--- a/MozillaFirefox/MozillaFirefox.changes Mon Oct 29 15:14:41 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Thu Nov 08 17:56:27 2018 +0100
@@ -1,4 +1,15 @@
-------------------------------------------------------------------
+Thu Nov 8 14:59:13 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 63.0.1
+ * Snippets are not loaded due to missing element (bmo#1503047)
+ * Print preview always shows 30& scale when it is actually
+ Shrink To Fit (bmo#1501952)
+ * Dialog displayed when closing multiple windows shows unreplaced
+ %1$S placeholder in Japanese and potentially other locales
+ (bmo#1500823)
+
+-------------------------------------------------------------------
Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org
- update to Firefox 63.0
@@ -8,7 +19,41 @@
default behavior is activated only in new profiles and can be
changed in preferences.
* Added support for Web Components custom elements and shadow DOM
+ MFSA 2018-26 (bsc#1112852)
+ * CVE-2018-12391 (bmo#1478843) (Android-only)
+ HTTP Live Stream audio data is accessible cross-origin
+ * CVE-2018-12392 (bmo#1492823)
+ Crash with nested event loops
+ * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
+ Integer overflow during Unicode conversion while loading JavaScript
+ * CVE-2018-12395 (bmo#1467523)
+ WebExtension bypass of domain restrictions through header rewriting
+ * CVE-2018-12396 (bmo#1483602)
+ WebExtension content scripts can execute in disallowed contexts
+ * CVE-2018-12397 (bmo#1487478)
+ Missing warning prompt when WebExtension requests local file access
+ * CVE-2018-12398 (bmo#1460538, bmo#1488061)
+ CSP bypass through stylesheet injection in resource URIs
+ * CVE-2018-12399 (bmo#1490276)
+ Spoofing of protocol registration notification bar
+ * CVE-2018-12400 (bmo#1448305) (Android only)
+ Favicons are cached in private browsing mode on Firefox for Android
+ * CVE-2018-12401 (bmo#1422456)
+ DOS attack through special resource URI parsing
+ * CVE-2018-12402 (bmo#1469916)
+ SameSite cookies leak when pages are explicitly saved
+ * CVE-2018-12403 (bmo#1484753)
+ Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
+ * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
+ bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
+ Memory safety bugs fixed in Firefox 63
+ * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
+ bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
+ bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
+ bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
+ Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- requires NSPR 4.20, NSS 3.39 and Rust 1.28
+- latest rust does not provide rust-std so stop requiring it
-------------------------------------------------------------------
Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org