Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox55
changeset 991 fde25c29562d
parent 986 74bc4d049531
child 992 b2ba34e0dc10
equal deleted inserted replaced
990:0d76004e9fa4 991:fde25c29562d 
       
     1 -------------------------------------------------------------------
 
       
     2 Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org
 
       
     3 
       
     4 - update to Firefox 55.0.1
 
       
     5   * Fix a regression the tab restoration process (bmo#1388160)
 
       
     6   * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
 
       
     7   * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
 
       
     8   * Disable the predictor prefetch (bmo#1388160)
 
       
     9 
     1 -------------------------------------------------------------------
 
    10 -------------------------------------------------------------------
 
     2 Sat Aug  5 13:22:16 UTC 2017 - wr@rosenauer.org
 
    11 Sat Aug  5 13:22:16 UTC 2017 - wr@rosenauer.org
 
     3 
    12 
     4 - update to Firefox 55.0
 
    13 - update to Firefox 55.0 (boo#1052829)
 
     5   * Browsing sessions with a high number of tabs are now restored
 
    14   * Browsing sessions with a high number of tabs are now restored
 
     6     in an instant
 
    15     in an instant
 
     7   * Sidebar (bookmarks, history, synced tabs) can now be moved to
 
    16   * Sidebar (bookmarks, history, synced tabs) can now be moved to
 
     8     the right edge of the window
 
    17     the right edge of the window
 
     9   * Fine-tune your browser performance from the Preferences/Options page.
 
    18   * Fine-tune your browser performance from the Preferences/Options page.
 
    30     restarted their browser 8 days after downloading an update or
 
    39     restarted their browser 8 days after downloading an update or
 
    31     users who opted out of automatic updates will see this change.
 
    40     users who opted out of automatic updates will see this change.
 
    32   * Insecure sites can no longer access the Geolocation APIs to get
 
    41   * Insecure sites can no longer access the Geolocation APIs to get
 
    33     access to your physical location
 
    42     access to your physical location
 
    34   * requires NSPR 4.15 and NSS 3.31
 
    43   * requires NSPR 4.15 and NSS 3.31
 
       
    44   MFSA 2017-18
 
       
    45   * CVE-2017-7798 (bmo#1371586, bmo#1372112)
 
       
    46     XUL injection in the style editor in devtools
 
       
    47   * CVE-2017-7800 (bmo#1374047)
 
       
    48     Use-after-free in WebSockets during disconnection
 
       
    49   * CVE-2017-7801 (bmo#1371259)
 
       
    50     Use-after-free with marquee during window resizing
 
       
    51   * CVE-2017-7809 (bmo#1380284)
 
       
    52     Use-after-free while deleting attached editor DOM node
 
       
    53   * CVE-2017-7784 (bmo#1376087)
 
       
    54     Use-after-free with image observers
 
       
    55   * CVE-2017-7802 (bmo#1378147)
 
       
    56     Use-after-free resizing image elements
 
       
    57   * CVE-2017-7785 (bmo#1356985)
 
       
    58     Buffer overflow manipulating ARIA attributes in DOM
 
       
    59   * CVE-2017-7786 (bmo#1365189)
 
       
    60     Buffer overflow while painting non-displayable SVG
 
       
    61   * CVE-2017-7806 (bmo#1378113)
 
       
    62     Use-after-free in layer manager with SVG
 
       
    63   * CVE-2017-7753 (bmo#1353312)
 
       
    64     Out-of-bounds read with cached style data and pseudo-elements#
 
       
    65   * CVE-2017-7787 (bmo#1322896)
 
       
    66     Same-origin policy bypass with iframes through page reloads
 
       
    67   * CVE-2017-7807 (bmo#1376459)
 
       
    68     Domain hijacking through AppCache fallback
 
       
    69   * CVE-2017-7792 (bmo#1368652)
 
       
    70     Buffer overflow viewing certificates with an extremely long OID
 
       
    71   * CVE-2017-7804 (bmo#1372849)
 
       
    72     Memory protection bypass through WindowsDllDetourPatcher
 
       
    73   * CVE-2017-7791 (bmo#1365875)
 
       
    74     Spoofing following page navigation with data: protocol and modal alerts
 
       
    75   * CVE-2017-7808 (bmo#1367531)
 
       
    76     CSP information leak with frame-ancestors containing paths
 
       
    77   * CVE-2017-7782 (bmo#1344034)
 
       
    78     WindowsDllDetourPatcher allocates memory without DEP protections
 
       
    79   * CVE-2017-7781 (bmo#1352039)
 
       
    80     Elliptic curve point addition error when using mixed Jacobian-affine coordinates
 
       
    81   * CVE-2017-7794 (bmo#1374281)
 
       
    82     Linux file truncation via sandbox broker
 
       
    83   * CVE-2017-7803 (bmo#1377426)
 
       
    84     CSP containing 'sandbox' improperly applied
 
       
    85   * CVE-2017-7799 (bmo#1372509)
 
       
    86     Self-XSS XUL injection in about:webrtc
 
       
    87   * CVE-2017-7783 (bmo#1360842)
 
       
    88     DOS attack through long username in URL
 
       
    89   * CVE-2017-7788 (bmo#1073952)
 
       
    90     Sandboxed about:srcdoc iframes do not inherit CSP directives
 
       
    91   * CVE-2017-7789 (bmo#1074642)
 
       
    92     Failure to enable HSTS when two STS headers are sent for a connection
 
       
    93   * CVE-2017-7790 (bmo#1350460) (Windows-only)
 
       
    94     Windows crash reporter reads extra memory for some non-null-terminated registry values
 
       
    95   * CVE-2017-7796 (bmo#1234401) (Windows-only)
 
       
    96     Windows updater can delete any file named update.log
 
       
    97   * CVE-2017-7797 (bmo#1334776)
 
       
    98     Response header name interning leaks across origins
 
       
    99   * CVE-2017-7780
 
       
   100     Memory safety bugs fixed in Firefox 55
 
       
   101   * CVE-2017-7779
 
       
   102     Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
 
    35 - updated mozilla-kde.patch:
 
   103 - updated mozilla-kde.patch:
 
    36   * removed "downloadfinished" alert as Firefox reimplemented the
 
   104   * removed "downloadfinished" alert as Firefox reimplemented the
 
    37     whole thing (TODO: check if there is another function we should
 
   105     whole thing (TODO: check if there is another function we should
 
    38     hook in)
 
   106     hook in)
 
    39 
   107
mozilla