SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for firefox-52esr-translations-other-52.9.0-lp155.23.56.x86_64.rpm :

* Wed Aug 07 2019 Anonymous Checkouts - Relink to direct parent project (what was previously the grandparent) due to the intermediate project having been deleted- Turn off sending of telemtery (fuck spyware)
* Fri Oct 05 2018 anoncvsAATTmailinator.com- Remove the GTK3 build switch to force building with GTK2 due to bugs in GTK3 support that were not fixed until FF55 and which were never backported by Mozilla during the life of ESR52, and which are pointless to backport given GTK2 is still supported
* Tue Jun 26 2018 wrAATTrosenauer.org- update to Firefox 52.9.0 MFSA 2018-17 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693) Use-after-free when using focus()
* CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127) Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames
* CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
* Wed Jun 13 2018 wrAATTrosenauer.org- update to Firefox 52.8.1 (bsc#1096449)
* MFSA 2018-14/CVE-2018-6126 (bmo#1462682) Heap buffer overflow rasterizing paths in SVG with Skia
* Wed May 09 2018 wrAATTrosenauer.org- update to Firefox 52.8.0:
* Various stability and regression fixes
* Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data- Security fixes (bsc#1092548, MFSA 2018-12):
* CVE-2018-5183 (bmo#1454692) Backport critical security fixes in Skia
* CVE-2018-5154 (bmo#1443092) Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774) Use-after-free with SVG animations and text paths
* CVE-2018-5157 (bmo#1449898) Same-origin bypass of PDF Viewer to view protected PDF files
* CVE-2018-5158 (bmo#1452075) Malicious PDF can inject JavaScript into PDF Viewer
* CVE-2018-5159 (bmo#1441941) Integer overflow and out-of-bounds write in Skia
* CVE-2018-5168 (bmo#1449548) Lightweight themes can be installed without user interaction
* CVE-2018-5178 (bmo#1443891) Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
* CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705, bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415, bmo#1426129) Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
* Wed Mar 28 2018 astiegerAATTsuse.com- fix release tag and tarball to correctly identify 52.7.3esr
* Tue Mar 27 2018 wrAATTrosenauer.org- update to Firefox 52.7.3 MFSA 2018-10 (bsc#1087059)
* CVE-2018-5148 (bmo#1440717) Use-after-free in compositor- removed obsolete patch mozilla-bmo1446062.patch
* Fri Mar 16 2018 wrAATTrosenauer.org- update to Firefox 52.7.2 (bsc#1085671) MFSA 2018-08
* CVE-2018-5146 (bmo#1446062) Out of bounds memory write in libvorbis
* CVE-2018-5147 (bmo#1446365) Out of bounds memory write in libtremor (in mozilla-bmo1446062.patch)- Firefox 52.7.1 fixes - issues with the IT locale (bmo#1445278)
* Tue Mar 13 2018 astiegerAATTsuse.com- update to Firefox 52.7esr (bsc#1085130, MFSA 2018-07):
* CVE-2018-5127 (bmo#1430557) Buffer overflow manipulating SVG animatedPathSegList
* CVE-2018-5129 (bmo#1428947) Out-of-bounds write with malformed IPC messages
* CVE-2018-5130 (bmo#1433005) Mismatched RTP payload type can trigger memory corruption
* CVE-2018-5131 (bmo#1440775) Fetch API improperly returns cached copies of no-store/no-cache resources
* CVE-2018-5144 (bmo#1440926) Integer overflow during Unicode conversion
* CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450, bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087, bmo#1443865,bmo#1425520) Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
* CVE-2018-5145 (bmo#1261175,bmo#1348955) Memory safety bugs fixed in Firefox ESR 52.7
* Fri Feb 09 2018 wrAATTrosenauer.org- correct requires and provides handling (boo#1076907)
* Tue Jan 23 2018 wrAATTrosenauer.org- update to Firefox 52.6esr (bsc#1077291) MFSA 2018-01
* Speculative execution side-channel attack (\"Spectre\") MFSA 2018-03
* CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers
* CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation
* CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements
* CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT
* CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements
* CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener
* CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements
* CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling
* CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation
* CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right
* CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6- remove obsolete patch mozilla-ucontext.patch- official NSS requirement is >= 3.28.6 therefore putting 3.29.5 into an ifarch
* Wed Jan 17 2018 wbauerAATTtmo.at- Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as \'the main package\'s version\'.
* Tue Jan 16 2018 cgrobertsonAATTsuse.com- Added additional patches and configurations to fix builds on s390 and PowerPC.
* Added firefox-glibc-getrandom.patch effecting builds on s390 and PowerPC
* Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian ICU data file for running Firefox on bigendian architectures (bmo#1322212 and bmo#1264836)
* Added mozilla-s390-nojit.patch to enable atomic operations used by the JS engine when JIT is disabled on s390
* Build configuration options specific to s390
* Requires NSS >= 3.29.5
* Fri Dec 29 2017 astiegerAATTsuse.com- Update to Firefox 52.5.3esr:
* Fix a crash reporting issue that inadvertently sends background tab crash reports to Mozilla without user opt-in (bmo#1427111, bsc#1074235)
* Fri Dec 15 2017 fcrozatAATTsuse.com- Add BuildRequires python-xml to fix build on TW/SLE15.
* Sat Dec 09 2017 securityAATTsuse.com- update to Firefox 52.5.2esr (MFSA 2017-28):
* CVE-2017-7843 (bsc#1072034, bmo#1410106) Web worker in Private Browsing mode can write IndexedDB data
* Tue Nov 14 2017 wrAATTrosenauer.org- update to Firefox 52.5.0esr (boo#1068101) MFSA 2017-25
* CVE-2017-7828 (bmo#1406750. bmo#1412252) Use-after-free of PressShell while restyling layout
* CVE-2017-7830 (bmo#1408990) Cross-origin URL information leak through Resource Timing API
* CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
* Sun Oct 01 2017 stefan.bruensAATTrwth-aachen.de- Correct plugin directory for aarch64 (boo#1061207). The wrapper script was not detecting aarch64 as a 64 bit architecture, thus used /usr/lib/browser-plugins/.
* Sat Sep 30 2017 zaitorAATTopensuse.org- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0), pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0), pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure looks for.
* Fri Sep 29 2017 wrAATTrosenauer.org- update to Firefox 52.4esr (boo#1060445)
* requires NSS >= 3.28.6 MFSA 2017-22
* CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation
* CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode
* CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin
* CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4- fixed language accept header to use correct locale (mozilla-bmo1005640.patch, boo#1029917)
* Thu Sep 28 2017 dimstarAATTopensuse.org- Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel.
* Wed Aug 09 2017 schwabAATTsuse.de- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext
* Tue Aug 08 2017 wrAATTrosenauer.org- update to Firefox 52.3esr (boo#1052829) MFSA 2017-19
* CVE-2017-7798 (bmo#1371586, bmo#1372112) XUL injection in the style editor in devtools
* CVE-2017-7800 (bmo#1374047) Use-after-free in WebSockets during disconnection
* CVE-2017-7801 (bmo#1371259) Use-after-free with marquee during window resizing
* CVE-2017-7784 (bmo#1376087) Use-after-free with image observers
* CVE-2017-7802 (bmo#1378147) Use-after-free resizing image elements
* CVE-2017-7785 (bmo#1356985) Buffer overflow manipulating ARIA attributes in DOM
* CVE-2017-7786 (bmo#1365189) Buffer overflow while painting non-displayable SVG
* CVE-2017-7753 (bmo#1353312) Out-of-bounds read with cached style data and pseudo-elements#
* CVE-2017-7787 (bmo#1322896) Same-origin policy bypass with iframes through page reloads
* CVE-2017-7807 (bmo#1376459) Domain hijacking through AppCache fallback
* CVE-2017-7792 (bmo#1368652) Buffer overflow viewing certificates with an extremely long OID
* CVE-2017-7804 (bmo#1372849) Memory protection bypass through WindowsDllDetourPatcher
* CVE-2017-7791 (bmo#1365875) Spoofing following page navigation with data: protocol and modal alerts
* CVE-2017-7782 (bmo#1344034) WindowsDllDetourPatcher allocates memory without DEP protections
* CVE-2017-7803 (bmo#1377426) CSP containing \'sandbox\' improperly applied
* CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
* Wed Jul 05 2017 astiegerAATTsuse.com- Mozilla Firefox 52.2.1esr:
* Printing text does not work on Windows when Direct2D is disabled (bmo#1318845)
* Wed Jun 14 2017 wrAATTrosenauer.org- update to Firefox 52.2esr (boo#1043960) MFSA 2017-16
* CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading
* CVE-2017-7750 (bmo#1356558) Use-after-free with track elements
* CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners
* CVE-2017-7752 (bmo#1359547) Use-after-free with IME input
* CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only)
* CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library
* CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder
* CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only)
* CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application (Windows only)
* CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian Syllabics and other unicode blocks
* CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files (Windows only)
* CVE-2017-7766 (bmo#1342742) File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service (Windows only)
* CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service (Windows only)
* CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service (Windows only)
* CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2- requires NSS 3.28.5
* Tue May 23 2017 wrAATTrosenauer.org- remove -fno-inline-small-functions and explicitely optimize with - O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
* Mon May 08 2017 wrAATTrosenauer.org- update to Firefox 52.1.1 MFSA 2017-14
* CVE-2017-5031: Use after free in ANGLE (bmo#1328762) (Windows only, Linux not affected)- switch to Mozilla\'s geolocation service (boo#1026989)- removed mozilla-preferences.patch obsoleted by overriding via firefox.js- fixed KDE integration to avoid crash caused by filepicker (boo#1015998)
* Wed Apr 12 2017 wrAATTrosenauer.org- update to Firefox 52.1.0esr (boo#1035082) MFSA 2017-12
* CVE-2017-5443 (bmo#1342661) Out-of-bounds write during BinHex decoding
* CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
* CVE-2017-5464 (bmo#1347075) Memory corruption with accessibility and DOM manipulation
* CVE-2017-5465 (bmo#1347617) Out-of-bounds read in ConvolvePixel
* CVE-2017-5466 (bmo#1353975) Origin confusion when reloading isolated data:text/html URL
* CVE-2017-5467 (bmo#1347262) Memory corruption when drawing Skia content
* CVE-2017-5460 (bmo#1343642) Use-after-free in frame selection
* CVE-2017-5461 (bmo#1344380) Out-of-bounds write in Base64 encoding in NSS
* CVE-2017-5448 (bmo#1346648) Out-of-bounds write in ClearKeyDecryptor
* CVE-2017-5449 (bmo#1340127) Crash during bidirectional unicode manipulation with animation
* CVE-2017-5446 (bmo#1343505) Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
* CVE-2017-5447 (bmo#1343552) Out-of-bounds read during glyph processing
* CVE-2017-5444 (bmo#1344461) Buffer overflow while parsing application/http-index-format content
* CVE-2017-5445 (bmo#1344467) Uninitialized values used while parsing application/http-index-format content
* CVE-2017-5442 (bmo#1347979) Use-after-free during style changes
* CVE-2017-5469 (bmo#1292534) Potential Buffer overflow in flex-generated code
* CVE-2017-5440 (bmo#1336832) Use-after-free in txExecutionState destructor during XSLT processing
* CVE-2017-5441 (bmo#1343795) Use-after-free with selection during scroll events
* CVE-2017-5439 (bmo#1336830) Use-after-free in nsTArray Length() during XSLT processing
* CVE-2017-5438 (bmo#1336828) Use-after-free in nsAutoPtr during XSLT processing
* CVE-2017-5437 (bmo#1343453) Vulnerabilities in Libevent library
* CVE-2017-5436 (bmo#1345461) Out-of-bounds write with malicious font in Graphite 2
* CVE-2017-5435 (bmo#1350683) Use-after-free during transaction processing in the editor
* CVE-2017-5434 (bmo#1349946) Use-after-free during focus handling
* CVE-2017-5433 (bmo#1347168) Use-after-free in SMIL animation functions
* CVE-2017-5432 (bmo#1346654) Use-after-free in text input selection
* CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
* CVE-2017-5459 (bmo#1333858) Buffer overflow in WebGL
* CVE-2017-5462 (bmo#1345089) DRBG flaw in NSS
* CVE-2017-5455 (bmo#1341191) Sandbox escape through internal feed reader APIs
* CVE-2017-5454 (bmo#1349276) Sandbox escape allowing file system read access through file picker
* CVE-2017-5456 (bmo#1344415) Sandbox escape allowing local file system access
* CVE-2017-5451 (bmo#1273537) Addressbar spoofing with onblur event- requires NSS 3.28.4- rebased patches
* Mon Apr 03 2017 wrAATTrosenauer.org- renamed package to firefox-esr
* Mon Apr 03 2017 wrAATTrosenauer.org- switch package to use ESR52 branch
* enables plugin support by default
* service workers are disabled by default
* push notifications are disabled by default
* WebAssembly (wasm) is disabled
* Less use of multiprocess architecture Electrolysis (e10s)
* Mon Apr 03 2017 wrAATTrosenauer.org- update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
* Fix loading tab icons on session restore (bmo#1338009)
* Fix a crash on startup on Linux (bmo#1345413)
* Fix new installs erroneously not prompting to change the default browser setting (bmo#1343938)
* Mon Mar 20 2017 wrAATTrosenauer.org- disable rust usage for everything but x86(-64)- explicitely add libffi build requirement
* Fri Mar 17 2017 wrAATTrosenauer.org- update to Firefox 52.0.1 (boo#1029822) MFSA 2017-08 CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
* Thu Mar 09 2017 wrAATTrosenauer.org- reenable ALSA support which was removed by default upstream
* Sat Mar 04 2017 wrAATTrosenauer.org- update to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by trackers
* MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by draging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361) CVE-2017-5427: Non-existent chrome.manifest file loaded during startup (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876) CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420: Javascript: URLs can obfuscate addressbar location (bmo#1284395) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in Firefox 52 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8- removed obsolete patches
* mozilla-binutils-visibility.patch
* mozilla-check_return.patch
* mozilla-disable-skia-be.patch
* mozilla-skia-overflow.patch
* mozilla-skia-ppc-endianess.patch- rebased patches- enable rust usage for Tumbleweed
* Fri Jan 27 2017 astiegerAATTsuse.com- Mozilla Firefox 51.0.1: - Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423)
* Fri Jan 20 2017 wrAATTrosenauer.org- update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
* Added support for FLAC (Free Lossless Audio Codec) playback
* Added support for WebGL 2
* Added Georgian (ka) and Kabyle (kab) locales
* Support saving passwords for forms without \'submit\' events
* Improved video performance for users without GPU acceleration
* Zoom indicator is shown in the URL bar if the zoom level is not at default level
* View passwords from the prompt before saving them
* Remove Belarusian (be) locale
* Use Skia for content rendering (Linux)
* MFSA 2017-01 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bmo#1312001, bmo#1330769, boo#1021818) CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events (bmo#1222798) CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage (bmo#1293709) (Android only) CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) CVE-2017-5395: Android location bar spoofing during scrolling (bmo#1293463) (Android only) CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (boo#1021824)- switch Firefox to Gtk3 for Tumbleweed- removed obsolete patches
* mozilla-flex_buffer_overrun.patch- updated RPM locale support tag- improve recognition of LANGUAGE env variable (boo#1017174)- add upstream patch to fix PPC64LE (bmo#1319389) (mozilla-skia-ppc-endianess.patch)- fix build without skia (big endian archs) (bmo#1319374) (mozilla-disable-skia-be.patch)
* Mon Dec 12 2016 wrAATTrosenauer.org- update to Firefox 50.1.0 (boo#1015422)
* MFSA 2016-94 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements (bmo#1317409) CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees (bmo#1314442) CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs (bmo#1319122) CVE-2016-9904: Cross-origin information leak in shared atoms (bmo#1317936) CVE-2016-9901: Data from Pocket server improperly sanitized before execution (bmo#1320057) CVE-2016-9902: Pocket extension does not validate the origin of events (bmo#1320039) CVE-2016-9903: XSS injection vulnerability in add-ons SDK (bmo#1315435) CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
* Fri Dec 09 2016 cgrobertsonAATTnovell.com- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
* Thu Dec 01 2016 wrAATTrosenauer.org- update to Firefox 50.0.2
* Firefox crashes with 3rd party Chinese IME when using IME text (50.0.1) security fixes (in 50.0.1): (boo#1012807)
* MFSA 2016-91 CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect (bmo#1317641) security fixes (in 50.0.2) (boo#1012964)
* MFSA 2016-92 CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
* Mon Nov 14 2016 wrAATTrosenauer.org- update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2 new features
* Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R
* Added option to Find in page that allows users to limit search to whole words only
* Added download protection for a large number of executable file types on Windows, Mac and Linux
* Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
* Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
* Blocked versions of libavcodec older than 54.35.1
* additional locale security fixes:
* MFSA 2016-89 CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) CVE-2016-5292: URL parsing causes crash (bmo#1288482) CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log hardlink (Windows only) (bmo#1246945) CVE-2016-5294: Arbitrary target directory for result files of update process (Windows only) (bmo#1246972) CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen (Android only) (bmo#1306696) CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) CVE-2016-9072: 64-bit NPAPI sandbox isn\'t enabled on fresh profile (bmo#1300083) (Windows only) CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM (Windows only) (bmo#1247239) CVE-2016-5298: SSL indicator can mislead the user about the real URL visited (bmo#1227538) (Android only) CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions (bmo#1245791) (Android only) CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions (Android only) (bmo#1245795) CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file (Android only) (bmo#1294438) CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) CVE-2016-9073: windows.create schema doesn\'t specify \"format\": \"relativeUrl\" (bmo#1289273) CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) (fixed via NSS 3.26.1) CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976) CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777) CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003) CVE-2016-5289: Memory safety bugs fixed in Firefox 50 CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5- make aarch64 build more similar to x86_64 build (remove conditionals that don\'t seem to be necessary anymore)
* Mon Oct 24 2016 astiegerAATTsuse.com- Mozilla Firefox 49.0.2:
* CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
* CVE-2016-5288: Web content can read cache entries (bsc#1006476)
* Asynchronous rendering of the Flash plugins is now enabled by default
* Change D3D9 default fallback preference to prevent graphical artifacts
* Network issue prevents some users from seeing the Firefox UI on startup
* Web compatibility issue with file uploads
* Web compatibility issue with Array.prototype.values
* Diagnostic information on timing for tab switching
* Fix a Canvas filters graphics issue affecting HTML5 apps
* Wed Oct 12 2016 badshah400AATTgmail.com- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0 and fixes have been incorporated by upstream.
* Fri Sep 23 2016 astiegerAATTsuse.com- Mozilla Firefox 49.0.1:
* Mitigate a startup crash issue caused by Websense - bmo#1304783
* Tue Sep 20 2016 wrAATTrosenauer.org- update to Firefox 49.0 (boo#999701) new features
* Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins.
* Added features to Reader Mode that make it easier on the eyes and the ears
* Improved video performance for users on systems that support SSE3 without hardware acceleration
* Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed
* Improvements in about:memory reports for tracking font memory usage security related
* MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don\'t allow content to request favicons from non-whitelisted schemes CVE-2016-5283 (bmo#928187) -