|
1 ------------------------------------------------------------------- |
|
2 Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 55.0.1 |
|
5 * Fix a regression the tab restoration process (bmo#1388160) |
|
6 * Fix a problem causing What's new pages not to be displayed (bmo#1386224) |
|
7 * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370) |
|
8 * Disable the predictor prefetch (bmo#1388160) |
|
9 |
1 ------------------------------------------------------------------- |
10 ------------------------------------------------------------------- |
2 Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
11 Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
3 |
12 |
4 - update to Firefox 55.0 |
13 - update to Firefox 55.0 (boo#1052829) |
5 * Browsing sessions with a high number of tabs are now restored |
14 * Browsing sessions with a high number of tabs are now restored |
6 in an instant |
15 in an instant |
7 * Sidebar (bookmarks, history, synced tabs) can now be moved to |
16 * Sidebar (bookmarks, history, synced tabs) can now be moved to |
8 the right edge of the window |
17 the right edge of the window |
9 * Fine-tune your browser performance from the Preferences/Options page. |
18 * Fine-tune your browser performance from the Preferences/Options page. |
30 restarted their browser 8 days after downloading an update or |
39 restarted their browser 8 days after downloading an update or |
31 users who opted out of automatic updates will see this change. |
40 users who opted out of automatic updates will see this change. |
32 * Insecure sites can no longer access the Geolocation APIs to get |
41 * Insecure sites can no longer access the Geolocation APIs to get |
33 access to your physical location |
42 access to your physical location |
34 * requires NSPR 4.15 and NSS 3.31 |
43 * requires NSPR 4.15 and NSS 3.31 |
|
44 MFSA 2017-18 |
|
45 * CVE-2017-7798 (bmo#1371586, bmo#1372112) |
|
46 XUL injection in the style editor in devtools |
|
47 * CVE-2017-7800 (bmo#1374047) |
|
48 Use-after-free in WebSockets during disconnection |
|
49 * CVE-2017-7801 (bmo#1371259) |
|
50 Use-after-free with marquee during window resizing |
|
51 * CVE-2017-7809 (bmo#1380284) |
|
52 Use-after-free while deleting attached editor DOM node |
|
53 * CVE-2017-7784 (bmo#1376087) |
|
54 Use-after-free with image observers |
|
55 * CVE-2017-7802 (bmo#1378147) |
|
56 Use-after-free resizing image elements |
|
57 * CVE-2017-7785 (bmo#1356985) |
|
58 Buffer overflow manipulating ARIA attributes in DOM |
|
59 * CVE-2017-7786 (bmo#1365189) |
|
60 Buffer overflow while painting non-displayable SVG |
|
61 * CVE-2017-7806 (bmo#1378113) |
|
62 Use-after-free in layer manager with SVG |
|
63 * CVE-2017-7753 (bmo#1353312) |
|
64 Out-of-bounds read with cached style data and pseudo-elements# |
|
65 * CVE-2017-7787 (bmo#1322896) |
|
66 Same-origin policy bypass with iframes through page reloads |
|
67 * CVE-2017-7807 (bmo#1376459) |
|
68 Domain hijacking through AppCache fallback |
|
69 * CVE-2017-7792 (bmo#1368652) |
|
70 Buffer overflow viewing certificates with an extremely long OID |
|
71 * CVE-2017-7804 (bmo#1372849) |
|
72 Memory protection bypass through WindowsDllDetourPatcher |
|
73 * CVE-2017-7791 (bmo#1365875) |
|
74 Spoofing following page navigation with data: protocol and modal alerts |
|
75 * CVE-2017-7808 (bmo#1367531) |
|
76 CSP information leak with frame-ancestors containing paths |
|
77 * CVE-2017-7782 (bmo#1344034) |
|
78 WindowsDllDetourPatcher allocates memory without DEP protections |
|
79 * CVE-2017-7781 (bmo#1352039) |
|
80 Elliptic curve point addition error when using mixed Jacobian-affine coordinates |
|
81 * CVE-2017-7794 (bmo#1374281) |
|
82 Linux file truncation via sandbox broker |
|
83 * CVE-2017-7803 (bmo#1377426) |
|
84 CSP containing 'sandbox' improperly applied |
|
85 * CVE-2017-7799 (bmo#1372509) |
|
86 Self-XSS XUL injection in about:webrtc |
|
87 * CVE-2017-7783 (bmo#1360842) |
|
88 DOS attack through long username in URL |
|
89 * CVE-2017-7788 (bmo#1073952) |
|
90 Sandboxed about:srcdoc iframes do not inherit CSP directives |
|
91 * CVE-2017-7789 (bmo#1074642) |
|
92 Failure to enable HSTS when two STS headers are sent for a connection |
|
93 * CVE-2017-7790 (bmo#1350460) (Windows-only) |
|
94 Windows crash reporter reads extra memory for some non-null-terminated registry values |
|
95 * CVE-2017-7796 (bmo#1234401) (Windows-only) |
|
96 Windows updater can delete any file named update.log |
|
97 * CVE-2017-7797 (bmo#1334776) |
|
98 Response header name interning leaks across origins |
|
99 * CVE-2017-7780 |
|
100 Memory safety bugs fixed in Firefox 55 |
|
101 * CVE-2017-7779 |
|
102 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 |
35 - updated mozilla-kde.patch: |
103 - updated mozilla-kde.patch: |
36 * removed "downloadfinished" alert as Firefox reimplemented the |
104 * removed "downloadfinished" alert as Firefox reimplemented the |
37 whole thing (TODO: check if there is another function we should |
105 whole thing (TODO: check if there is another function we should |
38 hook in) |
106 hook in) |
39 |
107 |