|
1 ------------------------------------------------------------------- |
|
2 Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
|
3 |
|
4 - Add desktop menu action for private browsing window to desktop |
|
5 file (boo#954747) |
|
6 - remove obsolete patch mozilla-bmo1005535.patch completely from |
|
7 source package to avoid automatic check failures |
|
8 |
1 ------------------------------------------------------------------- |
9 ------------------------------------------------------------------- |
2 Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
10 Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
3 |
11 |
4 - update to Firefox 42.0 (bnc#952810) |
12 - update to Firefox 42.0 (bnc#952810) |
5 * Private Browsing with Tracking Protection blocks certain Web |
13 * Private Browsing with Tracking Protection blocks certain Web |
7 * Control Center that contains site security and privacy controls |
15 * Control Center that contains site security and privacy controls |
8 * Login Manager improvements |
16 * Login Manager improvements |
9 * WebRTC improvements |
17 * WebRTC improvements |
10 * Indicator added to tabs that play audio with one-click muting |
18 * Indicator added to tabs that play audio with one-click muting |
11 * Media Source Extension for HTML5 video available for all sites |
19 * Media Source Extension for HTML5 video available for all sites |
12 - requires NSPR 4.10.10 and NSS 3.19.4 |
20 security fixes: |
|
21 * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 |
|
22 Miscellaneous memory safety hazards |
|
23 * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) |
|
24 Information disclosure through NTLM authentication |
|
25 * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) |
|
26 CSP bypass due to permissive Reader mode whitelist |
|
27 * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) |
|
28 Firefox for Android addressbar can be removed after fullscreen mode |
|
29 * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) |
|
30 Reading sensitive profile files through local HTML file on Android |
|
31 * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) |
|
32 disabling scripts in Add-on SDK panels has no effect |
|
33 * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) |
|
34 Trailing whitespace in IP address hostnames can bypass same-origin policy |
|
35 * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) |
|
36 Buffer overflow during image interactions in canvas |
|
37 * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) |
|
38 Android intents can be used on Firefox for Android to open privileged files |
|
39 * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) |
|
40 XSS attack through intents on Firefox for Android |
|
41 * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) |
|
42 Crash when accessing HTML tables with accessibility tools on OS X |
|
43 * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) |
|
44 CORS preflight is bypassed when non-standard Content-Type headers |
|
45 are received |
|
46 * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) |
|
47 Memory corruption in libjar through zip files |
|
48 * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) |
|
49 Certain escaped characters in host of Location-header are being |
|
50 treated as non-escaped |
|
51 * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) |
|
52 JavaScript garbage collection crash with Java applet |
|
53 * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 |
|
54 (bmo#1188010, bmo#1204061, bmo#1204155) |
|
55 Vulnerabilities found through code inspection |
|
56 * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) |
|
57 Mixed content WebSocket policy bypass through workers |
|
58 * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 |
|
59 (bmo#1202868, bmo#1205157) |
|
60 NSS and NSPR memory corruption issues |
|
61 (fixed in mozilla-nspr and mozilla-nss packages) |
|
62 - requires NSPR >= 4.10.10 and NSS >= 3.19.4 |
13 - removed obsolete patches |
63 - removed obsolete patches |
14 * mozilla-arm-disable-edsp.patch |
64 * mozilla-arm-disable-edsp.patch |
15 * mozilla-icu-strncat.patch |
65 * mozilla-icu-strncat.patch |
16 * mozilla-skia-be-le.patch |
66 * mozilla-skia-be-le.patch |
17 * toolkit-download-folder.patch |
67 * toolkit-download-folder.patch |