Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 951 f7a8fa97a57e
parent 946 34bd1eb1cbd7
child 953 6b282f295753 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Mar 04 17:54:44 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat Mar 18 11:18:01 2017 +0100
@@ -1,16 +1,92 @@
 -------------------------------------------------------------------
-Sat Feb 25 15:19:15 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 52.0b9
-  * requires NSS >= 3.28.2
+Sat Mar 18 10:12:59 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 53.0b4
+  * requires NSS 3.29.3
+  * Lightweight themes are now applied in private browsing windows
+  * Reader Mode now displays estimated reading time for the page
+  * Two new 'compact' themes available in Firefox, dark and light,
+    based on the Firefox Developer Edition theme
+  * Ended Firefox Linux support for processors older than Pentium 4
+    and AMD Opteron
+  * Refresh of the media controls user interface
+  * Shortened titles on tabs are faded out instead of using ellipsis
+    for improved readability
+  * Media playback on new tabs is blocked until the tab is visible
+  * Permission notifications have a cleaner design and cannot be
+    easily missed
+- removed browser(npapi) provides as these plugins are deprecated
+
+-------------------------------------------------------------------
+Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.0.1 (boo#1029822)
+  MFSA 2017-08
+  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
+
+-------------------------------------------------------------------
+Thu Mar  9 12:30:14 UTC 2017 - wr@rosenauer.org
+
+- reenable ALSA support which was removed by default upstream
+
+-------------------------------------------------------------------
+Sat Mar  4 16:57:45 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.0 (boo#1028391)
+  * requires NSS >= 3.28.3
   * Pages containing insecure password fields now display a warning
     directly within username and password fields.
-  * Windows 8 touch screen support for multiprocess Firefox
   * Send and open a tab from one device to another with Sync
   * Removed NPAPI support for plugins other than Flash. Silverlight,
     Java, Acrobat and the like are no longer supported.
   * Removed Battery Status API to reduce fingerprinting of users by
     trackers
+  * MFSA 2017-05
+    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+                   (bmo#1334933)
+    CVE-2017-5401: Memory Corruption when handling ErrorResult
+                   (bmo#1328861)
+    CVE-2017-5402: Use-after-free working with events in FontFace
+                   objects (bmo#1334876)
+    CVE-2017-5403: Use-after-free using addRange to add range to an
+                   incorrect root object (bmo#1340186)
+    CVE-2017-5404: Use-after-free working with ranges in selections
+                   (bmo#1340138)
+    CVE-2017-5406: Segmentation fault in Skia with canvas operations
+                   (bmo#1306890)
+    CVE-2017-5407: Pixel and history stealing via floating-point
+                   timing side channel with SVG filters (bmo#1336622)
+    CVE-2017-5410: Memory corruption during JavaScript garbage
+                   collection incremental sweeping (bmo#1330687)
+    CVE-2017-5408: Cross-origin reading of video captions in violation
+                   of CORS (bmo#1313711)
+    CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
+    CVE-2017-5413: Segmentation fault during bidirectional operations
+                   (bmo#1337504)
+    CVE-2017-5414: File picker can choose incorrect default directory
+                   (bmo#1319370)
+    CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
+    CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
+    CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+                   (bmo#791597)
+    CVE-2017-5426: Gecko Media Plugin sandbox is not started if
+                   seccomp-bpf filter is running (bmo#1257361)
+    CVE-2017-5427: Non-existent chrome.manifest file loaded during
+                   startup (bmo#1295542)
+    CVE-2017-5418: Out of bounds read when parsing HTTP digest
+                   authorization responses (bmo#1338876)
+    CVE-2017-5419: Repeated authentication prompts lead to DOS
+                   attack (bmo#1312243)
+    CVE-2017-5420: Javascript: URLs can obfuscate addressbar
+                   location (bmo#1284395)
+    CVE-2017-5405: FTP response codes can cause use of
+                   uninitialized values for ports (bmo#1336699)
+    CVE-2017-5421: Print preview spoofing (bmo#1301876)
+    CVE-2017-5422: DOS attack by using view-source: protocol
+                   repeatedly in one hyperlink (bmo#1295002)
+    CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
+                   Firefox ESR 45.8
 - removed obsolete patches
   * mozilla-binutils-visibility.patch
   * mozilla-check_return.patch
mozilla