diff -r 2faa589360df -r 8df86bf11fc1 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun Nov 15 09:35:28 2020 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Dec 10 14:36:59 2020 +0100 @@ -1,7 +1,85 @@ ------------------------------------------------------------------- +Sat Nov 21 08:12:17 UTC 2020 - Kirill Kirillov + +- Add/Enable GNOME search provider + +------------------------------------------------------------------- +Sun Nov 15 12:16:53 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 83.0 + * major update for SpiderMonkey improving performance significantly + * optional HTTPS-Only mode + * more improvements + https://www.mozilla.org/en-US/firefox/83.0/releasenotes/ + MFSA 2020-50 (bsc#1178824)) + * CVE-2020-26951 (bmo#1667113) + Parsing mismatches could confuse and bypass security + sanitizer for chrome privileged code + * CVE-2020-26952 (bmo#1667685) + Out of memory handling of JITed, inlined functions could lead + to a memory corruption + * CVE-2020-16012 (bmo#1642028) + Variable time processing of cross-origin images during + drawImage calls + * CVE-2020-26953 (bmo#1656741) + Fullscreen could be enabled without displaying the security UI + * CVE-2020-26954 (bmo#1657026) + Local spoofing of web manifests for arbitrary pages in + Firefox for Android + * CVE-2020-26955 (bmo#1663261) + Cookies set during file downloads are shared between normal + and Private Browsing Mode in Firefox for Android + * CVE-2020-26956 (bmo#1666300) + XSS through paste (manual and clipboard API) + * CVE-2020-26957 (bmo#1667179) + OneCRL was not working in Firefox for Android + * CVE-2020-26958 (bmo#1669355) + Requests intercepted through ServiceWorkers lacked MIME type + restrictions + * CVE-2020-26959 (bmo#1669466) + Use-after-free in WebRequestService + * CVE-2020-26960 (bmo#1670358) + Potential use-after-free in uses of nsTArray + * CVE-2020-15999 (bmo#1672223) + Heap buffer overflow in freetype + * CVE-2020-26961 (bmo#1672528) + DoH did not filter IPv4 mapped IP Addresses + * CVE-2020-26962 (bmo#610997) + Cross-origin iframes supported login autofill + * CVE-2020-26963 (bmo#1314912) + History and Location interfaces could have been used to hang + the browser + * CVE-2020-26964 (bmo#1658865) + Firefox for Android's Remote Debugging via USB could have + been abused by untrusted apps on older versions of Android + * CVE-2020-26965 (bmo#1661617) + Software keyboards may have remembered typed passwords + * CVE-2020-26966 (bmo#1663571) + Single-word search queries were also broadcast to local + network + * CVE-2020-26967 (bmo#1665820) + Mutation Observers could break or confuse Firefox Screenshots + feature + * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, + bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, + bmo#1671923) + Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 + * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872, + bmo#1668876) + Memory safety bugs fixed in Firefox 83 +- requires + NSS >= 3.58 + nodejs >= 10.22.1 +- removed obsolete mozilla-ppc-altivec_static_inline.patch +- disable LTO on TW because of ICEs in gcc + +------------------------------------------------------------------- Mon Nov 9 10:15:52 UTC 2020 - Wolfgang Rosenauer - Mozilla Firefox 82.0.3 + MSFA 2020-49 + * CVE-2020-26950 (bmo#1675905) + Write side effects in MCallGetProperty opcode not accounted for ------------------------------------------------------------------- Mon Nov 2 09:00:13 UTC 2020 - Wolfgang Rosenauer @@ -10,6 +88,11 @@ * few bugfixes for introduced regressions ------------------------------------------------------------------- +Sun Nov 1 20:15:17 UTC 2020 - Kirill Kirillov + +- Enable GNOME search provider + +------------------------------------------------------------------- Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer - Mozilla Firefox 82.0