diff -r ace605efe50f -r f7a8fa97a57e MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Mar 04 17:54:44 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Mar 18 11:18:01 2017 +0100 @@ -1,16 +1,92 @@ ------------------------------------------------------------------- -Sat Feb 25 15:19:15 UTC 2017 - wr@rosenauer.org - -- update to Firefox 52.0b9 - * requires NSS >= 3.28.2 +Sat Mar 18 10:12:59 UTC 2017 - wr@rosenauer.org + +- update to Firefox 53.0b4 + * requires NSS 3.29.3 + * Lightweight themes are now applied in private browsing windows + * Reader Mode now displays estimated reading time for the page + * Two new 'compact' themes available in Firefox, dark and light, + based on the Firefox Developer Edition theme + * Ended Firefox Linux support for processors older than Pentium 4 + and AMD Opteron + * Refresh of the media controls user interface + * Shortened titles on tabs are faded out instead of using ellipsis + for improved readability + * Media playback on new tabs is blocked until the tab is visible + * Permission notifications have a cleaner design and cannot be + easily missed +- removed browser(npapi) provides as these plugins are deprecated + +------------------------------------------------------------------- +Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.0.1 (boo#1029822) + MFSA 2017-08 + CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) + +------------------------------------------------------------------- +Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org + +- reenable ALSA support which was removed by default upstream + +------------------------------------------------------------------- +Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org + +- update to Firefox 52.0 (boo#1028391) + * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. - * Windows 8 touch screen support for multiprocess Firefox * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers + * MFSA 2017-05 + CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP + (bmo#1334933) + CVE-2017-5401: Memory Corruption when handling ErrorResult + (bmo#1328861) + CVE-2017-5402: Use-after-free working with events in FontFace + objects (bmo#1334876) + CVE-2017-5403: Use-after-free using addRange to add range to an + incorrect root object (bmo#1340186) + CVE-2017-5404: Use-after-free working with ranges in selections + (bmo#1340138) + CVE-2017-5406: Segmentation fault in Skia with canvas operations + (bmo#1306890) + CVE-2017-5407: Pixel and history stealing via floating-point + timing side channel with SVG filters (bmo#1336622) + CVE-2017-5410: Memory corruption during JavaScript garbage + collection incremental sweeping (bmo#1330687) + CVE-2017-5408: Cross-origin reading of video captions in violation + of CORS (bmo#1313711) + CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) + CVE-2017-5413: Segmentation fault during bidirectional operations + (bmo#1337504) + CVE-2017-5414: File picker can choose incorrect default directory + (bmo#1319370) + CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) + CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) + CVE-2017-5417: Addressbar spoofing by draging and dropping URLs + (bmo#791597) + CVE-2017-5426: Gecko Media Plugin sandbox is not started if + seccomp-bpf filter is running (bmo#1257361) + CVE-2017-5427: Non-existent chrome.manifest file loaded during + startup (bmo#1295542) + CVE-2017-5418: Out of bounds read when parsing HTTP digest + authorization responses (bmo#1338876) + CVE-2017-5419: Repeated authentication prompts lead to DOS + attack (bmo#1312243) + CVE-2017-5420: Javascript: URLs can obfuscate addressbar + location (bmo#1284395) + CVE-2017-5405: FTP response codes can cause use of + uninitialized values for ports (bmo#1336699) + CVE-2017-5421: Print preview spoofing (bmo#1301876) + CVE-2017-5422: DOS attack by using view-source: protocol + repeatedly in one hyperlink (bmo#1295002) + CVE-2017-5399: Memory safety bugs fixed in Firefox 52 + CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and + Firefox ESR 45.8 - removed obsolete patches * mozilla-binutils-visibility.patch * mozilla-check_return.patch