|
1 ------------------------------------------------------------------- |
|
2 Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com |
|
3 |
|
4 - Mozilla Firefox 51.0.1: |
|
5 - Multiprocess incompatibility did not correctly register with |
|
6 some add-ons (bmo#1333423) |
|
7 |
1 ------------------------------------------------------------------- |
8 ------------------------------------------------------------------- |
2 Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org |
9 Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org |
3 |
10 |
4 - update to Firefox 51.0 (boo#) |
11 - update to Firefox 51.0 |
5 * requires NSPR >= 4.13.1, NSS >= 3.28.1 |
12 * requires NSPR >= 4.13.1, NSS >= 3.28.1 |
6 * Added support for FLAC (Free Lossless Audio Codec) playback |
13 * Added support for FLAC (Free Lossless Audio Codec) playback |
7 * Added support for WebGL 2 |
14 * Added support for WebGL 2 |
8 * Added Georgian (ka) and Kabyle (kab) locales |
15 * Added Georgian (ka) and Kabyle (kab) locales |
9 * Support saving passwords for forms without 'submit' events |
16 * Support saving passwords for forms without 'submit' events |
11 * Zoom indicator is shown in the URL bar if the zoom level is not |
18 * Zoom indicator is shown in the URL bar if the zoom level is not |
12 at default level |
19 at default level |
13 * View passwords from the prompt before saving them |
20 * View passwords from the prompt before saving them |
14 * Remove Belarusian (be) locale |
21 * Remove Belarusian (be) locale |
15 * Use Skia for content rendering (Linux) |
22 * Use Skia for content rendering (Linux) |
16 - switch Firefox to Gtk3 for Tumbleweed and Leap >= 43 |
23 * MFSA 2017-01 |
|
24 CVE-2017-5375: Excessive JIT code allocation allows bypass of |
|
25 ASLR and DEP (bmo#1325200, boo#1021814) |
|
26 CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) |
|
27 CVE-2017-5377: Memory corruption with transforms to create |
|
28 gradients in Skia (bmo#1306883, boo#1021826) |
|
29 CVE-2017-5378: Pointer and frame data leakage of Javascript objects |
|
30 (bmo#1312001, bmo#1330769, boo#1021818) |
|
31 CVE-2017-5379: Use-after-free in Web Animations |
|
32 (bmo#1309198,boo#1021827) |
|
33 CVE-2017-5380: Potential use-after-free during DOM manipulations |
|
34 (bmo#1322107, boo#1021819) |
|
35 CVE-2017-5390: Insecure communication methods in Developer Tools |
|
36 JSON viewer (bmo#1297361, boo#1021820) |
|
37 CVE-2017-5389: WebExtensions can install additional add-ons via |
|
38 modified host requests (bmo#1308688, boo#1021828) |
|
39 CVE-2017-5396: Use-after-free with Media Decoder |
|
40 (bmo#1329403, boo#1021821) |
|
41 CVE-2017-5381: Certificate Viewer exporting can be used to navigate |
|
42 and save to arbitrary filesystem locations |
|
43 (bmo#1017616, boo#1021830) |
|
44 CVE-2017-5382: Feed preview can expose privileged content errors |
|
45 and exceptions (bmo#1295322, boo#1021831) |
|
46 CVE-2017-5383: Location bar spoofing with unicode characters |
|
47 (bmo#1323338, bmo#1324716, boo#1021822) |
|
48 CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) |
|
49 (bmo#1255474, boo#1021832) |
|
50 CVE-2017-5385: Data sent in multipart channels ignores referrer-policy |
|
51 response headers (bmo#1295945, boo#1021833) |
|
52 CVE-2017-5386: WebExtensions can use data: protocol to affect other |
|
53 extensions (bmo#1319070, boo#1021823) |
|
54 CVE-2017-5394: Android location bar spoofing using fullscreen and |
|
55 JavaScript events (bmo#1222798) |
|
56 CVE-2017-5391: Content about: pages can load privileged about: pages |
|
57 (bmo#1309310, boo#1021835) |
|
58 CVE-2017-5392: Weak references using multiple threads on weak proxy |
|
59 objects lead to unsafe memory usage (bmo#1293709) |
|
60 (Android only) |
|
61 CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for |
|
62 mozAddonManager (bmo#1309282, boo#1021837) |
|
63 CVE-2017-5395: Android location bar spoofing during scrolling |
|
64 (bmo#1293463) (Android only) |
|
65 CVE-2017-5387: Disclosure of local file existence through TRACK |
|
66 tag error messages (bmo#1295023, boo#1021839) |
|
67 CVE-2017-5388: WebRTC can be used to generate a large amount of |
|
68 UDP traffic for DDOS attacks |
|
69 (bmo#1281482, boo#1021840) |
|
70 CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) |
|
71 CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and |
|
72 Firefox ESR 45.7 (boo#1021824) |
|
73 - switch Firefox to Gtk3 for Tumbleweed |
17 - removed obsolete patches |
74 - removed obsolete patches |
18 * mozilla-flex_buffer_overrun.patch |
75 * mozilla-flex_buffer_overrun.patch |
19 - updated RPM locale support tag |
76 - updated RPM locale support tag |
20 - improve recognition of LANGUAGE env variable (boo#1017174) |
77 - improve recognition of LANGUAGE env variable (boo#1017174) |
|
78 - add upstream patch to fix PPC64LE (bmo#1319389) |
|
79 (mozilla-skia-ppc-endianess.patch) |
|
80 - fix build without skia (big endian archs) (bmo#1319374) |
|
81 (mozilla-disable-skia-be.patch) |
21 |
82 |
22 ------------------------------------------------------------------- |
83 ------------------------------------------------------------------- |
23 Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
84 Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
24 |
85 |
25 - update to Firefox 50.1.0 (boo#1015422) |
86 - update to Firefox 50.1.0 (boo#1015422) |