Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox74
changeset 1123 7fa561e5d7c7
parent 1122 a9cd24eaa361
child 1124 f890ebd6b627
equal deleted inserted replaced
1122:a9cd24eaa361 1123:7fa561e5d7c7 
       
     1 -------------------------------------------------------------------
 
       
     2 Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
 
       
     3 
       
     4 - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
 
       
     5   to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
 
       
     6   (bsc#1167132)
 
       
     7 
       
     8 -------------------------------------------------------------------
 
       
     9 Sat Mar  7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
       
    10 
       
    11 - Mozilla Firefox 74.0
 
       
    12   * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
 
       
    13   MFSA 2020-08 (bsc#1166238)
 
       
    14   * CVE-2020-6805 (bmo#1610880)
 
       
    15     Use-after-free when removing data about origins
 
       
    16   * CVE-2020-6806 (bmo#1612308)
 
       
    17     BodyStream::OnInputStreamReady was missing protections against
 
       
    18     state confusion
 
       
    19   * CVE-2020-6807 (bmo#1614971)
 
       
    20     Use-after-free in cubeb during stream destruction
 
       
    21   * CVE-2020-6808 (bmo#1247968)
 
       
    22     URL Spoofing via javascript: URL
 
       
    23   * CVE-2020-6809 (bmo#1420296)
 
       
    24     Web Extensions with the all-urls permission could access local
 
       
    25     files
 
       
    26   * CVE-2020-6810 (bmo#1432856)
 
       
    27     Focusing a popup while in fullscreen could have obscured the
 
       
    28     fullscreen notification
 
       
    29   * CVE-2020-6811 (bmo#1607742)
 
       
    30     Devtools' 'Copy as cURL' feature did not fully escape
 
       
    31     website-controlled data, potentially leading to command injection
 
       
    32   * CVE-2019-20503 (bmo#1613765)
 
       
    33     Out of bounds reads in sctp_load_addresses_from_init
 
       
    34   * CVE-2020-6812 (bmo#1616661)
 
       
    35     The names of AirPods with personally identifiable information
 
       
    36     were exposed to websites with camera or microphone permission
 
       
    37   * CVE-2020-6813 (bmo#1605814)
 
       
    38     @import statements in CSS could bypass the Content Security
 
       
    39     Policy nonce feature
 
       
    40   * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
 
       
    41     bmo#1614339)
 
       
    42     Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
 
       
    43   * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
 
       
    44     bmo#1612431)
 
       
    45     Memory and script safety bugs fixed in Firefox 74
 
       
    46 - requires
 
       
    47   * NSPR 4.25
 
       
    48   * NSS 3.50
 
       
    49   * rust-cbindgen 0.13.0
 
       
    50 - removed obsolete patches
 
       
    51   mozilla-bmo1610814.patch
 
       
    52   mozilla-cubeb-noreturn.patch
 
       
    53 - add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
 
       
    54   (bmo#1609538, boo#1166471)
 
       
    55 
     1 -------------------------------------------------------------------
 
    56 -------------------------------------------------------------------
 
     2 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
    57 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
     3 
    58 
     4 - big endian fixes
 
    59 - big endian fixes
 
     5 
    60
mozilla