1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sat Feb 25 15:19:15 UTC 2017 - wr@rosenauer.org |
2 Sat Mar 18 10:12:59 UTC 2017 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 52.0b9 |
4 - update to Firefox 53.0b4 |
5 * requires NSS >= 3.28.2 |
5 * requires NSS 3.29.3 |
|
6 * Lightweight themes are now applied in private browsing windows |
|
7 * Reader Mode now displays estimated reading time for the page |
|
8 * Two new 'compact' themes available in Firefox, dark and light, |
|
9 based on the Firefox Developer Edition theme |
|
10 * Ended Firefox Linux support for processors older than Pentium 4 |
|
11 and AMD Opteron |
|
12 * Refresh of the media controls user interface |
|
13 * Shortened titles on tabs are faded out instead of using ellipsis |
|
14 for improved readability |
|
15 * Media playback on new tabs is blocked until the tab is visible |
|
16 * Permission notifications have a cleaner design and cannot be |
|
17 easily missed |
|
18 - removed browser(npapi) provides as these plugins are deprecated |
|
19 |
|
20 ------------------------------------------------------------------- |
|
21 Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org |
|
22 |
|
23 - update to Firefox 52.0.1 (boo#1029822) |
|
24 MFSA 2017-08 |
|
25 CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) |
|
26 |
|
27 ------------------------------------------------------------------- |
|
28 Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org |
|
29 |
|
30 - reenable ALSA support which was removed by default upstream |
|
31 |
|
32 ------------------------------------------------------------------- |
|
33 Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org |
|
34 |
|
35 - update to Firefox 52.0 (boo#1028391) |
|
36 * requires NSS >= 3.28.3 |
6 * Pages containing insecure password fields now display a warning |
37 * Pages containing insecure password fields now display a warning |
7 directly within username and password fields. |
38 directly within username and password fields. |
8 * Windows 8 touch screen support for multiprocess Firefox |
|
9 * Send and open a tab from one device to another with Sync |
39 * Send and open a tab from one device to another with Sync |
10 * Removed NPAPI support for plugins other than Flash. Silverlight, |
40 * Removed NPAPI support for plugins other than Flash. Silverlight, |
11 Java, Acrobat and the like are no longer supported. |
41 Java, Acrobat and the like are no longer supported. |
12 * Removed Battery Status API to reduce fingerprinting of users by |
42 * Removed Battery Status API to reduce fingerprinting of users by |
13 trackers |
43 trackers |
|
44 * MFSA 2017-05 |
|
45 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP |
|
46 (bmo#1334933) |
|
47 CVE-2017-5401: Memory Corruption when handling ErrorResult |
|
48 (bmo#1328861) |
|
49 CVE-2017-5402: Use-after-free working with events in FontFace |
|
50 objects (bmo#1334876) |
|
51 CVE-2017-5403: Use-after-free using addRange to add range to an |
|
52 incorrect root object (bmo#1340186) |
|
53 CVE-2017-5404: Use-after-free working with ranges in selections |
|
54 (bmo#1340138) |
|
55 CVE-2017-5406: Segmentation fault in Skia with canvas operations |
|
56 (bmo#1306890) |
|
57 CVE-2017-5407: Pixel and history stealing via floating-point |
|
58 timing side channel with SVG filters (bmo#1336622) |
|
59 CVE-2017-5410: Memory corruption during JavaScript garbage |
|
60 collection incremental sweeping (bmo#1330687) |
|
61 CVE-2017-5408: Cross-origin reading of video captions in violation |
|
62 of CORS (bmo#1313711) |
|
63 CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) |
|
64 CVE-2017-5413: Segmentation fault during bidirectional operations |
|
65 (bmo#1337504) |
|
66 CVE-2017-5414: File picker can choose incorrect default directory |
|
67 (bmo#1319370) |
|
68 CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) |
|
69 CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) |
|
70 CVE-2017-5417: Addressbar spoofing by draging and dropping URLs |
|
71 (bmo#791597) |
|
72 CVE-2017-5426: Gecko Media Plugin sandbox is not started if |
|
73 seccomp-bpf filter is running (bmo#1257361) |
|
74 CVE-2017-5427: Non-existent chrome.manifest file loaded during |
|
75 startup (bmo#1295542) |
|
76 CVE-2017-5418: Out of bounds read when parsing HTTP digest |
|
77 authorization responses (bmo#1338876) |
|
78 CVE-2017-5419: Repeated authentication prompts lead to DOS |
|
79 attack (bmo#1312243) |
|
80 CVE-2017-5420: Javascript: URLs can obfuscate addressbar |
|
81 location (bmo#1284395) |
|
82 CVE-2017-5405: FTP response codes can cause use of |
|
83 uninitialized values for ports (bmo#1336699) |
|
84 CVE-2017-5421: Print preview spoofing (bmo#1301876) |
|
85 CVE-2017-5422: DOS attack by using view-source: protocol |
|
86 repeatedly in one hyperlink (bmo#1295002) |
|
87 CVE-2017-5399: Memory safety bugs fixed in Firefox 52 |
|
88 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and |
|
89 Firefox ESR 45.8 |
14 - removed obsolete patches |
90 - removed obsolete patches |
15 * mozilla-binutils-visibility.patch |
91 * mozilla-binutils-visibility.patch |
16 * mozilla-check_return.patch |
92 * mozilla-check_return.patch |
17 * mozilla-disable-skia-be.patch |
93 * mozilla-disable-skia-be.patch |
18 * mozilla-skia-overflow.patch |
94 * mozilla-skia-overflow.patch |