|
1 ------------------------------------------------------------------- |
|
2 Tue Mar 8 06:58:55 UTC 2016 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 38.7.0 (boo#969894) |
|
5 * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) |
|
6 Use-after-free in MediaStream playback |
|
7 * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
8 Same-origin policy violation using performance.getEntries and |
|
9 history navigation |
|
10 * MFSA 2016-16/CVE-2016-1952 |
|
11 Miscellaneous memory safety hazards |
|
12 * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) |
|
13 Local file overwriting and potential privilege escalation through |
|
14 CSP reports |
|
15 * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) |
|
16 Memory leak in libstagefright when deleting an array during MP4 |
|
17 processing |
|
18 * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) |
|
19 Displayed page address can be overridden |
|
20 * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) |
|
21 Use-after-free in HTML5 string parser |
|
22 * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) |
|
23 Use-after-free in SetBody |
|
24 * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) |
|
25 Use-after-free when using multiple WebRTC data channels |
|
26 * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) |
|
27 Use-after-free during XML transformations |
|
28 * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) |
|
29 Addressbar spoofing though history navigation and Location protocol |
|
30 property |
|
31 * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) |
|
32 Memory corruption with malicious NPAPI plugin |
|
33 * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) |
|
34 Out-of-bounds read in HTML parser following a failed allocation |
|
35 * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ |
|
36 CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ |
|
37 CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ |
|
38 CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 |
|
39 Font vulnerabilities in the Graphite 2 library |
|
40 |
|
41 ------------------------------------------------------------------- |
|
42 Mon Jan 25 10:29:11 UTC 2016 - wr@rosenauer.org |
|
43 |
|
44 - update to Firefox 38.6.0esr (boo#963520) |
|
45 * MFSA 2016-01/CVE-2016-1930 |
|
46 Miscellaneous memory safety hazards |
|
47 * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) |
|
48 Buffer overflow in WebGL after out of memory allocation |
|
49 |
|
50 ------------------------------------------------------------------- |
|
51 Tue Dec 29 20:43:18 UTC 2015 - wr@rosenauer.org |
|
52 |
|
53 - update to Firefox 38.5.2 |
|
54 - some spec file changes to support 11.4 again |
|
55 |
1 ------------------------------------------------------------------- |
56 ------------------------------------------------------------------- |
2 Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org |
57 Sat Dec 12 09:09:25 UTC 2015 - wr@rosenauer.org |
3 |
58 |
4 - update to Firefox 38.5.0 (bnc#) |
59 - update to Firefox 38.5.0 (bnc#959277) |
|
60 * MFSA 2015-134/CVE-2015-7201 |
|
61 Miscellaneous memory safety hazards |
|
62 * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
63 Use-after-free in WebRTC when datachannel is used after being |
|
64 destroyed |
|
65 * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
66 Integer overflow allocating extremely large textures |
|
67 * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
68 Underflow through code inspection |
|
69 * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
70 Integer overflow in MP4 playback in 64-bit versions |
|
71 * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
72 Integer underflow and buffer overflow processing MP4 metadata in |
|
73 libstagefright |
|
74 * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
75 Cross-site reading attack through data and view-source URIs |
5 |
76 |
6 ------------------------------------------------------------------- |
77 ------------------------------------------------------------------- |
7 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org |
78 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org |
8 |
79 |
9 - update to Firefox 38.4.0 (bnc#952810) |
80 - update to Firefox 38.4.0 (bnc#952810) |