# HG changeset patch # User Wolfgang Rosenauer # Date 1492951935 -7200 # Node ID fbb2f292caaaad2b6b2c5711c0de95671b56bbc1 # Parent 4665fe34fbceaef00a766dee86d24298432ef71a add security information to changelog diff -r 4665fe34fbce -r fbb2f292caaa MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Apr 17 15:11:09 2017 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Apr 23 14:52:15 2017 +0200 @@ -15,6 +15,86 @@ * Media playback on new tabs is blocked until the tab is visible * Permission notifications have a cleaner design and cannot be easily missed + MFSA 2017-10 + * CVE-2017-5456 (bmo#1344415) + Sandbox escape allowing local file system access + * CVE-2017-5442 (bmo#1347979) + Use-after-free during style changes + * CVE-2017-5443 (bmo#1342661) + Out-of-bounds write during BinHex decoding + * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, + bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) + Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and + Firefox ESR 52.1 + * CVE-2017-5464 (bmo#1347075) + Memory corruption with accessibility and DOM manipulation + * CVE-2017-5465 (bmo#1347617) + Out-of-bounds read in ConvolvePixel + * CVE-2017-5466 (bmo#1353975) + Origin confusion when reloading isolated data:text/html URL + * CVE-2017-5467 (bmo#1347262) + Memory corruption when drawing Skia content + * CVE-2017-5460 (bmo#1343642) + Use-after-free in frame selection + * CVE-2017-5461 (bmo#1344380) + Out-of-bounds write in Base64 encoding in NSS + * CVE-2017-5448 (bmo#1346648) + Out-of-bounds write in ClearKeyDecryptor + * CVE-2017-5449 (bmo#1340127) + Crash during bidirectional unicode manipulation with animation + * CVE-2017-5446 (bmo#1343505) + Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data + * CVE-2017-5447 (bmo#1343552) + Out-of-bounds read during glyph processing + * CVE-2017-5444 (bmo#1344461) + Buffer overflow while parsing application/http-index-format content + * CVE-2017-5445 (bmo#1344467) + Uninitialized values used while parsing application/http-index-format + content + * CVE-2017-5468 (bmo#1329521) + Incorrect ownership model for Private Browsing information + * CVE-2017-5469 (bmo#1292534) + Potential Buffer overflow in flex-generated code + * CVE-2017-5440 (bmo#1336832) + Use-after-free in txExecutionState destructor during XSLT processing + * CVE-2017-5441 (bmo#1343795) + Use-after-free with selection during scroll events + * CVE-2017-5439 (bmo#1336830) + Use-after-free in nsTArray Length() during XSLT processing + * CVE-2017-5438 (bmo#1336828) + Use-after-free in nsAutoPtr during XSLT processing + * CVE-2017-5437 (bmo#1343453) + Vulnerabilities in Libevent library + * CVE-2017-5436 (bmo#1345461) + Out-of-bounds write with malicious font in Graphite 2 + * CVE-2017-5435 (bmo#1350683) + Use-after-free during transaction processing in the editor + * CVE-2017-5434 (bmo#1349946) + Use-after-free during focus handling + * CVE-2017-5433 (bmo#1347168) + Use-after-free in SMIL animation functions + * CVE-2017-5432 (bmo#1346654) + Use-after-free in text input selection + * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, + bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, + bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, + bmo#1349719, bmo#1353476) + Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 + * CVE-2017-5459 (bmo#1333858) + Buffer overflow in WebGL + * CVE-2017-5458 (bmo#1229426) + Drag and drop of javascript: URLs can allow for self-XSS + * CVE-2017-5455 (bmo#1341191) + Sandbox escape through internal feed reader APIs + * CVE-2017-5454 (bmo#1349276) + Sandbox escape allowing file system read access through file picker + * CVE-2017-5451 (bmo#1273537) + Addressbar spoofing with onblur event + * CVE-2017-5453 (bmo#1321247) + HTML injection into RSS Reader feed preview page through + TITLE element + * CVE-2017-5462 (bmo#1345089) + DRBG flaw in NSS - removed browser(npapi) provides as these plugins are deprecated - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for Leap 42