1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org |
2 Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 18.0 (bnc#796895) |
4 - update to Firefox 18.0 (bnc#796895) |
5 * requires NSS 3.14.1 |
5 * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 |
6 * removed obsolete SLE11 patches (mozilla-gcc43*) |
6 Miscellaneous memory safety hazards |
7 - ported patches |
7 * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 |
|
8 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 |
|
9 Use-after-free and buffer overflow issues found using Address Sanitizer |
|
10 * MFSA 2013-03/CVE-2013-0768 (bmo#815795) |
|
11 Buffer Overflow in Canvas |
|
12 * MFSA 2013-04/CVE-2012-0759 (bmo#802026) |
|
13 URL spoofing in addressbar during page loads |
|
14 * MFSA 2013-05/CVE-2013-0744 (bmo#814713) |
|
15 Use-after-free when displaying table with many columns and column groups |
|
16 * MFSA 2013-06/CVE-2013-0751 (bmo#790454) |
|
17 Touch events are shared across iframes |
|
18 * MFSA 2013-07/CVE-2013-0764 (bmo#804237) |
|
19 Crash due to handling of SSL on threads |
|
20 * MFSA 2013-08/CVE-2013-0745 (bmo#794158) |
|
21 AutoWrapperChanger fails to keep objects alive during garbage collection |
|
22 * MFSA 2013-09/CVE-2013-0746 (bmo#816842) |
|
23 Compartment mismatch with quickstubs returned values |
|
24 * MFSA 2013-10/CVE-2013-0747 (bmo#733305) |
|
25 Event manipulation in plugin handler to bypass same-origin policy |
|
26 * MFSA 2013-11/CVE-2013-0748 (bmo#806031) |
|
27 Address space layout leaked in XBL objects |
|
28 * MFSA 2013-12/CVE-2013-0750 (bmo#805121) |
|
29 Buffer overflow in Javascript string concatenation |
|
30 * MFSA 2013-13/CVE-2013-0752 (bmo#805024) |
|
31 Memory corruption in XBL with XML bindings containing SVG |
|
32 * MFSA 2013-14/CVE-2013-0757 (bmo#813901) |
|
33 Chrome Object Wrapper (COW) bypass through changing prototype |
|
34 * MFSA 2013-15/CVE-2013-0758 (bmo#813906) |
|
35 Privilege escalation through plugin objects |
|
36 * MFSA 2013-16/CVE-2013-0753 (bmo#814001) |
|
37 Use-after-free in serializeToStream |
|
38 * MFSA 2013-17/CVE-2013-0754 (bmo#814026) |
|
39 Use-after-free in ListenerManager |
|
40 * MFSA 2013-18/CVE-2013-0755 (bmo#814027) |
|
41 Use-after-free in Vibrate |
|
42 * MFSA 2013-19/CVE-2013-0756 (bmo#814029) |
|
43 Use-after-free in Javascript Proxy objects |
|
44 - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) |
|
45 - removed obsolete SLE11 patches (mozilla-gcc43*) |
8 - reenable WebRTC |
46 - reenable WebRTC |
9 - added mozilla-libproxy-compat.patch for libproxy API compat |
47 - added mozilla-libproxy-compat.patch for libproxy API compat |
10 on openSUSE 11.2 and earlier |
48 on openSUSE 11.2 and earlier |
|
49 - backed out restartless language packs as it broke multi-locale |
|
50 setup (bmo#677092, bmo#818468) |
11 |
51 |
12 ------------------------------------------------------------------- |
52 ------------------------------------------------------------------- |
13 Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org |
53 Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org |
14 |
54 |
15 - update to Firefox 17.0.1 |
55 - update to Firefox 17.0.1 |