Overview
Request 637781 accepted
- Mozilla Firefox 62.0.2:
MFSA 2018-22
* CVE-2018-12385 (boo#1109363, bmo#1490585)
Crash in TransportSecurityInfo due to cached data
* Unvisited bookmarks can once again be autofilled in the address
bar
* Fix WebGL rendering issues
* Fix fallback on startup when a language pack is missing
* Avoid crash when sharing a profile with newer (as yet
unreleased) versions of Firefox
* Do not undo removal of search engines when using a language
pack
* Fixed rendering of some web sites
* Restored compatibility with some sites using deprecated TLS
settings
- disable rust debug symbols to fix build on %ix86
- update to Firefox 62.0
* Firefox Home (the default New Tab) now allows users to display
up to 4 rows of top sites, Pocket stories, and highlights
* "Reopen in Container" tab menu option appears for users with
Containers that lets them choose to reopen a tab in a different
container
* In advance of removing all trust for Symantec-issued certificates
in Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
* Support for CSS Shapes, allowing for richer web page layouts.
This goes hand in hand with a brand new Shape Path Editor in the
CSS inspector.
* CSS Variable Fonts (OpenType Font Variations) support, which makes
it possible to create beautiful typography with a single font file
* Added Canadian English (en-CA) locale
MFSA 2018-20 (bsc#1107343)
* CVE-2018-12377 (bmo#1470260)
Use-after-free in refresh driver timers
* CVE-2018-12378 (bmo#1459383)
Use-after-free in IndexedDB
* CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
Out-of-bounds write with malicious MAR file
* CVE-2017-16541 (bmo#1412081)
Proxy bypass using automount and autofs
* CVE-2018-12381 (bmo#1435319)
Dragging and dropping Outlook email message results in page navigation
* CVE-2018-12382 (bmo#1479311) (Android only)
Addressbar spoofing with javascript URI on Firefox for Android
* CVE-2018-12383 (bmo#1475775)
Setting a master password post-Firefox 58 does not delete
unencrypted previously stored passwords
* CVE-2018-12375
Memory safety bugs fixed in Firefox 62
* CVE-2018-12376
Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
- requires NSS >= 3.38
- removed obsolete patch
mozilla-bmo1464766.patch
- Created by wrosenauer
- In state accepted
- Supersedes 637173 637179
Request History
wrosenauer created request
- Mozilla Firefox 62.0.2:
MFSA 2018-22
* CVE-2018-12385 (boo#1109363, bmo#1490585)
Crash in TransportSecurityInfo due to cached data
* Unvisited bookmarks can once again be autofilled in the address
bar
* Fix WebGL rendering issues
* Fix fallback on startup when a language pack is missing
* Avoid crash when sharing a profile with newer (as yet
unreleased) versions of Firefox
* Do not undo removal of search engines when using a language
pack
* Fixed rendering of some web sites
* Restored compatibility with some sites using deprecated TLS
settings
- disable rust debug symbols to fix build on %ix86
- update to Firefox 62.0
* Firefox Home (the default New Tab) now allows users to display
up to 4 rows of top sites, Pocket stories, and highlights
* "Reopen in Container" tab menu option appears for users with
Containers that lets them choose to reopen a tab in a different
container
* In advance of removing all trust for Symantec-issued certificates
in Firefox 63, a preference was added that allows users to distrust
certificates issued by Symantec. To use this preference, go to
about:config in the address bar and set the preference
"security.pki.distrust_ca_policy" to 2.
* Support for CSS Shapes, allowing for richer web page layouts.
This goes hand in hand with a brand new Shape Path Editor in the
CSS inspector.
* CSS Variable Fonts (OpenType Font Variations) support, which makes
it possible to create beautiful typography with a single font file
* Added Canadian English (en-CA) locale
MFSA 2018-20 (bsc#1107343)
* CVE-2018-12377 (bmo#1470260)
Use-after-free in refresh driver timers
* CVE-2018-12378 (bmo#1459383)
Use-after-free in IndexedDB
* CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
Out-of-bounds write with malicious MAR file
* CVE-2017-16541 (bmo#1412081)
Proxy bypass using automount and autofs
* CVE-2018-12381 (bmo#1435319)
Dragging and dropping Outlook email message results in page navigation
* CVE-2018-12382 (bmo#1479311) (Android only)
Addressbar spoofing with javascript URI on Firefox for Android
* CVE-2018-12383 (bmo#1475775)
Setting a master password post-Firefox 58 does not delete
unencrypted previously stored passwords
* CVE-2018-12375
Memory safety bugs fixed in Firefox 62
* CVE-2018-12376
Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
- requires NSS >= 3.38
- removed obsolete patch
mozilla-bmo1464766.patch
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
jengelh accepted review
licensedigger accepted review
ok
staging-bot set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
staging-bot accepted review
Picked openSUSE:Factory:Staging:E
repo-checker accepted review
cycle and install check passed
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory
@dimstar_suse, @factory-repo-checker: review reminder