Overview
Request 586496 superseded
- update to Firefox 59.0
* Performance enhancements
* Drag-and-drop to rearrange Top Sites on the Firefox Home page
* added features for Firefox Screenshots
* Enhanced WebExtensions API
* Improved RTC capabilities
MFSA 2018-06 (bsc#1085130)
* CVE-2018-5127 (bmo#1430557)
Buffer overflow manipulating SVG animatedPathSegList
* CVE-2018-5128 (bmo#1431336)
Use-after-free manipulating editor selection ranges
* CVE-2018-5129 (bmo#1428947)
Out-of-bounds write with malformed IPC messages
* CVE-2018-5130 (bmo#1433005)
Mismatched RTP payload type can trigger memory corruption
* CVE-2018-5131 (bmo#1440775)
Fetch API improperly returns cached copies of no-store/no-cache resources
* CVE-2018-5132 (bmo#1408194)
WebExtension Find API can search privileged pages
* CVE-2018-5133 (bmo#1430511, bmo#1430974)
Value of the app.support.baseURL preference is not properly sanitized
* CVE-2018-5134 (bmo#1429379)
WebExtensions may use view-source: URLs to bypass content restrictions
* CVE-2018-5135 (bmo#1431371)
WebExtension browserAction can inject scripts into unintended contexts
* CVE-2018-5136 (bmo#1419166)
Same-origin policy violation with data: URL shared workers
* CVE-2018-5137 (bmo#1432870)
Script content can access legacy extension non-contentaccessible resources
* CVE-2018-5138 (bmo#1432624) (Android only)
- Created by wrosenauer
- In state superseded
- Superseded by 588012
- Open review for legal-auto
- Open review for repo-checker
- Open review for openSUSE:Factory:Staging:H
Request History
wrosenauer created request
- update to Firefox 59.0
* Performance enhancements
* Drag-and-drop to rearrange Top Sites on the Firefox Home page
* added features for Firefox Screenshots
* Enhanced WebExtensions API
* Improved RTC capabilities
MFSA 2018-06 (bsc#1085130)
* CVE-2018-5127 (bmo#1430557)
Buffer overflow manipulating SVG animatedPathSegList
* CVE-2018-5128 (bmo#1431336)
Use-after-free manipulating editor selection ranges
* CVE-2018-5129 (bmo#1428947)
Out-of-bounds write with malformed IPC messages
* CVE-2018-5130 (bmo#1433005)
Mismatched RTP payload type can trigger memory corruption
* CVE-2018-5131 (bmo#1440775)
Fetch API improperly returns cached copies of no-store/no-cache resources
* CVE-2018-5132 (bmo#1408194)
WebExtension Find API can search privileged pages
* CVE-2018-5133 (bmo#1430511, bmo#1430974)
Value of the app.support.baseURL preference is not properly sanitized
* CVE-2018-5134 (bmo#1429379)
WebExtensions may use view-source: URLs to bypass content restrictions
* CVE-2018-5135 (bmo#1431371)
WebExtension browserAction can inject scripts into unintended contexts
* CVE-2018-5136 (bmo#1419166)
Same-origin policy violation with data: URL shared workers
* CVE-2018-5137 (bmo#1432870)
Script content can access legacy extension non-contentaccessible resources
* CVE-2018-5138 (bmo#1432624) (Android only)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
staging-bot set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
staging-bot accepted review
Picked openSUSE:Factory:Staging:H
jengelh accepted review
superseded by 588012