--- a/MozillaFirefox/firefox-esr.changes Mon Jun 24 12:09:20 2013 +0200
+++ b/MozillaFirefox/firefox-esr.changes Sat Sep 14 21:02:47 2013 +0200
@@ -1,7 +1,47 @@
-------------------------------------------------------------------
+Wed Sep 11 18:43:15 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 17.0.9esr (bnc#)
+
+-------------------------------------------------------------------
+Fri Aug 2 09:58:06 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 17.0.8esr (bnc#833389)
+ * MFSA 2013-63/CVE-2013-1701
+ Miscellaneous memory safety hazards
+ * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+ Document URI misrepresentation and masquerading
+ * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+ CRMF requests allow for code execution and XSS attacks
+ * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+ Wrong principal used for validating URI for some Javascript
+ components
+ * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+ Same-origin bypass with web workers and XMLHttpRequest
+ * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+ Local Java applets may read contents of local file system
+
+-------------------------------------------------------------------
Wed Jun 19 21:05:21 UTC 2013 - wr@rosenauer.org
-- update to Firefox 17.0.7esr (bnc#)
+- update to Firefox 17.0.7esr (bnc#825935)
+ * MFSA 2013-49/CVE-2013-1682
+ Miscellaneous memory safety hazards
+ * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+ Memory corruption found using Address Sanitizer
+ * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+ Privileged content access and execution via XBL
+ * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+ Execution of unmapped memory through onreadystatechange event
+ * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+ Data in the body of XHR HEAD requests leads to CSRF attacks
+ * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+ SVG filters can lead to information disclosure
+ * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+ PreserveWrapper has inconsistent behavior
+ * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+ XrayWrappers can be bypassed to run user defined methods in a
+ privileged context
-------------------------------------------------------------------
Fri May 10 11:44:50 UTC 2013 - wr@rosenauer.org