SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for MozillaFirefox-translations-common-92.0.1-1.1.x86_64.rpm :

* Sat Sep 25 2021 Andreas Stieger - Mozilla Firefox 92.0.1
* Fixed: Fixes an issue where audio playback was not working on some Linux systems (bmo#1730499)
* Fixed: Fixes issues with the findbar close button on different operating systems (bmo#1728368)
* Mon Sep 06 2021 Wolfgang Rosenauer - Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers
* Full-range color levels are now supported for video playback on many systems MFSA 2021-38 (bsc#1190269)
* CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240, bmo#1712242, bmo#1729259) Handling custom intents could lead to crashes and UI spoofs
* CVE-2021-38491 (bmo#1551886) Mixed-Content-Blocking was unable to check opaque origins
* CVE-2021-38492 (bmo#1721107) Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107) Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1
* CVE-2021-38494 (bmo#1723920, bmo#1725638) Memory safety bugs fixed in Firefox 92- updated appdata- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch (does not apply anymore; unclear if obsolete)- bring back mozilla-silence-no-return-type.patch and run post-build-checks everywhere again- requires NSS 3.69.1
* Tue Aug 31 2021 Atri Bhattacharya - Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly repositioned due to rounding errors when font scaling != 1 (bmo#1708709); patch taken from upstream bug report and rebased to apply cleanly against current version.
* Sun Aug 29 2021 Martin Liška - Bump using with GCC (tested locally).
* Fri Aug 27 2021 Andreas Stieger - Mozilla Firefox 91.0.2:
* Fixed: Firefox no longer clears authentication data when purging trackers, to avoid repeatedly prompting for a password (bmo#1721084)
* Wed Aug 18 2021 Wolfgang Rosenauer - Mozilla Firefox 91.0.1
* Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bmo#1704404)
* Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to-tab results in the address bar panel (bmo#1720369)
* Various stability fixes MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses
* Mon Aug 09 2021 Wolfgang Rosenauer - Mozilla Firefox 91.0 MFSA 2021-33 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138) Race condition when resolving DNS names could have led to memory corruption
* CVE-2021-29981 (bmo#1707774) Live range splitting could have led to conflicting assignments in the JIT
* CVE-2021-29988 (bmo#1717922) Memory corruption as a result of incorrect style treatment
* CVE-2021-29983 (bmo#1719088) Firefox for Android could get stuck in fullscreen mode
* CVE-2021-29984 (bmo#1720031) Incorrect instruction reordering during JIT optimization
* CVE-2021-29980 (bmo#1722204) Uninitialized memory in a canvas object could have led to memory corruption
* CVE-2021-29987 (bmo#1716129) Users could have been tricked into accepting unwanted permissions on Linux
* CVE-2021-29985 (bmo#1722083) Use-after-free media channels
* CVE-2021-29982 (bmo#1715318) Single bit data leak due to incorrect JIT optimization and type confusion
* CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178, bmo#1719998, bmo#1720568) Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
* CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778, bmo#1719319, bmo#1722073) Memory safety bugs fixed in Firefox 91- requires
* rustc/cargo >= 1.51
* NSPR >= 4.32
* NSS >= 3.68- force-disable webrender on BE platforms
* Sat Jul 24 2021 Andreas Stieger - Mozilla Firefox 90.0.2:
* Changed: Updates to support DoH Canada rollout (bmo#1713036)
* Fixed: Fixed truncated output when printing (bmo#1720621)
* Fixed: Fixed menu styling on some Gtk themes (bmo#1720441, bmo#1720874)
* Mon Jul 19 2021 Andreas Stieger - Mozilla Firefox 90.0.1 (boo#1188480):
* Fixed: Fixed busy looping processing some HTTP3 responses (bmo#1720079)
* Fixed: Fixed transient errors authenticating with some smart cards (bmo#1715325)
* Fixed: Fixed a rare crash on shutdown (bmo#1707057)
* Fixed: Fixed a race on startup that caused about:support to end up empty after upgrade (bmo#1717894, boo#1188330)
* Sun Jul 11 2021 Wolfgang Rosenauer - Mozilla Firefox 90.0 MFSA 2021-28 (bsc#1188275)
* CVE-2021-29970 (bmo#1709976) Use-after-free in accessibility features of a document
* CVE-2021-29971 (bmo#1713638) Granted permissions only compared host; omitting scheme and port on Android
* CVE-2021-30547 (bmo#1715766) Out of bounds write in ANGLE
* CVE-2021-29972 (bmo#1696816) Use of out-of-date library included use-after-free vulnerability
* CVE-2021-29973 (bmo#1701932) Password autofill on HTTP websites was enabled without user interaction on Android
* CVE-2021-29974 (bmo#1704843) HSTS errors could be overridden when network partitioning was enabled
* CVE-2021-29975 (bmo#1713259) Text message could be overlaid on top of another website
* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391) Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
* CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316, bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357, bmo#1714066) Memory safety bugs fixed in Firefox 90- requires NSPR 4.31 NSS 3.66- Gtk2 support removed (was only for Flash plugin before)
* Wed Jun 23 2021 Andreas Stieger - Mozilla Firefox 89.0.2 (boo#1187648):
* Fix occasional hangs with Software WebRender on Linux (bmo#1708224)
* Sat Jun 19 2021 Andreas Stieger - Mozilla Firefox 89.0.1 (boo#1187475):
* Updated translations, including full Spanish (Mexico) localization and other improvements (bmo#1714946)
* Fix various font related regressions (bmo#1694174)
* Linux: Fix performance and stability regressions with WebRender (bmo#1715895, bmo#1715902)
* Enterprise: Fix for the `DisableDeveloperTools` policy not having effect anymore (bmo#1715777)
* Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
* Various stability fixes
* Sat May 29 2021 Wolfgang Rosenauer - Mozilla Firefox 89.0
* UI redesign
* The Event Timing API is now supported
* The CSS forced-colors media query is now supported MFSA 2021-23 (bsc#1186696)
* CVE-2021-29965 (bmo#1709257) Password Manager on Firefox for Android susceptible to domain spoofing
* CVE-2021-29960 (bmo#1675965) Filenames printed from private browsing mode incorrectly retained in preferences
* CVE-2021-29961 (bmo#1700235) Firefox UI spoof using ` and mouse events (bmo#1291078)
* Fix a top crash caused by plugin issues (bmo#1264530)
* Fix a shutdown issue (bmo#1276920)
* Fix a crash in WebRTC
* Mon Aug 15 2016 wrAATTrosenauer.org- added upstream patch so system plugins/extensions are correctly loaded again on x86-64 (bmo#1282843) (mozilla-old_configure-bmo1282843.patch)
* Fri Aug 05 2016 pcernyAATTsuse.com- Fix for possible buffer overrun (bsc#990856) CVE-2016-6354 (bmo#1292534) [mozilla-flex_buffer_overrun.patch]
* Wed Aug 03 2016 badshah400AATTgmail.com- Update mozilla-gtk3_20.patch to latest version from Fedora.
* Mon Aug 01 2016 wrAATTrosenauer.org- update to Firefox 48.0 (boo#991809)
* requires NSS 3.24
* Process separation (e10s) is enabled for some of you
* Add-ons that have not been verified and signed by Mozilla will not load
* WebRTC embetterments
* The media parser has been redeveloped using the Rust programming language
* better Canvas performance with speedy Skia support security fixes:
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards
* MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed
* MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content
* MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
* MFSA 2016-66/CVE-2016-5251 (bmo#1255570) Location bar spoofing via data URLs with malformed/invalid mediatypes
* MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering
* MFSA 2016-68/CVE-2016-0718 (bmo#1236923) Out-of-bounds read during XML parsing in Expat library
* MFSA 2016-69/CVE-2016-5253 (bmo#1246944) Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter (Windows-only)
* MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus
* MFSA 2016-71/CVE-2016-5255 (bmo#1212356) Crash in incremental garbage collection in JavaScript
* MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown
* MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events
* MFSA 2016-74/CVE-2016-5260 (bmo#1280294) Form input type change from password to text can store plain text password in session restore file
* MFSA 2016-75/CVE-2016-5261 (bmo#1287266) Integer overflow in WebSockets during data buffering
* MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes
* MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
* MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation
* MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects
* MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file
* MFSA 2016-81/CVE-2016-5266 (bmo#1226977) Information disclosure and local file manipulation through drag and drop
* MFSA 2016-82/CVE-2016-5267 (bmo#1284372) Addressbar spoofing with right-to-left characters on Firefox for Android (Android only)
* MFSA 2016-83/CVE-2016-5268 (bmo#1253673) Spoofing attack through text injection into internal error pages
* MFSA 2016-84/CVE-2016-5250 (bmo#1254688) Information disclosure through Resource Timing API during page navigation- removed obsolete mozilla-gcc6.patch
* Fri Jul 29 2016 badshah400AATTgmail.com- Update description and screenshots in appdata.xml file.
* Sat Jul 23 2016 antoine.belvireAATTlaposte.net- Fix Firefox crash on startup on i586 (boo#986541):
* Add -fno-delete-null-pointer-checks and - fno-inline-small-functions to CFLAGS
* Tue Jul 19 2016 mailaenderAATTopensuse.org- Update the appdata.xml file (replace Windows XP screenshot)
* Wed Jun 29 2016 astiegerAATTsuse.com- Mozilla Firefox 47.0.1:
* Selenium WebDriver may cause Firefox to crash at startup (bmo#1280854)
* Wed Jun 15 2016 wrAATTrosenauer.org- mozilla-binutils-visibility.patch to fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)
* Tue Jun 14 2016 badshah400AATTgmail.com- Update mozilla-gtk3_20.patch to latest version from Fedora.
* Mon Jun 13 2016 agrafAATTsuse.com- Fix running on 48bit va aarch64 (bsc#984126)
* add patch mozilla-aarch64-48bit-va.patch
* Mon Jun 13 2016 wrAATTrosenauer.org- fix XUL dialog button order under KDE session (boo#984403)
* Tue Jun 07 2016 wrAATTrosenauer.org- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is not installed
* View and search open tabs from your smartphone or another computer in a sidebar
* Allow no-cache on back/forward navigations for https resources security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 (boo#983638) (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, bmo#1269729, bmo#1273202, bmo#1273701) Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) Partial same-origin-policy through setting location.host through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) Use-after-free when textures are used in WebGL operations after recycle pool destruction
* MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) Incorrect icon displayed on permissions notifications
* MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) Entering fullscreen and persistent pointerlock without user permission
* MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) Information disclosure of disabled plugins through CSS pseudo-classes
* MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) Java applets bypass CSP protections
* MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, bmo#1221620, bmo#1241034, bmo#1241037) Network Security Services (NSS) vulnerabilities fixed by requiring NSS 3.23 packaging changes:
* cleanup configure options (boo#981695): - notably remove GStreamer support which is gone from FF
* remove obsolete patches - mozilla-libproxy.patch - mozilla-repo.patch
* Wed May 25 2016 badshah400AATTgmail.com- The conditional testing for gcc was failing for different openSUSE versions, drop it and apply patches unconditionally.
* Mon May 23 2016 badshah400AATTgmail.com- Add patches to fix building with gcc6: + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch taken from upstream: https://hg.mozilla.org/mozilla-central/rev/55212130f19d. + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp from unified compilation because #include in other source files causes gcc6 compilation failure; patch taken from upstream: https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc.
* Thu May 12 2016 dsterbaAATTsuse.cz- enable build with PIE and full relro on x86_64 (boo#980384)
* Wed May 04 2016 wrAATTrosenauer.org- update to Firefox 46.0.1 Fixed:
* Search plugin issue for various locales
* Add-on signing certificate expiration
* Service worker update issue
* Build issue when jit is disabled
* Limit Sync registration updates- removed now obsolete mozilla-jit_branch64.patch
* Tue May 03 2016 normandAATTlinux.vnet.ibm.com- add mozilla-jit_branch64.patch to avoid PowerPC build failure (from bmo#1266366)
* Wed Apr 27 2016 badshah400AATTgmail.com- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest version from Fedora).
* Wed Apr 27 2016 wrAATTrosenauer.org- update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
* WebRTC fixes to improve performance and stability
* Added support for document.elementsFromPoint
* Added HKDF support for Web Crypto API
* requires NSPR 4.12 and NSS 3.22.3
* added patch to fix unchecked return value mozilla-check_return.patch
* Gtk3 builds not supported at the moment security fixes:
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 (boo#977373, boo#977375, boo#977376) Miscellaneous memory safety hazards
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) Privilege escalation through file deletion by Maintenance Service updater (Windows only)
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) Content provider permission bypass allows malicious application to access data (Android only)
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776, boo#977379) Use-after-free and buffer overflow in Service Workers
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) Disclosure of user actions through JavaScript with motion and orientation sensors (only affects mobile variants)
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) Buffer overflow in libstagefright with CENC offsets
* MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) CSP not applied to pages sent with multipart/x-mixed-replace
* MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) Elevation of privilege with chrome.tabs.update API in web extensions
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) Write to invalid HashMap entry through JavaScript.watch()
* MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) Firefox Health Reports could accept events from untrusted domains
* Thu Apr 21 2016 badshah400AATTgmail.com- Update mozilla-gtk3_20.patch to fix scrollbar appearance under gtk >= 3.20 (patch synced to Fedora\'s version).
* Tue Apr 12 2016 badshah400AATTgmail.com- Compile against gtk3 depending on whether the macro %firefox_use_gtk3 is defined or not (e.g., at the prjconf level); macro is undefined by default and so gtk2 is used as the default toolkit.- Add BuildRequires for additional packages needed when building against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; patch taken from Fedora (bmo#1230955).
* Mon Apr 11 2016 astiegerAATTsuse.com- Mozilla Firefox 45.0.2:
* Fix an issue impacting the cookie header when third-party cookies are blocked (bmo#1257861)
* Fix a web compatibility regression impacting the srcset attribute of the image tag (bmo#1259482)
* Fix a crash impacting the video playback with Media Source Extension (bmo#1258562)
* Fix a regression impacting some specific uploads (bmo#1255735)
* Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (bmo#1254980)
* Fri Mar 18 2016 astiegerAATTsuse.com- Mozilla Firefox 45.0.1:
* Fix a regression causing search engine settings to be lost in some context (bmo#1254694)
* Bring back non-standard jar: URIs to fix a regression in IBM iNotes (bmo#1255139)
* XSLTProcessor.importStylesheet was failing when was used (bmo#1249572)
* Fix an issue which could cause the list of search provider to be empty (bmo#1255605)
* Fix a regression when using the location bar (bmo#1254503)
* Fix some loading issues when Accept third-party cookies: was set to Never (bmo#1254856)
* Disabled Graphite font shaping library
* Sun Mar 06 2016 wrAATTrosenauer.org- update to Firefox 45.0 (boo#969894)
* requires NSPR 4.12 / NSS 3.21.1
* Instant browser tab sharing through Hello
* Synced Tabs button in button bar
* Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
* Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
* Tab Groups (Panorama) feature removed
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels
* MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property
* MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore
* MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin
* MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection
* MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1)
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library
* Sat Mar 05 2016 olafAATTaepfle.de- Remove B_CNT from symbols.zip filename to reduce build-compare noise
* Fri Feb 26 2016 astiegerAATTsuse.com- fix build problems on i586, caused by too large unified compile units - adding mozilla-reduce-files-per-UnifiedBindings.patch
* Thu Feb 11 2016 wrAATTrosenauer.org- update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins
* Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176)
* Allows spaces in cookie names (bmo#1244505)
* Disable opus/vorbis audio with H.264 (bmo#1245696)
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
* Fix a crash in cache networking (bmo#1244076)
* Fix using WebSockets in service worker controlled pages (bmo#1243942)
* Sat Jan 30 2016 dmuellerAATTsuse.com- build fixes for arm/aarch64:
* disable webrtc for arm/aarch64
* switch away from openGL-ES backend to default for arm/aarch64 since it almost never builds
* reenable neon- reenable webrtc for powerpc as it seems to build
* Sun Jan 24 2016 wrAATTrosenauer.org- update to Firefox 44.0
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 Miscellaneous memory safety hazards
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 Out of Memory crash when parsing GIF format images
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 Buffer overflow in WebGL after out of memory allocation
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 Firefox allows for control characters to be set in cookie names
* MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 Missing delay following user click events in protocol handler dialog
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 Errors in mp_div and mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21)
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) Addressbar spoofing attacks boo#963643
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 Unsafe memory manipulation found through code inspection
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 Application Reputation service disabled in Firefox 43
* requires NSPR 4.11
* requires NSS 3.21- prepare mozilla-kde.patch for Gtk3 builds- rebased patches
* Mon Jan 11 2016 astiegerAATTsuse.com- Mozilla Firefox 43.0.4:
* Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections (bmo#1236975)
* Fix for startup crash for users of a third party antivirus tool (bmo#1235537)- The following change was previously in the package as a patch:
* Multi-user GNU/Linux download folders can be created (bmo#1233434), removed mozilla-bmo1233434.patch
* Tue Dec 29 2015 wrAATTrosenauer.org- update to Firefox 43.0.3
* requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
* various changes to support Windows update (SHA-1 vs. SHA-2)
* workaround Youtube user agent detection issue (bmo#1233970)- fix file download regression for multi user systems (bmo#1233434) (mozilla-bmo1233434.patch)- explicitely requires libXcomposite-devel
* Sun Dec 13 2015 wrAATTrosenauer.org- update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
* Users can opt-in to receive search suggestions from the Awesome Bar
* WebRTC streaming on multiple monitors
* User selectable second block list for Private Browsing\'s Tracking Protection security fixes:
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs- rebased patches
* Sun Nov 15 2015 wrAATTrosenauer.org- Add desktop menu action for private browsing window to desktop file (boo#954747)- remove obsolete patch mozilla-bmo1005535.patch completely from source package to avoid automatic check failures
* Sat Oct 31 2015 wrAATTrosenauer.org- update to Firefox 42.0 (bnc#952810)
* Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites
* Control Center that contains site security and privacy controls
* Login Manager improvements
* WebRTC improvements
* Indicator added to tabs that play audio with one-click muting
* Media Source Extension for HTML5 video available for all sites security fixes:
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages)- requires NSPR >= 4.10.10 and NSS >= 3.19.4- removed obsolete patches
* mozilla-arm-disable-edsp.patch
* mozilla-icu-strncat.patch
* mozilla-skia-be-le.patch
* toolkit-download-folder.patch- fixed build with enable-libproxy (bmo#1220399)
* mozilla-libproxy.patch
* Thu Oct 15 2015 wrAATTrosenauer.org- update to Firefox 41.0.2 (bnc#950686)
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) Cross-origin restriction bypass using Fetch- added explicit appdata provides (bnc#949983)
* Sun Oct 04 2015 wrAATTrosenauer.org- do not build with --enable-stdcxx-compat (this starts to fail build on various toolchain combinations and is not required for openSUSE builds in general
* Thu Oct 01 2015 wrAATTrosenauer.org- update to Firefox 41.0.1
* Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124)
* Fix potential hangs with Flash plugins (bmo#1185639)
* Fix a regression in the bookmark creation (bmo#1206376)
* Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665)
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
* Sat Sep 19 2015 wrAATTrosenauer.org- update to Firefox 41.0 (bnc#947003)
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API- rebased patches- removed obsolete patches
* mozilla-arm64-libjpeg-turbo.patch
* Thu Aug 27 2015 wrAATTrosenauer.org- update to Firefox 40.0.3 (bnc#943550)
* Disable the asynchronous plugin initialization (bmo#1198590)
* Fix a segmentation fault in the GStreamer support (bmo#1145230)
* Fix a regression with some Japanese fonts used in the field (bmo#1194055)
* On some sites, the selection in a select combox box using the mouse could be broken (bmo#1194733) security fixes
* MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) Use-after-free when resizing canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bmo#1042699) Add-on notification bypass through data URLs
* Fri Aug 07 2015 wrAATTrosenauer.org- update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
* Suggested Tiles show sites of interest, based on categories from your recent browsing history
* Hello allows adding a link to conversations to provide context on what the conversation will be about
* New style for add-on manager based on the in-content preferences style
* Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only)
* Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater)
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers- added mozilla-no-stdcxx-check.patch- removed obsolete patches
* mozilla-add-glibcxx_use_cxx11_abi.patch
* firefox-multilocale-chrome.patch- rebased patches- requires version 40 of the branding package- removed browser/searchplugins/ location as it\'s not valid anymore
* Fri Aug 07 2015 wrAATTrosenauer.org- security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader
* Wed Jul 01 2015 wrAATTrosenauer.org- update to Firefox 39.0 (bnc#935979)
* Share Hello URLs with social networks
* Support for \'switch\' role in ARIA 1.1 (web accessibility)
* SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
* Support for new Unicode 8.0 skin tone emoji
* Removed support for insecure SSLv3 for network communications
* Disable use of RC4 except for temporarily whitelisted hosts
* NPAPI Plug-in performance improved via asynchronous initialization security fixes:
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 Miscellaneous memory safety hazards
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422) Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210) Type confusion in Indexed Database Manager
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218) Out-of-bound read while computing an oscillator rendering range in Web Audio
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891) Use-after-free in Content Policy due to microtask execution error
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025) ECDSA signature validation fails to handle some signatures correctly (this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) Use-after-free in workers while using XMLHttpRequest
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 Vulnerabilities found through code inspection
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497) Key pinning is ignored when overridable errors are encountered
* MFSA 2015-68/CVE-2015-2742 (bmo#1138669) OS X crash reports may contain entered key press information (not relevant under Linux)
* MFSA 2015-69/CVE-2015-2743 (bmo#1163109) Privilege escalation in PDF.js
* MFSA 2015-70/CVE-2015-4000 (bmo#1138554) NSS accepts export-length DHE keys with regular DHE cipher suites (this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-71/CVE-2015-2721 (bmo#1086145) NSS incorrectly permits skipping of ServerKeyExchange (this fix is shipped by NSS 3.19.1 externally)- dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further- rebased patches- require NSS 3.19.2
* Thu Jun 18 2015 schwabAATTsuse.de- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
* Sun Jun 07 2015 wrAATTrosenauer.org- update to Firefox 38.0.6
* fixes bmo#1171730 which is not really relevant to oS builds- fix KDE regression from 38.0.5 builds (bsc#933439)
* Sat May 23 2015 wrAATTrosenauer.org- update to Firefox 38.0.5
* Keep track of articles and videos with Pocket
* Clean formatting for articles and blog posts with Reader View
* Share the active tab or window in a Hello conversation- add changes file as source for SRPM (bsc#932142)
* Fri May 15 2015 normandAATTlinux.vnet.ibm.com- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
* Fri May 15 2015 wrAATTrosenauer.org- update to Firefox 38.0.1 stability and regression fixes
* Systems with first generation NVidia Optimus graphics cards may crash on start-up
* Users who import cookies from Google Chrome can end up with broken websites
* Large animated images may fail to play and may stop other images from loading
* Sun May 10 2015 wrAATTrosenauer.org- update to Firefox 38.0 (bnc#930622)
* New tab-based preferences
* Ruby annotation support
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes:
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled
* MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and out-of-bounds read while parsing MP4 video metadata
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting trusted page can intercept webchannel responses
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages- requires NSS 3.18.1- removed obsolete patches:
* mozilla-skia-bmo1136958.patch- remove gnomevfs build options as it is removed from sources- rebased patches
* Fri Apr 17 2015 wrAATTrosenauer.org- update to Firefox 37.0.2 (bnc#928116)
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081) Memory corruption during failed plugin initialization
* Fri Apr 03 2015 wrAATTrosenauer.org- update to Firefox 37.0.1 (bnc#926166)
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) Loading privileged content through Reader mode
* MFSA 2015-44/CVE-2015-0799 (bmo#1148328) Certificate verification bypass through the HTTP/2 Alt-Svc header
* Sat Mar 28 2015 wrAATTrosenauer.org- update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL centralized certificate revocation
* Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc
* some more behaviour changes for TLS security fixes:
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126) Add-on lightweight theme installation approval bypassed through MITM attack
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468) Out of bounds read in QCMS library
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013) Cursor clickjacking with flash and images (OS X only)
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552) Incorrect memory management for simple-type arrays in WebRTC
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) Memory corruption crashes in Off Main Thread Compositing
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) Use-after-free due to type confusion flaws
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339) Same-origin bypass through anchor navigation
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 PRNG weakness allows for DNS poisoning on Android (only)
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898) Windows can retain access to privileged content on navigation to unprivileged pages- removed obsolete patches
* mozilla-bmo1088588.patch
* mozilla-bmo1108834.patch- requires NSPR 4.10.8
* Tue Mar 24 2015 dvaleevAATTsuse.com- Fix builds with skia on Power mozilla-skia-be-le.patch (patch from #bmo1136958) mozilla-bmo1108834.patch mozilla-bmo1005535.patch
* Sat Mar 21 2015 wrAATTrosenauer.org- update to Firefox 36.0.4 (bnc#923534)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination
* Fri Mar 20 2015 dimstarAATTopensuse.org- Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g. xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info).
* Sat Mar 07 2015 wrAATTrosenauer.org- update to Firefox 36.0.1 Bugfixes:
* Disable the usage of the ANY DNS query type (bmo#1093983)
* Hello may become inactive until restart (bmo#1137469)
* Print preferences may not be preserved (bmo#1136855)
* Hello contact tabs may not be visible (bmo#1137141)
* Accept hostnames that include an underscore character (\"_\") (bmo#1136616)
* WebGL may use significant memory with Canvas2d (bmo#1137251)
* Option -remote has been restored (bmo#1080319)- added mozilla-skia-bmo1136958.patch to fix build issues for ARM and PPC
* Fri Feb 20 2015 wrAATTrosenauer.org- update to Firefox 36.0 (bnc#917597)
* mozilla-xremote-client was removed
* added libclearkey.so media plugin
* Pinned tiles on the new tab page can be synced
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web.
* Locale added: Uzbek (uz) security fixes:
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass- rebased patches- requires NSS 3.17.4
* Sat Jan 31 2015 wrAATTrosenauer.org- update to Firefox 35.0.1
* With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
* Kerberos authentication did not work with alias (bmo#1108971)
* SVG / CSS animation had a regression causing rendering issues on websites like openstreemap.org (bmo#1083079)
* On Godaddy webmail, Firefox could crash (bmo#1113121)
* document.baseURI did not get updated to document.location after base tag was removed from DOM for site with a CSP (bmo#1121857)
* With a Right-to-left (RTL) version of Firefox, the text selection could be broken (bmo#1104036)
* CSP had a change in behavior with regard to case sensitivity resources loading (bmo#1122445)
* Sat Jan 10 2015 wrAATTrosenauer.org- update to Firefox 35.0 (bnc#910669) notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections) security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects- rebased patches- dropped explicit support for everything older than 12.3 (including SLES11)
* merge firefox-kde.patch and firefox-kde-114.patch
* dropped mozilla-sle11.patch- reworked specfile to build conditionally based on release channel either Firefox or Firefox Developer Edition- added mozilla-openaes-decl.patch to fix implicit declarations- obsolete tracker-miner-firefox < 0.15 because it leads to startup crashes (bnc#908892)
* Sat Dec 13 2014 Led - fix bashism in mozilla.sh script
* Sat Nov 29 2014 wrAATTrosenauer.org- update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
* Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales
* Improved search bar (en-US only)
* Firefox Hello real-time communication client
* Easily switch themes/personas directly in the Customizing mode
* Implementation of HTTP/2 (draft14) and ALPN
* Disabled SSLv3
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer- rebased patches- limit linker memory usage for %ix86- rebased patches
* Fri Nov 07 2014 wrAATTrosenauer.org- update to Firefox 33.1
* Adding DuckDuckGo as a search option (upstream)
* Forget Button added
* Enhanced Tiles
* Privacy tour introduced- fix typo in GStreamer Recommends
* Tue Nov 04 2014 guillaumeAATTopensuse.org- Disable elf-hack for aarch64- Enable EGL for aarch64- Limit RAM usage during link for %arm- Fix _constraints for ARM
* Mon Nov 03 2014 dmuellerAATTsuse.com- use proper macros for ARM
* Mon Nov 03 2014 josua.mayer97AATTgmail.com- use \'--disable-optimize\' not only on 32-bit x86, but on 32-bit arm too to fix compiling.- pass \'-Wl,--no-keep-memory\' to linker to reduce required memory during linking on arm.
* Thu Oct 30 2014 wrAATTrosenauer.org- update to Firefox 33.0.2
* Fix a startup crash with some combination of hardware and drivers 33.0.1
* Firefox displays a black screen at start-up with certain graphics drivers- adjusted _constraints for ARM
* Tue Oct 28 2014 josua.mayer97AATTgmail.com- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
* Sat Oct 25 2014 wrAATTrosenauer.org- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639)
* Sun Oct 19 2014 vindex17AATToutlook.it- use Firefox default optimization flags instead of -Os- specfile cleanup
* Wed Oct 15 2014 wrAATTrosenauer.org- fix build for all ppc by not enabling elf-hack (bnc#901213)
* Sat Oct 11 2014 wrAATTrosenauer.org- update to Firefox 33.0 (bnc#900941) New features:
* OpenH264 support (sandboxed)
* Enhanced Tiles
* Improved search experience through the location bar
* Slimmer and faster JavaScript strings
* New CSP (Content Security Policy) backend
* Support for connecting to HTTP proxy over HTTPS
* Improved reliability of the session restoration
* Proprietary window.crypto properties/functions removed Security:
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps)- requires NSPR 4.10.7- requires NSS 3.17.1- removed obsolete patches:
* mozilla-ppc.patch
* mozilla-libproxy-compat.patch- added basic appdata information
* Sat Sep 20 2014 wrAATTrosenauer.org- update to Firefox 32.0.2
* just a version bump for our builds
* fixed the in application update process for certain environments (in application update is not enabled in openSUSE and Linux is unaffected in any case)- build with --disable-optimize for 13.1 and above for i586 to workaround miscompilations (bnc#896624)- use some more build flags to align with upstream
* Sat Sep 13 2014 wrAATTrosenauer.org- update to Firefox 32.0.1
* fixed stability issues for computers with multiple graphics cards
* mixed content icon may be incorrectly displayed instead of lock icon for SSL sites in 32.0 (
* WebRTC: setRemoteDescription() silently fails if no success callback is specified (bmo#1063971)
* Sun Aug 31 2014 wrAATTrosenauer.org- update to Firefox 32.0 (bnc#894370)
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 Miscellaneous memory safety hazards
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality- rebased patches- requires NSS 3.16.4- removed upstreamed patch
* mozilla-aarch64-bmo-810631.patch
* Wed Aug 20 2014 behlertAATTsuse.de- adapted _constraints, used more than 3900MB on s390x during last build
* Sun Jul 20 2014 wrAATTrosenauer.org- update to Firefox 31.0 (bnc#887746)
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web Audio buffering for playback
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due to incorrect control message ordering
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog customization event spoofing
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973, bmo#1026022, bmo#997795) Certificate parsing broken by non-standard character encoding
* MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin access through redirect- use EGL on ARM- rebased patches- requires NSS 3.16.2- requires python-devel (not only python)
* Mon Jun 09 2014 wrAATTrosenauer.org- update to Firefox 30.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer
* MFSA 2014-50/CVE-2014-1539 (bmo#995603) Clickjacking through cursor invisability after Flash interaction
* MFSA 2014-51/CVE-2014-1540 (bmo#978862) Use-after-free in Event Listener Manager
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller
* MFSA 2014-53/CVE-2014-1542 (bmo#991533) Buffer overflow in Web Audio Speex resampler
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859) Buffer overflow in Gamepad API
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR- rebased patches- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch
* mozilla-aarch64-bmo-963024.patch
* mozilla-aarch64-bmo-963027.patch
* mozilla-ppc64-xpcom.patch
* mozilla-ppc64le-javascript.patch
* mozilla-ppc64le-libffi.patch
* mozilla-ppc64le-mfbt.patch
* mozilla-ppc64le-webrtc.patch
* mozilla-ppc64le-xpcom.patch
* mozilla-ppc64le-build.patch- requires NSPR 4.10.6- enabled GStreamer 1.0 usage for 13.2 and above
* Sat May 10 2014 wrAATTrosenauer.org- update to Firefox 29.0.1
* Seer disabled by default (bmo#1005958)
* Session Restore failed with a corrupted sessionstore.js file (bmo#1001167)
* pdf.js printing white page (bmo#1003707, bnc#876833)- general.useragent.locale gets overwritten with en-US while it should be using the active langpack\'s setting
* Sat Apr 26 2014 wrAATTrosenauer.org- update to Firefox 29.0 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript- rebased patches- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-599882cfb998.diff
* mozilla-aarch64-bmo-963028.patch
* mozilla-aarch64-bmo-963029.patch
* mozilla-aarch64-bmo-963030.patch
* mozilla-aarch64-bmo-963031.patch- requires NSS 3.16- added mozilla-icu-strncat.patch to fix post build checks
* Mon Apr 07 2014 dmuellerAATTsuse.com- add mozilla-aarch64-599882cfb998.patch, mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963030.patch, mozilla-aarch64-bmo-963027.patch, mozilla-aarch64-bmo-963028.patch, mozilla-aarch64-bmo-963029.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963031.patch: AArch64 porting
* Mon Mar 24 2014 dvaleevAATTsuse.com- Add patch for bmo#973977
* mozilla-ppc64-xpcom.patch
* Mon Mar 24 2014 dvaleevAATTsuse.com- Refresh mozilla-ppc64le-xpcom.patch patch
* Fri Mar 21 2014 dvaleevAATTsuse.com- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system
* Sun Mar 16 2014 wrAATTrosenauer.org- update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering- requires NSPR 4.10.3 and NSS 3.15.5- new build dependency (and recommends):
* libpulse- update of PowerPC 64 patches (bmo#976648) (pcernyAATTsuse.com)- rebased patches
* Mon Feb 17 2014 wrAATTrosenauer.org- update to Firefox 27.0.1
* Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
* JS math correctness issue (bmo#941381)- incorporate Google API key for geolocation (bnc#864170)- updated list of \"other\" locales in RPM requirements
* Tue Jan 28 2014 wrAATTrosenauer.org- update to Firefox 27.0 (bnc#861847)
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with
*FromPoint on iframes
* MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log
* MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers
* MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script
* MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects- requires NSS 3.15.4 or higher- rebased/reworked patches- removed obsolete mozilla-bug929439.patch
* Thu Dec 12 2013 uweigandAATTde.ibm.com- Add support for powerpc64le-linux.
* mozilla-ppc64le.patch: general support
* mozilla-libffi-ppc64le.patch: libffi backport
* mozilla-xpcom-ppc64le.patch: port xpcom- Add build fix from mainline.
* mozilla-bug929439.patch
* Sun Dec 08 2013 wrAATTrosenauer.org- update to Firefox 26.0 (bnc#854367, bnc#854370)
* rebased patches
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak
* MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1)- removed gecko.js preference file as GStreamer is enabled by default now
* Thu Oct 24 2013 wrAATTrosenauer.org- update to Firefox 25.0 (bnc#847708)
* rebased patches
* requires NSS 3.15.2 or above
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache
* MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing
* MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers
* MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates
* Tue Sep 24 2013 wrAATTrosenauer.org- as GStreamer is not automatically required anymore but loaded dynamically if available, require it explicitely- recommend optional GStreamer plugins for comprehensive media support
* Mon Sep 16 2013 lnusselAATTsuse.de- move greek to the translations-common package (bnc#840551)
* Sat Sep 14 2013 wrAATTrosenauer.org- update to Firefox 24.0 (bnc#840485)
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards
* MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates
* MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library
* MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning
* MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed
* MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element
* MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption
* MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey
* MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes
* MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling
* MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong \"this\" object
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration- enable gstreamer explicitely via pref (gecko.js)- require NSS 3.15.1
* Mon Aug 26 2013 wrAATTrosenauer.org- update to Firefox 23.0.1
* Audio static/\"burble\"/breakup in Firefox to Firefox WebRTC calls (bmo#901527)
* Sun Aug 04 2013 wrAATTrosenauer.org- update to Firefox 23.0 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system- requires NSPR 4.10 and NSS 3.15
* Wed Jul 03 2013 dmuellerAATTsuse.com- fix build on ARM (/-g/ matches /-grecord-switches/)
* Sat Jun 22 2013 wrAATTrosenauer.org- update to Firefox 22.0 (bnc#825935)
* removed obsolete patches + mozilla-qcms-ppc.patch + mozilla-gstreamer-760140.patch
* GStreamer support does not build on 12.1 anymore (build only on 12.2 and later)
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL
* MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler
* MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event
* MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks
* MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure
* MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior
* MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements
* MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses
* MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context
* MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location
* MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name
* Tue Jun 11 2013 dvaleevAATTsuse.com- Fix qcms altivec include (mozilla-qcms-ppc.patch)
* Fri May 10 2013 wrAATTrosenauer.org- update to Firefox 21.0 (bnc#819204)
* removed upstreamed patch firefox-712763.patch
* removed disabled mozilla-disable-neon-option.patch
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards
* MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor
* MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path
* MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event
* MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer
* Tue Apr 09 2013 wrAATTrosenauer.org- revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch)
* Fri Apr 05 2013 schwabAATTlinux-m68k.org- Explicitly disable WebRTC support on non-x86, the configure script disables it only half-heartedly
* Fri Mar 29 2013 wrAATTrosenauer.org- update to Firefox 20.0 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* mozilla-webrtc-ppc.patch included upstream
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
* Tue Mar 12 2013 dmuellerAATTsuse.com- build fixes for armv7hl:
* disable debug build as armv7hl does not have enough memory
* disable webrtc on armv7hl as it is non-compiling
* Thu Mar 07 2013 wrAATTrosenauer.org- update to Firefox 19.0.2 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor
* Thu Feb 28 2013 wrAATTrosenauer.org- update to Firefox 19.0.1
* blocklist updates
* Sat Feb 16 2013 wrAATTrosenauer.org- update to Firefox 19.0 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch- added patch to fix session restore window order (bmo#712763)
* Sat Feb 02 2013 wrAATTrosenauer.org- update to Firefox 18.0.2
* blocklist and CTP updates
* fixes in JS engine
* Wed Jan 16 2013 wrAATTrosenauer.org- update to Firefox 18.0.1
* blocklist updates
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions
* Sat Jan 12 2013 schwabAATTlinux-m68k.org- Fix WebRTC to build on powerpc
* Sun Jan 06 2013 wrAATTrosenauer.org- update to Firefox 18.0 (bnc#796895)
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups
* MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes
* MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype
* MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects
* MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream
* MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager
* MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate
* MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in Javascript Proxy objects- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)- removed obsolete SLE11 patches (mozilla-gcc43
*)- reenable WebRTC- added mozilla-libproxy-compat.patch for libproxy API compat on openSUSE 11.2 and earlier- backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468)
* Thu Nov 29 2012 wrAATTrosenauer.org- update to Firefox 17.0.1
* revert some useragent changes introduced in 17.0
* leaving private browsing with social enabled doesn\'t reset all social components (bmo#815042)- fix KDE integration for file dialogs
* Tue Nov 20 2012 wrAATTrosenauer.org- update to Firefox 17.0 (bnc#790140)
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards
* MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images
* MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied
* MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS
* MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page
* MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape
* MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox
* MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment
* MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers
* MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset
* MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges
* MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location
* MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer- rebased patches- disabled WebRTC since build is broken (bmo#776877)
* Tue Nov 20 2012 pcernyAATTsuse.com- build on SLE11
* mozilla-gcc43-enums.patch
* mozilla-gcc43-template_hacks.patch
* mozilla-gcc43-templates_instantiation.patch
* Wed Oct 24 2012 wrAATTrosenauer.org- update to Firefox 16.0.2 (bnc#786522)
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues- bring back Obsoletes for libproxy\'s mozjs plugin for distributions before 12.2 to avoid crashes
* Thu Oct 11 2012 wrAATTrosenauer.org- update to Firefox 16.0.1 (bnc#783533)
* MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied
* Sun Oct 07 2012 wrAATTrosenauer.org- update to Firefox 16.0 (bnc#783533)
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704) Use-after-free in the IME State Manager- requires NSPR 4.9.2- improve GStreamer integration (bmo#760140)- removed upstreamed mozilla-crashreporter-restart-args.patch- webapprt now included- use kmozillahelper\'s new REVEAL command (bnc#777415) (requires mozilla-kde4-integration >= 0.6.4)- updated translations-other with new languages
* Mon Sep 10 2012 wrAATTrosenauer.org- update to Firefox 15.0.1 (bnc#779936)
* Sites visited while in Private Browsing mode could be found through manual browser cache inspection (bmo#787743)
* Sun Aug 26 2012 wrAATTrosenauer.org- update to Firefox 15.0 (bnc#777588)
* MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer
* MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty
* MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of privilege through about:newtab
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues
* MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption
* MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT
* MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor extension allows for remote debugging without explicit activation
* MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html
* MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site SSL certificate data display
* MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code
* MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console eval capable of executing chrome-privileged code- fix HTML5 video crash with GStreamer enabled (bmo#761030)- GStreamer is only used for MP4 (no WebM, OGG)- updated filelist- moved browser specific preferences to correct location
* Sun Jul 29 2012 ajAATTsuse.de- Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
* Sat Jul 14 2012 wrAATTrosenauer.org- update to 14.0.1 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards
* MFSA 2012-43/CVE-2012-1950 Incorrect URL displayed in addressbar through drag and drop
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location
* MFSA 2012-46/CVE-2012-1966 (bmo#734076) XSS through data: URLs
* MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage
* MFSA 2012-55/CVE-2012-1965 (bmo#758990) feed: URLs with an innerURI inherit security context of page
* MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs- license change from tri license to MPL-2.0- fix crashreporter restart option (bmo#762780)- require NSS 3.13.5- remove mozjs pacrunner obsoletes again for now- adopted mozilla-prefer_plugin_pref.patch- PPC fixes:
* reenabled mozilla-yarr-pcre.patch to fix build for PPC
* add patches for bmo#750620 and bmo#746112
* fix xpcshell segfault on ppc
* Fri Jun 15 2012 wrAATTrosenauer.org- update to Firefox 13.0.1
* bugfix release- obsolete libproxy\'s mozjs pacrunner (bnc#759123)
* Sat Jun 02 2012 wrAATTrosenauer.org- update to Firefox 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)- fix sound notifications when filename/path contains a whitespace (bmo#749739)
* Wed May 23 2012 adrianAATTsuse.de- fix build on arm
* Wed May 16 2012 wrAATTrosenauer.org- reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)
* Sat Apr 21 2012 wrAATTrosenauer.org- update to Firefox 12.0 (bnc#758408)
* rebased patches
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds- added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory- recommend libcanberra0 for proper sound notifications
* Fri Mar 09 2012 wrAATTrosenauer.org- update to Firefox 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards- ported and reenabled KDE integration (bnc#746591)- explicitely build-require X libs
* Mon Mar 05 2012 vdziewieckiAATTsuse.com- add Provides: browser(npapi) FATE#313084
* Fri Feb 17 2012 pcernyAATTsuse.com- better plugin directory resolution (bnc#747320)
* Thu Feb 16 2012 wrAATTrosenauer.org- update to Firefox 10.0.2 (bnc#747328)
* CVE-2011-3026 (bmo#727401) libpng: integer overflow leading to heap-buffer overflow
* Thu Feb 09 2012 wrAATTrosenauer.org- update to Firefox 10.0.1 (bnc#746616)
* MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings
* Tue Feb 07 2012 dvaleevAATTsuse.com- Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898)- fix ppc64 build (bmo#703534)
* Mon Jan 30 2012 wrAATTrosenauer.org- update to Firefox 10.0 (bnc#744275)
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)