1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org |
2 Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 58.0b15 |
4 - update to Firefox 58.0 (bsc#1077291) |
5 * Added Nepali (ne-NP) locale |
5 * Added Nepali (ne-NP) locale |
6 * Added support for form autofill for credit card |
6 * Added support for form autofill for credit card |
7 * Optimize page load by caching JavaScript internal representation |
7 * Optimize page load by caching JavaScript internal representation |
|
8 MFSA 2018-02 |
|
9 * CVE-2018-5091 (bmo#1423086) |
|
10 Use-after-free with DTMF timers |
|
11 * CVE-2018-5092 (bmo#1418074) |
|
12 Use-after-free in Web Workers |
|
13 * CVE-2018-5093 (bmo#1415291) |
|
14 Buffer overflow in WebAssembly during Memory/Table resizing |
|
15 * CVE-2018-5094 (bmo#1415883) |
|
16 Buffer overflow in WebAssembly with garbage collection on |
|
17 uninitialized memory |
|
18 * CVE-2018-5095 (bmo#1418447) |
|
19 Integer overflow in Skia library during edge builder allocation |
|
20 * CVE-2018-5097 (bmo#1387427) |
|
21 Use-after-free when source document is manipulated during XSLT |
|
22 * CVE-2018-5098 (bmo#1399400) |
|
23 Use-after-free while manipulating form input elements |
|
24 * CVE-2018-5099 (bmo#1416878) |
|
25 Use-after-free with widget listener |
|
26 * CVE-2018-5100 (bmo#1417405) |
|
27 Use-after-free when IsPotentiallyScrollable arguments are freed |
|
28 from memory |
|
29 * CVE-2018-5101 (bmo#1417661) |
|
30 Use-after-free with floating first-letter style elements |
|
31 * CVE-2018-5102 (bmo#1419363) |
|
32 Use-after-free in HTML media elements |
|
33 * CVE-2018-5103 (bmo#1423159) |
|
34 Use-after-free during mouse event handling |
|
35 * CVE-2018-5104 (bmo#1425000) |
|
36 Use-after-free during font face manipulation |
|
37 * CVE-2018-5105 (bmo#1390882) |
|
38 WebExtensions can save and execute files on local file system |
|
39 without user prompts |
|
40 * CVE-2018-5106 (bmo#1408708) |
|
41 Developer Tools can expose style editor information cross-origin |
|
42 through service worker |
|
43 * CVE-2018-5107 (bmo#1379276) |
|
44 Printing process will follow symlinks for local file access |
|
45 * CVE-2018-5108 (bmo#1421099) |
|
46 Manually entered blob URL can be accessed by subsequent private browsing tabs |
|
47 * CVE-2018-5109 (bmo#1405599) |
|
48 Audio capture prompts and starts with incorrect origin attribution |
|
49 * CVE-2018-5110 (bmo#1423275) (affects only OS X) |
|
50 Cursor can be made invisible on OS X |
|
51 * CVE-2018-5111 (bmo#1321619) |
|
52 URL spoofing in addressbar through drag and drop |
|
53 * CVE-2018-5112 (bmo#1425224) |
|
54 Extension development tools panel can open a non-relative URL in the panel |
|
55 * CVE-2018-5113 (bmo#1425267) |
|
56 WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow |
|
57 * CVE-2018-5114 (bmo#1421324) |
|
58 The old value of a cookie changed to HttpOnly remains accessible to scripts |
|
59 * CVE-2018-5115 (bmo#1409449) |
|
60 Background network requests can open HTTP authentication in unrelated foreground tabs |
|
61 * CVE-2018-5116 (bmo#1396399) |
|
62 WebExtension ActiveTab permission allows cross-origin frame content access |
|
63 * CVE-2018-5117 (bmo#1395508) |
|
64 URL spoofing with right-to-left text aligned left-to-right |
|
65 * CVE-2018-5118 (bmo#1420049) |
|
66 Activity Stream images can attempt to load local content through file: |
|
67 * CVE-2018-5119 (bmo#1420507) |
|
68 Reader view will load cross-origin content in violation of CORS headers |
|
69 * CVE-2018-5121 (bmo#1402368) (affects only OS X) |
|
70 OS X Tibetan characters render incompletely in the addressbar |
|
71 * CVE-2018-5122 (bmo#1413841) |
|
72 Potential integer overflow in DoCrypt |
|
73 * CVE-2018-5090 |
|
74 Memory safety bugs fixed in Firefox 58 |
|
75 * CVE-2018-5089 |
|
76 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 |
8 - requires NSS 3.34.1 |
77 - requires NSS 3.34.1 |
9 - requires rust 1.21 |
78 - requires rust 1.21 |
10 - removed obsolete patches: |
79 - removed obsolete patches: |
11 mozilla-bindgen-systemlibs.patch |
80 mozilla-bindgen-systemlibs.patch |
12 mozilla-bmo1360278.patch |
81 mozilla-bmo1360278.patch |