--- a/MozillaFirefox/MozillaFirefox.changes Tue Oct 09 13:40:39 2012 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Oct 09 22:08:14 2012 +0200
@@ -2,6 +2,34 @@
Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org
- update to Firefox 16.0 (bnc#783533)
+ * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+ Miscellaneous memory safety hazards
+ * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+ select element persistance allows for attacks
+ * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+ Continued access to initial origin after setting document.domain
+ * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+ Some DOMWindowUtils methods bypass security checks
+ * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+ DOS and crash with full screen and history navigation
+ * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+ Crash with invalid cast when using instanceof operator
+ * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+ GetProperty function can bypass security checks
+ * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+ top object and location property accessible by plugins
+ * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+ Chrome Object Wrapper (COW) does not disallow acces to privileged
+ functions or properties
+ * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+ Spoofing and script injection through location.hash
+ * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+ Use-after-free, buffer overflow, and out of bounds read issues
+ found using Address Sanitizer
+ * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+ CVE-2012-4188
+ Heap memory corruption issues found using Address Sanitizer
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)
- removed upstreamed mozilla-crashreporter-restart-args.patch
--- a/xulrunner/xulrunner.changes Tue Oct 09 13:40:39 2012 +0200
+++ b/xulrunner/xulrunner.changes Tue Oct 09 22:08:14 2012 +0200
@@ -2,6 +2,34 @@
Sun Oct 7 21:41:01 UTC 2012 - wr@rosenauer.org
- update to 16.0 (bnc#783533)
+ * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+ Miscellaneous memory safety hazards
+ * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+ select element persistance allows for attacks
+ * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+ Continued access to initial origin after setting document.domain
+ * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+ Some DOMWindowUtils methods bypass security checks
+ * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+ DOS and crash with full screen and history navigation
+ * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+ Crash with invalid cast when using instanceof operator
+ * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+ GetProperty function can bypass security checks
+ * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+ top object and location property accessible by plugins
+ * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+ Chrome Object Wrapper (COW) does not disallow acces to privileged
+ functions or properties
+ * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+ Spoofing and script injection through location.hash
+ * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+ Use-after-free, buffer overflow, and out of bounds read issues
+ found using Address Sanitizer
+ * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+ CVE-2012-4188
+ Heap memory corruption issues found using Address Sanitizer
- requires NSPR 4.9.2
- removed upstreamed mozilla-crashreporter-restart-args.patch
- updated translations-other with new languages