--- a/MozillaFirefox/MozillaFirefox.changes Sat Aug 31 21:57:57 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Sep 04 10:39:09 2019 +0200
@@ -2,6 +2,43 @@
Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 68.1.0
+ MFSA 2019-26
+ * CVE-2019-11751 (bmo#1572838; Windows only)
+ Malicious code execution through command line parameters
+ * CVE-2019-11746 (bmo#1564449)
+ Use-after-free while manipulating video
+ * CVE-2019-11744 (bmo#1562033)
+ XSS by breaking out of title and textarea elements using innerHTML
+ * CVE-2019-11742 (bmo#1559715)
+ Same-origin policy violation with SVG filters and canvas to steal
+ cross-origin images
+ * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
+ File manipulation and privilege escalation in Mozilla Maintenance Service
+ * CVE-2019-11753 (bmo#1574980; Windows only)
+ Privilege escalation with Mozilla Maintenance Service in custom
+ Firefox installation location
+ * CVE-2019-11752 (bmo#1501152)
+ Use-after-free while extracting a key value in IndexedDB
+ * CVE-2019-9812 (bmo#1538008, bmo#1538015)
+ Sandbox escape through Firefox Sync
+ * CVE-2019-11743 (bmo#1560495)
+ Cross-origin access to unload event attributes
+ * CVE-2019-11748 (bmo#1564588)
+ Persistence of WebRTC permissions in a third party context
+ * CVE-2019-11749 (bmo#1565374)
+ Camera information available without prompting using getUserMedia
+ * CVE-2019-11750 (bmo#1568397)
+ Type confusion in Spidermonkey
+ * CVE-2019-11738 (bmo#1452037)
+ Content security policy bypass through hash-based sources in directives
+ * CVE-2019-11747 (bmo#1564481)
+ 'Forget about this site' removes sites from pre-loaded HSTS list
+ * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+ bmo#1565744,bmo#1568858,bmo#1570358)
+ Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+ Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+- switched package to ESR branch
- added mozilla-bmo1568145.patch to make builds reproducible
- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch