changelog
authorWolfgang Rosenauer <wr@rosenauer.org>
Wed, 05 Feb 2014 07:13:27 +0100
changeset 70052284fd63667
parent 699 f810fbe5fece
child 703 c4aab80e472f
child 704 72225e57f863
changelog
MozillaFirefox/MozillaFirefox.changes
     1.1 --- a/MozillaFirefox/MozillaFirefox.changes	Thu Jan 30 22:15:43 2014 +0100
     1.2 +++ b/MozillaFirefox/MozillaFirefox.changes	Wed Feb 05 07:13:27 2014 +0100
     1.3 @@ -1,7 +1,34 @@
     1.4  -------------------------------------------------------------------
     1.5  Tue Jan 28 15:45:41 UTC 2014 - wr@rosenauer.org
     1.6  
     1.7 -- update to Firefox 27.0 (bnc#)
     1.8 +- update to Firefox 27.0 (bnc#861847)
     1.9 +  * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
    1.10 +    Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
    1.11 +  * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
    1.12 +    Clone protected content with XBL scopes
    1.13 +  * MFSA 2014-03/CVE-2014-1480 (bmo#916726)
    1.14 +    UI selection timeout missing on download prompts
    1.15 +  * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
    1.16 +    Incorrect use of discarded images by RasterImage
    1.17 +  * MFSA 2014-05/CVE-2014-1483 (bmo#950427)
    1.18 +    Information disclosure with *FromPoint on iframes
    1.19 +  * MFSA 2014-06/CVE-2014-1484 (bmo#953993)
    1.20 +    Profile path leaks to Android system log
    1.21 +  * MFSA 2014-07/CVE-2014-1485 (bmo#910139)
    1.22 +    XSLT stylesheets treated as styles in Content Security Policy
    1.23 +  * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
    1.24 +    Use-after-free with imgRequestProxy and image proccessing
    1.25 +  * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
    1.26 +    Cross-origin information leak through web workers
    1.27 +  * MFSA 2014-10/CVE-2014-1489 (bmo#959531)
    1.28 +    Firefox default start page UI content invokable by script
    1.29 +  * MFSA 2014-11/CVE-2014-1488 (bmo#950604)
    1.30 +    Crash when using web workers with asm.js
    1.31 +  * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
    1.32 +    (bmo#934545, bmo#930874, bmo#930857)
    1.33 +    NSS ticket handling issues
    1.34 +  * MFSA 2014-13/CVE-2014-1481(bmo#936056)
    1.35 +    Inconsistent JavaScript handling of access to Window objects
    1.36  - requires NSS 3.15.4 or higher
    1.37  - rebased/reworked patches
    1.38  - removed obsolete mozilla-bug929439.patch