--- a/MozillaFirefox/MozillaFirefox.changes Wed May 15 19:43:42 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Thu May 23 09:16:13 2019 +0200
@@ -1,5 +1,5 @@
-------------------------------------------------------------------
-Tue May 14 10:34:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
@@ -19,6 +19,56 @@
own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts
* Enabled AV1 support on Linux
+ MFSA 2019-13
+ * CVE-2019-9815 (bmo#1546544)
+ Disable hyperthreading on content JavaScript threads on macOS
+ * CVE-2019-9816 (bmo#1536768)
+ Type confusion with object groups and UnboxedObjects
+ * CVE-2019-9817 (bmo#1540221)
+ Stealing of cross-domain images using canvas
+ * CVE-2019-9818 (bmo#1542581) (Windows only)
+ Use-after-free in crash generation server
+ * CVE-2019-9819 (bmo#1532553)
+ Compartment mismatch with fetch API
+ * CVE-2019-9820 (bmo#1536405)
+ Use-after-free of ChromeEventHandler by DocShell
+ * CVE-2019-9821 (bmo#1539125)
+ Use-after-free in AssertWorkerThread
+ * CVE-2019-11691 (bmo#1542465)
+ Use-after-free in XMLHttpRequest
+ * CVE-2019-11692 (bmo#1544670)
+ Use-after-free removing listeners in the event listener manager
+ * CVE-2019-11693 (bmo#1532525)
+ Buffer overflow in WebGL bufferdata on Linux
+ * CVE-2019-7317 (bmo#1542829)
+ Use-after-free in png_image_free of libpng library
+ * CVE-2019-11694 (bmo#1534196) (Windows only)
+ Uninitialized memory memory leakage in Windows sandbox
+ * CVE-2019-11695 (bmo#1445844)
+ Custom cursor can render over user interface outside of web content
+ * CVE-2019-11696 (bmo#1392955)
+ Java web start .JNLP files are not recognized as executable files
+ for download prompts
+ * CVE-2019-11697 (bmo#1440079)
+ Pressing key combinations can bypass installation prompt delays and
+ install extensions
+ * CVE-2019-11698 (bmo#1543191)
+ Theft of user history data through drag and drop of hyperlinks
+ to and from bookmarks
+ * CVE-2019-11700 (bmo#1549833) (Windows only)
+ res: protocol can be used to open known local files
+ * CVE-2019-11699 (bmo#1528939)
+ Incorrect domain name highlighting during page navigation
+ * CVE-2019-11701 (bmo#1518627)
+ webcal: protocol default handler loads vulnerable web page
+ * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
+ bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
+ Memory safety bugs fixed in Firefox 67
+ * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
+ bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
+ bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
+ bmo#1532465, bmo#1533554, bmo#1541580)
+ Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
* rust/cargo >= 1.32
* mozilla-nspr >= 4.21
@@ -28,6 +78,12 @@
- KDE integration for default browser detection is broken in this revision
-------------------------------------------------------------------
+Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix armv7 build with:
+ * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+
+-------------------------------------------------------------------
Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
- Mozilla Firefox 66.0.5