Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 978 214d22b0c31c
parent 977 224d8137f02c
child 979 f82a374a310d
equal deleted inserted replaced
959:453d34bf1834 978:214d22b0c31c 
     1 -------------------------------------------------------------------
 
     1 -------------------------------------------------------------------
 
     2 Mon Apr 17 07:39:42 UTC 2017 - wr@rosenauer.org
 
     2 Thu Jun  1 04:25:05 UTC 2017 - kah0922@gmail.com
 
     3 
     3 
     4 - update to Firefox 53.0b10
 
     4 - remove -fno-inline-small-functions and explicitely optimize with
 
       
     5   -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
 
       
     6 
       
     7 -------------------------------------------------------------------
 
       
     8 Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org
 
       
     9 
       
    10 - switch to Mozilla's geolocation service (boo#1026989)
 
       
    11 - removed mozilla-preferences.patch obsoleted by overriding via
 
       
    12   firefox.js
 
       
    13 - fixed KDE integration to avoid crash caused by filepicker
 
       
    14   (boo#1015998)
 
       
    15 
       
    16 -------------------------------------------------------------------
 
       
    17 Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org
 
       
    18 
       
    19 - update to Firefox 53.0
 
     5   * requires NSS 3.29.5
 
    20   * requires NSS 3.29.5
 
     6   * Lightweight themes are now applied in private browsing windows
 
    21   * Lightweight themes are now applied in private browsing windows
 
     7   * Reader Mode now displays estimated reading time for the page
 
    22   * Reader Mode now displays estimated reading time for the page
 
     8   * Two new 'compact' themes available in Firefox, dark and light,
 
    23   * Two new 'compact' themes available in Firefox, dark and light,
 
     9     based on the Firefox Developer Edition theme
 
    24     based on the Firefox Developer Edition theme
 
    13   * Shortened titles on tabs are faded out instead of using ellipsis
 
    28   * Shortened titles on tabs are faded out instead of using ellipsis
 
    14     for improved readability
 
    29     for improved readability
 
    15   * Media playback on new tabs is blocked until the tab is visible
 
    30   * Media playback on new tabs is blocked until the tab is visible
 
    16   * Permission notifications have a cleaner design and cannot be
 
    31   * Permission notifications have a cleaner design and cannot be
 
    17     easily missed
 
    32     easily missed
 
       
    33   MFSA 2017-10
 
       
    34   * CVE-2017-5456 (bmo#1344415)
 
       
    35     Sandbox escape allowing local file system access
 
       
    36   * CVE-2017-5442 (bmo#1347979)
 
       
    37     Use-after-free during style changes
 
       
    38   * CVE-2017-5443 (bmo#1342661)
 
       
    39     Out-of-bounds write during BinHex decoding
 
       
    40   * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
 
       
    41      bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
 
       
    42     Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
 
       
    43     Firefox ESR 52.1
 
       
    44   * CVE-2017-5464 (bmo#1347075)
 
       
    45     Memory corruption with accessibility and DOM manipulation
 
       
    46   * CVE-2017-5465 (bmo#1347617)
 
       
    47     Out-of-bounds read in ConvolvePixel
 
       
    48   * CVE-2017-5466 (bmo#1353975)
 
       
    49     Origin confusion when reloading isolated data:text/html URL
 
       
    50   * CVE-2017-5467 (bmo#1347262)
 
       
    51     Memory corruption when drawing Skia content
 
       
    52   * CVE-2017-5460 (bmo#1343642)
 
       
    53     Use-after-free in frame selection
 
       
    54   * CVE-2017-5461 (bmo#1344380)
 
       
    55     Out-of-bounds write in Base64 encoding in NSS
 
       
    56   * CVE-2017-5448 (bmo#1346648)
 
       
    57     Out-of-bounds write in ClearKeyDecryptor
 
       
    58   * CVE-2017-5449 (bmo#1340127)
 
       
    59     Crash during bidirectional unicode manipulation with animation
 
       
    60   * CVE-2017-5446 (bmo#1343505)
 
       
    61     Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
 
       
    62   * CVE-2017-5447 (bmo#1343552)
 
       
    63     Out-of-bounds read during glyph processing
 
       
    64   * CVE-2017-5444 (bmo#1344461)
 
       
    65     Buffer overflow while parsing application/http-index-format content
 
       
    66   * CVE-2017-5445 (bmo#1344467)
 
       
    67     Uninitialized values used while parsing application/http-index-format
 
       
    68     content
 
       
    69   * CVE-2017-5468 (bmo#1329521)
 
       
    70     Incorrect ownership model for Private Browsing information
 
       
    71   * CVE-2017-5469 (bmo#1292534)
 
       
    72     Potential Buffer overflow in flex-generated code
 
       
    73   * CVE-2017-5440 (bmo#1336832)
 
       
    74     Use-after-free in txExecutionState destructor during XSLT processing
 
       
    75   * CVE-2017-5441 (bmo#1343795)
 
       
    76     Use-after-free with selection during scroll events
 
       
    77   * CVE-2017-5439 (bmo#1336830)
 
       
    78     Use-after-free in nsTArray Length() during XSLT processing
 
       
    79   * CVE-2017-5438 (bmo#1336828)
 
       
    80     Use-after-free in nsAutoPtr during XSLT processing
 
       
    81   * CVE-2017-5437 (bmo#1343453)
 
       
    82     Vulnerabilities in Libevent library
 
       
    83   * CVE-2017-5436 (bmo#1345461)
 
       
    84     Out-of-bounds write with malicious font in Graphite 2
 
       
    85   * CVE-2017-5435 (bmo#1350683)
 
       
    86     Use-after-free during transaction processing in the editor
 
       
    87   * CVE-2017-5434 (bmo#1349946)
 
       
    88     Use-after-free during focus handling
 
       
    89   * CVE-2017-5433 (bmo#1347168)
 
       
    90     Use-after-free in SMIL animation functions
 
       
    91   * CVE-2017-5432 (bmo#1346654)
 
       
    92     Use-after-free in text input selection
 
       
    93   * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
 
       
    94      bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
 
       
    95      bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
 
       
    96      bmo#1349719, bmo#1353476)
 
       
    97     Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
 
       
    98   * CVE-2017-5459 (bmo#1333858)
 
       
    99     Buffer overflow in WebGL
 
       
   100   * CVE-2017-5458 (bmo#1229426)
 
       
   101     Drag and drop of javascript: URLs can allow for self-XSS
 
       
   102   * CVE-2017-5455 (bmo#1341191)
 
       
   103     Sandbox escape through internal feed reader APIs
 
       
   104   * CVE-2017-5454 (bmo#1349276)
 
       
   105     Sandbox escape allowing file system read access through file picker
 
       
   106   * CVE-2017-5451 (bmo#1273537)
 
       
   107     Addressbar spoofing with onblur event
 
       
   108   * CVE-2017-5453 (bmo#1321247)
 
       
   109     HTML injection into RSS Reader feed preview page through
 
       
   110     TITLE element
 
       
   111   * CVE-2017-5462 (bmo#1345089)
 
       
   112     DRBG flaw in NSS
 
    18 - removed browser(npapi) provides as these plugins are deprecated
 
   113 - removed browser(npapi) provides as these plugins are deprecated
 
    19 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
 
   114 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
 
    20   Leap 42
 
   115   Leap 42
 
    21 - Gtk2 is not longer an option; switched to Gtk3
 
   116 - Gtk2 is not longer an option; switched to Gtk3
 
    22 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support
 
   117 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support
mozilla