44 -r 963c89cda54b MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 22:04:56 2018 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue Jan 23 22:05:20 2018 +0100 @@ -1,10 +1,79 @@ ------------------------------------------------------------------- -Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org - -- update to Firefox 58.0b15 +Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org + +- update to Firefox 58.0 (bsc#1077291) * Added Nepali (ne-NP) locale * Added support for form autofill for credit card * Optimize page load by caching JavaScript internal representation + MFSA 2018-02 + * CVE-2018-5091 (bmo#1423086) + Use-after-free with DTMF timers + * CVE-2018-5092 (bmo#1418074) + Use-after-free in Web Workers + * CVE-2018-5093 (bmo#1415291) + Buffer overflow in WebAssembly during Memory/Table resizing + * CVE-2018-5094 (bmo#1415883) + Buffer overflow in WebAssembly with garbage collection on + uninitialized memory + * CVE-2018-5095 (bmo#1418447) + Integer overflow in Skia library during edge builder allocation + * CVE-2018-5097 (bmo#1387427) + Use-after-free when source document is manipulated during XSLT + * CVE-2018-5098 (bmo#1399400) + Use-after-free while manipulating form input elements + * CVE-2018-5099 (bmo#1416878) + Use-after-free with widget listener + * CVE-2018-5100 (bmo#1417405) + Use-after-free when IsPotentiallyScrollable arguments are freed + from memory + * CVE-2018-5101 (bmo#1417661) + Use-after-free with floating first-letter style elements + * CVE-2018-5102 (bmo#1419363) + Use-after-free in HTML media elements + * CVE-2018-5103 (bmo#1423159) + Use-after-free during mouse event handling + * CVE-2018-5104 (bmo#1425000) + Use-after-free during font face manipulation + * CVE-2018-5105 (bmo#1390882) + WebExtensions can save and execute files on local file system + without user prompts + * CVE-2018-5106 (bmo#1408708) + Developer Tools can expose style editor information cross-origin + through service worker + * CVE-2018-5107 (bmo#1379276) + Printing process will follow symlinks for local file access + * CVE-2018-5108 (bmo#1421099) + Manually entered blob URL can be accessed by subsequent private browsing tabs + * CVE-2018-5109 (bmo#1405599) + Audio capture prompts and starts with incorrect origin attribution + * CVE-2018-5110 (bmo#1423275) (affects only OS X) + Cursor can be made invisible on OS X + * CVE-2018-5111 (bmo#1321619) + URL spoofing in addressbar through drag and drop + * CVE-2018-5112 (bmo#1425224) + Extension development tools panel can open a non-relative URL in the panel + * CVE-2018-5113 (bmo#1425267) + WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow + * CVE-2018-5114 (bmo#1421324) + The old value of a cookie changed to HttpOnly remains accessible to scripts + * CVE-2018-5115 (bmo#1409449) + Background network requests can open HTTP authentication in unrelated foreground tabs + * CVE-2018-5116 (bmo#1396399) + WebExtension ActiveTab permission allows cross-origin frame content access + * CVE-2018-5117 (bmo#1395508) + URL spoofing with right-to-left text aligned left-to-right + * CVE-2018-5118 (bmo#1420049) + Activity Stream images can attempt to load local content through file: + * CVE-2018-5119 (bmo#1420507) + Reader view will load cross-origin content in violation of CORS headers + * CVE-2018-5121 (bmo#1402368) (affects only OS X) + OS X Tibetan characters render incompletely in the addressbar + * CVE-2018-5122 (bmo#1413841) + Potential integer overflow in DoCrypt + * CVE-2018-5090 + Memory safety bugs fixed in Firefox 58 + * CVE-2018-5089 + Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - requires NSS 3.34.1 - requires rust 1.21 - removed obsolete patches: