SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for MozillaFirefox-devel-8.0-2.3.test.9.x86_64.rpm :

* Sat Nov 12 2011 dvaleevAATTsuse.com- fix ppc64 build
* Sun Nov 06 2011 wrAATTrosenauer.org- update to Firefox 8 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper- rebased patches
* Thu Oct 20 2011 wrAATTrosenauer.org- enable telemetry prompt
* Fri Sep 30 2011 wrAATTrosenauer.org- update to minor release 7.0.1
* fixed staged addon updates- set intl.locale.matchOS=true in the base package as it causes too much confusion when it\'s only available with branding-openSUSE
* Fri Sep 23 2011 wrAATTrosenauer.org- update to Firefox 7 (bnc#720264) including
* Improve Responsiveness with Memory Reductions
* Instant Sync
* WebSocket protocol 8
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 Miscellaneous memory safety hazards
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) Defense against multiple Location headers due to CRLF Injection
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 Code installation through holding down Enter
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) Potentially exploitable WebGL crashes
* MFSA 2011-42/CVE-2011-3232 (bmo#653672) Potentially exploitable crash in the YARR regular expression library
* MFSA 2011-43/CVE-2011-3004 (bmo#653926) loadSubScript unwraps XPCNativeWrapper scope parameter
* MFSA 2011-44/CVE-2011-3005 (bmo#675747) Use after free reading OGG headers
* MFSA 2011-45 Inferring keystrokes from motion data- removed obsolete mozilla-cairo-lcd.patch- rebased patches- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in mozilla.sh.in (bnc#680758)
* Fri Sep 16 2011 wrAATTrosenauer.org- fixed loading of kde.js under KDE (bnc#718311)
* Wed Sep 14 2011 wrAATTrosenauer.org- add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1)- increase minversions for NSPR and NSS
* Fri Sep 09 2011 wrAATTrosenauer.org- recreated source archive to get correct source-stamp.txt
* Wed Sep 07 2011 pcernyAATTsuse.com- security update to 6.0.2 (bnc#714931)
* Complete blocking of certificates issued by DigiNotar (bmo#683449)
* Fri Sep 02 2011 pcernyAATTsuse.com- security update to 6.0.1 (bnc#714931)
* MFSA 2011-34 Protection against fraudulent DigiNotar certificates (bmo#682927)
* Fri Aug 12 2011 wrAATTrosenauer.org- update to 6.0 (bnc#712224) included security fixes MFSA 2011-29
* CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985 Miscellaneous memory safety hazards
* CVE-2011-2993 (bmo#657267) Unsigned scripts can call script inside signed JAR
* CVE-2011-2988 (bmo#665934) Heap overflow in ANGLE library
* CVE-2011-0084 (bmo#648094) Crash in SVGTextElement.getCharNumAtPosition()
* CVE-2011-2990 Credential leakage using Content Security Policy reports
* CVE-2011-2986 (bmo#655836) Cross-origin data theft using canvas and Windows D2D- removed obsolete curl header dependency (mozilla-curl.patch)
* Fri Jul 22 2011 wrAATTrosenauer.org- update to 6.0b3
* removed obsolete patches - firefox-shellservice.patch - mozilla-gio.patch - mozilla-ppc-ipc.patch - firefox-linkorder.patch - firefox-no-sync-l10n.patch- recognize linux3 as platform for symbolstore.py
* Fri Jul 01 2011 vuntzAATTopensuse.org- Add x-scheme-handler/ftp to the MimeType key in the .desktop, to let desktops know that Firefox can deal with ftp: URIs.
* Fri Jul 01 2011 wrAATTrosenauer.org- create upstream branding package again (supposedly empty) (bnc#703401)- fix build on SLE11 (changes do not affect/are not applied for later versions)
* Wed Jun 22 2011 wrAATTrosenauer.org- enable startup notification (bnc#701465)
* Mon Jun 20 2011 wrAATTrosenauer.org- update to 5.0 final- included fixes for security issues: (bnc#701296, bnc#700578)
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2375 Miscellaneous memory safety hazards
* MFSA 2011-20/CVE-2011-2373 (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images
* MFSA 2011-22/CVE-2011-2371 (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight()
* MFSA 2011-25/CVE-2011-2366 Stealing of cross-domain images using WebGL textures
* MFSA 2011-26/CVE-2011-2367 CVE-2011-2368 Multiple WebGL crashes
* MFSA 2011-27/CVE-2011-2369 (bmo#650001) XSS encoding hazard with inline SVG
* MFSA 2011-28/CVE-2011-2370 (bmo#645699) Non-whitelisted site can trigger xpinstall
* Mon Jun 20 2011 wrAATTrosenauer.org- update to 5.0b7
* updated supported locales- do not build dump_syms static (not needed for us) - > fix build for openSUSE 12.1 and above
* Wed Jun 15 2011 wrAATTrosenauer.org- update to 5.0b6- include proper revision information into the build- speedier find-external-requires.sh
* Tue May 31 2011 wrAATTrosenauer.org- update to 5.0b3- transformed to standalone Firefox (not xulrunner based) (with new Firefox rapid release cycle it makes no sense anymore)
* imported all relevant xulrunner patches- do not compile in build timestamp
* Fri Apr 15 2011 wrAATTrosenauer.org- security update to 4.0.1 (bnc#689281)
* MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 Miscellaneous memory safety hazards
* MFSA 2011-17/CVE-2011-0068 (bmo#623791) WebGLES vulnerabilities
* MFSA 2011-18/CVE-2011-1202 (bmo#640339) XSLT generate-id() function heap address leak
* Wed Mar 30 2011 wrAATTrosenauer.org- add all available icon sizes
* Tue Mar 29 2011 cfarrellAATTnovell.com- license update: MPLv1.1 or GPLv2+ or LGPLv2+ Sync licenses with Fedora. MPL does not state ^or later^
* Fri Mar 18 2011 wrAATTrosenauer.org- update to version 4.0rc2- fixed rpm macros delivered with devel package (bnc#679950)
* Wed Feb 23 2011 wrAATTrosenauer.org- update to version 4.0b12- rebased patches
* Fri Feb 04 2011 wrAATTrosenauer.org- update to version 4.0b11
* loads of bugfixes compared to last beta
* added \"Do Not Track\" option- rebased patches- disable testpilot
* Fri Jan 28 2011 wrAATTrosenauer.org- set correct desktop file name within KDE for 11.4 and up- add devel package with macros for extensions (from lnusselAATTsuse.de)
* Sat Jan 22 2011 wrAATTrosenauer.org- update to version 4.0b10- removed obsolete firefox-shell-bmo624267.patch- testpilot moved to distribution/extensions- updated locale provides and removed bn-IN from locales
* Tue Jan 11 2011 wrAATTrosenauer.org- update to version 4.0b9- added x-scheme-handler for http and https to desktop file for newer Gnome environments- fixed default browser check/set for GIO (bmo#611953) (mozilla-shellservice.patch)- removed obsolete firefox-appname.patch (integrated into shellservice patch)- renamed desktop file to firefox.desktop for 11.4 and newer (bnc#664211)- removed support for 10.3 and older from the spec file- removed obsolete \"Ximian\" categories from desktop file
* Mon Jan 03 2011 meissnerAATTsuse.de- Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
* Wed Dec 15 2010 wrAATTrosenauer.org- update to version 4.0beta8
* Tue Nov 30 2010 wrAATTrosenauer.org- major update to version 4.0beta7
* based on mozilla-xulrunner20
* far too many internal changes to list
* Wed Oct 27 2010 wrAATTrosenauer.org- security update to 3.6.12 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222) Heap buffer overflow mixing document.write and DOM insertion
* Wed Oct 06 2010 wrAATTrosenauer.org- security update to 3.6.11 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077) Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929) Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669) Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734) XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616) Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753) Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange
* Wed Sep 15 2010 wrAATTrosenauer.org- update to 3.6.10
* fixing startup topcrash (bmo#594699)
* Thu Aug 26 2010 wrAATTrosenauer.org- security update to 3.6.9 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447) Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512) Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655) Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815) Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075) XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070) Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445) Crash and remote code execution in normalizeDocument
* MFSA 2010-59/CVE-2010-2762 (bmo#584180) SJOW creates scope chains ending in outer object
* MFSA 2010-61/CVE-2010-2768 (bmo#579744) UTF-7 XSS by overriding document charset using type attribute
* MFSA 2010-62/CVE-2010-2769 (bmo#520189) Copy-and-paste or drag-and-drop into designMode document allows XSS
* MFSA 2010-63/CVE-2010-2764 (bmo#552090) Information leak via XMLHttpRequest statusText
* Wed Jul 28 2010 meissnerAATTsuse.de- disable crash reporter for non x86/x86_64 to make it build.
* Sat Jul 24 2010 wrAATTrosenauer.org- security update to 3.6.8 (bnc#622506)
* MFSA 2010-48/CVE-2010-2755 (bmo#575836) Dangling pointer crash regression from plugin parameter array fix
* Fri Jul 16 2010 wrAATTrosenauer.org- security update to 3.6.7 (bnc#622506)
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards
* MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability
* MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator
* MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
* MFSA 2010-38/CVE-2010-1215 (bmo#567069) Arbitrary code execution using SJOW and fast native function
* MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow
* MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability
* MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image
* MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts
* MFSA 2010-43/CVE-2010-1207 (bmo#571287) Same-origin bypass using canvas context
* MFSA 2010-44/CVE-2010-1210 (bmo#564679) Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities
* MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS
* MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages
* Sun Jun 27 2010 wrAATTrosenauer.org- update to 3.6.6 release
* modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated.
* Wed Jun 23 2010 wrAATTrosenauer.org- update to final 3.6.4 release (bnc#603356)
* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.2.4)
* MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances
* MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
* MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting
* MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes
* MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present
* MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random()
* Mon Jun 07 2010 wrAATTrosenauer.org- update to 3.6.4(build6)
* Sun Apr 18 2010 wrAATTrosenauer.org- security update to 3.6.4 (Lorentz)
* enable crashreporter also for x86-64
* Flash runs in a separate process to avoid crashing Firefox (ix86 only; x86-64 still uses nspluginwrapper)
* Thu Apr 01 2010 wrAATTrosenauer.org- security update to 3.6.3
* MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion
* Thu Mar 18 2010 wrAATTrosenauer.org- security update to version 3.6.2 (bnc#586567)
* MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow
* MFSA 2010-09/CVE-2010-0164 (bmo#547143) Deleted frame reuse in multipart/x-mixed-replace image
* MFSA 2010-10/CVE-2010-0170 (bmo#541530) XSS via plugins and unprotected Location object
* MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 Crashes with evidence of memory corruption
* MFSA 2010-12/CVE-2010-0171 (bmo#531364) XSS using addEventListener and setTimeout on a wrapped object
* MFSA 2010-13/CVE-2010-0168 (bmo#540642) Content policy bypass with image preloading
* MFSA 2010-14/CVE-2010-0169 (bmo#535806) Browser chrome defacement via cached XUL stylesheets
* MFSA 2010-15/CVE-2010-0172 (bmo#537862) Asynchronous Auth Prompt attaches to wrong window
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption
* MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn\'t check nsIContentPolicy
* Mon Jan 18 2010 wrAATTrosenauer.org- update to 3.6rc2 (already named 3.6.0)- removed obsolete orbit-devel build requirement
* Wed Jan 06 2010 wrAATTrosenauer.org- major update to 3.6rc1
* Fri Dec 25 2009 wrAATTrosenauer.org- update to version 3.5.7 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193)- added missing lockdown preferences (bnc#567131)
* Thu Dec 17 2009 wrAATTrosenauer.org- readded firefox-ui-lockdown.patch (bnc#546158)
* Thu Dec 03 2009 wrAATTrosenauer.org- security update to version 3.5.6 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener- fixed firefox-browser-css.patch (bnc#561027)
* Mon Nov 23 2009 wrAATTrosenauer.org- rebased patches for fuzz=0
* Thu Nov 05 2009 wrAATTrosenauer.org- update to version 3.5.5 (bnc#553172)
* Sat Oct 17 2009 wrAATTrosenauer.org- security update to version 3.5.4 (bnc#545277)
* MFSA 2009-52/CVE-2009-3370 (bmo#511615) Form history vulnerable to stealing
* MFSA 2009-53/CVE-2009-3274 (bmo#514823) Local downloaded file tampering
* MFSA 2009-54/CVE-2009-3371 (bmo#514554) Crash with recursive web-worker calls
* MFSA 2009-55/CVE-2009-3372 (bmo#500644) Crash in proxy auto-configuration regexp parsing
* MFSA 2009-56/CVE-2009-3373 (bmo#511689) Heap buffer overflow in GIF color map parser
* MFSA 2009-57/CVE-2009-3374 (bmo#505988) Chrome privilege escalation in XPCVariant::VariantDataToJS()
* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) Heap buffer overflow in string to number conversion
* MFSA 2009-61/CVE-2009-3375 (bmo#503226) Cross-origin data theft through document.getSelection()
* MFSA 2009-62/CVE-2009-3376 (bmo#511521) Download filename spoofing with RTL override
* MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 Upgrade media libraries to fix memory safety bugs
* MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 Crashes with evidence of memory corruption- removed upstreamed patch
* firefox-bug506901.patch
* Wed Oct 07 2009 llunakAATTnovell.com- fix KDE button order in one more place (bnc#170055)
* Fri Oct 02 2009 wrAATTrosenauer.org- improve UI colors to be usable with dark themes at all (firefox-browser-css.patch) (bnc#503351)- extend list of supported architectures as ABI identifier (mozilla-abi.patch) (bnc#543460)
* Sun Sep 13 2009 wrAATTrosenauer.org- added KDE integration patch from llunakAATTnovell.com (firefox-kde.patch)
* support for knotify, making -kde4-addon obsolete
* KDE-specific support functional (bnc#170055)- do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
* Thu Sep 10 2009 wrAATTrosenauer.org- security update to version 3.5.3 (bnc#534458)
* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 Crashes with evidence of memory corruption
* MFSA 2009-49/CVE-2009-3077 (bmo#506871) TreeColumns dangling pointer vulnerability
* MFSA 2009-50/CVE-2009-3078 (bmo#453827) Location bar spoofing via tall line-height Unicode characters
* MFSA 2009-51/CVE-2009-3079 (bmo#454363) Chrome privilege escalation with FeedWriter
* Wed Aug 19 2009 wrAATTrosenauer.org- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop as it contains more tweaks to handle non-Gnome environments and especially KDE integration:
* added the ability to set the KDE default browser (still part of bnc#170055)
* Fri Aug 07 2009 wrAATTrosenauer.org- split -translations package into -common and -other (bnc#529180)- remove \"set as background\" from context menu if not running in Gnome (part of bnc#170055)
* Fri Jul 31 2009 wrAATTrosenauer.org- security update to version 3.5.2
* MFSA 2009-38/CVE-2009-2470 (bmo#459524) Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
* MFSA 2009-44/CVE-2009-2654 (bmo#451898) Location bar and SSL indicator spoofing via window.open() on invalid URL
* MFSA 2009-45 Crashes with evidence of memory corruption
* MFSA 2009-46 (bmo#498897) Chrome privilege escalation due to incorrectly cached wrapper
* various other stability fixes- export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
* Tue Jul 28 2009 wrAATTrosenauer.org- fixed %exclude usage- fixed preferences\' advanced pane for fresh profiles (bmo#506901)
* Wed Jul 15 2009 wrAATTrosenauer.org- security update to version 3.5.1
* MFSA 2009-41 Corrupt JIT state after deep return from native function
* Mon Jul 06 2009 wrAATTrosenauer.org- added mozilla-linkorder.patch to fix build with --as-needed
* Tue Jun 30 2009 wrAATTrosenauer.org- update to final version 3.5 (20090623)
* Tue Jun 23 2009 wrAATTrosenauer.org- fixed build by linking to a real file
* Thu Jun 18 2009 wrAATTrosenauer.org- update to version 3.5rc2 (20090617)- BuildRequire mozilla-xulrunner191 = 1.9.1.0
* Sat Jun 06 2009 wrAATTrosenauer.org- update to version 3.5b99 (20090604)- BuildRequire mozilla-xulrunner191 = 1.9.1b99
* Wed May 27 2009 wrAATTrosenauer.org- fixed typos in improved xulrunner dependencies
* Mon May 11 2009 wrAATTrosenauer.org- use non-localized Downloads folder (bnc#501724)
* Mon May 04 2009 wrAATTrosenauer.org- update to new major version 3.5b4
* based on Gecko 1.9.1 (mozilla-xulrunner191)
* Private Browsing Mode
* TraceMonkey JavaScript engine
* Geolocation support
* native JSON and web worker threads support
* speculative parsing for faster content rendering
* Some HTML5 support- updated firefox.schemas- improved firefox-no-update.patch
* Tue Apr 28 2009 wrAATTrosenauer.org- security update to 3.0.10
* MFSA 2009-23/CVE-2009-1313 (bmo#489647) Crash in nsTextFrame::ClearTextRun()
* Thu Apr 16 2009 wrAATTrosenauer.org- security update to 3.0.9 (bnc#495473)
* MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9)
* MFSA 2009-15/CVE-2009-0652 (bmo#479336) URL spoofing with box drawing character
* MFSA 2009-16/CVE-2009-1306 (bmo#474536) jar: scheme ignores the content-disposition: header on the inner URI
* MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme
* MFSA 2009-18/CVE-2009-1308 (bmo#481558) XSS hazard using third-party stylesheets and XBL bindings
* MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
* MFSA 2009-20/CVE-2009-1310 (bmo#483086) Malicious search plugins can inject code into arbitrary sites
* MFSA 2009-21/CVE-2009-1311 (bmo#471962) POST data sent to wrong site when saving web page with embedded frame
* MFSA 2009-22/CVE-2009-1312 (bmo#475636) Firefox allows Refresh header to redirect to javascript: URIs
* Fri Mar 27 2009 wrAATTrosenauer.org- security update to 1.9.0.8 (bnc#488955,489411)
* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation
* MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift- allow RPM provides for stuff besides shared libraries (e.g. mime-types)
* Sun Mar 01 2009 wrAATTrosenauer.org- security update to 3.0.7 (bnc#478625)
* MFSA 2009-07 - Crashes with evidence of memory corruption CVE-2009-0771 - Layout Engine Crashes CVE-2009-0772 - Layout Engine Crashes CVE-2009-0773 - crashes in the JavaScript engine CVE-2009-0774 - Layout Engine Crashes
* MFSA 2009-08/CVE-2009-0775 - (bmo#474456) Mozilla Firefox XUL Linked Clones Double Free Vulnerability
* MFSA 2009-09/CVE-2009-0776 (bmo#414540) XML data theft via RDFXMLDataSource and cross-domain redirect
* MFSA 2009-10/CVE-2009-0040 (bmo#478901) Upgrade PNG library to fix memory safety hazards
* MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control characters
 
ICM