Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 1031 4b419fce88dc
parent 1030 cd02d400c081
child 1032 8220ea23b47d 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Jan 20 21:27:34 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Fri Feb 09 13:28:07 2018 +0100
@@ -1,10 +1,108 @@
 -------------------------------------------------------------------
-Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org
-
-- update to Firefox 58.0b15
+Fri Feb  9 12:23:34 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 59.0b8
+- requires NSPR 4.18 and NSS 3.35
+- requires rust >= 1.22.1
+
+-------------------------------------------------------------------
+Fri Feb  9 12:06:31 UTC 2018 - wr@rosenauer.org
+
+- correct requires and provides handling (boo#1076907)
+
+-------------------------------------------------------------------
+Tue Feb  6 07:03:42 UTC 2018 - fstrba@suse.com
+
+- Added patch:
+  * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
+    or again?) not working in Firefox 58 due to sandboxing.
+
+-------------------------------------------------------------------
+Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0.1
+  MFSA 2018-05
+  *  Arbitrary code execution through unsanitized browser UI (bmo#1432966)
+- use correct language packs
+- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
+- allow larger number of nested elements (mozilla-bmo256180.patch)
+
+-------------------------------------------------------------------
+Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0 (bsc#1077291)
   * Added Nepali (ne-NP) locale
   * Added support for form autofill for credit card
   * Optimize page load by caching JavaScript internal representation
+  MFSA 2018-02
+  * CVE-2018-5091 (bmo#1423086)
+    Use-after-free with DTMF timers
+  * CVE-2018-5092 (bmo#1418074)
+    Use-after-free in Web Workers
+  * CVE-2018-5093 (bmo#1415291)
+    Buffer overflow in WebAssembly during Memory/Table resizing
+  * CVE-2018-5094 (bmo#1415883)
+    Buffer overflow in WebAssembly with garbage collection on
+    uninitialized memory
+  * CVE-2018-5095 (bmo#1418447)
+    Integer overflow in Skia library during edge builder allocation
+  * CVE-2018-5097 (bmo#1387427)
+    Use-after-free when source document is manipulated during XSLT
+  * CVE-2018-5098 (bmo#1399400)
+    Use-after-free while manipulating form input elements
+  * CVE-2018-5099 (bmo#1416878)
+    Use-after-free with widget listener
+  * CVE-2018-5100 (bmo#1417405)
+    Use-after-free when IsPotentiallyScrollable arguments are freed
+    from memory
+  * CVE-2018-5101 (bmo#1417661)
+    Use-after-free with floating first-letter style elements
+  * CVE-2018-5102 (bmo#1419363)
+    Use-after-free in HTML media elements
+  * CVE-2018-5103 (bmo#1423159)
+    Use-after-free during mouse event handling
+  * CVE-2018-5104 (bmo#1425000)
+    Use-after-free during font face manipulation
+  * CVE-2018-5105 (bmo#1390882)
+    WebExtensions can save and execute files on local file system
+    without user prompts
+  * CVE-2018-5106 (bmo#1408708)
+    Developer Tools can expose style editor information cross-origin
+    through service worker
+  * CVE-2018-5107 (bmo#1379276)
+    Printing process will follow symlinks for local file access
+  * CVE-2018-5108 (bmo#1421099)
+    Manually entered blob URL can be accessed by subsequent private browsing tabs
+  * CVE-2018-5109 (bmo#1405599)
+    Audio capture prompts and starts with incorrect origin attribution
+  * CVE-2018-5110 (bmo#1423275) (affects only OS X)
+    Cursor can be made invisible on OS X
+  * CVE-2018-5111 (bmo#1321619)
+    URL spoofing in addressbar through drag and drop
+  * CVE-2018-5112 (bmo#1425224)
+    Extension development tools panel can open a non-relative URL in the panel
+  * CVE-2018-5113 (bmo#1425267)
+    WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
+  * CVE-2018-5114 (bmo#1421324)
+    The old value of a cookie changed to HttpOnly remains accessible to scripts
+  * CVE-2018-5115 (bmo#1409449)
+    Background network requests can open HTTP authentication in unrelated foreground tabs
+  * CVE-2018-5116 (bmo#1396399)
+    WebExtension ActiveTab permission allows cross-origin frame content access
+  * CVE-2018-5117 (bmo#1395508)
+    URL spoofing with right-to-left text aligned left-to-right
+  * CVE-2018-5118 (bmo#1420049)
+    Activity Stream images can attempt to load local content through file:
+  * CVE-2018-5119 (bmo#1420507)
+    Reader view will load cross-origin content in violation of CORS headers
+  * CVE-2018-5121 (bmo#1402368) (affects only OS X)
+    OS X Tibetan characters render incompletely in the addressbar
+  * CVE-2018-5122 (bmo#1413841)
+    Potential integer overflow in DoCrypt
+  * CVE-2018-5090
+    Memory safety bugs fixed in Firefox 58
+  * CVE-2018-5089
+    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
 - requires NSS 3.34.1
 - requires rust 1.21
 - removed obsolete patches:
mozilla