pool/MozillaFirefox
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFSA 2019-07 (bsc#1129821)

Browse Source 
* CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
  * CVE-2019-9793 (bmo#1528829)
    Improper bounds checks when Spectre mitigations are disabled
  * CVE-2019-9794 (bmo#1530103) (Windows only)
    Command line arguments not discarded during execution
  * CVE-2019-9795 (bmo#1514682)
    Type-confusion in IonMonkey JIT compiler
  * CVE-2019-9796 (bmo#1531277)
    Use-after-free with SMIL animation controller
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2019-9798 (bmo#1527534) (Android only)
    Library is loaded from world writable APITRACE_LIB location
  * CVE-2019-9799 (bmo#1505678)
    Information disclosure via IPC channel messages
  * CVE-2019-9801 (bmo#1527717) (Windows only)
    Windows programs that are not 'URL Handlers' are exposed to web content
  * CVE-2019-9802 (bmo#1415508)
    Chrome process information leak
  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
  * CVE-2019-9804 (bmo#1518026) (MacOS only)
    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=726
This commit is contained in:
Wolfgang Rosenauer 2019-03-28 10:23:31 +00:00 committed by Git OBS Bridge
parent 7e741ea41d
commit ada355e421
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
MozillaFirefox.changes
View File

@ -33,6 +33,53 @@ Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
can add individual sites to an exceptions list or turn the blocking
off.
* System title bar is hidden by default to match Gnome guideline
MFSA 2019-07 (bsc#1129821)
* CVE-2019-9790 (bmo#1525145)
Use-after-free when removing in-use DOM elements
* CVE-2019-9791 (bmo#1530958)
Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey
* CVE-2019-9792 (bmo#1532599)
IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
* CVE-2019-9793 (bmo#1528829)
Improper bounds checks when Spectre mitigations are disabled
* CVE-2019-9794 (bmo#1530103) (Windows only)
Command line arguments not discarded during execution
* CVE-2019-9795 (bmo#1514682)
Type-confusion in IonMonkey JIT compiler
* CVE-2019-9796 (bmo#1531277)
Use-after-free with SMIL animation controller
* CVE-2019-9797 (bmo#1528909)
Cross-origin theft of images with createImageBitmap
* CVE-2019-9798 (bmo#1527534) (Android only)
Library is loaded from world writable APITRACE_LIB location
* CVE-2019-9799 (bmo#1505678)
Information disclosure via IPC channel messages
* CVE-2019-9801 (bmo#1527717) (Windows only)
Windows programs that are not 'URL Handlers' are exposed to web content
* CVE-2019-9802 (bmo#1415508)
Chrome process information leak
* CVE-2019-9803 (bmo#1515863, bmo#1437009)
Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
* CVE-2019-9804 (bmo#1518026) (MacOS only)
Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
* CVE-2019-9805 (bmo#1521360)
Potential use of uninitialized memory in Prio
* CVE-2019-9806 (bmo#1525267)
Denial of service through successive FTP authorization prompts
* CVE-2019-9807 (bmo#1362050)
Text sent through FTP connection can be incorporated into alert messages
* CVE-2019-9809 (bmo#1282430, bmo#1523249)
Denial of service through FTP modal alert error messages
* CVE-2019-9808 (bmo#1434634)
WebRTC permissions can display incorrect origin with data: and blob: URLs
* CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
Memory safety bugs fixed in Firefox 66
* CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
- updated build/runtime requirements
* mozilla-nss >= 3.42.1
* cargo/rust >= 1.31