# HG changeset patch # User Wolfgang Rosenauer # Date 1342649514 -7200 # Node ID f5a9af1c8605648a01749e70bf5e045893a6a901 # Parent 9fe1eb2286100b2f9f02282d1a3a13ec257e7f2b changelogs diff -r 9fe1eb228610 -r f5a9af1c8605 MozillaFirefox/firefox-esr.changes --- a/MozillaFirefox/firefox-esr.changes Mon Jul 16 09:46:29 2012 +0200 +++ b/MozillaFirefox/firefox-esr.changes Thu Jul 19 00:11:54 2012 +0200 @@ -1,7 +1,37 @@ ------------------------------------------------------------------- Sat Jul 14 18:27:24 UTC 2012 - wr@rosenauer.org -- update to Firefox 1.0.6esr (bnc#) +- update to Firefox 10.0.6esr (bnc#771583) + * MFSA 2012-42/CVE-2012-1948 + Miscellaneous memory safety hazards + * MFSA 2012-43/CVE-2012-1950 + Incorrect URL displayed in addressbar through drag and drop + * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 + Gecko memory corruption + * MFSA 2012-45/CVE-2012-1955 (bmo#757376) + Spoofing issue with location + * MFSA 2012-46/CVE-2012-1966 (bmo#734076) + XSS through data: URLs + * MFSA 2012-47/CVE-2012-1957 (bmo#750096) + Improper filtering of javascript in HTML feed-view + * MFSA 2012-48/CVE-2012-1958 (bmo#750820) + use-after-free in nsGlobalWindow::PageHidden + * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) + Same-compartment Security Wrappers can be bypassed + * MFSA 2012-51/CVE-2012-1961 (bmo#761655) + X-Frame-Options header ignored when duplicated + * MFSA 2012-52/CVE-2012-1962 (bmo#764296) + JSDependentString::undepend string conversion results in memory + corruption + * MFSA 2012-53/CVE-2012-1963 (bmo#767778) + Content Security Policy 1.0 implementation errors cause data + leakage + * MFSA 2012-54/CVE-2012-1964 (bmo#633691) + Clickjacking of certificate warning page + * MFSA 2012-55/CVE-2012-1965 (bmo#758990) + feed: URLs with an innerURI inherit security context of page + * MFSA 2012-56/CVE-2012-1967 (bmo#758344) + Code execution through javascript: URLs - require NSS 3.13.5 ------------------------------------------------------------------- diff -r 9fe1eb228610 -r f5a9af1c8605 xulrunner/xulrunner-esr.changes --- a/xulrunner/xulrunner-esr.changes Mon Jul 16 09:46:29 2012 +0200 +++ b/xulrunner/xulrunner-esr.changes Thu Jul 19 00:11:54 2012 +0200 @@ -1,7 +1,37 @@ ------------------------------------------------------------------- Sat Jul 14 18:33:47 UTC 2012 - wr@rosenauer.org -- update to 10.0.6esr (bnc#) +- update to 10.0.6esr (bnc#771583) + * MFSA 2012-42/CVE-2012-1948 + Miscellaneous memory safety hazards + * MFSA 2012-43/CVE-2012-1950 + Incorrect URL displayed in addressbar through drag and drop + * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 + Gecko memory corruption + * MFSA 2012-45/CVE-2012-1955 (bmo#757376) + Spoofing issue with location + * MFSA 2012-46/CVE-2012-1966 (bmo#734076) + XSS through data: URLs + * MFSA 2012-47/CVE-2012-1957 (bmo#750096) + Improper filtering of javascript in HTML feed-view + * MFSA 2012-48/CVE-2012-1958 (bmo#750820) + use-after-free in nsGlobalWindow::PageHidden + * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) + Same-compartment Security Wrappers can be bypassed + * MFSA 2012-51/CVE-2012-1961 (bmo#761655) + X-Frame-Options header ignored when duplicated + * MFSA 2012-52/CVE-2012-1962 (bmo#764296) + JSDependentString::undepend string conversion results in memory + corruption + * MFSA 2012-53/CVE-2012-1963 (bmo#767778) + Content Security Policy 1.0 implementation errors cause data + leakage + * MFSA 2012-54/CVE-2012-1964 (bmo#633691) + Clickjacking of certificate warning page + * MFSA 2012-55/CVE-2012-1965 (bmo#758990) + feed: URLs with an innerURI inherit security context of page + * MFSA 2012-56/CVE-2012-1967 (bmo#758344) + Code execution through javascript: URLs - require NSS 3.13.5 -------------------------------------------------------------------