|
1 ------------------------------------------------------------------- |
|
2 Fri Oct 30 21:31:52 UTC 2015 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 38.4.0 (bnc#952810) |
|
5 * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 |
|
6 Miscellaneous memory safety hazards |
|
7 * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) |
|
8 Trailing whitespace in IP address hostnames can bypass same-origin policy |
|
9 * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) |
|
10 Buffer overflow during image interactions in canvas |
|
11 * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) |
|
12 CORS preflight is bypassed when non-standard Content-Type headers |
|
13 are received |
|
14 * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) |
|
15 Memory corruption in libjar through zip files |
|
16 * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) |
|
17 JavaScript garbage collection crash with Java applet |
|
18 * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 |
|
19 (bmo#1188010, bmo#1204061, bmo#1204155) |
|
20 Vulnerabilities found through code inspection |
|
21 * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) |
|
22 Mixed content WebSocket policy bypass through workers |
|
23 * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 |
|
24 (bmo#1202868, bmo#1205157) |
|
25 NSS and NSPR memory corruption issues |
|
26 (fixed in mozilla-nspr and mozilla-nss packages) |
|
27 - requires NSPR 4.10.10 and NSS 3.19.2.1 |
|
28 |
|
29 ------------------------------------------------------------------- |
|
30 Tue Sep 22 07:01:24 UTC 2015 - wr@rosenauer.org |
|
31 |
|
32 - update to Firefox 38.3.0esr (bnc#947003) |
|
33 * MFSA 2015-96/CVE-2015-4500 |
|
34 Miscellaneous memory safety hazards |
|
35 * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
|
36 Arbitrary file manipulation by local user through Mozilla updater |
|
37 * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
|
38 Buffer overflow in libvpx while parsing vp9 format video |
|
39 * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
|
40 Buffer overflow while decoding WebM video |
|
41 * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
|
42 Use-after-free while manipulating HTML media content |
|
43 * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
|
44 Dragging and dropping images exposes final URL after redirects |
|
45 * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
|
46 Errors in the handling of CORS preflight request headers |
|
47 * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
|
48 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
|
49 CVE-2015-7180 |
|
50 Vulnerabilities found through code inspection |
|
51 * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
|
52 bmo#1190526) (Windows only) |
|
53 Memory safety errors in libGLES in the ANGLE graphics library |
|
54 |
|
55 ------------------------------------------------------------------- |
|
56 Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org |
|
57 |
|
58 - update to Firefox 38.2.1 (bnc#943550) |
|
59 * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) |
|
60 Use-after-free when resizing canvas element during restyling |
|
61 * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) |
|
62 Add-on notification bypass through data URLs |
|
63 |
1 ------------------------------------------------------------------- |
64 ------------------------------------------------------------------- |
2 Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org |
65 Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org |
3 |
66 |
4 - update to Firefox 38.2.0esr (bnc#940806) |
67 - update to Firefox 38.2.0esr (bnc#940806) |
|
68 * MFSA 2015-79/CVE-2015-4473 |
|
69 Miscellaneous memory safety hazards |
|
70 * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
71 Out-of-bounds read with malformed MP3 file |
|
72 * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
73 Redefinition of non-configurable JavaScript object properties |
|
74 * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
75 Overflow issues in libstagefright |
|
76 * MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
77 Arbitrary file overwriting through Mozilla Maintenance Service |
|
78 with hard links (only affected Windows) |
|
79 * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
80 Out-of-bounds write with Updater and malicious MAR file |
|
81 (does not affect openSUSE RPM packages which do not ship the |
|
82 updater) |
|
83 * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
84 Crash when using shared memory in JavaScript |
|
85 * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
86 Heap overflow in gdk-pixbuf when scaling bitmap images |
|
87 * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
88 Buffer overflows on Libvpx when decoding WebM video |
|
89 * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
90 Vulnerabilities found through code inspection |
|
91 * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
92 Use-after-free in XMLHttpRequest with shared workers |
5 - rebased mozilla-repo.patch |
93 - rebased mozilla-repo.patch |
6 |
94 |
7 ------------------------------------------------------------------- |
95 ------------------------------------------------------------------- |
8 Fri Aug 7 09:24:56 UTC 2015 - wr@rosenauer.org |
96 Fri Aug 7 09:24:56 UTC 2015 - wr@rosenauer.org |
9 |
97 |