Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox60
changeset 1080 e8d4a33582b8
parent 1064 af29b3ac33ae
child 1090 554cd9503f75
equal deleted inserted replaced
1064:af29b3ac33ae 1080:e8d4a33582b8 
       
     1 -------------------------------------------------------------------
 
       
     2 Mon Dec 10 21:25:38 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
 
       
     3 
       
     4 - Mozilla Firefox 60.4.0esr:
 
       
     5   MFSA 2018-29
 
       
     6 - requires NSS >= 3.36.6
 
       
     7 
       
     8 -------------------------------------------------------------------
 
       
     9 Tue Oct 23 20:35:31 UTC 2018 - astieger@suse.com
 
       
    10 
       
    11 - Mozilla Firefox 60.3.0esr:
 
       
    12   * Various stability and regression fixes
 
       
    13   MFSA 2018-27 bsc#1112852
 
       
    14   * CVE-2018-12392 bmo#1492823
 
       
    15     Crash with nested event loops
 
       
    16   * CVE-2018-12393 bmo#1495011
 
       
    17     Integer overflow during Unicode conversion while loading
 
       
    18     JavaScript
 
       
    19   * CVE-2018-12395 bmo#1467523
 
       
    20     WebExtension bypass of domain restrictions through header
 
       
    21     rewriting
 
       
    22   * CVE-2018-12396 bmo#1483602
 
       
    23     WebExtension content scripts can execute in disallowed
 
       
    24     contexts
 
       
    25   * CVE-2018-12397 bmo#1487478
 
       
    26     WebExtension local file access vulnerability
 
       
    27   * CVE-2018-12389 bmo#1498460, bmo#1499198
 
       
    28     Memory safety bugs fixed in Firefox ESR 60.3
 
       
    29   * CVE-2018-12390 bmo#1487098 bmo#1487660 bmo#1490234 bmo#1496159
 
       
    30     bmo#1443748 bmo#1496340 bmo#1483905 bmo#1493347 bmo#1488803
 
       
    31     bmo#1498701 bmo#1498482 bmo#1442010 bmo#1495245 bmo#1483699
 
       
    32     bmo#1469486 bmo#1484905 bmo#1490561 bmo#1492524 bmo#1481844
 
       
    33     Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
 
       
    34 
       
    35 -------------------------------------------------------------------
 
       
    36 Tue Oct  2 21:28:31 UTC 2018 - astieger@suse.com
 
       
    37 
       
    38 - Mozilla Firefox 60.2.2esr:
 
       
    39   MFSA 2018-24
 
       
    40   * CVE-2018-12386 (bsc#1110506, bmo#1493900)
 
       
    41     Type confusion in JavaScript allowed remote code execution
 
       
    42   * CVE-2018-12387 (bsc#1110507, bmo#1493903)
 
       
    43     Array.prototype.push stack pointer vulnerability may enable
 
       
    44     exploits in the sandboxed content process
 
       
    45 
       
    46 -------------------------------------------------------------------
 
       
    47 Thu Sep 27 10:51:37 UTC 2018 - olaf@aepfle.de
 
       
    48 
       
    49 - Avoid undefined behavior in IPC fd-passing code with
 
       
    50   mozilla-bmo1436242.patch (boo#1094767, bmo#1436242)
 
       
    51 
       
    52 -------------------------------------------------------------------
 
       
    53 Fri Sep 21 22:46:56 UTC 2018 - astieger@suse.com
 
       
    54 
       
    55 - Mozilla Firefox 60.2.1esr:
 
       
    56   MFSA 2018-23
 
       
    57   * CVE-2018-12385 (boo#1109363, bmo#1490585)
 
       
    58     Crash in TransportSecurityInfo due to cached data
 
       
    59   * CVE-2018-12383 (boo#1107343, bmo#1475775)
 
       
    60     Setting a master password did not delete unencrypted
 
       
    61     previously stored passwords
 
       
    62   * Fixed a startup crash affecting users migrating from older ESR
 
       
    63     releases 
       
    64   * Clean up old NSS DB files after upgrading
 
       
    65 
       
    66 -------------------------------------------------------------------
 
       
    67 Wed Sep  5 19:39:44 UTC 2018 - security@suse.com
 
       
    68 
       
    69 - Mozilla Firefox 60.2.0esr:
 
       
    70   MFSA 2018-21 (bsc#1107343)
 
       
    71   * CVE-2018-12377 (bmo#1470260)
 
       
    72     Use-after-free in refresh driver timers
 
       
    73   * CVE-2018-12378 (bmo#1459383)
 
       
    74     Use-after-free in IndexedDB
 
       
    75   * CVE-2017-16541 (bsc#1066489, bmo#1412081)
 
       
    76     Proxy bypass using automount and autofs
 
       
    77   * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
 
       
    78     bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
 
       
    79     bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
 
       
    80     bmo#80521)
 
       
    81     Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 
       
    82 - unfuzz mozilla-kde.patch
 
       
    83 
     1 -------------------------------------------------------------------
 
    84 -------------------------------------------------------------------
 
     2 Sat Jun 23 13:10:32 UTC 2018 - wr@rosenauer.org
 
    85 Sat Jun 23 13:10:32 UTC 2018 - wr@rosenauer.org
 
     3 
    86 
     4 - update to Firefox 60.1.0esr
 
    87 - update to Firefox 60.1.0esr
 
       
    88   MFSA 2018-16 (bsc#1098998)
 
       
    89   * CVE-2018-12359 (bmo#1459162)
 
       
    90     Buffer overflow using computed size of canvas element
 
       
    91   * CVE-2018-12360 (bmo#1459693)
 
       
    92     Use-after-free when using focus()
 
       
    93   * CVE-2018-12361 (bmo#1463244)
 
       
    94     Integer overflow in SwizzleData
 
       
    95   * CVE-2018-12362 (bmo#1452375)
 
       
    96     Integer overflow in SSSE3 scaler
 
       
    97   * CVE-2018-5156 (bmo#1453127)
 
       
    98     Media recorder segmentation fault when track type is changed during capture
 
       
    99   * CVE-2018-12363 (bmo#1464784)
 
       
   100     Use-after-free when appending DOM nodes
 
       
   101   * CVE-2018-12364 (bmo#1436241)
 
       
   102     CSRF attacks through 307 redirects and NPAPI plugins
 
       
   103   * CVE-2018-12365 (bmo#1459206)
 
       
   104     Compromised IPC child process can list local filenames
 
       
   105   * CVE-2018-12371 (bmo#1465686) 
       
   106     Integer overflow in Skia library during edge builder allocation
 
       
   107   * CVE-2018-12366 (bmo#1464039)
 
       
   108     Invalid data handling during QCMS transformations
 
       
   109   * CVE-2018-12367 (bmo#1462891)
 
       
   110     Timing attack mitigation of PerformanceNavigationTiming
 
       
   111   * CVE-2018-12369 (bmo#1454909)
 
       
   112     WebExtension security permission checks bypassed by embedded experiments
 
       
   113   * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
 
       
   114     bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
 
       
   115     bmo#1463884)
 
       
   116     Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
 
       
   117   * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
 
       
   118     bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
 
       
   119     bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
 
       
   120     bmo#1464079,bmo#1463494,bmo#1458048)
 
       
   121     Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
 
     5 - remove obsolete patches
 
   122 - remove obsolete patches
 
     6   mozilla-enable-csd.patch
 
   123   mozilla-enable-csd.patch
 
     7   mozilla-fix-skia-aarch64.patch
 
   124   mozilla-fix-skia-aarch64.patch
 
     8 - do not disable system installed unsigned langpacks
 
   125 - do not disable system installed unsigned langpacks
 
     9   (mozilla-bmo1464766.patch)
 
   126   (mozilla-bmo1464766.patch)
mozilla