--- a/MozillaFirefox/MozillaFirefox.changes	Tue Jan 23 22:04:56 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Tue Jan 23 22:05:20 2018 +0100
@@ -1,10 +1,79 @@
 -------------------------------------------------------------------
-Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org
-
-- update to Firefox 58.0b15
+Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0 (bsc#1077291)
   * Added Nepali (ne-NP) locale
   * Added support for form autofill for credit card
   * Optimize page load by caching JavaScript internal representation
+  MFSA 2018-02
+  * CVE-2018-5091 (bmo#1423086)
+    Use-after-free with DTMF timers
+  * CVE-2018-5092 (bmo#1418074)
+    Use-after-free in Web Workers
+  * CVE-2018-5093 (bmo#1415291)
+    Buffer overflow in WebAssembly during Memory/Table resizing
+  * CVE-2018-5094 (bmo#1415883)
+    Buffer overflow in WebAssembly with garbage collection on
+    uninitialized memory
+  * CVE-2018-5095 (bmo#1418447)
+    Integer overflow in Skia library during edge builder allocation
+  * CVE-2018-5097 (bmo#1387427)
+    Use-after-free when source document is manipulated during XSLT
+  * CVE-2018-5098 (bmo#1399400)
+    Use-after-free while manipulating form input elements
+  * CVE-2018-5099 (bmo#1416878)
+    Use-after-free with widget listener
+  * CVE-2018-5100 (bmo#1417405)
+    Use-after-free when IsPotentiallyScrollable arguments are freed
+    from memory
+  * CVE-2018-5101 (bmo#1417661)
+    Use-after-free with floating first-letter style elements
+  * CVE-2018-5102 (bmo#1419363)
+    Use-after-free in HTML media elements
+  * CVE-2018-5103 (bmo#1423159)
+    Use-after-free during mouse event handling
+  * CVE-2018-5104 (bmo#1425000)
+    Use-after-free during font face manipulation
+  * CVE-2018-5105 (bmo#1390882)
+    WebExtensions can save and execute files on local file system
+    without user prompts
+  * CVE-2018-5106 (bmo#1408708)
+    Developer Tools can expose style editor information cross-origin
+    through service worker
+  * CVE-2018-5107 (bmo#1379276)
+    Printing process will follow symlinks for local file access
+  * CVE-2018-5108 (bmo#1421099)
+    Manually entered blob URL can be accessed by subsequent private browsing tabs
+  * CVE-2018-5109 (bmo#1405599)
+    Audio capture prompts and starts with incorrect origin attribution
+  * CVE-2018-5110 (bmo#1423275) (affects only OS X)
+    Cursor can be made invisible on OS X
+  * CVE-2018-5111 (bmo#1321619)
+    URL spoofing in addressbar through drag and drop
+  * CVE-2018-5112 (bmo#1425224)
+    Extension development tools panel can open a non-relative URL in the panel
+  * CVE-2018-5113 (bmo#1425267)
+    WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
+  * CVE-2018-5114 (bmo#1421324)
+    The old value of a cookie changed to HttpOnly remains accessible to scripts
+  * CVE-2018-5115 (bmo#1409449)
+    Background network requests can open HTTP authentication in unrelated foreground tabs
+  * CVE-2018-5116 (bmo#1396399)
+    WebExtension ActiveTab permission allows cross-origin frame content access
+  * CVE-2018-5117 (bmo#1395508)
+    URL spoofing with right-to-left text aligned left-to-right
+  * CVE-2018-5118 (bmo#1420049)
+    Activity Stream images can attempt to load local content through file:
+  * CVE-2018-5119 (bmo#1420507)
+    Reader view will load cross-origin content in violation of CORS headers
+  * CVE-2018-5121 (bmo#1402368) (affects only OS X)
+    OS X Tibetan characters render incompletely in the addressbar
+  * CVE-2018-5122 (bmo#1413841)
+    Potential integer overflow in DoCrypt
+  * CVE-2018-5090
+    Memory safety bugs fixed in Firefox 58
+  * CVE-2018-5089
+    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
 - requires NSS 3.34.1
 - requires rust 1.21
 - removed obsolete patches: