Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox52
changeset 945 7b1e775ff77a
parent 944 ce8a98f8d8d7
child 946 34bd1eb1cbd7
equal deleted inserted replaced
944:ce8a98f8d8d7 945:7b1e775ff77a 
       
     1 -------------------------------------------------------------------
 
       
     2 Thu Mar  9 12:30:14 UTC 2017 - wr@rosenauer.org
 
       
     3 
       
     4 - reenable ALSA support which was removed by default upstream
 
       
     5 
     1 -------------------------------------------------------------------
 
     6 -------------------------------------------------------------------
 
     2 Sat Mar  4 16:57:45 UTC 2017 - wr@rosenauer.org
 
     7 Sat Mar  4 16:57:45 UTC 2017 - wr@rosenauer.org
 
     3 
     8 
     4 - update to Firefox 52.0
 
     9 - update to Firefox 52.0 (boo#1028391)
 
     5   * requires NSS >= 3.28.3
 
    10   * requires NSS >= 3.28.3
 
     6   * Pages containing insecure password fields now display a warning
 
    11   * Pages containing insecure password fields now display a warning
 
     7     directly within username and password fields.
 
    12     directly within username and password fields.
 
     8   * Windows 8 touch screen support for multiprocess Firefox
 
       
     9   * Send and open a tab from one device to another with Sync
 
    13   * Send and open a tab from one device to another with Sync
 
    10   * Removed NPAPI support for plugins other than Flash. Silverlight,
 
    14   * Removed NPAPI support for plugins other than Flash. Silverlight,
 
    11     Java, Acrobat and the like are no longer supported.
 
    15     Java, Acrobat and the like are no longer supported.
 
    12   * Removed Battery Status API to reduce fingerprinting of users by
 
    16   * Removed Battery Status API to reduce fingerprinting of users by
 
    13     trackers
 
    17     trackers
 
       
    18   * MFSA 2017-05
 
       
    19     CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 
       
    20                    (bmo#1334933)
 
       
    21     CVE-2017-5401: Memory Corruption when handling ErrorResult
 
       
    22                    (bmo#1328861)
 
       
    23     CVE-2017-5402: Use-after-free working with events in FontFace
 
       
    24                    objects (bmo#1334876)
 
       
    25     CVE-2017-5403: Use-after-free using addRange to add range to an
 
       
    26                    incorrect root object (bmo#1340186)
 
       
    27     CVE-2017-5404: Use-after-free working with ranges in selections
 
       
    28                    (bmo#1340138)
 
       
    29     CVE-2017-5406: Segmentation fault in Skia with canvas operations
 
       
    30                    (bmo#1306890)
 
       
    31     CVE-2017-5407: Pixel and history stealing via floating-point
 
       
    32                    timing side channel with SVG filters (bmo#1336622)
 
       
    33     CVE-2017-5410: Memory corruption during JavaScript garbage
 
       
    34                    collection incremental sweeping (bmo#1330687)
 
       
    35     CVE-2017-5408: Cross-origin reading of video captions in violation
 
       
    36                    of CORS (bmo#1313711)
 
       
    37     CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
 
       
    38     CVE-2017-5413: Segmentation fault during bidirectional operations
 
       
    39                    (bmo#1337504)
 
       
    40     CVE-2017-5414: File picker can choose incorrect default directory
 
       
    41                    (bmo#1319370)
 
       
    42     CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
 
       
    43     CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
 
       
    44     CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
 
       
    45                    (bmo#791597)
 
       
    46     CVE-2017-5426: Gecko Media Plugin sandbox is not started if
 
       
    47                    seccomp-bpf filter is running (bmo#1257361)
 
       
    48     CVE-2017-5427: Non-existent chrome.manifest file loaded during
 
       
    49                    startup (bmo#1295542)
 
       
    50     CVE-2017-5418: Out of bounds read when parsing HTTP digest
 
       
    51                    authorization responses (bmo#1338876)
 
       
    52     CVE-2017-5419: Repeated authentication prompts lead to DOS
 
       
    53                    attack (bmo#1312243)
 
       
    54     CVE-2017-5420: Javascript: URLs can obfuscate addressbar
 
       
    55                    location (bmo#1284395)
 
       
    56     CVE-2017-5405: FTP response codes can cause use of
 
       
    57                    uninitialized values for ports (bmo#1336699)
 
       
    58     CVE-2017-5421: Print preview spoofing (bmo#1301876)
 
       
    59     CVE-2017-5422: DOS attack by using view-source: protocol
 
       
    60                    repeatedly in one hyperlink (bmo#1295002)
 
       
    61     CVE-2017-5399: Memory safety bugs fixed in Firefox 52
 
       
    62     CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
 
       
    63                    Firefox ESR 45.8
 
    14 - removed obsolete patches
 
    64 - removed obsolete patches
 
    15   * mozilla-binutils-visibility.patch
 
    65   * mozilla-binutils-visibility.patch
 
    16   * mozilla-check_return.patch
 
    66   * mozilla-check_return.patch
 
    17   * mozilla-disable-skia-be.patch
 
    67   * mozilla-disable-skia-be.patch
 
    18   * mozilla-skia-overflow.patch
 
    68   * mozilla-skia-overflow.patch
mozilla