|
1 ------------------------------------------------------------------- |
|
2 Mon Dec 10 21:25:38 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - Mozilla Firefox 60.4.0esr: |
|
5 MFSA 2018-29 |
|
6 - requires NSS >= 3.36.6 |
|
7 |
|
8 ------------------------------------------------------------------- |
|
9 Tue Oct 23 20:35:31 UTC 2018 - astieger@suse.com |
|
10 |
|
11 - Mozilla Firefox 60.3.0esr: |
|
12 * Various stability and regression fixes |
|
13 MFSA 2018-27 bsc#1112852 |
|
14 * CVE-2018-12392 bmo#1492823 |
|
15 Crash with nested event loops |
|
16 * CVE-2018-12393 bmo#1495011 |
|
17 Integer overflow during Unicode conversion while loading |
|
18 JavaScript |
|
19 * CVE-2018-12395 bmo#1467523 |
|
20 WebExtension bypass of domain restrictions through header |
|
21 rewriting |
|
22 * CVE-2018-12396 bmo#1483602 |
|
23 WebExtension content scripts can execute in disallowed |
|
24 contexts |
|
25 * CVE-2018-12397 bmo#1487478 |
|
26 WebExtension local file access vulnerability |
|
27 * CVE-2018-12389 bmo#1498460, bmo#1499198 |
|
28 Memory safety bugs fixed in Firefox ESR 60.3 |
|
29 * CVE-2018-12390 bmo#1487098 bmo#1487660 bmo#1490234 bmo#1496159 |
|
30 bmo#1443748 bmo#1496340 bmo#1483905 bmo#1493347 bmo#1488803 |
|
31 bmo#1498701 bmo#1498482 bmo#1442010 bmo#1495245 bmo#1483699 |
|
32 bmo#1469486 bmo#1484905 bmo#1490561 bmo#1492524 bmo#1481844 |
|
33 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 |
|
34 |
|
35 ------------------------------------------------------------------- |
|
36 Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com |
|
37 |
|
38 - Mozilla Firefox 60.2.2esr: |
|
39 MFSA 2018-24 |
|
40 * CVE-2018-12386 (bsc#1110506, bmo#1493900) |
|
41 Type confusion in JavaScript allowed remote code execution |
|
42 * CVE-2018-12387 (bsc#1110507, bmo#1493903) |
|
43 Array.prototype.push stack pointer vulnerability may enable |
|
44 exploits in the sandboxed content process |
|
45 |
|
46 ------------------------------------------------------------------- |
|
47 Thu Sep 27 10:51:37 UTC 2018 - olaf@aepfle.de |
|
48 |
|
49 - Avoid undefined behavior in IPC fd-passing code with |
|
50 mozilla-bmo1436242.patch (boo#1094767, bmo#1436242) |
|
51 |
|
52 ------------------------------------------------------------------- |
|
53 Fri Sep 21 22:46:56 UTC 2018 - astieger@suse.com |
|
54 |
|
55 - Mozilla Firefox 60.2.1esr: |
|
56 MFSA 2018-23 |
|
57 * CVE-2018-12385 (boo#1109363, bmo#1490585) |
|
58 Crash in TransportSecurityInfo due to cached data |
|
59 * CVE-2018-12383 (boo#1107343, bmo#1475775) |
|
60 Setting a master password did not delete unencrypted |
|
61 previously stored passwords |
|
62 * Fixed a startup crash affecting users migrating from older ESR |
|
63 releases |
|
64 * Clean up old NSS DB files after upgrading |
|
65 |
|
66 ------------------------------------------------------------------- |
|
67 Wed Sep 5 19:39:44 UTC 2018 - security@suse.com |
|
68 |
|
69 - Mozilla Firefox 60.2.0esr: |
|
70 MFSA 2018-21 (bsc#1107343) |
|
71 * CVE-2018-12377 (bmo#1470260) |
|
72 Use-after-free in refresh driver timers |
|
73 * CVE-2018-12378 (bmo#1459383) |
|
74 Use-after-free in IndexedDB |
|
75 * CVE-2017-16541 (bsc#1066489, bmo#1412081) |
|
76 Proxy bypass using automount and autofs |
|
77 * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092, |
|
78 bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991, |
|
79 bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889, |
|
80 bmo#80521) |
|
81 Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 |
|
82 - unfuzz mozilla-kde.patch |
|
83 |
1 ------------------------------------------------------------------- |
84 ------------------------------------------------------------------- |
2 Sat Jun 23 13:10:32 UTC 2018 - wr@rosenauer.org |
85 Sat Jun 23 13:10:32 UTC 2018 - wr@rosenauer.org |
3 |
86 |
4 - update to Firefox 60.1.0esr |
87 - update to Firefox 60.1.0esr |
|
88 MFSA 2018-16 (bsc#1098998) |
|
89 * CVE-2018-12359 (bmo#1459162) |
|
90 Buffer overflow using computed size of canvas element |
|
91 * CVE-2018-12360 (bmo#1459693) |
|
92 Use-after-free when using focus() |
|
93 * CVE-2018-12361 (bmo#1463244) |
|
94 Integer overflow in SwizzleData |
|
95 * CVE-2018-12362 (bmo#1452375) |
|
96 Integer overflow in SSSE3 scaler |
|
97 * CVE-2018-5156 (bmo#1453127) |
|
98 Media recorder segmentation fault when track type is changed during capture |
|
99 * CVE-2018-12363 (bmo#1464784) |
|
100 Use-after-free when appending DOM nodes |
|
101 * CVE-2018-12364 (bmo#1436241) |
|
102 CSRF attacks through 307 redirects and NPAPI plugins |
|
103 * CVE-2018-12365 (bmo#1459206) |
|
104 Compromised IPC child process can list local filenames |
|
105 * CVE-2018-12371 (bmo#1465686) |
|
106 Integer overflow in Skia library during edge builder allocation |
|
107 * CVE-2018-12366 (bmo#1464039) |
|
108 Invalid data handling during QCMS transformations |
|
109 * CVE-2018-12367 (bmo#1462891) |
|
110 Timing attack mitigation of PerformanceNavigationTiming |
|
111 * CVE-2018-12369 (bmo#1454909) |
|
112 WebExtension security permission checks bypassed by embedded experiments |
|
113 * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938, |
|
114 bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568, |
|
115 bmo#1463884) |
|
116 Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 |
|
117 * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, |
|
118 bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, |
|
119 bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, |
|
120 bmo#1464079,bmo#1463494,bmo#1458048) |
|
121 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 |
5 - remove obsolete patches |
122 - remove obsolete patches |
6 mozilla-enable-csd.patch |
123 mozilla-enable-csd.patch |
7 mozilla-fix-skia-aarch64.patch |
124 mozilla-fix-skia-aarch64.patch |
8 - do not disable system installed unsigned langpacks |
125 - do not disable system installed unsigned langpacks |
9 (mozilla-bmo1464766.patch) |
126 (mozilla-bmo1464766.patch) |