author | Wolfgang Rosenauer <wr@rosenauer.org> |
Thu, 13 Dec 2018 16:31:34 +0100 | |
branch | firefox64 |
changeset 1083 | 2f7023025374 |
parent 1082 | 821cfbe8efcc |
child 1084 | b0b3c507e253 |
permissions | -rw-r--r-- |
893
86f72f1e98a4
prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
892
diff
changeset
|
1 |
------------------------------------------------------------------- |
1083
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
2 |
Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
3 |
|
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
4 |
- Switch aarch64 builds back to gcc, not clang (bmo#1513605) |
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
5 |
- Switch %arm builds back to gcc, not clang to avoid OOM |
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
6 |
- Fix build flags when clang is not used |
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
7 |
- Fix flags for clang ppc64 builds |
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
8 |
|
2f7023025374
reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1082
diff
changeset
|
9 |
------------------------------------------------------------------- |
1082 | 10 |
Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org> |
11 |
||
12 |
- update to Firefox 64.0 |
|
13 |
* Better recommendations: You may see suggestions in regular browsing |
|
14 |
mode for new and relevant Firefox features, services, and extensions |
|
15 |
based on how you use the web (for US users only) |
|
16 |
* Enhanced tab management: You can now select multiple tabs from the |
|
17 |
tab bar and close, move, bookmark, or pin them quickly and easily |
|
18 |
* Easier performance management: The new Task Manager page found at |
|
19 |
about:performance lets you see how much energy each open tab consumes |
|
20 |
and provides access to close tabs to conserve power |
|
21 |
* Improved performance for Mac and Linux users, by enabling link time |
|
22 |
optimization (Clang LTO). |
|
23 |
* Added option to remove add-ons using the context menu on their |
|
24 |
toolbar buttons |
|
25 |
* RSS feed preview and live bookmarks are available only via add-ons |
|
26 |
* TLS certificates issued by Symantec are no longer trusted by Firefox. |
|
27 |
Website operators are strongly encouraged to replace any remaining |
|
28 |
Symantec TLS certificates as soon as possible |
|
29 |
MFSA 2018-29 (bsc#1119105) |
|
30 |
* CVE-2018-12407 bmo#1505973 |
|
31 |
Buffer overflow with ANGLE library when using VertexBuffer11 module |
|
32 |
* CVE-2018-17466 bmo#1488295 |
|
33 |
Buffer overflow and out-of-bounds read in ANGLE library with |
|
34 |
TextureStorage11 |
|
35 |
* CVE-2018-18492 bmo#1499861 |
|
36 |
Use-after-free with select element |
|
37 |
* CVE-2018-18493 bmo#1504452 |
|
38 |
Buffer overflow in accelerated 2D canvas with Skia |
|
39 |
* CVE-2018-18494 bmo#1487964 |
|
40 |
Same-origin policy violation using location attribute and |
|
41 |
performance.getEntries to steal cross-origin URLs |
|
42 |
* CVE-2018-18495 bmo#1427585 |
|
43 |
WebExtension content scripts can be loaded in about: pages |
|
44 |
* CVE-2018-18496 bmo#1422231 (Windows only) |
|
45 |
Embedded feed preview page can be abused for clickjacking |
|
46 |
* CVE-2018-18497 bmo#1488180 |
|
47 |
WebExtensions can load arbitrary URLs through pipe separators |
|
48 |
* CVE-2018-18498 bmo#1500011 |
|
49 |
Integer overflow when calculating buffer sizes for images |
|
50 |
* CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886 |
|
51 |
bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490 |
|
52 |
bmo#1481745 bmo#1458129 |
|
53 |
Memory safety bugs fixed in Firefox 64 |
|
54 |
* CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 |
|
55 |
bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 |
|
56 |
Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 |
|
57 |
- requires |
|
58 |
* rust/cargo >= 1.29 |
|
59 |
* mozilla-nss >= 3.40.1 |
|
60 |
* rust-cbindgen >= 0.6.4 |
|
61 |
- rebased patches |
|
62 |
- removed obsolete patch |
|
63 |
* mozilla-bmo1491289.patch |
|
64 |
- now uses clang primarily for compilation |
|
65 |
||
66 |
------------------------------------------------------------------- |
|
1081
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
67 |
Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
68 |
|
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
69 |
- Remove --disable-elf-hack when not available: on aarch64 and ppc64* |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
70 |
|
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
71 |
------------------------------------------------------------------- |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
72 |
Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
73 |
|
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
74 |
- Clean-up %arm build |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
75 |
|
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
76 |
------------------------------------------------------------------- |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
77 |
Sun Nov 18 11:01:21 UTC 2018 - manfred.h@gmx.net |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
78 |
|
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
79 |
- update to Firefox 63.0.3 |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
80 |
* Games using WebGL (created in Unity) get stuck after very short |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
81 |
time of gameplay (bmo#1502748) |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
82 |
* Slow page loading for some users with specific proxy configurations |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
83 |
(bmo#1495024) |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
84 |
* Disable HTTP response throttling by default for causing bugs with |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
85 |
videos in background tabs (bmo#1503354) |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
86 |
* Opening magnet links no longer works (bmo#1498934) |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
87 |
* Crash fixes (bmo#1498510, bmo#1503424) |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
88 |
- removed mozilla-newer-cbindgen.patch; no longer needed |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
89 |
|
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
90 |
------------------------------------------------------------------- |
1077 | 91 |
Thu Nov 8 14:59:13 UTC 2018 - wr@rosenauer.org |
92 |
||
93 |
- update to Firefox 63.0.1 |
|
94 |
* Snippets are not loaded due to missing element (bmo#1503047) |
|
95 |
* Print preview always shows 30& scale when it is actually |
|
96 |
Shrink To Fit (bmo#1501952) |
|
97 |
* Dialog displayed when closing multiple windows shows unreplaced |
|
98 |
%1$S placeholder in Japanese and potentially other locales |
|
99 |
(bmo#1500823) |
|
100 |
||
101 |
------------------------------------------------------------------- |
|
1075
0831123bc28a
final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1074
diff
changeset
|
102 |
Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org |
0831123bc28a
final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1074
diff
changeset
|
103 |
|
0831123bc28a
final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1074
diff
changeset
|
104 |
- update to Firefox 63.0 |
1074
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
105 |
* WebExtensions now run in their own process on Linux |
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
106 |
* The Ctrl+Tab shortcut now displays thumbnail previews of your |
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
107 |
tabs and cycles through tabs in recently used order. This new |
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
108 |
default behavior is activated only in new profiles and can be |
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
109 |
changed in preferences. |
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
110 |
* Added support for Web Components custom elements and shadow DOM |
1077 | 111 |
MFSA 2018-26 (bsc#1112852) |
112 |
* CVE-2018-12391 (bmo#1478843) (Android-only) |
|
113 |
HTTP Live Stream audio data is accessible cross-origin |
|
114 |
* CVE-2018-12392 (bmo#1492823) |
|
115 |
Crash with nested event loops |
|
116 |
* CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs) |
|
117 |
Integer overflow during Unicode conversion while loading JavaScript |
|
118 |
* CVE-2018-12395 (bmo#1467523) |
|
119 |
WebExtension bypass of domain restrictions through header rewriting |
|
120 |
* CVE-2018-12396 (bmo#1483602) |
|
121 |
WebExtension content scripts can execute in disallowed contexts |
|
122 |
* CVE-2018-12397 (bmo#1487478) |
|
123 |
Missing warning prompt when WebExtension requests local file access |
|
124 |
* CVE-2018-12398 (bmo#1460538, bmo#1488061) |
|
125 |
CSP bypass through stylesheet injection in resource URIs |
|
126 |
* CVE-2018-12399 (bmo#1490276) |
|
127 |
Spoofing of protocol registration notification bar |
|
128 |
* CVE-2018-12400 (bmo#1448305) (Android only) |
|
129 |
Favicons are cached in private browsing mode on Firefox for Android |
|
130 |
* CVE-2018-12401 (bmo#1422456) |
|
131 |
DOS attack through special resource URI parsing |
|
132 |
* CVE-2018-12402 (bmo#1469916) |
|
133 |
SameSite cookies leak when pages are explicitly saved |
|
134 |
* CVE-2018-12403 (bmo#1484753) |
|
135 |
Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP |
|
136 |
* CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427, |
|
137 |
bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167) |
|
138 |
Memory safety bugs fixed in Firefox 63 |
|
139 |
* CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, |
|
140 |
bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, |
|
141 |
bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, |
|
142 |
bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) |
|
143 |
Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 |
|
1074
4b99400f6d17
rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1073
diff
changeset
|
144 |
- requires NSPR 4.20, NSS 3.39 and Rust 1.28 |
1077 | 145 |
- latest rust does not provide rust-std so stop requiring it |
1079
1663e876731f
latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1078
diff
changeset
|
146 |
- requires rust-cbindgen >= 0.6.2 to build |
1663e876731f
latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1078
diff
changeset
|
147 |
- requires nodejs >= 8.11 to build |
1078
9f49c406dc11
63.0.1 release candidate with several build updates and required fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1077
diff
changeset
|
148 |
- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289) |
9f49c406dc11
63.0.1 release candidate with several build updates and required fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1077
diff
changeset
|
149 |
- added mozilla-cubeb-noreturn.patch to fix non-return function |
1079
1663e876731f
latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1078
diff
changeset
|
150 |
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7 |
1663e876731f
latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1078
diff
changeset
|
151 |
- disable elfhack for TW and newer due to build errors |
1081
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
152 |
- removed obsolete patches |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
153 |
* mozilla-no-return.patch |
9fec29d2ead2
latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1079
diff
changeset
|
154 |
* mozilla-no-stdcxx-check.patch |
1073
63a32fb3b602
merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1072
diff
changeset
|
155 |
|
63a32fb3b602
merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1072
diff
changeset
|
156 |
------------------------------------------------------------------- |
1076
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
157 |
Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org |
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
158 |
|
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
159 |
- Update _constraints for armv6/7 |
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
160 |
|
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
161 |
------------------------------------------------------------------- |
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
162 |
Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org |
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
163 |
|
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
164 |
- Add patch to fix build on armv7: |
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
165 |
* mozilla-bmo1463035.patch |
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
166 |
|
2823eb50c9a9
ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents:
1075
diff
changeset
|
167 |
------------------------------------------------------------------- |
1072 | 168 |
Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com |
169 |
||
170 |
- Mozilla Firefox 62.0.3: |
|
171 |
MFSA 2018-24 |
|
172 |
* CVE-2018-12386 (bsc#1110506, bmo#1493900) |
|
173 |
Type confusion in JavaScript allowed remote code execution |
|
174 |
* CVE-2018-12387 (bsc#1110507, bmo#1493903) |
|
175 |
Array.prototype.push stack pointer vulnerability may enable |
|
176 |
exploits in the sandboxed content process |
|
177 |
||
178 |
------------------------------------------------------------------- |
|
1071 | 179 |
Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com |
180 |
||
181 |
- Mozilla Firefox 62.0.2: |
|
182 |
MFSA 2018-22 |
|
183 |
* CVE-2018-12385 (boo#1109363, bmo#1490585) |
|
184 |
Crash in TransportSecurityInfo due to cached data |
|
185 |
* Unvisited bookmarks can once again be autofilled in the address |
|
186 |
bar |
|
187 |
* Fix WebGL rendering issues |
|
188 |
* Fix fallback on startup when a language pack is missing |
|
189 |
* Avoid crash when sharing a profile with newer (as yet |
|
190 |
unreleased) versions of Firefox |
|
191 |
* Do not undo removal of search engines when using a language |
|
192 |
pack |
|
193 |
* Fixed rendering of some web sites |
|
194 |
* Restored compatibility with some sites using deprecated TLS |
|
195 |
settings |
|
196 |
- disable rust debug symbols to fix build on %ix86 |
|
197 |
||
198 |
------------------------------------------------------------------- |
|
199 |
Mon Sep 3 10:47:43 UTC 2018 - wr@rosenauer.org |
|
200 |
||
201 |
- update to Firefox 62.0 |
|
202 |
* Firefox Home (the default New Tab) now allows users to display |
|
203 |
up to 4 rows of top sites, Pocket stories, and highlights |
|
204 |
* "Reopen in Container" tab menu option appears for users with |
|
205 |
Containers that lets them choose to reopen a tab in a different |
|
206 |
container |
|
207 |
* In advance of removing all trust for Symantec-issued certificates |
|
208 |
in Firefox 63, a preference was added that allows users to distrust |
|
209 |
certificates issued by Symantec. To use this preference, go to |
|
210 |
about:config in the address bar and set the preference |
|
211 |
"security.pki.distrust_ca_policy" to 2. |
|
212 |
* Support for CSS Shapes, allowing for richer web page layouts. |
|
213 |
This goes hand in hand with a brand new Shape Path Editor in the |
|
214 |
CSS inspector. |
|
215 |
* CSS Variable Fonts (OpenType Font Variations) support, which makes |
|
216 |
it possible to create beautiful typography with a single font file |
|
217 |
* Added Canadian English (en-CA) locale |
|
218 |
MFSA 2018-20 (bsc#1107343) |
|
219 |
* CVE-2018-12377 (bmo#1470260) |
|
220 |
Use-after-free in refresh driver timers |
|
221 |
* CVE-2018-12378 (bmo#1459383) |
|
222 |
Use-after-free in IndexedDB |
|
223 |
* CVE-2018-12379 (bmo#1473113) (updater is disabled for us) |
|
224 |
Out-of-bounds write with malicious MAR file |
|
225 |
* CVE-2017-16541 (bmo#1412081) |
|
226 |
Proxy bypass using automount and autofs |
|
227 |
* CVE-2018-12381 (bmo#1435319) |
|
228 |
Dragging and dropping Outlook email message results in page navigation |
|
229 |
* CVE-2018-12382 (bmo#1479311) (Android only) |
|
230 |
Addressbar spoofing with javascript URI on Firefox for Android |
|
231 |
* CVE-2018-12383 (bmo#1475775) |
|
232 |
Setting a master password post-Firefox 58 does not delete |
|
233 |
unencrypted previously stored passwords |
|
234 |
* CVE-2018-12375 |
|
235 |
Memory safety bugs fixed in Firefox 62 |
|
236 |
* CVE-2018-12376 |
|
237 |
Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 |
|
1066
3f18b0f2a868
merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1065
diff
changeset
|
238 |
- requires NSS >= 3.38 |
1071 | 239 |
- removed obsolete patch |
1067 | 240 |
mozilla-bmo1464766.patch |
1066
3f18b0f2a868
merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1065
diff
changeset
|
241 |
|
3f18b0f2a868
merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1065
diff
changeset
|
242 |
------------------------------------------------------------------- |
1065 | 243 |
Thu Aug 9 14:22:00 UTC 2018 - wr@rosenauer.org |
244 |
||
245 |
- update to Firefox 61.0.2 |
|
246 |
* Improved website rendering with the Retained Display List feature |
|
247 |
enabled (bmo#1474402) |
|
248 |
* Fixed broken DevTools panels with certain extensions installed |
|
249 |
(bmo#1474379) |
|
250 |
* Fixed a crash for users with some accessibility tools enabled |
|
251 |
(bmo#1474007) |
|
252 |
||
253 |
------------------------------------------------------------------- |
|
254 |
Mon Jul 9 07:22:09 UTC 2018 - astieger@suse.com |
|
255 |
||
256 |
- Mozilla Firefox 61.0.1: |
|
257 |
* Fix missing content on the New Tab Page and the Home section of |
|
258 |
the Preferences page (bmo#1471375) |
|
259 |
* Fixed loss of bookmarks under rare circumstances when upgrading |
|
260 |
from Firefox 60 (bmo#1472127) |
|
261 |
* Improved playback of Twitch 1080p video streams (bmo#1469257) |
|
262 |
* Web pages no longer lose focus when a browser popup window is |
|
263 |
opened (bmo#1471415) |
|
264 |
* Re-allowed downloading files from FTP sites via the "Save Link |
|
265 |
As" option when linked from HTTP pages (bmo#1470295) |
|
266 |
* Fixed extensions being unable to override the default homepage |
|
267 |
in certain situations (bmo#1466846) |
|
268 |
||
269 |
------------------------------------------------------------------- |
|
1061 | 270 |
Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org |
271 |
||
272 |
- update to Firefox 61.0 |
|
273 |
* Performance enhancements |
|
274 |
* Various improvements for dark theme support will provide a more |
|
275 |
consistent experience across the entire Firefox UI |
|
276 |
* OpenSearch plugins offered by web pages can now be added from the |
|
277 |
page action menu for easier installation |
|
278 |
* Improved support for allowing WebExtensions to manage and hide tabs |
|
1065 | 279 |
MFSA 2018-15 (bsc#1098998) |
280 |
* CVE-2018-12359 (bmo#1459162) |
|
281 |
Buffer overflow using computed size of canvas element |
|
282 |
* CVE-2018-12360 (bmo#1459693) |
|
283 |
Use-after-free when using focus() |
|
284 |
* CVE-2018-12361 (bmo#1463244) |
|
285 |
Integer overflow in SwizzleData |
|
286 |
* CVE-2018-12358 (bmo#1467852) |
|
287 |
Same-origin bypass using service worker and redirection |
|
288 |
* CVE-2018-12362 (bmo#1452375) |
|
289 |
Integer overflow in SSSE3 scaler |
|
290 |
* CVE-2018-5156 (bmo#1453127) |
|
291 |
Media recorder segmentation fault when track type is changed during capture |
|
292 |
* CVE-2018-12363 (bmo#1464784) |
|
293 |
Use-after-free when appending DOM nodes |
|
294 |
* CVE-2018-12364 (bmo#1436241) |
|
295 |
CSRF attacks through 307 redirects and NPAPI plugins |
|
296 |
* CVE-2018-12365 (bmo#1459206) |
|
297 |
Compromised IPC child process can list local filenames |
|
298 |
* CVE-2018-12371 (bmo#1465686) |
|
299 |
Integer overflow in Skia library during edge builder allocation |
|
300 |
* CVE-2018-12366 (bmo#1464039) |
|
301 |
Invalid data handling during QCMS transformations |
|
302 |
* CVE-2018-12367 (bmo#1462891) |
|
303 |
Timing attack mitigation of PerformanceNavigationTiming |
|
304 |
* CVE-2018-12369 (bmo#1454909) |
|
305 |
WebExtension security permission checks bypassed by embedded experiments |
|
306 |
* CVE-2018-12370 (bmo#1456652) |
|
307 |
SameSite cookie protections bypassed when exiting Reader View |
|
308 |
* CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882, |
|
309 |
bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671) |
|
310 |
Memory safety bugs fixed in Firefox 61 |
|
311 |
* CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938, |
|
312 |
bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568, |
|
313 |
bmo#1463884) |
|
314 |
Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 |
|
315 |
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, |
|
316 |
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, |
|
317 |
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, |
|
318 |
bmo#1464079,bmo#1463494,bmo#1458048) |
|
319 |
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 |
|
1054
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
320 |
- requires NSS 3.37.3 |
1065 | 321 |
- requires python >= 3.5 to build |
1055
526f445635f3
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1054
diff
changeset
|
322 |
- removed obsolete patches |
526f445635f3
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1054
diff
changeset
|
323 |
mozilla-i586-DecoderDoctorLogger.patch |
526f445635f3
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1054
diff
changeset
|
324 |
mozilla-i586-domPrefs.patch |
526f445635f3
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1054
diff
changeset
|
325 |
mozilla-fix-skia-aarch64.patch |
526f445635f3
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1054
diff
changeset
|
326 |
mozilla-bmo1375074.patch |
1065 | 327 |
mozilla-enable-csd.patch |
1057
b70ce330958c
successfull RPM build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1056
diff
changeset
|
328 |
- patch for new no-return warnings (mozilla-no-return.patch) |
1059
936bf8851c57
try to make langpacks work again
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1057
diff
changeset
|
329 |
- do not disable system installed locales (mozilla-bmo1464766.patch) |
1054
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
330 |
|
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
331 |
------------------------------------------------------------------- |
1056
90e1f32cf034
several changes to make upstream tarballs a good neighbour for locale fetching and HG checkouts
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1055
diff
changeset
|
332 |
Fri Jun 8 10:52:13 UTC 2018 - bjorn.lie@gmail.com |
1054
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
333 |
|
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
334 |
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass |
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
335 |
conditional --disable-gconf to configure: no longer pull in |
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
336 |
obsolete gconf2 for Tumbleweed. |
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
337 |
|
fbfe323c62cd
Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents:
1052
diff
changeset
|
338 |
------------------------------------------------------------------- |
1052 | 339 |
Thu Jun 7 12:11:06 UTC 2018 - wr@rosenauer.org |
340 |
||
341 |
- update to Firefox 60.0.2 |
|
342 |
* requires NSS 3.36.4 |
|
343 |
MFSA 2018-14 (bsc#1096449) |
|
344 |
* CVE-2018-6126 (bmo#1462682) |
|
345 |
Heap buffer overflow rasterizing paths in SVG with Skia |
|
346 |
||
347 |
------------------------------------------------------------------- |
|
348 |
Wed Jun 6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org |
|
349 |
||
350 |
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28' |
|
351 |
workaround: |
|
352 |
* mozilla-bmo1375074.patch |
|
353 |
||
354 |
------------------------------------------------------------------- |
|
1051
87c1625d07e2
fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1049
diff
changeset
|
355 |
Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org |
87c1625d07e2
fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1049
diff
changeset
|
356 |
|
87c1625d07e2
fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1049
diff
changeset
|
357 |
- fixed "open with" option under KDE (boo#1094747) |
87c1625d07e2
fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1049
diff
changeset
|
358 |
- workaround crash on startup on aarch64 (boo#1093059) |
1052 | 359 |
(contributed by guillaume.gardet@arm.com) |
1051
87c1625d07e2
fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1049
diff
changeset
|
360 |
|
87c1625d07e2
fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1049
diff
changeset
|
361 |
------------------------------------------------------------------- |
1049 | 362 |
Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org |
363 |
||
364 |
- Disable webrtc for aarch64 due to bmo#1434589 |
|
365 |
- Add patch to fix skia build on AArch64: |
|
366 |
* mozilla-fix-skia-aarch64.patch |
|
367 |
||
368 |
------------------------------------------------------------------- |
|
1048 | 369 |
Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org |
370 |
||
371 |
- update to Firefox 60.0.1 |
|
372 |
* Avoid overly long cycle collector pauses with some add-ons installed |
|
373 |
(bmo#1449033) |
|
374 |
* After unckecking the "Sponsored Stories" option, the New Tab page |
|
375 |
now immediately stops displaying "Sponsored content" cards (bmo#1458906) |
|
376 |
* On touchscreen devices, fixed momentum scrolling on non-zoomable pages |
|
377 |
(bmo#1457743) |
|
378 |
* Use the right default background when opening tabs or windows in |
|
379 |
high contrast mode (bmo#1458956) |
|
380 |
* Restored translations of the Preferences panels when using a |
|
381 |
language pack (bmo#1461590) |
|
382 |
||
383 |
------------------------------------------------------------------- |
|
384 |
Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com |
|
385 |
||
386 |
- parellelise locales building |
|
387 |
||
388 |
------------------------------------------------------------------- |
|
1047
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
389 |
Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
390 |
|
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
391 |
- update to Firefox 60.0 |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
392 |
* Added a policy engine that allows customized Firefox deployments |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
393 |
in enterprise environments, using Windows Group Policy or a |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
394 |
cross-platform JSON file |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
395 |
* Applied Quantum CSS to render browser UI |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
396 |
* Added support for Web Authentication, allowing the use of USB |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
397 |
tokens for authentication to web sites |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
398 |
* Locale added: Occitan (oc) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
399 |
MFSA 2018-11 (bsc#1092548) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
400 |
* CVE-2018-5154 (bmo#1443092) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
401 |
Use-after-free with SVG animations and clip paths |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
402 |
* CVE-2018-5155 (bmo#1448774) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
403 |
Use-after-free with SVG animations and text paths |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
404 |
* CVE-2018-5157 (bmo#1449898) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
405 |
Same-origin bypass of PDF Viewer to view protected PDF files |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
406 |
* CVE-2018-5158 (bmo#1452075) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
407 |
Malicious PDF can inject JavaScript into PDF Viewer |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
408 |
* CVE-2018-5159 (bmo#1441941) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
409 |
Integer overflow and out-of-bounds write in Skia |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
410 |
* CVE-2018-5160 (bmo#1436117) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
411 |
Uninitialized memory use by WebRTC encoder |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
412 |
* CVE-2018-5152 (bmo#1415644, bmo#1427289) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
413 |
WebExtensions information leak through webRequest API |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
414 |
* CVE-2018-5153 (bmo#1436809) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
415 |
Out-of-bounds read in mixed content websocket messages |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
416 |
* CVE-2018-5163 (bmo#1426353) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
417 |
Replacing cached data in JavaScript Start-up Bytecode Cache |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
418 |
* CVE-2018-5164 (bmo#1416045) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
419 |
CSP not applied to all multipart content sent with |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
420 |
multipart/x-mixed-replace |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
421 |
* CVE-2018-5166 (bmo#1437325) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
422 |
WebExtension host permission bypass through filterReponseData |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
423 |
* CVE-2018-5167 (bmo#1447969) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
424 |
Improper linkification of chrome: and javascript: content in |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
425 |
web console and JavaScript debugger |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
426 |
* CVE-2018-5168 (bmo#1449548) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
427 |
Lightweight themes can be installed without user interaction |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
428 |
* CVE-2018-5169 (bmo#1319157) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
429 |
Dragging and dropping link text onto home button can set home page |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
430 |
to include chrome pages |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
431 |
* CVE-2018-5172 (bmo#1436482) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
432 |
Pasted script from clipboard can run in the Live Bookmarks page |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
433 |
or PDF viewer |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
434 |
* CVE-2018-5173 (bmo#1438025) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
435 |
File name spoofing of Downloads panel with Unicode characters |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
436 |
* CVE-2018-5174 (bmo#1447080) (Windows-only) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
437 |
Windows Defender SmartScreen UI runs with less secure behavior |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
438 |
for downloaded files in Windows 10 April 2018 Update |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
439 |
* CVE-2018-5175 (bmo#1432358) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
440 |
Universal CSP bypass on sites using strict-dynamic in their policies |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
441 |
* CVE-2018-5176 (bmo#1442840) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
442 |
JSON Viewer script injection |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
443 |
* CVE-2018-5177 (bmo#1451908) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
444 |
Buffer overflow in XSLT during number formatting |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
445 |
* CVE-2018-5165 (bmo#1451452) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
446 |
Checkbox for enabling Flash protected mode is inverted in 32-bit |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
447 |
Firefox |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
448 |
* CVE-2018-5180 (bmo#1444086) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
449 |
heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
450 |
* CVE-2018-5181 (bmo#1424107) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
451 |
Local file can be displayed in noopener tab through drag and |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
452 |
drop of hyperlink |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
453 |
* CVE-2018-5182 (bmo#1435908) |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
454 |
Local file can be displayed from hyperlink dragged and dropped |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
455 |
on addressbar |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
456 |
* CVE-2018-5151 |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
457 |
Memory safety bugs fixed in Firefox 60 |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
458 |
* CVE-2018-5150 |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
459 |
Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 |
1046 | 460 |
- removed obsolete patches |
461 |
0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
|
1047
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
462 |
mozilla-bmo1005535.patch |
1046 | 463 |
- requires NSPR 4.19 and NSS 3.36.1 |
1047
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
464 |
- requires rust 1.24 or higher |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
465 |
- use upstream source archive and detached signature for |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
466 |
source verification |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
467 |
|
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
468 |
------------------------------------------------------------------- |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
469 |
Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
470 |
|
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
471 |
- Fix armv7 build by: |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
472 |
* adding RUSTFLAGS="-Cdebuginfo=0" |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
473 |
* updating _constraints for %arm |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
474 |
|
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
475 |
------------------------------------------------------------------- |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
476 |
Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org |
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
477 |
|
847ae61baab6
Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1046
diff
changeset
|
478 |
- do not try CSD on kwin (boo#1091592) |
1046 | 479 |
- fix build in openSUSE:Leap:42.3:Update, use gcc7 |
480 |
||
481 |
------------------------------------------------------------------- |
|
482 |
Tue May 1 14:26:24 UTC 2018 - astieger@suse.com |
|
483 |
||
484 |
- Mozilla Firefox 59.0.3: |
|
485 |
* fixes for platforms other than GNU/Linux |
|
486 |
||
487 |
------------------------------------------------------------------- |
|
488 |
Fri Apr 20 12:31:52 UTC 2018 - mliska@suse.cz |
|
489 |
||
490 |
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
|
491 |
in order to fix boo#1090362. |
|
492 |
||
493 |
------------------------------------------------------------------- |
|
494 |
Mon Apr 2 00:55:45 UTC 2018 - badshah400@gmail.com |
|
495 |
||
496 |
- Add back mozilla-enable-csd.patch: New rebased version from |
|
497 |
Fedora for version 59.0.x. |
|
1044
142a0c92607c
merge latest from 59.x
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1043
diff
changeset
|
498 |
|
142a0c92607c
merge latest from 59.x
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1043
diff
changeset
|
499 |
------------------------------------------------------------------- |
1043 | 500 |
Tue Mar 27 14:07:11 UTC 2018 - schwab@suse.de |
501 |
||
502 |
- Reduce constraints on aarch64 |
|
503 |
||
504 |
------------------------------------------------------------------- |
|
1041 | 505 |
Tue Mar 27 06:40:25 UTC 2018 - wr@rosenauer.org |
506 |
||
507 |
- update to Firefox 59.0.2 |
|
508 |
* Invalid page rendering with hardware acceleration enabled (bmo#1435472) |
|
509 |
* Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites |
|
510 |
that use those keys with resistFingerprinting enabled (bmo#1433592) |
|
511 |
* High CPU / memory churn caused by third-party software on some |
|
512 |
computers (bmo#1446280) |
|
513 |
* Users who have configured an "automatic proxy configuration URL" |
|
514 |
and want to reload their proxy settings from the URL will find |
|
515 |
the Reload button disabled in the Connection Settings dialog when |
|
516 |
they select Preferences/Options>Network Proxy>Settings... (bmo#1445991) |
|
517 |
* URL Fragment Identifiers Break Service Worker Responses (bmo#1443850) |
|
518 |
* User's trying to cancel a print around the time it completes will |
|
519 |
continue to get intermittent crashes (bmo#1441598) |
|
1043 | 520 |
MFSA 2018-10 (bsc#1087059) |
1041 | 521 |
* CVE-2018-5148 (bmo#1440717) |
522 |
Use-after-free in compositor |
|
523 |
- removed obsolete patch mozilla-bmo1446062.patch |
|
524 |
||
525 |
------------------------------------------------------------------- |
|
1040 | 526 |
Wed Mar 21 17:14:24 UTC 2018 - cgrobertson@suse.com |
527 |
||
528 |
- Added patches: |
|
529 |
* mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070 |
|
530 |
fixes non-unified build error |
|
1041 | 531 |
* mozilla-i586-domPrefs.patch - DOMPrefs.h |
1040 | 532 |
fixes 32bit build error |
533 |
||
534 |
------------------------------------------------------------------- |
|
1039 | 535 |
Fri Mar 16 06:40:11 UTC 2018 - wr@rosenauer.org |
536 |
||
537 |
- update to Firefox 59.0.1 (bsc#1085671) |
|
538 |
MFSA 2018-08 |
|
539 |
* CVE-2018-5146 (bmo#1446062) |
|
540 |
Vorbis audio processing out of bounds write |
|
541 |
* CVE-2018-5147 (bmo#1446365) |
|
542 |
Out of bounds memory write in libtremor |
|
1040 | 543 |
(mozilla-bmo1446062.patch) |
1039 | 544 |
|
545 |
------------------------------------------------------------------- |
|
546 |
Wed Mar 14 19:27:07 UTC 2018 - cgrobertson@suse.com |
|
547 |
||
548 |
- Added patch: |
|
549 |
* mozilla-bmo1005535.patch: |
|
550 |
Enable skia_gpu on big endian platforms. |
|
551 |
||
552 |
------------------------------------------------------------------- |
|
1037 | 553 |
Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org |
1036 | 554 |
|
555 |
- update to Firefox 59.0 |
|
1037 | 556 |
* Performance enhancements |
557 |
* Drag-and-drop to rearrange Top Sites on the Firefox Home page |
|
558 |
* added features for Firefox Screenshots |
|
559 |
* Enhanced WebExtensions API |
|
560 |
* Improved RTC capabilities |
|
561 |
MFSA 2018-06 (bsc#1085130) |
|
562 |
* CVE-2018-5127 (bmo#1430557) |
|
563 |
Buffer overflow manipulating SVG animatedPathSegList |
|
564 |
* CVE-2018-5128 (bmo#1431336) |
|
565 |
Use-after-free manipulating editor selection ranges |
|
566 |
* CVE-2018-5129 (bmo#1428947) |
|
567 |
Out-of-bounds write with malformed IPC messages |
|
568 |
* CVE-2018-5130 (bmo#1433005) |
|
569 |
Mismatched RTP payload type can trigger memory corruption |
|
570 |
* CVE-2018-5131 (bmo#1440775) |
|
571 |
Fetch API improperly returns cached copies of no-store/no-cache resources |
|
572 |
* CVE-2018-5132 (bmo#1408194) |
|
573 |
WebExtension Find API can search privileged pages |
|
574 |
* CVE-2018-5133 (bmo#1430511, bmo#1430974) |
|
575 |
Value of the app.support.baseURL preference is not properly sanitized |
|
576 |
* CVE-2018-5134 (bmo#1429379) |
|
577 |
WebExtensions may use view-source: URLs to bypass content restrictions |
|
578 |
* CVE-2018-5135 (bmo#1431371) |
|
579 |
WebExtension browserAction can inject scripts into unintended contexts |
|
580 |
* CVE-2018-5136 (bmo#1419166) |
|
581 |
Same-origin policy violation with data: URL shared workers |
|
582 |
* CVE-2018-5137 (bmo#1432870) |
|
583 |
Script content can access legacy extension non-contentaccessible resources |
|
584 |
* CVE-2018-5138 (bmo#1432624) (Android only) |
|
585 |
Android Custom Tab address spoofing through long domain names |
|
586 |
* CVE-2018-5140 (bmo#1424261) |
|
587 |
Moz-icon images accessible to web content through moz-icon: protocol |
|
588 |
* CVE-2018-5141 (bmo#1429093) |
|
589 |
DOS attack through notifications Push API |
|
590 |
* CVE-2018-5142 (bmo#1366357) |
|
591 |
Media Capture and Streams API permissions display incorrect origin |
|
592 |
with data: and blob: URLs |
|
593 |
* CVE-2018-5143 (bmo#1422643) |
|
594 |
Self-XSS pasting javascript: URL with embedded tab into addressbar |
|
595 |
* CVE-2018-5126 |
|
596 |
Memory safety bugs fixed in Firefox 59 |
|
597 |
* CVE-2018-5125 |
|
598 |
Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 |
|
1031
4b419fce88dc
merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1030
diff
changeset
|
599 |
- requires NSPR 4.18 and NSS 3.35 |
4b419fce88dc
merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1030
diff
changeset
|
600 |
- requires rust >= 1.22.1 |
1032
8220ea23b47d
remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1031
diff
changeset
|
601 |
- removed obsolete patches: |
8220ea23b47d
remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1031
diff
changeset
|
602 |
mozilla-alsa-sandbox.patch |
8220ea23b47d
remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1031
diff
changeset
|
603 |
mozilla-enable-csd.patch |
8220ea23b47d
remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1031
diff
changeset
|
604 |
firefox-no-default-ualocale.patch |
8220ea23b47d
remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1031
diff
changeset
|
605 |
- removed l10n_changesets.txt since same information is now in |
8220ea23b47d
remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1031
diff
changeset
|
606 |
Firefox source tree (updated create-tar.sh now requires jq) |
1031
4b419fce88dc
merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1030
diff
changeset
|
607 |
|
4b419fce88dc
merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1030
diff
changeset
|
608 |
------------------------------------------------------------------- |
1039 | 609 |
Fri Feb 9 13:37:46 UTC 2018 - astieger@suse.com |
610 |
||
611 |
- Mozilla Firefox 58.0.2: |
|
612 |
* Blocklisted graphics drivers related to off main thread painting |
|
613 |
crashes |
|
614 |
* Fix tab crash during printing |
|
615 |
* Fix clicking links and scrolling emails on Microsoft Hotmail |
|
616 |
and Outlook (OWA) webmail |
|
617 |
||
618 |
------------------------------------------------------------------- |
|
1030
cd02d400c081
correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1029
diff
changeset
|
619 |
Fri Feb 9 12:06:31 UTC 2018 - wr@rosenauer.org |
cd02d400c081
correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1029
diff
changeset
|
620 |
|
cd02d400c081
correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1029
diff
changeset
|
621 |
- correct requires and provides handling (boo#1076907) |
cd02d400c081
correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1029
diff
changeset
|
622 |
|
cd02d400c081
correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1029
diff
changeset
|
623 |
------------------------------------------------------------------- |
1029 | 624 |
Tue Feb 6 07:03:42 UTC 2018 - fstrba@suse.com |
625 |
||
626 |
- Added patch: |
|
627 |
* mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still |
|
628 |
or again?) not working in Firefox 58 due to sandboxing. |
|
629 |
||
630 |
------------------------------------------------------------------- |
|
1028 | 631 |
Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org |
632 |
||
633 |
- update to Firefox 58.0.1 |
|
634 |
MFSA 2018-05 |
|
1037 | 635 |
* Arbitrary code execution through unsanitized browser UI (bmo#1432966) |
1029 | 636 |
- use correct language packs |
1027 | 637 |
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream |
638 |
- allow larger number of nested elements (mozilla-bmo256180.patch) |
|
639 |
||
640 |
------------------------------------------------------------------- |
|
1026
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
641 |
Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
642 |
|
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
643 |
- update to Firefox 58.0 (bsc#1077291) |
1023
fce335a42db7
new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1020
diff
changeset
|
644 |
* Added Nepali (ne-NP) locale |
fce335a42db7
new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1020
diff
changeset
|
645 |
* Added support for form autofill for credit card |
fce335a42db7
new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1020
diff
changeset
|
646 |
* Optimize page load by caching JavaScript internal representation |
1026
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
647 |
MFSA 2018-02 |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
648 |
* CVE-2018-5091 (bmo#1423086) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
649 |
Use-after-free with DTMF timers |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
650 |
* CVE-2018-5092 (bmo#1418074) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
651 |
Use-after-free in Web Workers |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
652 |
* CVE-2018-5093 (bmo#1415291) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
653 |
Buffer overflow in WebAssembly during Memory/Table resizing |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
654 |
* CVE-2018-5094 (bmo#1415883) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
655 |
Buffer overflow in WebAssembly with garbage collection on |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
656 |
uninitialized memory |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
657 |
* CVE-2018-5095 (bmo#1418447) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
658 |
Integer overflow in Skia library during edge builder allocation |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
659 |
* CVE-2018-5097 (bmo#1387427) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
660 |
Use-after-free when source document is manipulated during XSLT |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
661 |
* CVE-2018-5098 (bmo#1399400) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
662 |
Use-after-free while manipulating form input elements |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
663 |
* CVE-2018-5099 (bmo#1416878) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
664 |
Use-after-free with widget listener |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
665 |
* CVE-2018-5100 (bmo#1417405) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
666 |
Use-after-free when IsPotentiallyScrollable arguments are freed |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
667 |
from memory |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
668 |
* CVE-2018-5101 (bmo#1417661) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
669 |
Use-after-free with floating first-letter style elements |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
670 |
* CVE-2018-5102 (bmo#1419363) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
671 |
Use-after-free in HTML media elements |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
672 |
* CVE-2018-5103 (bmo#1423159) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
673 |
Use-after-free during mouse event handling |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
674 |
* CVE-2018-5104 (bmo#1425000) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
675 |
Use-after-free during font face manipulation |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
676 |
* CVE-2018-5105 (bmo#1390882) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
677 |
WebExtensions can save and execute files on local file system |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
678 |
without user prompts |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
679 |
* CVE-2018-5106 (bmo#1408708) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
680 |
Developer Tools can expose style editor information cross-origin |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
681 |
through service worker |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
682 |
* CVE-2018-5107 (bmo#1379276) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
683 |
Printing process will follow symlinks for local file access |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
684 |
* CVE-2018-5108 (bmo#1421099) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
685 |
Manually entered blob URL can be accessed by subsequent private browsing tabs |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
686 |
* CVE-2018-5109 (bmo#1405599) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
687 |
Audio capture prompts and starts with incorrect origin attribution |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
688 |
* CVE-2018-5110 (bmo#1423275) (affects only OS X) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
689 |
Cursor can be made invisible on OS X |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
690 |
* CVE-2018-5111 (bmo#1321619) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
691 |
URL spoofing in addressbar through drag and drop |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
692 |
* CVE-2018-5112 (bmo#1425224) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
693 |
Extension development tools panel can open a non-relative URL in the panel |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
694 |
* CVE-2018-5113 (bmo#1425267) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
695 |
WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
696 |
* CVE-2018-5114 (bmo#1421324) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
697 |
The old value of a cookie changed to HttpOnly remains accessible to scripts |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
698 |
* CVE-2018-5115 (bmo#1409449) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
699 |
Background network requests can open HTTP authentication in unrelated foreground tabs |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
700 |
* CVE-2018-5116 (bmo#1396399) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
701 |
WebExtension ActiveTab permission allows cross-origin frame content access |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
702 |
* CVE-2018-5117 (bmo#1395508) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
703 |
URL spoofing with right-to-left text aligned left-to-right |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
704 |
* CVE-2018-5118 (bmo#1420049) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
705 |
Activity Stream images can attempt to load local content through file: |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
706 |
* CVE-2018-5119 (bmo#1420507) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
707 |
Reader view will load cross-origin content in violation of CORS headers |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
708 |
* CVE-2018-5121 (bmo#1402368) (affects only OS X) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
709 |
OS X Tibetan characters render incompletely in the addressbar |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
710 |
* CVE-2018-5122 (bmo#1413841) |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
711 |
Potential integer overflow in DoCrypt |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
712 |
* CVE-2018-5090 |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
713 |
Memory safety bugs fixed in Firefox 58 |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
714 |
* CVE-2018-5089 |
963c89cda54b
update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1023
diff
changeset
|
715 |
Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 |
1019
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
716 |
- requires NSS 3.34.1 |
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
717 |
- requires rust 1.21 |
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
718 |
- removed obsolete patches: |
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
719 |
mozilla-bindgen-systemlibs.patch |
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
720 |
mozilla-bmo1360278.patch |
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
721 |
mozilla-bmo1399611-csd.patch |
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
722 |
mozilla-rust-1.23.patch |
1020
d2c159cb9bf2
rebased patches; updated spec file
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1019
diff
changeset
|
723 |
- rebased patches |
1023
fce335a42db7
new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1020
diff
changeset
|
724 |
- updated man-page |
1019
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
725 |
|
b0c883afdffa
initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1017
diff
changeset
|
726 |
------------------------------------------------------------------- |
1017
8ccb9c3cbe47
build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1016
diff
changeset
|
727 |
Tue Jan 9 18:48:02 UTC 2018 - wr@rosenauer.org |
8ccb9c3cbe47
build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1016
diff
changeset
|
728 |
|
8ccb9c3cbe47
build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1016
diff
changeset
|
729 |
- fixed build with latest rust (mozilla-rust-1.23.patch) |
8ccb9c3cbe47
build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1016
diff
changeset
|
730 |
|
8ccb9c3cbe47
build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1016
diff
changeset
|
731 |
------------------------------------------------------------------- |
1016 | 732 |
Thu Jan 4 12:23:41 UTC 2018 - wr@rosenauer.org |
733 |
||
734 |
- update to Firefox 57.0.4 |
|
735 |
MFSA 2018-1: Speculative execution side-channel attack ("Spectre") |
|
736 |
(boo#1074723) |
|
737 |
||
738 |
------------------------------------------------------------------- |
|
1015 | 739 |
Wed Jan 3 08:29:38 UTC 2018 - wr@rosenauer.org |
740 |
||
741 |
- fixed regression introduced Oct 10th which made Firefox crash |
|
742 |
when cancelling the KDE file dialog (boo#1069962) |
|
743 |
||
744 |
------------------------------------------------------------------- |
|
745 |
Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com |
|
746 |
||
747 |
- Mozilla Firefox 57.0.3: |
|
748 |
* Fix a crash reporting issue that inadvertently sends background |
|
749 |
tab crash reports to Mozilla without user opt-in (bmo#1427111, |
|
750 |
bsc#1074235) |
|
751 |
- Includes changes from 57.0.2: |
|
752 |
* fixes for platforms other than GNU/Linux |
|
753 |
||
754 |
------------------------------------------------------------------- |
|
1012 | 755 |
Fri Dec 8 15:52:17 UTC 2017 - dimstar@opensuse.org |
756 |
||
757 |
- Explicitly buildrequires python2-xml: The build system relies on |
|
758 |
it. We wrongly relied on other packages pulling it in for us. |
|
759 |
||
760 |
------------------------------------------------------------------- |
|
761 |
Thu Dec 7 11:12:31 UTC 2017 - dimstar@opensuse.org |
|
762 |
||
763 |
- Escape the usage of %{VERSION} when calling out to rpm. |
|
764 |
RPM 4.14 has %{VERSION} defined as 'the main packages version'. |
|
765 |
||
766 |
------------------------------------------------------------------- |
|
767 |
Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org |
|
768 |
||
769 |
- update to Firefox 57.0.1 |
|
770 |
* CVE-2017-7843: Web worker in Private Browsing mode can write |
|
771 |
IndexedDB data (bsc#1072034, bmo#1410106) |
|
772 |
* CVE-2017-7844: Visited history information leak through SVG |
|
773 |
image (bsc#1072036, bmo#1420001) |
|
774 |
* Fix a video color distortion issue on YouTube and other video |
|
775 |
sites with some AMD devices (bmo#1417442) |
|
776 |
* Fix an issue with prefs.js when the profile path has non-ascii |
|
777 |
characters (bmo#1420427) |
|
778 |
||
779 |
------------------------------------------------------------------- |
|
780 |
Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr |
|
781 |
||
782 |
- Add mozilla-bmo1360278.patch |
|
783 |
Starting with Firefox 57, the context menu appears on key press. |
|
784 |
This patch creates a config entry to restore the |
|
785 |
old behaviour. Without the patch, the mouse gesture extensions |
|
786 |
require 2 clicks to work (bmo#1360278). |
|
787 |
The new config entry is named ui.context_menus.after_mouseup |
|
788 |
(default : false). |
|
789 |
||
790 |
------------------------------------------------------------------- |
|
791 |
Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org |
|
792 |
||
793 |
- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled |
|
794 |
widget.allow-client-side-decoration=true |
|
795 |
(mozilla-bmo1399611-csd.patch) |
|
796 |
||
797 |
------------------------------------------------------------------- |
|
1011
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
798 |
Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
799 |
|
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
800 |
- update to Firefox 57.0 (boo#1068101) |
1008
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
801 |
* Firefox Quantum |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
802 |
* Photon UI |
1011
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
803 |
* Unified address and search bar |
1008
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
804 |
* AMD VP9 hardware video decoder support |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
805 |
* Added support for Date/Time input |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
806 |
* stricter security sandbox blocking filesystem reading and |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
807 |
writing on Linux systems |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
808 |
* middle mouse paste in the content area no longer navigates to |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
809 |
URLs by default on Unix systems |
1011
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
810 |
MFSA 2017-24 |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
811 |
* CVE-2017-7828 (bmo#1406750. bmo#1412252) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
812 |
Use-after-free of PressShell while restyling layout |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
813 |
* CVE-2017-7830 (bmo#1408990) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
814 |
Cross-origin URL information leak through Resource Timing API |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
815 |
* CVE-2017-7831 (bmo#1392026) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
816 |
Information disclosure of exposed properties on JavaScript proxy |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
817 |
objects |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
818 |
* CVE-2017-7832 (bmo#1408782) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
819 |
Domain spoofing through use of dotless 'i' character followed |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
820 |
by accent markers |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
821 |
* CVE-2017-7833 (bmo#1370497) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
822 |
Domain spoofing with Arabic and Indic vowel marker characters |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
823 |
* CVE-2017-7834 (bmo#1358009) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
824 |
data: URLs opened in new tabs bypass CSP protections |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
825 |
* CVE-2017-7835 (bmo#1402363) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
826 |
Mixed content blocking incorrectly applies with redirects |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
827 |
* CVE-2017-7836 (bmo#1401339) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
828 |
Pingsender dynamically loads libcurl on Linux and OS X |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
829 |
* CVE-2017-7837 (bmo#1325923) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
830 |
SVG loaded as <img> can use meta tags to set cookies |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
831 |
* CVE-2017-7838 (bmo#1399540) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
832 |
Failure of individual decoding of labels in international domain |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
833 |
names triggers punycode display of entire IDN |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
834 |
* CVE-2017-7839 (bmo#1402896) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
835 |
Control characters before javascript: URLs defeats self-XSS |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
836 |
prevention mechanism |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
837 |
* CVE-2017-7840 (bmo#1366420) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
838 |
Exported bookmarks do not strip script elements from user-supplied |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
839 |
tags |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
840 |
* CVE-2017-7842 (bmo#1397064) |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
841 |
Referrer Policy is not always respected for <link> elements |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
842 |
* CVE-2017-7827 |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
843 |
Memory safety bugs fixed in Firefox 57 |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
844 |
* CVE-2017-7826 |
85bd01789b6f
Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1008
diff
changeset
|
845 |
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 |
1004
f98f2fd265af
update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1001
diff
changeset
|
846 |
- requires NSPR 4.17, NSS 3.33 and rustc 1.19 |
1005 | 847 |
- rebased patches |
1008
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
848 |
- added mozilla-bindgen-systemlibs.patch to allow stylo build |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
849 |
with system libs (bmo#1341234) |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
850 |
- removed mozilla-language.patch since the whole locale code |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
851 |
changed in Firefox and is relying on ICU now |
77c890186192
removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1005
diff
changeset
|
852 |
- removed obsolete mozilla-ucontext.patch |
1004
f98f2fd265af
update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1001
diff
changeset
|
853 |
|
f98f2fd265af
update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
1001
diff
changeset
|
854 |
------------------------------------------------------------------- |
1001 | 855 |
Sat Oct 28 06:30:37 UTC 2017 - wr@rosenauer.org |
856 |
||
857 |
- update to Firefox 56.0.2 |
|
858 |
* Disable Form Autofill completely on user request (bmo#1404531) |
|
859 |
* Fix for video-related crashes on Windows 7 (bmo#1409141) |
|
860 |
* Correct detection for 64-bit GSSAPI authentication (bmo#1409275) |
|
861 |
* Fix for shutdown crash (bmo#1404105) |
|
862 |
||
863 |
------------------------------------------------------------------- |
|
1000 | 864 |
Tue Oct 10 11:47:49 UTC 2017 - wr@rosenauer.org |
865 |
||
866 |
- update to Firefox 56.0.1 |
|
867 |
* Block D3D11 when using Intel drivers on Windows 7 systems with |
|
868 |
partial AVX support (bmo#1403353) |
|
869 |
-> just to sync the version number |
|
998
6c6109948e35
enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
997
diff
changeset
|
870 |
- enable stylo for TW (requires LLVM >= 3.9) |
1000 | 871 |
- queue KDE filepicker requests to avoid non-opening file dialogs |
872 |
happening in certain situations (contributed by Ignaz Forster) |
|
873 |
- the placeholder dot in KDE file dialog in case of empty filenames |
|
874 |
was removed, apparently not required (anymore) |
|
875 |
(contributed by Ignaz Forster) |
|
998
6c6109948e35
enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
997
diff
changeset
|
876 |
|
6c6109948e35
enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
997
diff
changeset
|
877 |
------------------------------------------------------------------- |
997
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
878 |
Sun Oct 1 18:25:16 UTC 2017 - stefan.bruens@rwth-aachen.de |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
879 |
|
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
880 |
- Correct plugin directory for aarch64 (boo#1061207). The wrapper |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
881 |
script was not detecting aarch64 as a 64 bit architecture, thus |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
882 |
used /usr/lib/browser-plugins/. |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
883 |
|
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
884 |
------------------------------------------------------------------- |
996
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
885 |
Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
886 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
887 |
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0), |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
888 |
pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0), |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
889 |
pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
890 |
pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
891 |
looks for. |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
892 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
893 |
------------------------------------------------------------------- |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
894 |
Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
895 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
896 |
- update to Firefox 56.0 (boo#1060445) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
897 |
* Firefox Screenshots |
994 | 898 |
* Find Options/Preferences more quickly with new search function |
899 |
* Media is no longer auto-played when opened in a background tab |
|
900 |
* Enable CSS Grid Layout View |
|
996
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
901 |
MFSA 2017-21 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
902 |
* CVE-2017-7793 (bmo#1371889) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
903 |
Use-after-free with Fetch API |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
904 |
* CVE-2017-7817 (bmo#1356596) (Android-only) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
905 |
Firefox for Android address bar spoofing through fullscreen mode |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
906 |
* CVE-2017-7818 (bmo#1363723) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
907 |
Use-after-free during ARIA array manipulation |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
908 |
* CVE-2017-7819 (bmo#1380292) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
909 |
Use-after-free while resizing images in design mode |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
910 |
* CVE-2017-7824 (bmo#1398381) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
911 |
Buffer overflow when drawing and validating elements with ANGLE |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
912 |
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
913 |
Use-after-free in TLS 1.2 generating handshake hashes |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
914 |
* CVE-2017-7812 (bmo#1379842) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
915 |
Drag and drop of malicious page content to the tab bar can open locally stored files |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
916 |
* CVE-2017-7814 (bmo#1376036) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
917 |
Blob and data URLs bypass phishing and malware protection warnings |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
918 |
* CVE-2017-7813 (bmo#1383951) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
919 |
Integer truncation in the JavaScript parser |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
920 |
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
921 |
OS X fonts render some Tibetan and Arabic unicode characters as spaces |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
922 |
* CVE-2017-7815 (bmo#1368981) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
923 |
Spoofing attack with modal dialogs on non-e10s installations |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
924 |
* CVE-2017-7816 (bmo#1380597) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
925 |
WebExtensions can load about: URLs in extension UI |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
926 |
* CVE-2017-7821 (bmo#1346515) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
927 |
WebExtensions can download and open non-executable files without user interaction |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
928 |
* CVE-2017-7823 (bmo#1396320) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
929 |
CSP sandbox directive did not create a unique origin |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
930 |
* CVE-2017-7822 (bmo#1368859) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
931 |
WebCrypto allows AES-GCM with 0-length IV |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
932 |
* CVE-2017-7820 (bmo#1378207) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
933 |
Xray wrapper bypass with new tab and web console |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
934 |
* CVE-2017-7811 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
935 |
Memory safety bugs fixed in Firefox 56 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
936 |
* CVE-2017-7810 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
937 |
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 |
994 | 938 |
- requires NSPR 4.16 and NSS 3.32.1 |
996
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
939 |
- rebased patches |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
940 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
941 |
------------------------------------------------------------------- |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
942 |
Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
943 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
944 |
- Add alsa-devel BuildRequires: we care for ALSA support to be |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
945 |
built and thus need to ensure we get the dependencies in place. |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
946 |
In the past, alsa-devel was pulled in by accident: we |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
947 |
buildrequire libgnome-devel. This required esound-devel and that |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
948 |
in turn pulled in alsa-devel for us. libgnome is being fixed to |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
949 |
no longer require esound-devel. |
994 | 950 |
|
951 |
------------------------------------------------------------------- |
|
992
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
952 |
Mon Sep 4 18:27:44 UTC 2017 - wr@rosenauer.org |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
953 |
|
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
954 |
- update to Firefox 55.0.3 |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
955 |
* Fix an issue with addons when using a path containing non-ascii |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
956 |
characters (bmo#1389160) |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
957 |
* Fix file uploads to some websites, including YouTube (bmo#1383518) |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
958 |
- fix Google API key build integration |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
959 |
- add mozilla-ucontext.patch to fix Tumbleweed build |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
960 |
- do not enable XINPUT2 for now (boo#1053959) |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
961 |
|
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
962 |
------------------------------------------------------------------- |
991 | 963 |
Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org |
964 |
||
965 |
- update to Firefox 55.0.1 |
|
966 |
* Fix a regression the tab restoration process (bmo#1388160) |
|
967 |
* Fix a problem causing What's new pages not to be displayed (bmo#1386224) |
|
968 |
* Fix a rendering issue with some PKCS#11 libraries (bmo#1388370) |
|
969 |
* Disable the predictor prefetch (bmo#1388160) |
|
970 |
||
971 |
------------------------------------------------------------------- |
|
985 | 972 |
Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
973 |
||
991 | 974 |
- update to Firefox 55.0 (boo#1052829) |
985 | 975 |
* Browsing sessions with a high number of tabs are now restored |
976 |
in an instant |
|
977 |
* Sidebar (bookmarks, history, synced tabs) can now be moved to |
|
978 |
the right edge of the window |
|
979 |
* Fine-tune your browser performance from the Preferences/Options page. |
|
980 |
* Make screenshots of webpages, and save them locally or upload |
|
981 |
them to the cloud. This feature will undergo A/B testing and |
|
982 |
will not be visible for some users. |
|
983 |
* Added Belarusian (be) locale |
|
984 |
* Simplify print jobs from within print preview |
|
985 |
* Use virtual reality devices with the web with the introduction |
|
986 |
of WebVR |
|
987 |
* Search suggestions are now enabled by default for users who |
|
988 |
haven't explicitly opted-out |
|
989 |
* Search with any installed search engine directly from the |
|
990 |
location bar |
|
991 |
* IMPORTANT: Breaking profile changes - do not downgrade Firefox |
|
992 |
and use a profile that has been opened with Firefox 55+. |
|
993 |
* The Adobe Flash plugin is now click-to-activate by default and |
|
994 |
only allowed on http:// and https:// URL schemes. This change |
|
995 |
will be rolled out progressively and so will not be visible to |
|
996 |
all users immediately. For more information see the Firefox |
|
997 |
plugin roadmap |
|
998 |
* Modernized application update UI to be less intrusive and more |
|
999 |
aligned with the rest of the browser. Only users who have not |
|
1000 |
restarted their browser 8 days after downloading an update or |
|
1001 |
users who opted out of automatic updates will see this change. |
|
1002 |
* Insecure sites can no longer access the Geolocation APIs to get |
|
1003 |
access to your physical location |
|
1004 |
* requires NSPR 4.15 and NSS 3.31 |
|
991 | 1005 |
MFSA 2017-18 |
1006 |
* CVE-2017-7798 (bmo#1371586, bmo#1372112) |
|
1007 |
XUL injection in the style editor in devtools |
|
1008 |
* CVE-2017-7800 (bmo#1374047) |
|
1009 |
Use-after-free in WebSockets during disconnection |
|
1010 |
* CVE-2017-7801 (bmo#1371259) |
|
1011 |
Use-after-free with marquee during window resizing |
|
1012 |
* CVE-2017-7809 (bmo#1380284) |
|
1013 |
Use-after-free while deleting attached editor DOM node |
|
1014 |
* CVE-2017-7784 (bmo#1376087) |
|
1015 |
Use-after-free with image observers |
|
1016 |
* CVE-2017-7802 (bmo#1378147) |
|
1017 |
Use-after-free resizing image elements |
|
1018 |
* CVE-2017-7785 (bmo#1356985) |
|
1019 |
Buffer overflow manipulating ARIA attributes in DOM |
|
1020 |
* CVE-2017-7786 (bmo#1365189) |
|
1021 |
Buffer overflow while painting non-displayable SVG |
|
1022 |
* CVE-2017-7806 (bmo#1378113) |
|
1023 |
Use-after-free in layer manager with SVG |
|
1024 |
* CVE-2017-7753 (bmo#1353312) |
|
1025 |
Out-of-bounds read with cached style data and pseudo-elements# |
|
1026 |
* CVE-2017-7787 (bmo#1322896) |
|
1027 |
Same-origin policy bypass with iframes through page reloads |
|
1028 |
* CVE-2017-7807 (bmo#1376459) |
|
1029 |
Domain hijacking through AppCache fallback |
|
1030 |
* CVE-2017-7792 (bmo#1368652) |
|
1031 |
Buffer overflow viewing certificates with an extremely long OID |
|
1032 |
* CVE-2017-7804 (bmo#1372849) |
|
1033 |
Memory protection bypass through WindowsDllDetourPatcher |
|
1034 |
* CVE-2017-7791 (bmo#1365875) |
|
1035 |
Spoofing following page navigation with data: protocol and modal alerts |
|
1036 |
* CVE-2017-7808 (bmo#1367531) |
|
1037 |
CSP information leak with frame-ancestors containing paths |
|
1038 |
* CVE-2017-7782 (bmo#1344034) |
|
1039 |
WindowsDllDetourPatcher allocates memory without DEP protections |
|
1040 |
* CVE-2017-7781 (bmo#1352039) |
|
1041 |
Elliptic curve point addition error when using mixed Jacobian-affine coordinates |
|
1042 |
* CVE-2017-7794 (bmo#1374281) |
|
1043 |
Linux file truncation via sandbox broker |
|
1044 |
* CVE-2017-7803 (bmo#1377426) |
|
1045 |
CSP containing 'sandbox' improperly applied |
|
1046 |
* CVE-2017-7799 (bmo#1372509) |
|
1047 |
Self-XSS XUL injection in about:webrtc |
|
1048 |
* CVE-2017-7783 (bmo#1360842) |
|
1049 |
DOS attack through long username in URL |
|
1050 |
* CVE-2017-7788 (bmo#1073952) |
|
1051 |
Sandboxed about:srcdoc iframes do not inherit CSP directives |
|
1052 |
* CVE-2017-7789 (bmo#1074642) |
|
1053 |
Failure to enable HSTS when two STS headers are sent for a connection |
|
1054 |
* CVE-2017-7790 (bmo#1350460) (Windows-only) |
|
1055 |
Windows crash reporter reads extra memory for some non-null-terminated registry values |
|
1056 |
* CVE-2017-7796 (bmo#1234401) (Windows-only) |
|
1057 |
Windows updater can delete any file named update.log |
|
1058 |
* CVE-2017-7797 (bmo#1334776) |
|
1059 |
Response header name interning leaks across origins |
|
1060 |
* CVE-2017-7780 |
|
1061 |
Memory safety bugs fixed in Firefox 55 |
|
1062 |
* CVE-2017-7779 |
|
1063 |
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 |
|
985 | 1064 |
- updated mozilla-kde.patch: |
1065 |
* removed "downloadfinished" alert as Firefox reimplemented the |
|
1066 |
whole thing (TODO: check if there is another function we should |
|
1067 |
hook in) |
|
1068 |
||
1069 |
------------------------------------------------------------------- |
|
983 | 1070 |
Tue Jul 4 20:08:47 UTC 2017 - wr@rosenauer.org |
1071 |
||
1072 |
- update to Firefox 54.0.1 |
|
1073 |
* Fix a display issue of tab title (bmo#1357656) |
|
1074 |
* Fix a display issue of opening new tab (bmo#1371995) |
|
1075 |
* Fix a display issue when opening multiple tabs (bmo#1371962) |
|
1076 |
* Fix a tab display issue when downloading files (bmo#1373109) |
|
1077 |
* Fix a PDF printing issue (bmo#1366744) |
|
1078 |
* Fix a Netflix issue on Linux (bmo#1375708) |
|
1079 |
||
1080 |
------------------------------------------------------------------- |
|
982 | 1081 |
Thu Jun 15 13:56:05 UTC 2017 - wr@rosenauer.org |
1082 |
||
1083 |
- update to Firefox 54.0 |
|
981 | 1084 |
* Clearer and more detailed information for download items in the |
1085 |
download panel |
|
1086 |
* Added Burmese (my) locale |
|
1087 |
* Bookmarks created on mobile devices are now shown in |
|
1088 |
"Mobile Bookmarks” folder in the drop down list from the toolbar |
|
1089 |
and Bookmarks option in the menu bar in Desktop Firefox |
|
982 | 1090 |
* added support for multiple content processes (e10s-multi) |
979 | 1091 |
- requires NSPR 4.14 and NSS 3.30.2 |
1092 |
- requires rust 1.15.1 |
|