------------------------------------------------------------------- Tue Mar 10 12:36:01 UTC 2020 - Martin Sirringhaus - Firefox Extended Support Release 68.6.0 ESR (bsc#1166238) * Fixed: Various stability and security fixes MFSA 2020-09 (bsc#1132665) * CVE-2020-6805 (bmo#1610880) Use-after-free when removing data about origins * CVE-2020-6806 (bmo#1612308) BodyStream::OnInputStreamReady was missing protections against state confusion * CVE-2020-6807 (bmo#1614971) Use-after-free in cubeb during stream destruction * CVE-2020-6811 (bmo#1607742) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2019-20503 (bmo#1613765) Out of bounds reads in sctp_load_addresses_from_init * CVE-2020-6812 (bmo#1616661) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636, bmo#1614339) Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 ------------------------------------------------------------------- Tue Feb 11 18:43:44 UTC 2020 - Charles Robertson - Firefox Extended Support Release 68.5.0 ESR * Fixed: Various stability and security fixes - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 ------------------------------------------------------------------- Tue Jan 21 11:49:52 UTC 2020 - Martin Sirringhaus - Firefox Extended Support Release 68.4.2 ESR * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) ------------------------------------------------------------------- Thu Jan 9 06:37:13 UTC 2020 - Martin Sirringhaus - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement ------------------------------------------------------------------- Tue Jan 7 14:28:41 UTC 2020 - Martin Sirringhaus - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 - Removed patch that is now upstream: mozilla-bmo1511604.patch - Added patch to fix broken URL-bar on s390x: mozilla-bmo1602730.patch ------------------------------------------------------------------- Tue Dec 3 14:00:28 UTC 2019 - Martin Sirringhaus - Firefox Extended Support Release 68.3.0 ESR * Changed: Updates to improve performance and stability MFSA 2019-37 (bsc#1158328) * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-11745 (bmo#1586176) Out of bounds write in NSS when encrypting with a block cipher * CVE-2019-17009 (bmo#1510494) Updater temporary files accessible to unprivileged processes * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 ------------------------------------------------------------------- Tue Nov 19 12:41:44 UTC 2019 - Martin Sirringhaus - Add patch mozilla-bmo849632.patch to partially fix broken webGL sites on big endian machines (wrong colors) - Replace source-stamp.txt with tar_stamps - Reference create-tar.sh by direct commit-hash in the spec-file ------------------------------------------------------------------- Tue Nov 5 14:37:37 UTC 2019 - Martin Sirringhaus - Reactivate webRTC for all architectures ------------------------------------------------------------------- Thu Oct 31 11:10:35 UTC 2019 - Martin Sirringhaus - Add patch mozilla-bmo1504834-part4.patch to fix broken tab-titles on s390x ------------------------------------------------------------------- Thu Oct 24 22:28:26 UTC 2019 - Charles Robertson - Issues resolved in earlier updates: * [bsc#1137990] Firefox 60.7 ESR changed the user interface language * [bsc#1120374] SLED12SP3 - Wrong Firefox GUI Language (Firefox ESR 60.4.0) * [bsc#1092611] VUL-0: MozillaFirefox: 52.8/60 (MFSA-2018-11 MFSA-2018-12) * [bsc#1074235] MozillaFirefox: background tab crash reports sent inadvertently without user opt-in * [bsc#1047281] VUL-0: CVE-2017-7789: MozillaFirefox: Firefox ignores Strict-Transport-Security when two more STS headers aresent from server * [bsc#1043008] Firefox hangs randomly when browsing and scrolling * [bsc#1025108] Firefox stops loading page until mouse is moved * [bsc#1010426] VUL-0: CVE-2016-5289: MozillaFirefox: Memory safety bugs fixed in Firefox 50 * [bsc#1010425] VUL-0: CVE-2016-9071: MozillaFirefox: Probe browser history via HSTS/301 redirect + CSP * [bsc#1010424] VUL-0: CVE-2016-9063: MozillaFirefox: Possible integer overflow to fix inside XML_Parse in Expat * [bsc#1010423] VUL-0: CVE-2016-9076: MozillaFirefox: select dropdown menu can be used for URL bar spoofing on e10s * [bsc#1010421] VUL-0: CVE-2016-9073: MozillaFirefox: windows.create schema doesn't specify "format" "relativeUrl" * [bsc#1010409] VUL-0: CVE-2016-9077: MozillaFirefox: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them * [bsc#1010408] VUL-0: CVE-2016-9075: MozillaFirefox: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges * [bsc#1010406] VUL-0: CVE-2016-9068: MozillaFirefox: heap-use-after-free in nsRefreshDriver * [bsc#1010405] VUL-0: CVE-2016-9067,CVE-2016-9069: MozillaFirefox: heap-use-after-free in nsINode::ReplaceOrInsertBefore * [bsc#1010399] VUL-0: CVE-2016-5292: MozillaFirefox: URL parsing causes crash * [bsc#983922] VUL-0: CVE-2016-2830: MozillaFirefox: Favicon network connection persists when page is closed * [bsc#959933] Firefox 38 can't play website mp3 sounds ------------------------------------------------------------------- Mon Oct 21 12:34:34 UTC 2019 - Martin Sirringhaus - Firefox Extended Support Release 68.2.0 ESR * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Fixed: Various security fixes MFSA 2019-33 (bsc#1154738) * CVE-2019-15903 (bmo#1584907) Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757 (bmo#1577107) Use-after-free when creating index updates in IndexedDB * CVE-2019-11758 (bmo#1536227) Potentially exploitable crash due to 360 Total Security * CVE-2019-11759 (bmo#1577953) Stack buffer overflow in HKDF output * CVE-2019-11760 (bmo#1577719) Stack buffer overflow in WebRTC networking * CVE-2019-11761 (bmo#1561502) Unintended access to a privileged JSONView object * CVE-2019-11762 (bmo#1582857) document.domain-based origin isolation has same-origin- property violation * CVE-2019-11763 (bmo#1584216) Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223, bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933, bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599, bmo#1586845) Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 - removed now upstream patches: * mozilla-bmo1573381.patch * mozilla-bmo1512162.patch * mozilla-bmo1585099.patch ------------------------------------------------------------------- Fri Oct 11 12:18:38 UTC 2019 - Martin Sirringhaus - Add patch to lower python requirement to 3.4 in order to build on SLE-12: * mozilla-sle12-lower-python-requirement.patch ------------------------------------------------------------------- Thu Oct 10 11:44:21 UTC 2019 - Martin Sirringhaus - Add Provides-line for translations-common (bsc#1153423) ------------------------------------------------------------------- Tue Oct 8 12:26:41 UTC 2019 - Martin Sirringhaus - Moved some settings from branding-package here (bsc#1153869) - Added patch to build with rust 1.38: * mozilla-bmo1585099.patch - add patch to fix LTO build (w/o PGO): * mozilla-fix-top-level-asm.patch - remove obsolete kde.js setting (boo#1151186) and related patch: * firefox-add-kde.js-in-order-to-survive-PGO-build.patch * modified firefox-kde.patch for the removal of kde.js ------------------------------------------------------------------- Tue Sep 24 13:07:00 UTC 2019 - Martin Sirringhaus - Update mozilla-bmo1512162.patch to the patch now commited upstream * No more -O1 builds for ppc64le necessary - Disable DoH by default * Not yet officially active in ESR, but just to make sure ------------------------------------------------------------------- Mon Sep 19 22:06:54 UTC 2019 - Charles Robertson - Mozilla Firefox ESR 68.1 Resolves the following bigendian s390x issues: * [bsc#1109465] Latest Firefox update not released for s390x * [bsc#1117473] Firefox segmentation fault on s390vsl082 * [bsc#1123482] openQA test fails in firefox - firefox doesn't start * [bsc#1124525] Firefox is core dumping on SLES15 s390x * [bsc#1133810] Firefox: Segmentation fault (core dumped) MFSA 2019-26 (bsc#1149323) * CVE-2019-11751 (bmo#1572838) Malicious code execution through command line parameters * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal cross-origin images * CVE-2019-11736 (bmo#1551913, bmo#1552206) File manipulation and privilege escalation in Mozilla Maintenance Service * CVE-2019-11753 (bmo#1574980) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-9812 (bmo#1538008, bmo#1538015) Sandbox escape through Firefox Sync * CVE-2019-11743 (bmo#1560495, bmo#https://w3c.github.io/navigation-timing) Cross-origin access to unload event attributes * CVE-2019-11748 (bmo#1564588) Persistence of WebRTC permissions in a third party context * CVE-2019-11749 (bmo#1565374) Camera information available without prompting using getUserMedia * CVE-2019-11750 (bmo#1568397) Type confusion in Spidermonkey * CVE-2019-11738 (bmo#1452037) Content security policy bypass through hash-based sources in directives * CVE-2019-11747 (bmo#1564481) 'Forget about this site' removes sites from pre-loaded HSTS list * CVE-2019-11735 (bmo#1561404, bmo#1561484, bmo#1561912, bmo#1565744, bmo#1568047, bmo#1568858, bmo#1570358) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 * CVE-2019-11740 (bmo#1563133, bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 - Mozilla Firefox ESR 68.0.2 * Fixed: Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bmo#1560228) * Fixed: Allow fonts to be loaded via file:// URLs when opening a page locally (bmo#1565942) * Fixed: Printing emails from the Outlook web app no longer prints only the header and footer (bmo#1567105) * Fixed: Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bmo#1565542) * Fixed: Fixed an error when starting external applications configured as URI handlers (bmo#1567614) * Fixed: Security fixes - MFSA 2019-24 (bsc#1145665) * CVE-2019-11733 (bmo#1565780) Stored passwords in 'Saved Logins' can be copied without master password entry - Mozilla Firefox ESR 68.0.1 * macOS releases are now signed by the Apple notary service, allowing Firefox to properly run on macOS 10.15 Beta releases * Fixed missing Full Screen button when watching videos in full screen mode on HBO GO (bmo#1562837) * Fixed a bug causing incorrect messages to appear for some locales when sites try to request the use of the Storage Access API (bmo#1558503) * Users in Russian regions may have their default search engine changed (bmo#1565315) * Built-in search engines in some locales do not function correctly (bmo#1565779) * SupportMenu policy doesn't always work (bmo#1553290) * Allow the new ExtensionSettings policy to work with GPO on Windows (bmo#1553586) * Allow the privacy.file_unique_origin pref to be controlled by policy (bmo#1563759) - Mozilla Firefox ESR 68.0 * Dark mode in reader view * Improved extension security and discovery * Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences * Camera and microphone access now require an HTTPS connection MFSA 2019-21 (bsc#1140868) * CVE-2019-9811 (bmo#1523741, bmo#1538007, bmo#1539598, bmo#1539759, bmo#1563327) Sandbox escape via installation of malicious language pack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11714 (bmo#1542593) NeckoChild can trigger crash when accessed off of main thread * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11716 (bmo#1552632) globalThis not enumerable until accessed * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11718 (bmo#1408349) Activity Stream writes unsanitized content to innerHTML * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key * CVE-2019-11720 (bmo#1556230) Character encoding XSS vulnerability * CVE-2019-11721 (bmo#1256009) Domain spoofing through unicode latin 'kra' character * CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin * CVE-2019-11723 (bmo#1528335) Cookie leakage during add-on fetching across private browsing boundaries * CVE-2019-11724 (bmo#1512511) Retired site input.mozilla.org has remote troubleshooting permissions * CVE-2019-11725 (bmo#1483510) Websocket resources bypass safebrowsing protections * CVE-2019-11727 (bmo#1552208) PKCS#1 v1.5 signatures can be used for TLS 1.3 * CVE-2019-11728 (bmo#1552993) Port scanning through Alt-Svc header * CVE-2019-11710 (bmo#1507696, bmo#1510345, bmo#1533842, bmo#1535482, bmo#1535848, bmo#1537692, bmo#1540590, bmo#1544180, bmo#1547472, bmo#1547760, bmo#1548611, bmo#1549768, bmo#1551907) Memory safety bugs fixed in Firefox 68 * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219, bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822, bmo#1550498, bmo#1550498) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 - removed patches that are now upstream * mozilla-bmo1375074.patch * mozilla-bmo1436242.patch * mozilla-bmo256180.patch * mozilla-i586-DecoderDoctorLogger.patch * mozilla-i586-domPrefs.patch * mozilla-bmo1464766.patch * mozilla-bigendian_bit_flags_alias.patch * mozilla-break_hanging_glxtest.patch * mozilla-glibc-getrandom.patch - removed workaround-patch for build memory consumption on i586; other mitigations meanwhile introduced (mainly parallelity) will be sufficient * mozilla-reduce-files-per-UnifiedBindings.patch - added patch to make builds reproducible * mozilla-bmo1568145.patch - added a bunch of patches mainly for big endian platforms * mozilla-bmo1504834-part1.patch * mozilla-bmo1504834-part2.patch * mozilla-bmo1504834-part3.patch * mozilla-bmo1511604.patch * mozilla-bmo1512162.patch * mozilla-bmo1554971.patch * mozilla-bmo1573381.patch * mozilla-nestegg-big-endian.patch - added patches to fix build on armv7: * mozilla-bmo1463035.patch * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch - added patch to fix non-return function * mozilla-cubeb-noreturn.patch - added patch to fix aarch64 build: * mozilla-fix-aarch64-libopus.patch (bmo#1539737) - added patch to enable PGO for x86_64. * firefox-add-kde.js-in-order-to-survive-PGO-build.patch - added patch to reduce build-load * mozilla-reduce-rust-debuginfo.patch ------------------------------------------------------------------- Thu Sep 12 12:16:49 UTC 2019 - Martin Sirringhaus - Mozilla Firefox Firefox ESR 60.9 MFSA 2019-27 (bsc#1149324) * CVE-2019-11746 (bmo#1564449, bsc#1149297) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033, bsc#1149304) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715, bsc#1149303) Same-origin policy violation with SVG filters and canvas to steal cross-origin images * CVE-2019-11753 (bmo#1574980, bsc#1149295) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location * CVE-2019-11752 (bmo#1501152, bsc#1149296) Use-after-free while extracting a key value in IndexedDB * CVE-2019-9812 (bmo#1538008, bmo#1538015, bsc#1149294) Sandbox escape through Firefox Sync * CVE-2019-11743 (bmo#1560495, bsc#1149298, https://w3c.github.io/navigation-timing) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 ------------------------------------------------------------------- Tue Jul 9 22:09:02 UTC 2019 - Charles Robertson - Mozilla Firefox Firefox ESR 60.8 MFSA 2019-22 (bsc#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious language pack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key * CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219, bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822, bmo#1550498, bmo#1550498) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 ------------------------------------------------------------------- Fri Jun 21 06:29:56 UTC 2019 - Martin Sirringhaus - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) * CVE-2019-11708 (bmo#1559858) sandbox escape using Prompt:Open ------------------------------------------------------------------- Wed Jun 19 06:39:58 UTC 2019 - Martin Sirringhaus - Mozilla Firefox Firefox 60.7.1 MFSA 2019-18 (bsc#1138614) * CVE-2019-11707 (bmo#1544386) Type confusion in Array.pop ------------------------------------------------------------------- Tue Jun 11 11:55:58 UTC 2019 - Martin Sirringhaus - Fix broken language plugins (bsc#1137792) ------------------------------------------------------------------- Thu May 23 10:19:23 UTC 2019 - Martin Sirringhaus - update to Firefox ESR 60.7 (bsc#1135824) * Font and date adjustments to accommodate the new Reiwa era in Japan * MFSA 2019-14/CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * MFSA 2019-14/CVE-2019-9800 (bmo#1499108, bmo#1499719, bmo#1516325, bmo#1532465, bmo#1533554, bmo#1534593, bmo#1535194, bmo#1535612, bmo#1538042, bmo#1538619, bmo#1538736, bmo#1540136, bmo#1540166, bmo#1541580, bmo#1542097, bmo#1542324, bmo#1546327) Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * MFSA 2019-14/CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * MFSA 2019-14/CVE-2019-9815 (bmo#1546544, bmo#https://mdsattacks.com/) Disable hyperthreading on content JavaScript threads on macOS * MFSA 2019-14/CVE-2019-11698 (bmo#1543191) Theft of user history data through drag and drop of hyperlinks to and from bookmarks * MFSA 2019-14/CVE-2019-11692 (bmo#1544670) Use-after-free removing listeners in the event listener manager * MFSA 2019-14/CVE-2019-11693 (bmo#1532525) Buffer overflow in WebGL bufferdata on Linux * MFSA 2019-14/CVE-2019-7317 (bmo#1542829) Use-after-free in png_image_free of libpng library * MFSA 2019-14/CVE-2019-9820 (bmo#1536405) Use-after-free of ChromeEventHandler by DocShell * MFSA 2019-14/CVE-2019-9818 (bmo#1542581) Use-after-free in crash generation server * MFSA 2019-14/CVE-2019-11691 (bmo#1542465) Use-after-free in XMLHttpRequest * MFSA 2019-14/CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * MFSA 2019-14/CVE-2019-11694 (bmo#1534196) Uninitialized memory memory leakage in Windows sandbox ------------------------------------------------------------------- Wed May 8 22:46:26 UTC 2019 - Charles Robertson - update to 60.6.3 (bmo#1549249) * Further improvements to re-enable web extensions which had been disabled for users with a master password set. ------------------------------------------------------------------- Wed May 8 21:36:33 UTC 2019 - Charles Robertson - update to 60.6.2 (bsc#1134126) * Repaired certificate chain to re-enable web extensions that had been disabled. ------------------------------------------------------------------- Wed Mar 27 11:35:23 UTC 2019 - cgrobertson@suse.com - Fixed translations provides ------------------------------------------------------------------- Fri Mar 22 16:58:16 UTC 2019 - cgrobertson@suse.com - update to Firefox ESR 60.6.1 (bsc#1130262) * MFSA 2019-10/CVE-2019-9813 (bmo#1538006) Ionmonkey type confusion with __proto__ mutations * MFSA 2019-10/CVE-2019-9810 (bmo#1537924) IonMonkey MArraySlice has incorrect alias information ------------------------------------------------------------------- Tue Mar 19 13:08:50 UTC 2019 - cgrobertson@suse.com - update to Firefox ESR 60.6 (bsc#1129821) * MFSA 2019-08/CVE-2018-18506 (bmo#1503393) Proxy Auto-Configuration file can define localhost access to be proxied * MFSA 2019-08/CVE-2019-9801 (bmo#1527717) Windows programs that are not 'URL Handlers' are exposed to web content * MFSA 2019-08/CVE-2019-9788 (bmo#1506665, bmo#1516834, bmo#1518001, bmo#1518774, bmo#1521214, bmo#1521304, bmo#1523362, bmo#1524214, bmo#1524755, bmo#1529203) Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * MFSA 2019-08/CVE-2019-9790 (bmo#1525145) Use-after-free when removing in-use DOM elements * MFSA 2019-08/CVE-2019-9791 (bmo#1530958) Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey * MFSA 2019-08/CVE-2019-9792 (bmo#1532599) IonMonkey leaks JS_OPTIMIZED_OUT magic value to script * MFSA 2019-08/CVE-2019-9793 (bmo#1528829) Improper bounds checks when Spectre mitigations are disabled * MFSA 2019-08/CVE-2019-9794 (bmo#1530103) Command line arguments not discarded during execution * MFSA 2019-08/CVE-2019-9795 (bmo#1514682) Type-confusion in IonMonkey JIT compiler * MFSA 2019-08/CVE-2019-9796 (bmo#1531277) Use-after-free with SMIL animation controller - Fix for [bsc#1127987] MozillaFirefox-translations-common causing error on update ------------------------------------------------------------------- Tue Feb 26 17:49:18 UTC 2019 - cgrobertson@suse.com - Mozilla Firefox 60.5.2esr: * Fix a frequent crash when reading various Reuters news articles (bmo#1505844) ------------------------------------------------------------------- Fri Feb 15 18:39:58 UTC 2019 - cgrobertson@suse.com - Update to Firefox ESR 60.5.1 MFSA-2019-05 (bsc#1125330) * CVE-2018-18356 (bmo#1525817) A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. * CVE-2019-5785 (bmo#1525433) An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash. * CVE-2018-18335 (bmo#1525815) A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. ------------------------------------------------------------------- Wed Jan 30 11:59:12 UTC 2019 - cgrobertson@suse.com - Update to Firefox ESR 60.5 MFSA 2019-02 (bsc#1122983) * CVE-2018-18501 (bmo#1460619, bmo#1502871, bmo#1512450, bmo#1513201, bmo#1516514, bmo#1516738, bmo#1517542) Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * CVE-2018-18500 (bmo#1510114) Use-after-free parsing HTML5 stream * CVE-2018-18505 (bmo#1087565, bmo#1497749) Privilege escalation through IPC channel messages - Removed obsolete patches: [mozilla-no-stdcxx-check.patch] Applied upstream [mozilla-s390-nojit.patch] Applied upstream ------------------------------------------------------------------- Wed Jan 23 17:24:35 UTC 2019 - cgrobertson@suse.com - Revert dependency for branding package back to >= 60 due to dependency issues. ------------------------------------------------------------------- Fri Jan 18 11:12:03 UTC 2019 - cgrobertson@suse.com - Fix for language pack build error (bsc#1120374) ------------------------------------------------------------------- Fri Dec 14 19:09:16 UTC 2018 - cgrobertson@suse.com - Depend on branding package version >= 60.0 ------------------------------------------------------------------- Wed Dec 12 22:15:26 UTC 2018 - cgrobertson@suse.com - Mozilla Firefox 60.4.0esr: * Updated list of currency codes to include Unidad Previsional (UYW) (bmo#1499028) MFSA 2018-30 (bsc#1119105) * CVE-2018-17466 bmo#1488295 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 * CVE-2018-18492 bmo#1499861 Use-after-free with select element * CVE-2018-18493 bmo#1504452 Buffer overflow in accelerated 2D canvas with Skia * CVE-2018-18494 bmo#1487964 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs * CVE-2018-18498 bmo#1500011 Integer overflow when calculating buffer sizes for images * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 - requires NSS >= 3.36.6 - Removed obsolete patch: [mozilla-update-cc-crate.patch] Applied upstream ------------------------------------------------------------------- Tue Nov 13 09:50:02 UTC 2018 - Antonio Larrosa - Keep esr in the package version suffix in order to not confuse users who might expect it. ------------------------------------------------------------------- Tue Oct 23 20:35:31 UTC 2018 - alarrosa@suse.com - Mozilla Firefox 60.3.0esr: * Various stability and regression fixes MFSA 2018-27 bsc#1112852 * CVE-2018-12392 bmo#1492823 Crash with nested event loops * CVE-2018-12393 bmo#1495011 Integer overflow during Unicode conversion while loading JavaScript * CVE-2018-12395 bmo#1467523 WebExtension bypass of domain restrictions through header rewriting * CVE-2018-12396 bmo#1483602 WebExtension content scripts can execute in disallowed contexts * CVE-2018-12397 bmo#1487478 WebExtension local file access vulnerability * CVE-2018-12389 bmo#1498460, bmo#1499198 Memory safety bugs fixed in Firefox ESR 60.3 * CVE-2018-12390 bmo#1487098 bmo#1487660 bmo#1490234 bmo#1496159 bmo#1443748 bmo#1496340 bmo#1483905 bmo#1493347 bmo#1488803 bmo#1498701 bmo#1498482 bmo#1442010 bmo#1495245 bmo#1483699 bmo#1469486 bmo#1484905 bmo#1490561 bmo#1492524 bmo#1481844 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 - Drop mozilla-bmo1472538-update-bindgen.patch which was already merged upstream - Update mozilla-update-cc-crate.patch, since cc was updated to 1.0.9 upstream, but this patch still updates it to a newer version ------------------------------------------------------------------- Thu Oct 11 15:42:40 UTC 2018 - alarrosa@suse.com - Update create-tar.sh and source-stamp.txt as should be done with every version update. ------------------------------------------------------------------- Tue Oct 9 08:00:29 UTC 2018 - alarrosa@suse.com - Mozilla Firefox 60.2.2esr: MFSA 2018-24 * CVE-2018-12386 (bsc#1110506, bmo#1493900) Type confusion in JavaScript allowed remote code execution * CVE-2018-12387 (bsc#1110507, bmo#1493903) Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process - Avoid undefined behavior in IPC fd-passing code with mozilla-bmo1436242.patch (boo#1094767, bmo#1436242) - Mozilla Firefox 60.2.1esr: MFSA 2018-23 * CVE-2018-12385 (boo#1109363, bmo#1490585) Crash in TransportSecurityInfo due to cached data * CVE-2018-12383 (boo#1107343, bmo#1475775) Setting a master password did not delete unencrypted previously stored passwords * Fixed a startup crash affecting users migrating from older ESR releases * Clean up old NSS DB files after upgrading - Fix typo in README.SUSE ------------------------------------------------------------------- Tue Oct 2 16:47:17 UTC 2018 - federico@suse.com - bsc#1109465 - Add mozilla-bmo1472538-update-bindgen.patch and mozilla-update-cc-crate.patch. This fixes an endianness problem in bindgen's handling of bitfields, which was causing Firefox to crash on startup on big-endian machines. Also, updates the cc crate, which was buggy in the version that was originally vendored in. ------------------------------------------------------------------- Wed Sep 26 14:30:37 UTC 2018 - Antonio Larrosa - Apply s390 patches (mozilla-s390-nojit.patch, mozilla-s390-bigendian.patch and mozilla-s390-context.patch) only on s390x and ppc64 archs. Specially mozilla-s390-bigendian.patch should only be applied on bigendian archs, since it makes libicu use a big-endian data file. Fixes bsc#1108986 on x86_64 and other little-endian archs. ------------------------------------------------------------------- Fri Sep 7 01:01:19 UTC 2018 - pcerny@suse.com - update to Firefox ESR 60.2 (bsc#1107343, bsc#1066489) * MFSA 2018-20/CVE-2018-12381 (bmo#1435319) Dragging and dropping Outlook email message results in page navigation * MFSA 2018-20/CVE-2017-16541 (bmo#1412081) Proxy bypass using automount and autofs * MFSA 2018-20/CVE-2018-12376 (bmo#1450989, bmo#1466577, bmo#1466991, bmo#1467363, bmo#1467889, bmo#1468738, bmo#1469309, bmo#1469914, bmo#1471953, bmo#1472925, bmo#1473161, bmo#1478575, bmo#1478849, bmo#1480092, bmo#1480517, bmo#1480521, bmo#1481093, bmo#1483120) Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * MFSA 2018-20/CVE-2018-12377 (bmo#1470260) Use-after-free in refresh driver timers * MFSA 2018-20/CVE-2018-12378 (bmo#1459383) Use-after-free in IndexedDB * MFSA 2018-20/CVE-2018-12379 (bmo#1473113) Out-of-bounds write with malicious MAR file - removed obsolete patches: [firefox-glibc-getrandom.patch] [firefox-no-default-ualocale.patch] [mozilla-arm-disable-edsp.patch] [mozilla-language.patch] [mozilla-sle11.aptch] [mozilla-shared-nss-db.patch] [toolkit-download-folder.patch] - added patches sync with openSUSE: rename [mozilla-aarch64_register_usage.patch] to [mozilla-bmo1375074.patch] [mozilla-bmo1005535.patch] [mozilla-bmo1464766.patch] [mozilla-bmo256180.patch] [mozilla-i586-DecoderDoctorLogger.patch] [mozilla-i586-domPrefs.patch] [mozilla-glibc-getrandom.patch] additional architecture enablement: [mozilla-ppc-altivec_static_inline.patch] [mozilla-s390-context.patch] ------------------------------------------------------------------- Wed Jun 27 13:26:39 UTC 2018 - pcerny@suse.com - update to Firefox ESR 52.9 (bsc#1098998) * MFSA 2018-17/CVE-2018-5188 (bmo#1392739, bmo#1437842, bmo#1442722, bmo#1450688, bmo#1451297, bmo#1452576, bmo#1456189, bmo#1456975, bmo#1458048, bmo#1458264, bmo#1458270, bmo#1463494, bmo#1464063, bmo#1464079, bmo#1464829, bmo#1465108, bmo#1465898) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 * MFSA 2018-17/CVE-2018-12368 (bmo#1468217, bmo#https://posts.specterops.io/the-tale-of- settingcontent-ms-files-f1ea253e4d39) No warning when opening executable SettingContent-ms files * MFSA 2018-17/CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations * MFSA 2018-17/CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames * MFSA 2018-17/CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins * MFSA 2018-17/CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes * MFSA 2018-17/CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler * MFSA 2018-17/CVE-2018-12360 (bmo#1459693) Use-after-free when using focus() * MFSA 2018-17/CVE-2018-5156 (bmo#1453127) Media recorder segmentation fault when track type is changed during capture * MFSA 2018-17/CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element ------------------------------------------------------------------- Thu Jun 7 12:42:46 UTC 2018 - pcerny@suse.com - update to Firefox 52.8.1 (bsc#1096449) * MFSA 2018-14/CVE-2018-6126 (bmo#1462682) Heap buffer overflow rasterizing paths in SVG with Skia ------------------------------------------------------------------- Thu May 10 19:43:25 UTC 2018 - pcerny@suse.com - update to Firefox ESR 52.8 (bsc#1092548) * MFSA 2018-12/CVE-2018-5159 (bmo#1441941) Integer overflow and out-of-bounds write in Skia * MFSA 2018-12/CVE-2018-5158 (bmo#1452075) Malicious PDF can inject JavaScript into PDF Viewer * MFSA 2018-12/CVE-2018-5174 (bmo#1447080) Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update * MFSA 2018-12/CVE-2018-5168 (bmo#1449548) Lightweight themes can be installed without user interaction * MFSA 2018-12/CVE-2018-5150 (bmo#1388020, bmo#1393367, bmo#1409440, bmo#1411415, bmo#1426129, bmo#1433609, bmo#1444668, bmo#1448705, bmo#1451376, bmo#1452202) Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * MFSA 2018-12/CVE-2018-5155 (bmo#1448774) Use-after-free with SVG animations and text paths * MFSA 2018-12/CVE-2018-5183 (bmo#1454692) Backport critical security fixes in Skia * MFSA 2018-12/CVE-2018-5157 (bmo#1449898) Same-origin bypass of PDF Viewer to view protected PDF files * MFSA 2018-12/CVE-2018-5154 (bmo#1443092) Use-after-free with SVG animations and clip paths * MFSA 2018-12/CVE-2018-5178 (bmo#1443891) Buffer overflow during UTF-8 to Unicode string conversion through legacy extension - speed up dependency genertation and locales packaging ------------------------------------------------------------------- Tue Mar 27 21:32:47 UTC 2018 - pcerny@suse.com - update to Firefox 59.0.2 (bsc#1087059) * MFSA 2018-10/CVE-2018-5148 (bmo#1440717) Use-after-free in compositor - remove obsolete [mozilla-libtremor_overflows.patch] ------------------------------------------------------------------- Fri Mar 16 21:48:42 UTC 2018 - pcerny@suse.com - update to Firefox 52.7.2 (bsc#1085671) * MFSA 2018-08/CVE-2018-5146 (bmo#1446062) Out of bounds memory write in libvorbis Extra patch for libtremor used on soft-float architectures [mozilla-libtremor_overflows.patch] * MFSA 2018-08/CVE-2018-5147 (bmo#1446365) Out of bounds memory write in libtremor ------------------------------------------------------------------- Wed Mar 14 17:00:02 UTC 2018 - pcerny@suse.com - update to Firefox ESR 52.7 (bsc#1085130) * MFSA 2018-07/CVE-2018-5131 (bmo#1440775) Fetch API improperly returns cached copies of no-store/no- cache resources * MFSA 2018-07/CVE-2018-5130 (bmo#1433005) Mismatched RTP payload type can trigger memory corruption * MFSA 2018-07/CVE-2018-5129 (bmo#1428947) Out-of-bounds write with malformed IPC messages * MFSA 2018-07/CVE-2018-5125 (bmo#1324042, bmo#1416529, bmo#1425520, bmo#1426988, bmo#1434384, bmo#1434580, bmo#1437087, bmo#1437450, bmo#1437507, bmo#1438425, bmo#1443865) Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * MFSA 2018-07/CVE-2018-5127 (bmo#1430557) Buffer overflow manipulating SVG animatedPathSegList * MFSA 2018-07/CVE-2018-5144 (bmo#1440926) Integer overflow during Unicode conversion * MFSA 2018-07/CVE-2018-5145 (bmo#1261175, bmo#1348955) Memory safety bugs fixed in Firefox ESR 52.7 ------------------------------------------------------------------- Wed Jan 24 22:14:50 UTC 2018 - pcerny@suse.com - update to Firefox ESR 52.6 (bsc#1077291) * MFSA 2018-02/CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers * MFSA 2018-02/CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * MFSA 2018-02/CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * MFSA 2018-02/CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * MFSA 2018-02/CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * MFSA 2018-02/CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * MFSA 2018-02/CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * MFSA 2018-02/CVE-2018-5089 (bmo#1224396, bmo#1331209, bmo#1382366, bmo#1399520, bmo#1408017, bmo#1408276, bmo#1409951, bmo#1410134, bmo#1412145, bmo#1412420, bmo#1414452, bmo#1415582, bmo#1415598, bmo#1417797, bmo#1418854, bmo#1422389, bmo#1425612, bmo#1425780, bmo#1426783, bmo#1428589) Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 * MFSA 2018-02/CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * MFSA 2018-02/CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * MFSA 2018-02/CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling ------------------------------------------------------------------- Thu Nov 16 16:36:42 UTC 2017 - pcerny@suse.com - update to Firefox ESR 52.5 (bsc#1068101) * MFSA 2017-25/CVE-2017-7826 (bmo#1261175, bmo#1339259, bmo#1369561, bmo#1375146, bmo#1387799, bmo#1393840, bmo#1394265, bmo#1394530, bmo#1395138, bmo#1397811, bmo#1400003, bmo#1400554, bmo#1400763, bmo#1401804, bmo#1404636, bmo#1406398, bmo#1407740, bmo#1407751, bmo#1408005, bmo#1408412, bmo#1411458) Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 * MFSA 2017-25/CVE-2017-7830 (bmo#1408990) Cross-origin URL information leak through Resource Timing API * MFSA 2017-25/CVE-2017-7828 (bmo#1406750, bmo#1412252) Use-after-free of PressShell while restyling layout ------------------------------------------------------------------- Fri Sep 29 07:50:37 UTC 2017 - pcerny@suse.com - update to Firefox ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825 (bmo#1390980, bmo#1393624) OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805 (bmo#1377618) Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810 (bmo#1360334, bmo#1371657, bmo#1380824, bmo#1386787, bmo#1387918, bmo#1389974, bmo#1390550, bmo#1395598) Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings ------------------------------------------------------------------- Tue Aug 8 18:20:15 UTC 2017 - pcerny@suse.com - update to Firefox ESR 52.3 (bsc#1052829) * MFSA 2017-19/CVE-2017-7807 (bmo#1376459) Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791 (bmo#1365875) Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792 (bmo#1368652) Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782 (bmo#1344034) WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787 (bmo#1322896) Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786 (bmo#1365189) Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785 (bmo#1356985) Buffer overflow manipulating ARIA attributes in DOM * MFSA 2017-19/CVE-2017-7784 (bmo#1376087) Use-after-free with image observers * MFSA 2017-19/CVE-2017-7753 (bmo#1353312) Out-of-bounds read with cached style data and pseudo-elements * MFSA 2017-19/CVE-2017-7798 (bmo#1371586, bmo#1372112) XUL injection in the style editor in devtools * MFSA 2017-19/CVE-2017-7804 (bmo#1372849) Memory protection bypass through WindowsDllDetourPatcher * MFSA 2017-19/CVE-2017-7779 (bmo#1321384, bmo#1346590, bmo#1354443, bmo#1362924, bmo#1366903, bmo#1368030, bmo#1368105, bmo#1368362, bmo#1368576, bmo#1369913, bmo#1369994, bmo#1371283, bmo#1371424, bmo#1371890, bmo#1372985, bmo#1373220, bmo#1378826, bmo#1380426, bmo#1383002) Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 * MFSA 2017-19/CVE-2017-7800 (bmo#1374047) Use-after-free in WebSockets during disconnection * MFSA 2017-19/CVE-2017-7801 (bmo#1371259) Use-after-free with marquee during window resizing * MFSA 2017-19/CVE-2017-7802 (bmo#1378147) Use-after-free resizing image elements * MFSA 2017-19/CVE-2017-7803 (bmo#1377426) CSP containing 'sandbox' improperly applied ------------------------------------------------------------------- Wed Jun 14 22:49:23 UTC 2017 - cgrobertson@suse.com - update to Firefox ESR 52.2 (bsc#1043960) * MFSA 2017-16/CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * MFSA 2017-16/CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * MFSA 2017-16/CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * MFSA 2017-16/CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * MFSA 2017-16/CVE-2017-5470 (bmo#1297111, bmo#1325513, bmo#1342552, bmo#1342567, bmo#1346012, bmo#1347748, bmo#1348424, bmo#1349266, bmo#1349595, bmo#1352093, bmo#1352295, bmo#1352556, bmo#1356025, bmo#1357462, bmo#1359639, bmo#1362590, bmo#1363280, bmo#1366140, bmo#1367692, bmo#1368732) Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 * MFSA 2017-16/CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * MFSA 2017-16/CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * MFSA 2017-16/CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service * MFSA 2017-16/CVE-2017-7778 (bmo#1349310, bmo#1350047, bmo#1352745, bmo#1352747, bmo#1355174, bmo#1355182, bmo#1356607, bmo#1358551) Vulnerabilities in the Graphite 2 library * MFSA 2017-16/CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * MFSA 2017-16/CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files * MFSA 2017-16/CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * MFSA 2017-16/CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * MFSA 2017-16/CVE-2017-7761 (bmo#1215648, bmo#https://sourceforge.net/p/nsis/bugs/1125/) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application * MFSA 2017-16/CVE-2017-7763 (bmo#1360309) Mac fonts render some unicode characters as spaces * MFSA 2017-16/CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files * MFSA 2017-16/CVE-2017-7764 (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26 .html#Aspirational_Use_Scripts) Domain spoofing with combination of Canadian Syllabics and other unicode blocks ------------------------------------------------------------------- Thu May 25 17:26:36 UTC 2017 - cgrobertson@suse.com - update to Firefox ESR 52.1 (bsc#1035082) * MFSA 2017-12/CVE-2016-10196 (bmo#1343453) Vulnerabilities in Libevent library * MFSA 2017-12/CVE-2017-5443 (bmo#1342661) Out-of-bounds write during BinHex decoding * MFSA 2017-12/CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088,) Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5464 (bmo#1347075) Memory corruption with accessibility and DOM manipulation * MFSA 2017-12/CVE-2017-5465 (bmo#1347617) Out-of-bounds read in ConvolvePixel * MFSA 2017-12/CVE-2017-5466 (bmo#1353975) Origin confusion when reloading isolated data:text/html URL * MFSA 2017-12/CVE-2017-5467 (bmo#1347262) Memory corruption when drawing Skia content * MFSA 2017-12/CVE-2017-5460 (bmo#1343642) Use-after-free in frame selection * MFSA 2017-12/CVE-2017-5461 (bmo#1344380) Out-of-bounds write in Base64 encoding in NSS * MFSA 2017-12/CVE-2017-5448 (bmo#1346648) Out-of-bounds write in ClearKeyDecryptor * MFSA 2017-12/CVE-2017-5449 (bmo#1340127) Crash during bidirectional unicode manipulation with animation * MFSA 2017-12/CVE-2017-5446 (bmo#1343505) Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * MFSA 2017-12/CVE-2017-5447 (bmo#1343552) Out-of-bounds read during glyph processing * MFSA 2017-12/CVE-2017-5444 (bmo#1344461) Buffer overflow while parsing application/http-index-format content * MFSA 2017-12/CVE-2017-5445 (bmo#1344467) Uninitialized values used while parsing application/http- index-format content * MFSA 2017-12/CVE-2017-5442 (bmo#1347979) Use-after-free during style changes * MFSA 2017-12/CVE-2017-5469 (bmo#1292534) Potential Buffer overflow in flex-generated code * MFSA 2017-12/CVE-2017-5440 (bmo#1336832) Use-after-free in txExecutionState destructor during XSLT processing * MFSA 2017-12/CVE-2017-5441 (bmo#1343795) Use-after-free with selection during scroll events * MFSA 2017-12/CVE-2017-5439 (bmo#1336830) Use-after-free in nsTArray Length() during XSLT processing * MFSA 2017-12/CVE-2017-5438 (bmo#1336828) Use-after-free in nsAutoPtr during XSLT processing * MFSA 2017-12/CVE-2017-5436 (bmo#1345461) Out-of-bounds write with malicious font in Graphite 2 * MFSA 2017-12/CVE-2017-5435 (bmo#1350683) Use-after-free during transaction processing in the editor * MFSA 2017-12/CVE-2017-5434 (bmo#1349946) Use-after-free during focus handling * MFSA 2017-12/CVE-2017-5433 (bmo#1347168) Use-after-free in SMIL animation functions * MFSA 2017-12/CVE-2017-5432 (bmo#1346654) Use-after-free in text input selection * MFSA 2017-12/CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5459 (bmo#1333858) Buffer overflow in WebGL * MFSA 2017-12/CVE-2017-5462 (bmo#1345089) DRBG flaw in NSS * MFSA 2017-12/CVE-2017-5455 (bmo#1341191) Sandbox escape through internal feed reader APIs * MFSA 2017-12/CVE-2017-5454 (bmo#1349276) Sandbox escape allowing file system read access through file picker * MFSA 2017-12/CVE-2017-5456 (bmo#1344415) Sandbox escape allowing local file system access * MFSA 2017-12/CVE-2017-5451 (bmo#1273537) Addressbar spoofing with onblur event - Removed obsolete patches fixed upstream: [mozilla-repo.patch, mozilla-skia-be-le.patch, mozilla-libproxy.patch, mozilla-aarch64-48bit-va.patch, mozilla-aarch64-4k-page-size.patch, mozilla-aarch64-nojit-1.patch, mozilla-aarch64-nojit-2.patch, mozilla-fullscreen_part_1.patch, mozilla-fullscreen_part_2.patch, mozilla-fullscreen_part_3.patch, mozilla-protected_symbols.patch, mozilla-flex_buffer_overrun.patch, mozilla-disable-webm-dependencies.patch, mozilla-disable-ogg.patch, firefox-kde-114.patch] - Added patches: [mozilla-aarch64_getrandom.patch] [mozilla-s390-bigendian.patch] (bmo#1322212 and bmo#1264836) - Added file [icudt58b.dat] ICU big-endian data file for big-endian builds ------------------------------------------------------------------- Thu Apr 20 09:59:07 UTC 2017 - pcerny@suse.com - update to Firefox ESR 45.9 (bsc#1035082) * MFSA 2017-11/CVE-2017-5469 (bmo#1292534) Potential Buffer overflow in flex-generated code * MFSA 2017-11/CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088,) Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * MFSA 2017-11/CVE-2017-5439 (bmo#1336830) Use-after-free in nsTArray Length() during XSLT processing * MFSA 2017-11/CVE-2017-5438 (bmo#1336828) Use-after-free in nsAutoPtr during XSLT processing * MFSA 2017-11/CVE-2017-5437 (bmo#1343453) Vulnerabilities in Libevent library * MFSA 2017-11/CVE-2017-5436 (bmo#1345461) Out-of-bounds write with malicious font in Graphite 2 * MFSA 2017-11/CVE-2017-5435 (bmo#1350683) Use-after-free during transaction processing in the editor * MFSA 2017-11/CVE-2017-5434 (bmo#1349946) Use-after-free during focus handling * MFSA 2017-11/CVE-2017-5433 (bmo#1347168) Use-after-free in SMIL animation functions * MFSA 2017-11/CVE-2017-5432 (bmo#1346654) Use-after-free in text input selection * MFSA 2017-11/CVE-2017-5464 (bmo#1347075) Memory corruption with accessibility and DOM manipulation * MFSA 2017-11/CVE-2017-5465 (bmo#1347617) Out-of-bounds read in ConvolvePixel * MFSA 2017-11/CVE-2017-5460 (bmo#1343642) Use-after-free in frame selection * MFSA 2017-11/CVE-2017-5461 (bmo#1344380) Out-of-bounds write in Base64 encoding in NSS * MFSA 2017-11/CVE-2017-5448 (bmo#1346648) Out-of-bounds write in ClearKeyDecryptor * MFSA 2017-11/CVE-2017-5446 (bmo#1343505) Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * MFSA 2017-11/CVE-2017-5447 (bmo#1343552) Out-of-bounds read during glyph processing * MFSA 2017-11/CVE-2017-5444 (bmo#1344461) Buffer overflow while parsing application/http-index-format content * MFSA 2017-11/CVE-2017-5445 (bmo#1344467) Uninitialized values used while parsing application/http- index-format content * MFSA 2017-11/CVE-2017-5442 (bmo#1347979) Use-after-free during style changes * MFSA 2017-11/CVE-2017-5443 (bmo#1342661) Out-of-bounds write during BinHex decoding * MFSA 2017-11/CVE-2017-5440 (bmo#1336832) Use-after-free in txExecutionState destructor during XSLT processing * MFSA 2017-11/CVE-2017-5441 (bmo#1343795) Use-after-free with selection during scroll events * MFSA 2017-11/CVE-2017-5462 (bmo#1345089) DRBG flaw in NSS * MFSA 2017-11/CVE-2017-5459 (bmo#1333858) Buffer overflow in WebGL ------------------------------------------------------------------- Wed Mar 8 00:01:39 UTC 2017 - pcerny@suse.com - update to Firefox ESR 45.8 (bsc#1028391) * MFSA 2017-06/CVE-2017-5402 (bmo#1334876) Use-after-free working with events in FontFace objects * MFSA 2017-06/CVE-2017-5410 (bmo#1330687) Memory corruption during JavaScript garbage collection incremental sweeping * MFSA 2017-06/CVE-2017-5400 (bmo#1334933) asm.js JIT-spray bypass of ASLR and DEP * MFSA 2017-06/CVE-2017-5401 (bmo#1328861) Memory Corruption when handling ErrorResult * MFSA 2017-06/CVE-2017-5407 (bmo#1336622) Pixel and history stealing via floating-point timing side channel with SVG filters * MFSA 2017-06/CVE-2017-5404 (bmo#1340138) Use-after-free working with ranges in selections * MFSA 2017-06/CVE-2017-5405 (bmo#1336699) FTP response codes can cause use of uninitialized values for ports * MFSA 2017-06/CVE-2017-5408 (bmo#1313711) Cross-origin reading of video captions in violation of CORS * MFSA 2017-06/CVE-2017-5409 (bmo#1321814) File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service * MFSA 2017-06/CVE-2017-5398 (bmo#1321612, bmo#1322971, bmo#1324379, bmo#1325052, bmo#1332550, bmo#1332597, bmo#1333568, bmo#1333887, bmo#1335450, bmo#1336510, bmo#1338383) Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 ------------------------------------------------------------------- Wed Jan 25 22:09:27 UTC 2017 - pcerny@suse.com - update to Firefox ESR 45.7 (bsc#1021991) * MFSA 2017-02/CVE-2017-5378 (bsc#1021818) (bmo#1312001, bmo#1330769) Pointer and frame data leakage of Javascript objects * MFSA 2017-02/CVE-2017-5396 (bsc#1021821) (bmo#1329403) Use-after-free with Media Decoder * MFSA 2017-02/CVE-2017-5386 (bsc#1021823) (bmo#1319070) WebExtensions can use data: protocol to affect other extensions * MFSA 2017-02/CVE-2017-5380 (bsc#1021819) (bmo#1322107) Potential use-after-free during DOM manipulations * MFSA 2017-02/CVE-2017-5390 (bsc#1021820) (bmo#1297361) Insecure communication methods in Developer Tools JSON viewer * MFSA 2017-02/CVE-2017-5373 (bsc#1021824) (bmo#1285833, bmo#1285960, bmo#1322315, bmo#1322420, bmo#1325877, bmo#1325938, bmo#1328251, bmo#1328834, bmo#1331058) Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 * MFSA 2017-02/CVE-2017-5375 (bsc#1021814) (bmo#1325200) Excessive JIT code allocation allows bypass of ASLR and DEP * MFSA 2017-02/CVE-2017-5376 (bsc#1021817) (bmo#1311687) Use-after-free in XSL * MFSA 2017-02/CVE-2017-5383 (bsc#1021822) (bmo#1323338, bmo#1324716) Location bar spoofing with unicode characters ------------------------------------------------------------------- Wed Dec 14 16:00:03 UTC 2016 - pcerny@suse.com - update to Firefox ESR 45.6 (bsc#1015422) * MFSA 2016-95/CVE-2016-9897 (bmo#1301381) Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901 (bmo#1320057) Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898 (bmo#1314442) Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899 (bmo#1317409) Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904 (bmo#1317936) Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905 (bmo#1293985) Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895 (bmo#1312272) CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900 (bmo#1319122) Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893 (bmo#1287912, bmo#1298773, bmo#1299098, bmo#1309834, bmo#1312548, bmo#1312609, bmo#1313212, bmo#1315631, bmo#1317805, bmo#1319524) Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902 (bmo#1320039) Pocket extension does not validate the origin of events ------------------------------------------------------------------- Thu Dec 1 10:47:58 UTC 2016 - pcerny@suse.com - update to Firefox ESR 45.5.1 (bsc#1012964) * MFSA 2016-92/CVE-2016-9079 (bmo#1321066) Use-after-free in SVG Animation ------------------------------------------------------------------- Tue Nov 15 23:48:00 UTC 2016 - pcerny@suse.com - update to Firefox ESR 45.5 (bsc#1009026) * CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) * CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) * CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) * CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) * CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) * CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) - fix fullscreen mode with some window managers (bsc#992549) [mozilla-fullscreen_part_1.patch, mozilla-fullscreen_part_2.patch, mozilla-fullscreen_part_3.patch] ------------------------------------------------------------------- Fri Oct 7 09:46:10 UTC 2016 - astieger@suse.com - document patched dropped in previous update: * removed mozilla-libproxy.patch, upstream * removed firefox-kde-114.patch, is not applied on SLE 12, functionality contained in firefox-kde.patch ------------------------------------------------------------------- Wed Sep 21 19:14:38 UTC 2016 - cgrobertson@novell.com - update to Firefox 45.4.0 ESR (bsc#999701) * MFSA 2016-86/CVE-2016-5270 (bmo#1291016) Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272 (bmo#1297934) Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276 (bmo#1287721) Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274 (bmo#1282076) use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277 (bmo#1291665) Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278 (bmo#1294677) Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280 (bmo#1289970) Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281 (bmo#1284690) use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284 (bmo#1303127) Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250 (bmo#1254688) Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261 (bmo#1287266) Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257 (bmo#1277213, bmo#1287204, bmo#1288555, bmo#1288588, bmo#1288780, bmo#1289280, bmo#1293347, bmo#1294095, bmo#1294407) Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 ------------------------------------------------------------------- Wed Sep 14 20:39:11 UTC 2016 - cgrobertson@novell.com - Fix for aarch64 Firefox startup crash (bsc#991344) ------------------------------------------------------------------- Thu Aug 4 21:41:56 UTC 2016 - pcerny@suse.com - update to Firefox 45.3.0 ESR (bsc#991809) * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 (bmo#822081, bmo#1154923, bmo#1249578, bmo#1257765, bmo#1258079, bmo#1268626, bmo#1282502, bmo#1283823) Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file - Fix for possible buffer overrun (bsc#990856) CVE-2016-6354 (bmo#1292534) ------------------------------------------------------------------- Tue Jun 7 17:33:56 UTC 2016 - pcerny@suse.com - update to Firefox 45.2.0 ESR (bsc#983549) * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 (bsc#983638) (bmo#1234147, bmo#1256493, bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, bmo#1269729, bmo#1273202, bmo#1273701) Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) * MFSA 2016-50/CVE-2016-2819 (bsc#983655) (bmo#1270381) Buffer overflow parsing HTML5 fragments * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) Use-after-free deleting tables from a contenteditable document * MFSA 2016-52/CVE-2016-2822 (bsc#983652) (bmo#1273129) Addressbar spoofing though the SELECT element * MFSA 2016-53/CVE-2016-2824 (bsc#983651) (bmo#1248580) Out-of-bounds write with WebGL shader * MFSA 2016-56/CVE-2016-2828 (bsc#983646) (bmo#1223810) Use-after-free when textures are used in WebGL operations after recycle pool destruction * MFSA 2016-58/CVE-2016-2831 (bsc#983643) (bmo#1261933) Entering fullscreen and persistent pointerlock without user permission - use system myspell directly (remove add-plugins.sh) - all extensions must now be signed by addons.mozilla.org; read README.SUSE for more details - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) [mozilla-aarch64-48bit-va.patch] (bmo#1143022) [mozilla-aarch64-4k-page-size.patch] (bmo#1091515) [mozilla-aarch64-nojit-1.patch] (bmo#1253216) [mozilla-aarch64-nojit-2.patch] (bmo#1257055) - fix crashes on mainframes [mozilla-s390-nojit.patch] ------------------------------------------------------------------- Wed Apr 27 18:57:49 UTC 2016 - pcerny@suse.com - update to Firefox 38.8.0 ESR (bsc#977333) * MFSA 2016-39/CVE-2016-2805/CVE-2016-2807 (bsc#977374, bsc#977376) (bmo#1241731, bmo#1187420, bmo#1252707, bmo#1254164, bmo#1254622, bmo#1254876) Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) * MFSA 2016-44/CVE-2016-2814 (bsc#977381) (bmo#1254721) Buffer overflow in libstagefright with CENC offsets * MFSA 2016-47/CVE-2016-2808 (bsc#977386) (bmo#1246061) Write to invalid HashMap entry through JavaScript.watch() ------------------------------------------------------------------- Tue Mar 8 23:24:47 UTC 2016 - pcerny@suse.com - update to Firefox 38.7.0 ESR (bsc#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 (bmo#1199171, bmo#1205163, bmo#1207958, bmo#1224361, bmo#1224363, bmo#1224369, bmo#1225618, bmo#1234425, bmo#1236519, bmo#1238558, bmo#1238935, bmo#1241731, bmo#1243555, bmo#1243583, bmo#1245866, bmo#1247236, bmo#1248794, bmo#1123661, bmo#1221872, bmo#1224979, bmo#1234578, bmo#1241217, bmo#1242279, bmo#1244250, bmo#1244995, bmo#1249685) Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 (bmo#1249920, bmo#1249338, bmo#1243816, bmo#1248805, bmo#1243482, bmo#1249081, bmo#1243513, bmo#1243526, bmo#1243473, bmo#1243464, bmo#1243597, bmo#1243823, bmo#1248804, bmo#1248876) Font vulnerabilities in the Graphite 2 library - remove obsolete mozilla-ppc.patch ------------------------------------------------------------------- Tue Feb 16 23:11:52 UTC 2016 - pcerny@suse.com - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 ------------------------------------------------------------------- Wed Jan 27 00:02:33 UTC 2016 - pcerny@suse.com - update to Firefox 38.5.0 ESR (bsc#963520) * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 (bsc#963632) (bmo#1180064, bmo#1186973, bmo#1206675, bmo#1207298, bmo#1209358, bmo#1209365, bmo#1209366, bmo#1209368, bmo#1209546, bmo#1222015, bmo#1229825, bmo#1231121, bmo#1234576, bmo#1221385, bmo#1223670, bmo#1224200, bmo#1230483, bmo#1230639, bmo#1230668, bmo#1230686, bmo#1233152, bmo#1233346, bmo#1233925, bmo#1234280, bmo#1234571) Miscellaneous memory safety hazards (rv:44.0 / rv:38.6) * MFSA 2016-03/CVE-2016-1935 (bsc#963635) (bmo#1220450) Buffer overflow in WebGL after out of memory allocation - require NSS 3.20.2 ------------------------------------------------------------------- Wed Dec 16 16:05:33 UTC 2015 - pcerny@suse.com - update to Firefox 38.5.0 ESR (bsc#9959277) * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 (bmo#1188105, bmo#1193757, bmo#1193999, bmo#1194002, bmo#1194006, bmo#1197012, bmo#1200580, bmo#1207571, bmo#1207571, bmo#1208059, bmo#1212305, bmo#1219330, bmo#1221421, bmo#1221904, bmo#1203135, bmo#1224100, bmo#1225250) Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs ------------------------------------------------------------------- Tue Nov 3 23:02:43 UTC 2015 - pcerny@suse.com - update to Firefox 38.4.0 ESR (bsc#952810) * MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues - fix printing on landscape media (bsc#908275) ------------------------------------------------------------------- Tue Sep 22 23:21:21 UTC 2015 - pcerny@suse.com - update to Firefox 38.3.0 ESR (bsc#947003) * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 (bmo#1165706, bmo#1186657, bmo#1044077, bmo#1152026, bmo#1161063, bmo#1181651, bmo#1183153, bmo#1186962, bmo#1201793, bmo#1202844) Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 (bmo#1170246, bmo#1172055, bmo#1174479, bmo#1186725, bmo#1170794, bmo#1168959, bmo#1172189, bmo#1191463) Vulnerabilities found through code inspection ------------------------------------------------------------------- Fri Aug 28 10:41:39 UTC 2015 - pcerny@suse.com - update to Firefox 38.2.1 ESR (bsc#943608) * MFSA 2015-94/CVE-2015-4497 (bsc#943557) (bmo#1164766, bmo#1175278) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558) (bmo#1042699) Add-on notification bypass through data URLs ------------------------------------------------------------------- Tue Aug 11 17:21:59 UTC 2015 - pcerny@suse.com - update to Firefox 38.2.0 ESR (bsc#940806) * MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin violation and local file stealing via PDF reader * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718) Overflow issues in libstagefright * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270, bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers ------------------------------------------------------------------- Mon Aug 10 18:25:05 UTC 2015 - pcerny@suse.com - hotfix update (bsc#940918) * MFSA 2015-78/CVE-2015-4495 (bmo#1178058) Same origin violation [-fix_expanded_principals] * Remove PlayPreview registration from PDF Viewer (bmo#1179262) [-fix_pdfjs_playpreview] ------------------------------------------------------------------- Mon Jul 6 17:33:57 UTC 2015 - cgrobertson@suse.com - update to Firefox 31.8.0 ESR (bsc#935979) * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 (bmo#1059081, bmo#1132265, bmo#1145781, bmo#1146416, bmo#1155985, bmo#1056410, bmo#1151650, bmo#1156861, bmo#1159321, bmo#1159973, bmo#1163359, bmo#1163852, bmo#1172076, bmo#1172397, bmo#1143679, bmo#1154876, bmo#1160884, bmo#1164567) Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) Type confusion in Indexed Database Manager * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) ECDSA signature validation fails to handle some signatures correctly * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1169867, bmo#1166924) Use-after-free in workers while using XMLHttpRequest * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/ CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 (bmo#1170809, bmo#1166900, bmo#1168207, bmo#1167888, bmo#1166082, bmo#1167356, bmo#1167332) Vulnerabilities found through code inspection * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) Privilege escalation in PDF.js * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) NSS accepts export-length DHE keys with regular DHE cipher suites * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) NSS incorrectly permits skipping of ServerKeyExchange ------------------------------------------------------------------- Fri May 15 11:37:01 UTC 2015 - pcerny@suse.com - update to Firefox 31.7.0 ESR (bsc#930622) * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 (bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474) Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) * MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML ------------------------------------------------------------------- Wed Apr 1 18:19:20 UTC 2015 - pcerny@suse.com - update to Firefox 31.6.0 ESR (bsc#925368) * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 (bmo#1005991, bmo#1111327, bmo#1116306, bmo#1127012, bmo#1130150, bmo#1132342, bmo#1133909, bmo#1136397, bmo#1137624, bmo#1138391, bmo#1036515, bmo#1137326, bmo#1138199) Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) * MFSA 2015-31/CVE-2015-0813 (bmo#1106596) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA 2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA 2015-40/CVE-2015-0801 (bmo#1146339) Same-origin bypass through anchor navigation ------------------------------------------------------------------- Mon Mar 23 12:16:49 UTC 2015 - pcerny@suse.com - update to Firefox 31.5.3 ESR (bsc#923534) * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation ------------------------------------------------------------------- Tue Feb 24 23:49:33 UTC 2015 - pcerny@suse.com - update to Firefox 31.5.0 ESR (bsc#917597) * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 (bmo#1072760, bmo#1092947, bmo#1114058, bmo#1114569, bmo#1118894, bmo#1119019, bmo#1122387, bmo#1125734, bmo#1127206, bmo#1127246, bmo#1096138, bmo#1107009, bmo#1111243, bmo#1111248, bmo#1115776, bmo#1117406, bmo#1119579, bmo#1123882, bmo#1124018, bmo#1128196) Miscellaneous memory safety hazards (rv:36.0 / rv:31.5) * MFSA 2015-16/CVE-2015-0831 (bmo#1130541) Use-after-free in IndexedDB * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete ------------------------------------------------------------------- Wed Jan 14 10:57:41 UTC 2015 - pcerny@suse.com - update to Firefox 31.4.0 ESR (bsc#910669) * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 (bmo#1109889, bmo#1111737, bmo#1026774, bmo#1027300, bmo#1054538, bmo#1067473, bmo#1070962, bmo#1072130, bmo#1072871, bmo#1098583) Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC - fix broken install scripts in some locales (bsc#909563) ------------------------------------------------------------------- Wed Dec 3 10:43:35 UTC 2014 - pcerny@suse.com - update to Firefox 31.3.0 ESR (bnc#908009) * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 (bmo#1042567, bmo#1072847, bmo#1079729, bmo#1080312, bmo#1089207, bmo#1013001, bmo#1023158, bmo#1026037, bmo#1037830, bmo#1048517, bmo#1064835, bmo#1073577, bmo#1075546, bmo#1077687, bmo#1086842, bmo#1096026) Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - removing merged patch disabling SSLv3 by default ------------------------------------------------------------------- Wed Oct 15 17:18:10 UTC 2014 - pcerny@suse.com - update to Firefox 31.2.0 ESR (bnc#900941) * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2) * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API - SSLv3 is disabled by default. See README.POODLE for more detailed information. ------------------------------------------------------------------- Fri Sep 5 08:27:05 UTC 2014 - pcerny@suse.com - update to Firefox 31.1.0 (bnc#894370) * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 (bmo#990247,bmo#995075,bmo#995704,bmo#1004480,bmo#1016519, bmo#1022945,bmo#1027359,bmo#1033121,bmo#1035007,bmo#1037666, bmo#1041148,bmo#1054359) Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - require NSPR 4.10.7/NSS 3.16.4 ------------------------------------------------------------------- Wed Aug 20 13:46:39 CEST 2014 - behlert@suse.de - adapted _constraints, used more than 3900MB on s390x during last build ------------------------------------------------------------------- Thu Jul 17 11:53:42 UTC 2014 - pcerny@suse.com - update to Firefox 31.0.0 ESR (bnc#887746) * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.3 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images - require NSS 3.16.3 ----------------------------------------------------------------- Fri Jun 13 21:40:37 UTC 2014 - pcerny@suse.com - update to Firefox 31 beta 6 - require NSS 3.16.1 ------------------------------------------------------------------- Mon Apr 28 23:19:05 UTC 2014 - pcerny@suse.com - update to Firefox 30 beta 8 - requires NSS 3.16 - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-599882cfb998.diff * mozilla-aarch64-bmo-963028.patch * mozilla-aarch64-bmo-963029.patch * mozilla-aarch64-bmo-963030.patch * mozilla-aarch64-bmo-963031.patch - added mozilla-icu-strncat.patch to fix post build checks ------------------------------------------------------------------- Mon Apr 7 15:34:31 UTC 2014 - dmueller@suse.com - add mozilla-aarch64-599882cfb998.patch, mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963030.patch, mozilla-aarch64-bmo-963027.patch, mozilla-aarch64-bmo-963028.patch, mozilla-aarch64-bmo-963029.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963031.patch: AArch64 porting ------------------------------------------------------------------- Mon Mar 31 18:20:22 UTC 2014 - dvaleev@suse.com - Fix MozillaFirefox builds for ppc64 and ppc64le - added patches: * mozilla-ppc64-xpcom.patch - modified patches: * mozilla-ppc64le-xpcom.patch ------------------------------------------------------------------- Sun Mar 16 23:49:34 UTC 2014 - pcerny@suse.com - update to Firefox 28.0 (bnc#868603) - requires NSPR 4.10.4 and NSS 3.15.5 - new build dependency: * libpulse - update of PowerPC 64 patches (bmo#976648) - rebased patches ------------------------------------------------------------------- Tue Mar 4 14:09:57 UTC 2014 - dvaleev@suse.com - Refresh patch to fit Firefox27 build system - modified patches: * mozilla-ppc64le-xpcom.patch ------------------------------------------------------------------- Fri Feb 28 13:17:49 UTC 2014 - pcerny@suse.com - update to Firefox 27.0.1 * Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval * JS math correctness issue (bnc#941381) - incorporate Google API key for geolocation (bnc#864170) - updated list of "other" locales in RPM requirements - update of PowerPC 64 patches (bmo#976648) ------------------------------------------------------------------- Tue Jan 28 15:45:41 UTC 2014 - wr@rosenauer.org - update to Firefox 27.0 (bnc#861847) * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes * MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log * MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script * MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects - requires NSS 3.15.4 or higher - rebased/reworked patches - removed obsolete mozilla-bug929439.patch ------------------------------------------------------------------- Thu Dec 12 21:19:54 UTC 2013 - uweigand@de.ibm.com - Add support for powerpc64le-linux. * mozilla-ppc64le.patch: general support * mozilla-libffi-ppc64le.patch: libffi backport * mozilla-xpcom-ppc64le.patch: port xpcom - Add build fix from mainline. * mozilla-bug929439.patch ------------------------------------------------------------------- Sun Dec 8 20:26:23 UTC 2013 - wr@rosenauer.org - update to Firefox 26.0 (bnc#854367, bnc#854370) * rebased patches * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now ------------------------------------------------------------------- Thu Oct 24 18:16:19 UTC 2013 - wr@rosenauer.org - update to Firefox 25.0 (bnc#847708) * rebased patches * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates ------------------------------------------------------------------- Tue Sep 24 07:31:30 UTC 2013 - wr@rosenauer.org - as GStreamer is not automatically required anymore but loaded dynamically if available, require it explicitely - recommend optional GStreamer plugins for comprehensive media support ------------------------------------------------------------------- Mon Sep 16 11:59:18 UTC 2013 - lnussel@suse.de - move greek to the translations-common package (bnc#840551) ------------------------------------------------------------------- Sat Sep 14 14:39:58 UTC 2013 - wr@rosenauer.org - update to Firefox 24.0 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - enable gstreamer explicitely via pref (gecko.js) - require NSS 3.15.1 ------------------------------------------------------------------- Mon Aug 26 07:35:36 UTC 2013 - wr@rosenauer.org - update to Firefox 23.0.1 * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (bmo#901527) ------------------------------------------------------------------- Sun Aug 4 18:30:11 UTC 2013 - wr@rosenauer.org - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 ------------------------------------------------------------------- Wed Jul 3 17:14:35 UTC 2013 - dmueller@suse.com - fix build on ARM (/-g/ matches /-grecord-switches/) ------------------------------------------------------------------- Sat Jun 22 17:48:06 UTC 2013 - wr@rosenauer.org - update to Firefox 22.0 (bnc#825935) * removed obsolete patches + mozilla-qcms-ppc.patch + mozilla-gstreamer-760140.patch * GStreamer support does not build on 12.1 anymore (build only on 12.2 and later) * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name ------------------------------------------------------------------- Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com - Fix qcms altivec include (mozilla-qcms-ppc.patch) ------------------------------------------------------------------- Fri May 10 05:25:39 UTC 2013 - wr@rosenauer.org - update to Firefox 21.0 (bnc#819204) * removed upstreamed patch firefox-712763.patch * removed disabled mozilla-disable-neon-option.patch * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer ------------------------------------------------------------------- Tue Apr 9 06:41:31 UTC 2013 - wr@rosenauer.org - revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch) ------------------------------------------------------------------- Fri Apr 5 17:04:11 UTC 2013 - schwab@linux-m68k.org - Explicitly disable WebRTC support on non-x86, the configure script disables it only half-heartedly ------------------------------------------------------------------- Fri Mar 29 22:15:21 UTC 2013 - wr@rosenauer.org - update to Firefox 20.0 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * mozilla-webrtc-ppc.patch included upstream * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) ------------------------------------------------------------------- Tue Mar 12 23:08:15 UTC 2013 - dmueller@suse.com - build fixes for armv7hl: * disable debug build as armv7hl does not have enough memory * disable webrtc on armv7hl as it is non-compiling ------------------------------------------------------------------- Thu Mar 7 19:03:32 UTC 2013 - wr@rosenauer.org - update to Firefox 19.0.2 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor ------------------------------------------------------------------- Thu Feb 28 22:06:36 UTC 2013 - wr@rosenauer.org - update to Firefox 19.0.1 * blocklist updates ------------------------------------------------------------------- Sat Feb 16 07:08:55 UTC 2013 - wr@rosenauer.org - update to Firefox 19.0 (bnc#804248) * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches * mozilla-webrtc.patch * mozilla-gstreamer-803287.patch - added patch to fix session restore window order (bmo#712763) ------------------------------------------------------------------- Sat Feb 2 08:40:52 UTC 2013 - wr@rosenauer.org - update to Firefox 18.0.2 * blocklist and CTP updates * fixes in JS engine ------------------------------------------------------------------- Wed Jan 16 20:51:55 UTC 2013 - wr@rosenauer.org - update to Firefox 18.0.1 * blocklist updates * backed out bmo#677092 (removed patch) * fixed problems involving HTTP proxy transactions ------------------------------------------------------------------- Sat Jan 12 17:25:11 UTC 2013 - schwab@linux-m68k.org - Fix WebRTC to build on powerpc ------------------------------------------------------------------- Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org - update to Firefox 18.0 (bnc#796895) * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in Javascript Proxy objects - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) - removed obsolete SLE11 patches (mozilla-gcc43*) - reenable WebRTC - added mozilla-libproxy-compat.patch for libproxy API compat on openSUSE 11.2 and earlier - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468) ------------------------------------------------------------------- Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org - update to Firefox 17.0.1 * revert some useragent changes introduced in 17.0 * leaving private browsing with social enabled doesn't reset all social components (bmo#815042) - fix KDE integration for file dialogs ------------------------------------------------------------------- Tue Nov 20 19:52:02 UTC 2012 - wr@rosenauer.org - update to Firefox 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) ------------------------------------------------------------------- Tue Nov 20 15:42:55 UTC 2012 - pcerny@suse.com - build on SLE11 * mozilla-gcc43-enums.patch * mozilla-gcc43-template_hacks.patch * mozilla-gcc43-templates_instantiation.patch ------------------------------------------------------------------- Wed Oct 24 08:27:29 UTC 2012 - wr@rosenauer.org - update to Firefox 16.0.2 (bnc#786522) * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues - bring back Obsoletes for libproxy's mozjs plugin for distributions before 12.2 to avoid crashes ------------------------------------------------------------------- Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org - update to Firefox 16.0.1 (bnc#783533) * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied ------------------------------------------------------------------- Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org - update to Firefox 16.0 (bnc#783533) * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) Use-after-free in the IME State Manager - requires NSPR 4.9.2 - improve GStreamer integration (bmo#760140) - removed upstreamed mozilla-crashreporter-restart-args.patch - webapprt now included - use kmozillahelper's new REVEAL command (bnc#777415) (requires mozilla-kde4-integration >= 0.6.4) - updated translations-other with new languages ------------------------------------------------------------------- Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org - update to Firefox 15.0.1 (bnc#779936) * Sites visited while in Private Browsing mode could be found through manual browser cache inspection (bmo#787743) ------------------------------------------------------------------- Sun Aug 26 13:47:43 UTC 2012 - wr@rosenauer.org - update to Firefox 15.0 (bnc#777588) * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty * MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of privilege through about:newtab * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT * MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor extension allows for remote debugging without explicit activation * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site SSL certificate data display * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console eval capable of executing chrome-privileged code - fix HTML5 video crash with GStreamer enabled (bmo#761030) - GStreamer is only used for MP4 (no WebM, OGG) - updated filelist - moved browser specific preferences to correct location ------------------------------------------------------------------- Sun Jul 29 08:34:39 UTC 2012 - aj@suse.de - Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) ------------------------------------------------------------------- Sat Jul 14 19:31:51 UTC 2012 - wr@rosenauer.org - update to 14.0.1 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-43/CVE-2012-1950 Incorrect URL displayed in addressbar through drag and drop * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-46/CVE-2012-1966 (bmo#734076) XSS through data: URLs * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-55/CVE-2012-1965 (bmo#758990) feed: URLs with an innerURI inherit security context of page * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs - license change from tri license to MPL-2.0 - fix crashreporter restart option (bmo#762780) - require NSS 3.13.5 - remove mozjs pacrunner obsoletes again for now - adopted mozilla-prefer_plugin_pref.patch - PPC fixes: * reenabled mozilla-yarr-pcre.patch to fix build for PPC * add patches for bmo#750620 and bmo#746112 * fix xpcshell segfault on ppc ------------------------------------------------------------------- Fri Jun 15 12:37:09 UTC 2012 - wr@rosenauer.org - update to Firefox 13.0.1 * bugfix release - obsolete libproxy's mozjs pacrunner (bnc#759123) ------------------------------------------------------------------- Sat Jun 2 08:22:51 UTC 2012 - wr@rosenauer.org - update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) ------------------------------------------------------------------- Wed May 23 14:40:16 UTC 2012 - adrian@suse.de - fix build on arm ------------------------------------------------------------------- Wed May 16 05:34:01 UTC 2012 - wr@rosenauer.org - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) ------------------------------------------------------------------- Sat Apr 21 10:02:37 UTC 2012 - wr@rosenauer.org - update to Firefox 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications ------------------------------------------------------------------- Fri Mar 9 21:47:07 UTC 2012 - wr@rosenauer.org - update to Firefox 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards - ported and reenabled KDE integration (bnc#746591) - explicitely build-require X libs ------------------------------------------------------------------- Mon Mar 5 13:31:48 UTC 2012 - vdziewiecki@suse.com - add Provides: browser(npapi) FATE#313084 ------------------------------------------------------------------- Fri Feb 17 17:41:11 UTC 2012 - pcerny@suse.com - better plugin directory resolution (bnc#747320) ------------------------------------------------------------------- Thu Feb 16 08:47:31 UTC 2012 - wr@rosenauer.org - update to Firefox 10.0.2 (bnc#747328) * CVE-2011-3026 (bmo#727401) libpng: integer overflow leading to heap-buffer overflow ------------------------------------------------------------------- Thu Feb 9 09:26:11 UTC 2012 - wr@rosenauer.org - update to Firefox 10.0.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings ------------------------------------------------------------------- Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) ------------------------------------------------------------------- Mon Jan 30 09:41:59 UTC 2012 - wr@rosenauer.org - update to Firefox 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071)