13 * Shortened titles on tabs are faded out instead of using ellipsis |
13 * Shortened titles on tabs are faded out instead of using ellipsis |
14 for improved readability |
14 for improved readability |
15 * Media playback on new tabs is blocked until the tab is visible |
15 * Media playback on new tabs is blocked until the tab is visible |
16 * Permission notifications have a cleaner design and cannot be |
16 * Permission notifications have a cleaner design and cannot be |
17 easily missed |
17 easily missed |
|
18 MFSA 2017-10 |
|
19 * CVE-2017-5456 (bmo#1344415) |
|
20 Sandbox escape allowing local file system access |
|
21 * CVE-2017-5442 (bmo#1347979) |
|
22 Use-after-free during style changes |
|
23 * CVE-2017-5443 (bmo#1342661) |
|
24 Out-of-bounds write during BinHex decoding |
|
25 * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, |
|
26 bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) |
|
27 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and |
|
28 Firefox ESR 52.1 |
|
29 * CVE-2017-5464 (bmo#1347075) |
|
30 Memory corruption with accessibility and DOM manipulation |
|
31 * CVE-2017-5465 (bmo#1347617) |
|
32 Out-of-bounds read in ConvolvePixel |
|
33 * CVE-2017-5466 (bmo#1353975) |
|
34 Origin confusion when reloading isolated data:text/html URL |
|
35 * CVE-2017-5467 (bmo#1347262) |
|
36 Memory corruption when drawing Skia content |
|
37 * CVE-2017-5460 (bmo#1343642) |
|
38 Use-after-free in frame selection |
|
39 * CVE-2017-5461 (bmo#1344380) |
|
40 Out-of-bounds write in Base64 encoding in NSS |
|
41 * CVE-2017-5448 (bmo#1346648) |
|
42 Out-of-bounds write in ClearKeyDecryptor |
|
43 * CVE-2017-5449 (bmo#1340127) |
|
44 Crash during bidirectional unicode manipulation with animation |
|
45 * CVE-2017-5446 (bmo#1343505) |
|
46 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data |
|
47 * CVE-2017-5447 (bmo#1343552) |
|
48 Out-of-bounds read during glyph processing |
|
49 * CVE-2017-5444 (bmo#1344461) |
|
50 Buffer overflow while parsing application/http-index-format content |
|
51 * CVE-2017-5445 (bmo#1344467) |
|
52 Uninitialized values used while parsing application/http-index-format |
|
53 content |
|
54 * CVE-2017-5468 (bmo#1329521) |
|
55 Incorrect ownership model for Private Browsing information |
|
56 * CVE-2017-5469 (bmo#1292534) |
|
57 Potential Buffer overflow in flex-generated code |
|
58 * CVE-2017-5440 (bmo#1336832) |
|
59 Use-after-free in txExecutionState destructor during XSLT processing |
|
60 * CVE-2017-5441 (bmo#1343795) |
|
61 Use-after-free with selection during scroll events |
|
62 * CVE-2017-5439 (bmo#1336830) |
|
63 Use-after-free in nsTArray Length() during XSLT processing |
|
64 * CVE-2017-5438 (bmo#1336828) |
|
65 Use-after-free in nsAutoPtr during XSLT processing |
|
66 * CVE-2017-5437 (bmo#1343453) |
|
67 Vulnerabilities in Libevent library |
|
68 * CVE-2017-5436 (bmo#1345461) |
|
69 Out-of-bounds write with malicious font in Graphite 2 |
|
70 * CVE-2017-5435 (bmo#1350683) |
|
71 Use-after-free during transaction processing in the editor |
|
72 * CVE-2017-5434 (bmo#1349946) |
|
73 Use-after-free during focus handling |
|
74 * CVE-2017-5433 (bmo#1347168) |
|
75 Use-after-free in SMIL animation functions |
|
76 * CVE-2017-5432 (bmo#1346654) |
|
77 Use-after-free in text input selection |
|
78 * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, |
|
79 bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, |
|
80 bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, |
|
81 bmo#1349719, bmo#1353476) |
|
82 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 |
|
83 * CVE-2017-5459 (bmo#1333858) |
|
84 Buffer overflow in WebGL |
|
85 * CVE-2017-5458 (bmo#1229426) |
|
86 Drag and drop of javascript: URLs can allow for self-XSS |
|
87 * CVE-2017-5455 (bmo#1341191) |
|
88 Sandbox escape through internal feed reader APIs |
|
89 * CVE-2017-5454 (bmo#1349276) |
|
90 Sandbox escape allowing file system read access through file picker |
|
91 * CVE-2017-5451 (bmo#1273537) |
|
92 Addressbar spoofing with onblur event |
|
93 * CVE-2017-5453 (bmo#1321247) |
|
94 HTML injection into RSS Reader feed preview page through |
|
95 TITLE element |
|
96 * CVE-2017-5462 (bmo#1345089) |
|
97 DRBG flaw in NSS |
18 - removed browser(npapi) provides as these plugins are deprecated |
98 - removed browser(npapi) provides as these plugins are deprecated |
19 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
99 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
20 Leap 42 |
100 Leap 42 |
21 - Gtk2 is not longer an option; switched to Gtk3 |
101 - Gtk2 is not longer an option; switched to Gtk3 |
22 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support |
102 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support |