Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox57
changeset 1011 85bd01789b6f
parent 1008 77c890186192
child 1012 0c59a30173da 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Nov 11 10:08:36 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Thu Nov 16 21:22:39 2017 +0100
@@ -1,15 +1,52 @@
 -------------------------------------------------------------------
-Thu Nov  9 15:01:30 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 57.0b14
+Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 57.0 (boo#1068101)
   * Firefox Quantum
   * Photon UI
+  * Unified address and search bar
   * AMD VP9 hardware video decoder support
   * Added support for Date/Time input
   * stricter security sandbox blocking filesystem reading and
     writing on Linux systems
   * middle mouse paste in the content area no longer navigates to
     URLs by default on Unix systems
+  MFSA 2017-24
+  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
+    Use-after-free of PressShell while restyling layout
+  * CVE-2017-7830 (bmo#1408990)
+    Cross-origin URL information leak through Resource Timing API
+  * CVE-2017-7831 (bmo#1392026)
+    Information disclosure of exposed properties on JavaScript proxy
+    objects
+  * CVE-2017-7832 (bmo#1408782)
+    Domain spoofing through use of dotless 'i' character followed
+    by accent markers
+  * CVE-2017-7833 (bmo#1370497)
+    Domain spoofing with Arabic and Indic vowel marker characters
+  * CVE-2017-7834 (bmo#1358009)
+    data: URLs opened in new tabs bypass CSP protections
+  * CVE-2017-7835 (bmo#1402363)
+    Mixed content blocking incorrectly applies with redirects
+  * CVE-2017-7836 (bmo#1401339)
+    Pingsender dynamically loads libcurl on Linux and OS X
+  * CVE-2017-7837 (bmo#1325923)
+    SVG loaded as <img> can use meta tags to set cookies
+  * CVE-2017-7838 (bmo#1399540)
+    Failure of individual decoding of labels in international domain
+    names triggers punycode display of entire IDN
+  * CVE-2017-7839 (bmo#1402896)
+    Control characters before javascript: URLs defeats self-XSS
+    prevention mechanism
+  * CVE-2017-7840 (bmo#1366420)
+    Exported bookmarks do not strip script elements from user-supplied
+    tags
+  * CVE-2017-7842 (bmo#1397064)
+    Referrer Policy is not always respected for <link> elements
+  * CVE-2017-7827
+    Memory safety bugs fixed in Firefox 57
+  * CVE-2017-7826
+    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
 - requires NSPR 4.17, NSS 3.33 and rustc 1.19
 - rebased patches
 - added mozilla-bindgen-systemlibs.patch to allow stylo build
mozilla