Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 445658
from
Wolfgang Rosenauer (wrosenauer)
(revision 248)
- update to Firefox 50.1.0 (boo#1015422) * MFSA 2016-94 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements (bmo#1317409) CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees (bmo#1314442) CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs (bmo#1319122) CVE-2016-9904: Cross-origin information leak in shared atoms (bmo#1317936) CVE-2016-9901: Data from Pocket server improperly sanitized before execution (bmo#1320057) CVE-2016-9902: Pocket extension does not validate the origin of events (bmo#1320039) CVE-2016-9903: XSS injection vulnerability in add-ons SDK (bmo#1315435) CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
Dominique Leuenberger (dimstar_suse)
accepted
request 443072
from
Wolfgang Rosenauer (wrosenauer)
(revision 247)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 440442
from
Wolfgang Rosenauer (wrosenauer)
(revision 246)
- update to Firefox 50.0 (boo#1009026) * requires NSS 3.26.2 new features * Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R * Added option to Find in page that allows users to limit search to whole words only * Added download protection for a large number of executable file types on Windows, Mac and Linux * Fixed rendering of dashed and dotted borders with rounded corners (border-radius) * Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux) * Blocked versions of libavcodec older than 54.35.1 * additional locale security fixes: * MFSA 2016-89 CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) CVE-2016-5292: URL parsing causes crash (bmo#1288482) CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log hardlink (Windows only) (bmo#1246945) CVE-2016-5294: Arbitrary target directory for result files of update process (Windows only) (bmo#1246972) CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) CVE-2016-9064: Addons update must verify IDs match between
Dominique Leuenberger (dimstar_suse)
accepted
request 437097
from
Wolfgang Rosenauer (wrosenauer)
(revision 245)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 435748
from
Wolfgang Rosenauer (wrosenauer)
(revision 244)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 429909
from
Wolfgang Rosenauer (wrosenauer)
(revision 243)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 423950
from
Wolfgang Rosenauer (wrosenauer)
(revision 242)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 420732
from
Wolfgang Rosenauer (wrosenauer)
(revision 241)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 417434
from
Wolfgang Rosenauer (wrosenauer)
(revision 240)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 414919
from
Wolfgang Rosenauer (wrosenauer)
(revision 239)
- Fix Firefox crash on startup on i586 (boo#986541): * Add -fno-delete-null-pointer-checks and -fno-inline-small-functions to CFLAGS - Update the appdata.xml file (replace Windows XP screenshot)
Dominique Leuenberger (dimstar_suse)
accepted
request 405482
from
Wolfgang Rosenauer (wrosenauer)
(revision 238)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 400713
from
Wolfgang Rosenauer (wrosenauer)
(revision 237)
- update to Firefox 47.0 (boo#983549) * Enable VP9 video codec for users with fast machines * Embedded YouTube videos now play with HTML5 video if Flash is not installed * View and search open tabs from your smartphone or another computer in a sidebar * Allow no-cache on back/forward navigations for https resources security fixes: * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 (boo#983638) (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, bmo#1269729, bmo#1273202, bmo#1273701) Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) Buffer overflow parsing HTML5 fragments * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) Use-after-free deleting tables from a contenteditable document * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) Addressbar spoofing though the SELECT element * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) Out-of-bounds write with WebGL shader * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) Partial same-origin-policy through setting location.host through data URI * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) Use-after-free when textures are used in WebGL operations after recycle pool destruction
Dominique Leuenberger (dimstar_suse)
accepted
request 398146
from
Wolfgang Rosenauer (wrosenauer)
(revision 236)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 397000
from
Wolfgang Rosenauer (wrosenauer)
(revision 235)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 395587
from
Wolfgang Rosenauer (wrosenauer)
(revision 234)
- update to Firefox 46.0.1 Fixed: * Search plugin issue for various locales * Add-on signing certificate expiration * Service worker update issue * Build issue when jit is disabled * Limit Sync registration updates - removed now obsolete mozilla-jit_branch64.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 393514
from
Wolfgang Rosenauer (wrosenauer)
(revision 233)
- add mozilla-jit_branch64.patch to avoid PowerPC build failure (from bmo#1266366) - Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest version from Fedora). - update to Firefox 46.0 (boo#977333) * Improved security of the JavaScript Just In Time (JIT) Compiler * WebRTC fixes to improve performance and stability * Added support for document.elementsFromPoint * Added HKDF support for Web Crypto API * requires NSPR 4.12 and NSS 3.22.3 * added patch to fix unchecked return value mozilla-check_return.patch * Gtk3 builds not supported at the moment security fixes: * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 (boo#977373, boo#977375, boo#977376) Miscellaneous memory safety hazards * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) Privilege escalation through file deletion by Maintenance Service updater (Windows only) * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) Content provider permission bypass allows malicious application to access data (Android only) * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776, boo#977379) Use-after-free and buffer overflow in Service Workers * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) Disclosure of user actions through JavaScript with motion and
Dominique Leuenberger (dimstar_suse)
accepted
request 388302
from
Wolfgang Rosenauer (wrosenauer)
(revision 232)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 380049
from
Factory Maintainer (factory-maintainer)
(revision 231)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 368778
from
Wolfgang Rosenauer (wrosenauer)
(revision 230)
- update to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
Dominique Leuenberger (dimstar_suse)
accepted
request 362048
from
Wolfgang Rosenauer (wrosenauer)
(revision 229)
- fix build problems on i586, caused by too large unified compile units - adding mozilla-reduce-files-per-UnifiedBindings.patch - update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942)
Displaying revisions 181 - 200 of 428