diff -r 3942c205588b -r a25638dad81d MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Wed May 15 19:43:42 2019 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Thu May 23 09:16:13 2019 +0200 @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Tue May 14 10:34:08 UTC 2019 - Wolfgang Rosenauer +Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer - Mozilla Firefox 67.0 * Firefox 67 will be able to run different Firefox installs side by side @@ -19,6 +19,56 @@ own avatar * Enable FIDO U2F API, and permit registrations for Google Accounts * Enabled AV1 support on Linux + MFSA 2019-13 + * CVE-2019-9815 (bmo#1546544) + Disable hyperthreading on content JavaScript threads on macOS + * CVE-2019-9816 (bmo#1536768) + Type confusion with object groups and UnboxedObjects + * CVE-2019-9817 (bmo#1540221) + Stealing of cross-domain images using canvas + * CVE-2019-9818 (bmo#1542581) (Windows only) + Use-after-free in crash generation server + * CVE-2019-9819 (bmo#1532553) + Compartment mismatch with fetch API + * CVE-2019-9820 (bmo#1536405) + Use-after-free of ChromeEventHandler by DocShell + * CVE-2019-9821 (bmo#1539125) + Use-after-free in AssertWorkerThread + * CVE-2019-11691 (bmo#1542465) + Use-after-free in XMLHttpRequest + * CVE-2019-11692 (bmo#1544670) + Use-after-free removing listeners in the event listener manager + * CVE-2019-11693 (bmo#1532525) + Buffer overflow in WebGL bufferdata on Linux + * CVE-2019-7317 (bmo#1542829) + Use-after-free in png_image_free of libpng library + * CVE-2019-11694 (bmo#1534196) (Windows only) + Uninitialized memory memory leakage in Windows sandbox + * CVE-2019-11695 (bmo#1445844) + Custom cursor can render over user interface outside of web content + * CVE-2019-11696 (bmo#1392955) + Java web start .JNLP files are not recognized as executable files + for download prompts + * CVE-2019-11697 (bmo#1440079) + Pressing key combinations can bypass installation prompt delays and + install extensions + * CVE-2019-11698 (bmo#1543191) + Theft of user history data through drag and drop of hyperlinks + to and from bookmarks + * CVE-2019-11700 (bmo#1549833) (Windows only) + res: protocol can be used to open known local files + * CVE-2019-11699 (bmo#1528939) + Incorrect domain name highlighting during page navigation + * CVE-2019-11701 (bmo#1518627) + webcal: protocol default handler loads vulnerable web page + * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159, + bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) + Memory safety bugs fixed in Firefox 67 + * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136, + bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, + bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, + bmo#1532465, bmo#1533554, bmo#1541580) + Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - requires * rust/cargo >= 1.32 * mozilla-nspr >= 4.21 @@ -28,6 +78,12 @@ - KDE integration for default browser detection is broken in this revision ------------------------------------------------------------------- +Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET + +- Fix armv7 build with: + * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch + +------------------------------------------------------------------- Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein - Mozilla Firefox 66.0.5