Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox76
changeset 1126 6b7cd9ae087d
parent 1125 3fd9346c90a6
child 1127 d5b284f833d5 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat May 02 15:26:20 2020 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed May 27 09:13:22 2020 +0200
@@ -1,7 +1,49 @@
 -------------------------------------------------------------------
+Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
+
+- change again _constraints for ppc64le use <physicalmemory>
+  and increase limit_build in spec file to reduce max_jobs.
+
+-------------------------------------------------------------------
+Sat May  9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 76.0.1
+  * Fixed a bug causing some add-ons such as Amazon Assistant to see
+    multiple onConnect events, impairing functionality (bmo#1635637)
+
+-------------------------------------------------------------------
 Fri May  1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 76.0
+  * Lockwise improvements
+  * Improvements in Picture-in-Picture feature
+  * Support Audio Worklets
+  MFSA-2020-16 (bsc#1171186)
+  * CVE-2020-12387 (bmo#1545345)
+    Use-after-free during worker shutdown
+  * CVE-2020-12388 (bmo#1618911)
+    Sandbox escape with improperly guarded Access Tokens
+  * CVE-2020-12389 (bmo#1554110)
+    Sandbox escape with improperly separated process types
+  * CVE-2020-6831 (bmo#1632241)
+    Buffer overflow in SCTP chunk input validation
+  * CVE-2020-12390 (bmo#1141959)
+    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
+  * CVE-2020-12391 (bmo#1457100)
+    Content-Security-Policy bypass using object elements
+  * CVE-2020-12392 (bmo#1614468)
+    Arbitrary local file access with 'Copy as cURL'
+  * CVE-2020-12393 (bmo#1615471)
+    Devtools' 'Copy as cURL' feature did not fully escape
+    website-controlled data, potentially leading to command injection
+  * CVE-2020-12394 (bmo#1628288)
+    URL spoofing in location bar when unfocussed
+  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
+    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
+    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
+  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
+    bmo#1622291, bmo#1627644)
+    Memory safety bugs fixed in Firefox 76
 - requires
   * NSS >= 3.51.1
   * nasm >= 2.14
mozilla