|
1 ------------------------------------------------------------------- |
|
2 Mon Sep 4 18:27:44 UTC 2017 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 55.0.3 |
|
5 * Fix an issue with addons when using a path containing non-ascii |
|
6 characters (bmo#1389160) |
|
7 * Fix file uploads to some websites, including YouTube (bmo#1383518) |
|
8 - fix Google API key build integration |
|
9 - add mozilla-ucontext.patch to fix Tumbleweed build |
|
10 - do not enable XINPUT2 for now (boo#1053959) |
|
11 |
|
12 ------------------------------------------------------------------- |
|
13 Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org |
|
14 |
|
15 - update to Firefox 55.0.1 |
|
16 * Fix a regression the tab restoration process (bmo#1388160) |
|
17 * Fix a problem causing What's new pages not to be displayed (bmo#1386224) |
|
18 * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370) |
|
19 * Disable the predictor prefetch (bmo#1388160) |
|
20 |
1 ------------------------------------------------------------------- |
21 ------------------------------------------------------------------- |
2 Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
22 Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
3 |
23 |
4 - update to Firefox 55.0b13 |
24 - update to Firefox 55.0 (boo#1052829) |
5 * Browsing sessions with a high number of tabs are now restored |
25 * Browsing sessions with a high number of tabs are now restored |
6 in an instant |
26 in an instant |
7 * Sidebar (bookmarks, history, synced tabs) can now be moved to |
27 * Sidebar (bookmarks, history, synced tabs) can now be moved to |
8 the right edge of the window |
28 the right edge of the window |
9 * Fine-tune your browser performance from the Preferences/Options page. |
29 * Fine-tune your browser performance from the Preferences/Options page. |
30 restarted their browser 8 days after downloading an update or |
50 restarted their browser 8 days after downloading an update or |
31 users who opted out of automatic updates will see this change. |
51 users who opted out of automatic updates will see this change. |
32 * Insecure sites can no longer access the Geolocation APIs to get |
52 * Insecure sites can no longer access the Geolocation APIs to get |
33 access to your physical location |
53 access to your physical location |
34 * requires NSPR 4.15 and NSS 3.31 |
54 * requires NSPR 4.15 and NSS 3.31 |
|
55 MFSA 2017-18 |
|
56 * CVE-2017-7798 (bmo#1371586, bmo#1372112) |
|
57 XUL injection in the style editor in devtools |
|
58 * CVE-2017-7800 (bmo#1374047) |
|
59 Use-after-free in WebSockets during disconnection |
|
60 * CVE-2017-7801 (bmo#1371259) |
|
61 Use-after-free with marquee during window resizing |
|
62 * CVE-2017-7809 (bmo#1380284) |
|
63 Use-after-free while deleting attached editor DOM node |
|
64 * CVE-2017-7784 (bmo#1376087) |
|
65 Use-after-free with image observers |
|
66 * CVE-2017-7802 (bmo#1378147) |
|
67 Use-after-free resizing image elements |
|
68 * CVE-2017-7785 (bmo#1356985) |
|
69 Buffer overflow manipulating ARIA attributes in DOM |
|
70 * CVE-2017-7786 (bmo#1365189) |
|
71 Buffer overflow while painting non-displayable SVG |
|
72 * CVE-2017-7806 (bmo#1378113) |
|
73 Use-after-free in layer manager with SVG |
|
74 * CVE-2017-7753 (bmo#1353312) |
|
75 Out-of-bounds read with cached style data and pseudo-elements# |
|
76 * CVE-2017-7787 (bmo#1322896) |
|
77 Same-origin policy bypass with iframes through page reloads |
|
78 * CVE-2017-7807 (bmo#1376459) |
|
79 Domain hijacking through AppCache fallback |
|
80 * CVE-2017-7792 (bmo#1368652) |
|
81 Buffer overflow viewing certificates with an extremely long OID |
|
82 * CVE-2017-7804 (bmo#1372849) |
|
83 Memory protection bypass through WindowsDllDetourPatcher |
|
84 * CVE-2017-7791 (bmo#1365875) |
|
85 Spoofing following page navigation with data: protocol and modal alerts |
|
86 * CVE-2017-7808 (bmo#1367531) |
|
87 CSP information leak with frame-ancestors containing paths |
|
88 * CVE-2017-7782 (bmo#1344034) |
|
89 WindowsDllDetourPatcher allocates memory without DEP protections |
|
90 * CVE-2017-7781 (bmo#1352039) |
|
91 Elliptic curve point addition error when using mixed Jacobian-affine coordinates |
|
92 * CVE-2017-7794 (bmo#1374281) |
|
93 Linux file truncation via sandbox broker |
|
94 * CVE-2017-7803 (bmo#1377426) |
|
95 CSP containing 'sandbox' improperly applied |
|
96 * CVE-2017-7799 (bmo#1372509) |
|
97 Self-XSS XUL injection in about:webrtc |
|
98 * CVE-2017-7783 (bmo#1360842) |
|
99 DOS attack through long username in URL |
|
100 * CVE-2017-7788 (bmo#1073952) |
|
101 Sandboxed about:srcdoc iframes do not inherit CSP directives |
|
102 * CVE-2017-7789 (bmo#1074642) |
|
103 Failure to enable HSTS when two STS headers are sent for a connection |
|
104 * CVE-2017-7790 (bmo#1350460) (Windows-only) |
|
105 Windows crash reporter reads extra memory for some non-null-terminated registry values |
|
106 * CVE-2017-7796 (bmo#1234401) (Windows-only) |
|
107 Windows updater can delete any file named update.log |
|
108 * CVE-2017-7797 (bmo#1334776) |
|
109 Response header name interning leaks across origins |
|
110 * CVE-2017-7780 |
|
111 Memory safety bugs fixed in Firefox 55 |
|
112 * CVE-2017-7779 |
|
113 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 |
35 - updated mozilla-kde.patch: |
114 - updated mozilla-kde.patch: |
36 * removed "downloadfinished" alert as Firefox reimplemented the |
115 * removed "downloadfinished" alert as Firefox reimplemented the |
37 whole thing (TODO: check if there is another function we should |
116 whole thing (TODO: check if there is another function we should |
38 hook in) |
117 hook in) |
39 |
118 |