1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Thu Feb 19 22:43:47 UTC 2015 - wr@rosenauer.org |
2 Sun Mar 1 13:11:49 UTC 2015 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 36.0b10 |
4 - update to Firefox 37.0b1 |
5 * rebased patches |
5 - requires NSPR 4.10.8 |
|
6 |
|
7 ------------------------------------------------------------------- |
|
8 Fri Feb 20 22:53:39 UTC 2015 - wr@rosenauer.org |
|
9 |
|
10 - update to Firefox 36.0 (bnc#917597) |
6 * mozilla-xremote-client was removed |
11 * mozilla-xremote-client was removed |
7 * added libclearkey.so media plugin |
12 * added libclearkey.so media plugin |
|
13 * Pinned tiles on the new tab page can be synced |
|
14 * Support for the full HTTP/2 protocol. HTTP/2 enables a faster, |
|
15 more scalable, and more responsive web. |
|
16 * Locale added: Uzbek (uz) |
|
17 security fixes: |
|
18 * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 |
|
19 Miscellaneous memory safety hazards |
|
20 * MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
21 Invoking Mozilla updater will load locally stored DLL files |
|
22 (Windows only) |
|
23 * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) |
|
24 Appended period to hostnames can bypass HPKP and HSTS protections |
|
25 * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) |
|
26 Malicious WebGL content crash when writing strings |
|
27 * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) |
|
28 TLS TURN and STUN connections silently fail to simple TCP connections |
|
29 * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
30 Use-after-free in IndexedDB |
|
31 * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) |
|
32 Buffer overflow in libstagefright during MP4 video playback |
|
33 * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) |
|
34 Double-free when using non-default memory allocators with a |
|
35 zero-length XHR |
|
36 * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
37 Out-of-bounds read and write while rendering SVG content |
|
38 * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) |
|
39 Buffer overflow during CSS restyling |
|
40 * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) |
|
41 Buffer underflow during MP3 playback |
|
42 * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) |
|
43 Crash using DrawTarget in Cairo graphics library |
|
44 * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) |
|
45 Use-after-free in Developer Console date with OpenType Sanitiser |
|
46 * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
47 Reading of local files through manipulation of form autocomplete |
|
48 * MFSA 2015-25/CVE-2015-0821 (bmo#1111960) |
|
49 Local files or privileged URLs in pages can be opened into new tabs |
|
50 * MFSA 2015-26/CVE-2015-0819 (bmo#1079554) |
|
51 UI Tour whitelisted sites in background tab can spoof foreground |
|
52 tabs |
|
53 * MFSA 2015-27CVE-2015-0820 (bmo#1125398) |
|
54 Caja Compiler JavaScript sandbox bypass |
|
55 - rebased patches |
8 - requires NSS 3.17.4 |
56 - requires NSS 3.17.4 |
9 |
57 |
10 ------------------------------------------------------------------- |
58 ------------------------------------------------------------------- |
11 Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org |
59 Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org |
12 |
60 |