1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Mon Apr 17 07:39:42 UTC 2017 - wr@rosenauer.org |
2 Thu Jun 1 04:25:05 UTC 2017 - kah0922@gmail.com |
3 |
3 |
4 - update to Firefox 53.0b10 |
4 - remove -fno-inline-small-functions and explicitely optimize with |
|
5 -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) |
|
6 |
|
7 ------------------------------------------------------------------- |
|
8 Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org |
|
9 |
|
10 - switch to Mozilla's geolocation service (boo#1026989) |
|
11 - removed mozilla-preferences.patch obsoleted by overriding via |
|
12 firefox.js |
|
13 - fixed KDE integration to avoid crash caused by filepicker |
|
14 (boo#1015998) |
|
15 |
|
16 ------------------------------------------------------------------- |
|
17 Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org |
|
18 |
|
19 - update to Firefox 53.0 |
5 * requires NSS 3.29.5 |
20 * requires NSS 3.29.5 |
6 * Lightweight themes are now applied in private browsing windows |
21 * Lightweight themes are now applied in private browsing windows |
7 * Reader Mode now displays estimated reading time for the page |
22 * Reader Mode now displays estimated reading time for the page |
8 * Two new 'compact' themes available in Firefox, dark and light, |
23 * Two new 'compact' themes available in Firefox, dark and light, |
9 based on the Firefox Developer Edition theme |
24 based on the Firefox Developer Edition theme |
13 * Shortened titles on tabs are faded out instead of using ellipsis |
28 * Shortened titles on tabs are faded out instead of using ellipsis |
14 for improved readability |
29 for improved readability |
15 * Media playback on new tabs is blocked until the tab is visible |
30 * Media playback on new tabs is blocked until the tab is visible |
16 * Permission notifications have a cleaner design and cannot be |
31 * Permission notifications have a cleaner design and cannot be |
17 easily missed |
32 easily missed |
|
33 MFSA 2017-10 |
|
34 * CVE-2017-5456 (bmo#1344415) |
|
35 Sandbox escape allowing local file system access |
|
36 * CVE-2017-5442 (bmo#1347979) |
|
37 Use-after-free during style changes |
|
38 * CVE-2017-5443 (bmo#1342661) |
|
39 Out-of-bounds write during BinHex decoding |
|
40 * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, |
|
41 bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) |
|
42 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and |
|
43 Firefox ESR 52.1 |
|
44 * CVE-2017-5464 (bmo#1347075) |
|
45 Memory corruption with accessibility and DOM manipulation |
|
46 * CVE-2017-5465 (bmo#1347617) |
|
47 Out-of-bounds read in ConvolvePixel |
|
48 * CVE-2017-5466 (bmo#1353975) |
|
49 Origin confusion when reloading isolated data:text/html URL |
|
50 * CVE-2017-5467 (bmo#1347262) |
|
51 Memory corruption when drawing Skia content |
|
52 * CVE-2017-5460 (bmo#1343642) |
|
53 Use-after-free in frame selection |
|
54 * CVE-2017-5461 (bmo#1344380) |
|
55 Out-of-bounds write in Base64 encoding in NSS |
|
56 * CVE-2017-5448 (bmo#1346648) |
|
57 Out-of-bounds write in ClearKeyDecryptor |
|
58 * CVE-2017-5449 (bmo#1340127) |
|
59 Crash during bidirectional unicode manipulation with animation |
|
60 * CVE-2017-5446 (bmo#1343505) |
|
61 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data |
|
62 * CVE-2017-5447 (bmo#1343552) |
|
63 Out-of-bounds read during glyph processing |
|
64 * CVE-2017-5444 (bmo#1344461) |
|
65 Buffer overflow while parsing application/http-index-format content |
|
66 * CVE-2017-5445 (bmo#1344467) |
|
67 Uninitialized values used while parsing application/http-index-format |
|
68 content |
|
69 * CVE-2017-5468 (bmo#1329521) |
|
70 Incorrect ownership model for Private Browsing information |
|
71 * CVE-2017-5469 (bmo#1292534) |
|
72 Potential Buffer overflow in flex-generated code |
|
73 * CVE-2017-5440 (bmo#1336832) |
|
74 Use-after-free in txExecutionState destructor during XSLT processing |
|
75 * CVE-2017-5441 (bmo#1343795) |
|
76 Use-after-free with selection during scroll events |
|
77 * CVE-2017-5439 (bmo#1336830) |
|
78 Use-after-free in nsTArray Length() during XSLT processing |
|
79 * CVE-2017-5438 (bmo#1336828) |
|
80 Use-after-free in nsAutoPtr during XSLT processing |
|
81 * CVE-2017-5437 (bmo#1343453) |
|
82 Vulnerabilities in Libevent library |
|
83 * CVE-2017-5436 (bmo#1345461) |
|
84 Out-of-bounds write with malicious font in Graphite 2 |
|
85 * CVE-2017-5435 (bmo#1350683) |
|
86 Use-after-free during transaction processing in the editor |
|
87 * CVE-2017-5434 (bmo#1349946) |
|
88 Use-after-free during focus handling |
|
89 * CVE-2017-5433 (bmo#1347168) |
|
90 Use-after-free in SMIL animation functions |
|
91 * CVE-2017-5432 (bmo#1346654) |
|
92 Use-after-free in text input selection |
|
93 * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, |
|
94 bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, |
|
95 bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, |
|
96 bmo#1349719, bmo#1353476) |
|
97 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 |
|
98 * CVE-2017-5459 (bmo#1333858) |
|
99 Buffer overflow in WebGL |
|
100 * CVE-2017-5458 (bmo#1229426) |
|
101 Drag and drop of javascript: URLs can allow for self-XSS |
|
102 * CVE-2017-5455 (bmo#1341191) |
|
103 Sandbox escape through internal feed reader APIs |
|
104 * CVE-2017-5454 (bmo#1349276) |
|
105 Sandbox escape allowing file system read access through file picker |
|
106 * CVE-2017-5451 (bmo#1273537) |
|
107 Addressbar spoofing with onblur event |
|
108 * CVE-2017-5453 (bmo#1321247) |
|
109 HTML injection into RSS Reader feed preview page through |
|
110 TITLE element |
|
111 * CVE-2017-5462 (bmo#1345089) |
|
112 DRBG flaw in NSS |
18 - removed browser(npapi) provides as these plugins are deprecated |
113 - removed browser(npapi) provides as these plugins are deprecated |
19 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
114 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
20 Leap 42 |
115 Leap 42 |
21 - Gtk2 is not longer an option; switched to Gtk3 |
116 - Gtk2 is not longer an option; switched to Gtk3 |
22 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support |
117 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support |