Mercurial Mercurial > hg > mozilla / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
changelog firefox68
authorWolfgang Rosenauer <wr@rosenauer.org>
Wed, 04 Sep 2019 10:39:09 +0200
branchfirefox68
changeset 1100 e1c5065a014f
parent 1099 8a3c73e74e65
child 1101 a4709640638e
changelog
MozillaFirefox/MozillaFirefox.changes file | annotate | diff | comparison | revisions 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Aug 31 21:57:57 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Sep 04 10:39:09 2019 +0200
@@ -2,6 +2,43 @@
 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 68.1.0
+  MFSA 2019-26
+  * CVE-2019-11751 (bmo#1572838; Windows only)
+    Malicious code execution through command line parameters
+  * CVE-2019-11746 (bmo#1564449)
+    Use-after-free while manipulating video
+  * CVE-2019-11744 (bmo#1562033)
+    XSS by breaking out of title and textarea elements using innerHTML
+  * CVE-2019-11742 (bmo#1559715)
+    Same-origin policy violation with SVG filters and canvas to steal
+    cross-origin images
+  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
+    File manipulation and privilege escalation in Mozilla Maintenance Service
+  * CVE-2019-11753 (bmo#1574980; Windows only)
+    Privilege escalation with Mozilla Maintenance Service in custom
+    Firefox installation location
+  * CVE-2019-11752 (bmo#1501152)
+    Use-after-free while extracting a key value in IndexedDB
+  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
+    Sandbox escape through Firefox Sync
+  * CVE-2019-11743 (bmo#1560495)
+    Cross-origin access to unload event attributes
+  * CVE-2019-11748 (bmo#1564588)
+    Persistence of WebRTC permissions in a third party context
+  * CVE-2019-11749 (bmo#1565374)
+    Camera information available without prompting using getUserMedia
+  * CVE-2019-11750 (bmo#1568397)
+    Type confusion in Spidermonkey
+  * CVE-2019-11738 (bmo#1452037)
+    Content security policy bypass through hash-based sources in directives
+  * CVE-2019-11747 (bmo#1564481)
+    'Forget about this site' removes sites from pre-loaded HSTS list
+  * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+    bmo#1565744,bmo#1568858,bmo#1570358)
+    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+- switched package to ESR branch
 - added mozilla-bmo1568145.patch to make builds reproducible
 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
mozilla