|
1 ------------------------------------------------------------------- |
|
2 Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - Mozilla Firefox 70.0 |
|
5 * more privacy protections from Enhanced Tracking Protection |
|
6 * Firefox Lockwise passwordmanager |
|
7 * Improvements to core engine components, for better browsing on more sites |
|
8 * Improved privacy and security indicators |
|
9 MFSA 2019-34 |
|
10 * CVE-2018-6156 (bmo#1480088) |
|
11 Heap buffer overflow in FEC processing in WebRTC |
|
12 * CVE-2019-15903 (bmo#1584907) |
|
13 Heap overflow in expat library in XML_GetCurrentLineNumber |
|
14 * CVE-2019-11757 (bmo#1577107) |
|
15 Use-after-free when creating index updates in IndexedDB |
|
16 * CVE-2019-11759 (bmo#1577953) |
|
17 Stack buffer overflow in HKDF output |
|
18 * CVE-2019-11760 (bmo#1577719) |
|
19 Stack buffer overflow in WebRTC networking |
|
20 * CVE-2019-11761 (bmo#1561502) |
|
21 Unintended access to a privileged JSONView object |
|
22 * CVE-2019-11762 (bmo#1582857) |
|
23 document.domain-based origin isolation has same-origin-property violation |
|
24 * CVE-2019-11763 (bmo#1584216) |
|
25 Incorrect HTML parsing results in XSS bypass technique |
|
26 * CVE-2019-11765 (bmo#1562582) |
|
27 Incorrect permissions could be granted to a website |
|
28 * CVE-2019-17000 (bmo#1441468) |
|
29 CSP bypass using object tag with data: URI |
|
30 * CVE-2019-17001 (bmo#1587976) |
|
31 CSP bypass using object tag when script-src 'none' is specified |
|
32 * CVE-2019-17002 (bmo#1561056) |
|
33 upgrade-insecure-requests was not being honored for links dragged and dropped |
|
34 * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223, |
|
35 bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950, |
|
36 bmo#1583463, bmo#1586599) |
|
37 Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 |
|
38 - requires |
|
39 rust/cargo >= 1.36 |
|
40 NSPR >= 4.22 |
|
41 NSS >= 3.46.1 |
|
42 rust-cbindgen >= 0.9.1 |
|
43 - removed obsolete patches |
|
44 mozilla-bmo1573381.patch |
|
45 mozilla-nestegg-big-endian.patch |
|
46 |
1 ------------------------------------------------------------------- |
47 ------------------------------------------------------------------- |
2 Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
48 Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
3 |
49 |
4 - Mozilla Firefox 69.0.3 |
50 - Mozilla Firefox 69.0.3 |
5 * Fixed Yahoo mail users being prompted to download files when |
51 * Fixed Yahoo mail users being prompted to download files when |