1 -------------------------------------------------------------------

     2 Sat Nov 21 08:12:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org>

     3 

     4 - Add/Enable GNOME search provider

     5 

     6 -------------------------------------------------------------------

     7 Sun Nov 15 12:16:53 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>

     8 

     9 - Mozilla Firefox 83.0

    10   * major update for SpiderMonkey improving performance significantly

    11   * optional HTTPS-Only mode

    12   * more improvements

    13     https://www.mozilla.org/en-US/firefox/83.0/releasenotes/

    14   MFSA 2020-50 (bsc#1178824))

    15   * CVE-2020-26951 (bmo#1667113)

    16     Parsing mismatches could confuse and bypass security

    17     sanitizer for chrome privileged code

    18   * CVE-2020-26952 (bmo#1667685)

    19     Out of memory handling of JITed, inlined functions could lead

    20     to a memory corruption

    21   * CVE-2020-16012 (bmo#1642028)

    22     Variable time processing of cross-origin images during

    23     drawImage calls

    24   * CVE-2020-26953 (bmo#1656741)

    25     Fullscreen could be enabled without displaying the security UI

    26   * CVE-2020-26954 (bmo#1657026)

    27     Local spoofing of web manifests for arbitrary pages in

    28     Firefox for Android

    29   * CVE-2020-26955 (bmo#1663261)

    30     Cookies set during file downloads are shared between normal

    31     and Private Browsing Mode in Firefox for Android

    32   * CVE-2020-26956 (bmo#1666300)

    33     XSS through paste (manual and clipboard API)

    34   * CVE-2020-26957 (bmo#1667179)

    35     OneCRL was not working in Firefox for Android

    36   * CVE-2020-26958 (bmo#1669355)

    37     Requests intercepted through ServiceWorkers lacked MIME type

    38     restrictions

    39   * CVE-2020-26959 (bmo#1669466)

    40     Use-after-free in WebRequestService

    41   * CVE-2020-26960 (bmo#1670358)

    42     Potential use-after-free in uses of nsTArray

    43   * CVE-2020-15999 (bmo#1672223)

    44     Heap buffer overflow in freetype

    45   * CVE-2020-26961 (bmo#1672528)

    46     DoH did not filter IPv4 mapped IP Addresses

    47   * CVE-2020-26962 (bmo#610997)

    48     Cross-origin iframes supported login autofill

    49   * CVE-2020-26963 (bmo#1314912)

    50     History and Location interfaces could have been used to hang

    51     the browser

    52   * CVE-2020-26964 (bmo#1658865)

    53     Firefox for Android's Remote Debugging via USB could have

    54     been abused by untrusted apps on older versions of Android

    55   * CVE-2020-26965 (bmo#1661617)

    56     Software keyboards may have remembered typed passwords

    57   * CVE-2020-26966 (bmo#1663571)

    58     Single-word search queries were also broadcast to local

    59     network

    60   * CVE-2020-26967 (bmo#1665820)

    61     Mutation Observers could break or confuse Firefox Screenshots

    62     feature

    63   * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,

    64     bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,

    65     bmo#1671923)

    66     Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

    67   * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872,

    68     bmo#1668876)

    69     Memory safety bugs fixed in Firefox 83

    70 - requires

    71   NSS >= 3.58

    72   nodejs >= 10.22.1

    73 - removed obsolete mozilla-ppc-altivec_static_inline.patch

    74 - disable LTO on TW because of ICEs in gcc

    75 

    80   MSFA 2020-49

    81   * CVE-2020-26950 (bmo#1675905)

    82     Write side effects in MCallGetProperty opcode not accounted for

    89 

    90 -------------------------------------------------------------------

    91 Sun Nov  1 20:15:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org>

    92 

    93 - Enable GNOME search provider