Revisions of MozillaFirefox
Dominique Leuenberger (dimstar_suse)
accepted
request 601060
from
Wolfgang Rosenauer (wrosenauer)
(revision 269)
Dominique Leuenberger (dimstar_suse)
accepted
request 591686
from
Wolfgang Rosenauer (wrosenauer)
(revision 268)
Dominique Leuenberger (dimstar_suse)
accepted
request 588116
from
Wolfgang Rosenauer (wrosenauer)
(revision 267)
yet another small tweak to have really all fixes in place also for ARM (libtremor) which was left out from the upstream Firefox tag (and only applied to the Fennec one) - update to Firefox 59.0.1 (bsc#1085671) MFSA 2018-08 * CVE-2018-5146 (bmo#1446062) Vorbis audio processing out of bounds write * CVE-2018-5147 (bmo#1446365) Out of bounds memory write in libtremor (mozilla-bmo1446062.patch) - Added patch: * mozilla-bmo1005535.patch: Enable skia_gpu on big endian platforms. - update to Firefox 59.0 * Performance enhancements * Drag-and-drop to rearrange Top Sites on the Firefox Home page * added features for Firefox Screenshots * Enhanced WebExtensions API * Improved RTC capabilities MFSA 2018-06 (bsc#1085130) * CVE-2018-5127 (bmo#1430557) Buffer overflow manipulating SVG animatedPathSegList * CVE-2018-5128 (bmo#1431336) Use-after-free manipulating editor selection ranges * CVE-2018-5129 (bmo#1428947) Out-of-bounds write with malformed IPC messages * CVE-2018-5130 (bmo#1433005) Mismatched RTP payload type can trigger memory corruption * CVE-2018-5131 (bmo#1440775) Fetch API improperly returns cached copies of no-store/no-cache resources * CVE-2018-5132 (bmo#1408194)
Dominique Leuenberger (dimstar_suse)
accepted
request 574857
from
Wolfgang Rosenauer (wrosenauer)
(revision 266)
Dominique Leuenberger (dimstar_suse)
accepted
request 573290
from
Wolfgang Rosenauer (wrosenauer)
(revision 265)
Dominique Leuenberger (dimstar_suse)
accepted
request 563240
from
Wolfgang Rosenauer (wrosenauer)
(revision 264)
This should hopefully fix the build issue with latest rust in staging. - fixed build with latest rust (mozilla-rust-1.23.patch)
Dominique Leuenberger (dimstar_suse)
accepted
request 561754
from
Wolfgang Rosenauer (wrosenauer)
(revision 263)
- update to Firefox 57.0.4 MFSA 2018-1: Speculative execution side-channel attack ("Spectre") (boo#1074723) - fixed regression introduced Oct 10th which made Firefox crash when cancelling the KDE file dialog (boo#1069962) - Mozilla Firefox 57.0.3: * Fix a crash reporting issue that inadvertently sends background tab crash reports to Mozilla without user opt-in (bmo#1427111, bsc#1074235) - Includes changes from 57.0.2: * fixes for platforms other than GNU/Linux
Dominique Leuenberger (dimstar_suse)
accepted
request 555866
from
Wolfgang Rosenauer (wrosenauer)
(revision 262)
- Explicitly buildrequires python2-xml: The build system relies on it. We wrongly relied on other packages pulling it in for us. - Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as 'the main packages version'. * CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (bsc#1072034, bmo#1410106) * CVE-2017-7844: Visited history information leak through SVG image (bsc#1072036, bmo#1420001)
Dominique Leuenberger (dimstar_suse)
accepted
request 547925
from
Wolfgang Rosenauer (wrosenauer)
(revision 261)
- update to Firefox 57.0.1 * Fix a video color distortion issue on YouTube and other video sites with some AMD devices (bmo#1417442) * Fix an issue with prefs.js when the profile path has non-ascii characters (bmo#1420427)
Dominique Leuenberger (dimstar_suse)
accepted
request 545695
from
Wolfgang Rosenauer (wrosenauer)
(revision 260)
- Add mozilla-bmo1360278.patch Starting with Firefox 57, the context menu appears on key press. This patch creates a config entry to restore the old behaviour. Without the patch, the mouse gesture extensions require 2 clicks to work (bmo#1360278). The new config entry is named ui.context_menus.after_mouseup (default : false). - Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled widget.allow-client-side-decoration=true (mozilla-bmo1399611-csd.patch)
Dominique Leuenberger (dimstar_suse)
accepted
request 541950
from
Wolfgang Rosenauer (wrosenauer)
(revision 259)
- update to Firefox 57.0 (boo#1068101) * Firefox Quantum * Photon UI * Unified address and search bar * AMD VP9 hardware video decoder support * Added support for Date/Time input * stricter security sandbox blocking filesystem reading and writing on Linux systems * middle mouse paste in the content area no longer navigates to URLs by default on Unix systems MFSA 2017-24 * CVE-2017-7828 (bmo#1406750. bmo#1412252) Use-after-free of PressShell while restyling layout * CVE-2017-7830 (bmo#1408990) Cross-origin URL information leak through Resource Timing API * CVE-2017-7831 (bmo#1392026) Information disclosure of exposed properties on JavaScript proxy objects * CVE-2017-7832 (bmo#1408782) Domain spoofing through use of dotless 'i' character followed by accent markers * CVE-2017-7833 (bmo#1370497) Domain spoofing with Arabic and Indic vowel marker characters * CVE-2017-7834 (bmo#1358009) data: URLs opened in new tabs bypass CSP protections * CVE-2017-7835 (bmo#1402363) Mixed content blocking incorrectly applies with redirects * CVE-2017-7836 (bmo#1401339) Pingsender dynamically loads libcurl on Linux and OS X * CVE-2017-7837 (bmo#1325923)
Dominique Leuenberger (dimstar_suse)
accepted
request 530307
from
Wolfgang Rosenauer (wrosenauer)
(revision 258)
- Correct plugin directory for aarch64 (boo#1061207). The wrapper script was not detecting aarch64 as a 64 bit architecture, thus used /usr/lib/browser-plugins/. - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0), pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0), pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure looks for. - update to Firefox 56.0 (boo#1060445) * Firefox Screenshots * Find Options/Preferences more quickly with new search function * Media is no longer auto-played when opened in a background tab * Enable CSS Grid Layout View MFSA 2017-21 * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API * CVE-2017-7817 (bmo#1356596) (Android-only) Firefox for Android address bar spoofing through fullscreen mode * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes * CVE-2017-7812 (bmo#1379842) Drag and drop of malicious page content to the tab bar can open locally stored files * CVE-2017-7814 (bmo#1376036)
Yuchen Lin (maxlin_factory)
accepted
request 515337
from
Wolfgang Rosenauer (wrosenauer)
(revision 257)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 510206
from
Wolfgang Rosenauer (wrosenauer)
(revision 256)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 503675
from
Wolfgang Rosenauer (wrosenauer)
(revision 255)
- update to Firefox 52.2esr (boo#1043960) MFSA 2017-16 * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only)
Dominique Leuenberger (dimstar_suse)
accepted
request 498129
from
Wolfgang Rosenauer (wrosenauer)
(revision 254)
- remove -fno-inline-small-functions and explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
Dominique Leuenberger (dimstar_suse)
accepted
request 493642
from
Wolfgang Rosenauer (wrosenauer)
(revision 253)
- update to Firefox 52.1.1 MFSA 2017-14 * CVE-2017-5031: Use after free in ANGLE (bmo#1328762) (Windows only, Linux not affected) - switch to Mozilla's geolocation service (boo#1026989) - removed mozilla-preferences.patch obsoleted by overriding via firefox.js - fixed KDE integration to avoid crash caused by filepicker (boo#1015998)
Dominique Leuenberger (dimstar_suse)
accepted
request 491715
from
Factory Maintainer (factory-maintainer)
(revision 252)
Automatic submission by obs-autosubmit
Yuchen Lin (maxlin_factory)
accepted
request 485000
from
Wolfgang Rosenauer (wrosenauer)
(revision 251)
- update to Firefox 52.0.2 * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787) * Fix loading tab icons on session restore (bmo#1338009) * Fix a crash on startup on Linux (bmo#1345413) * Fix new installs erroneously not prompting to change the default browser setting (bmo#1343938)
Dominique Leuenberger (dimstar_suse)
accepted
request 481555
from
Wolfgang Rosenauer (wrosenauer)
(revision 250)
hopefully last iteration (let's see what the i586 builds are doing :-() - disable rust usage for everything but x86(-64) - explicitely add libffi build requirement - update to Firefox 52.0.1 (boo#1029822) MFSA 2017-08 CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) - reenable ALSA support which was removed by default upstream - update to Firefox 52.0 (boo#1028391) * requires NSS >= 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations
Displaying revisions 161 - 180 of 429