Commit Graph

594 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
c84acea70d - big endian fixes
* mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
    (bmo#1614535, boo#1164646)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=807
2020-02-26 08:14:44 +00:00
Wolfgang Rosenauer
1a4ad4356c Accepting request 779145 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build on aarch64/armv7 with:
  * mozilla-bmo1610814.patch - boo#1164845

OBS-URL: https://build.opensuse.org/request/show/779145
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=806
2020-02-26 08:05:26 +00:00
Wolfgang Rosenauer
4c39376e57 - Mozilla Firefox 73.0.1
* Resolved problems connecting to the RBC Royal Bank website
    (bmo#1613943)
  * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
    (bmo#1611133)
  * Fixed crashes when playing encrypted content on some Linux systems
    (bmo#1614535)
- start in wayland mode when running under wayland session

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=804
2020-02-20 13:56:27 +00:00
Wolfgang Rosenauer
ee64c038d1 - Mozilla Firefox 73.0
* Added support for setting a default zoom level applicable for all
    web content
  * High-contrast mode has been updated to allow background images
  * Improved audio quality when playing back audio at a faster or
    slower speed
  * Added NextDNS as alternative option for DNS over HTTPS
  MFSA 2020-05 (bsc#1163368)
  * CVE-2020-6796 (bmo#1610426)
    Missing bounds check on shared memory read in the parent process
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6799 (bmo#1606596) (Windows only)
    Arbitrary code execution when opening pdf links from other
    applications, when Firefox is configured as default pdf reader
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
    Memory safety bugs fixed in Firefox 73
- updated requirements
  * rust >= 1.39
  * NSS >= 3.49.2
  * rust-cbindgen >= 0.12.0
- rebased patches
- removed obsolete patch
  * mozilla-bmo1601707.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=802
2020-02-12 14:14:39 +00:00
Wolfgang Rosenauer
6cbff7e4d5 Accepting request 767929 from home:hellcp:branches:mozilla:Factory
- Use a symbolic icon from branding internals
- Pixmaps no longer required for the desktops

OBS-URL: https://build.opensuse.org/request/show/767929
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=800
2020-02-02 19:26:07 +00:00
Wolfgang Rosenauer
4413154c94 - Mozilla Firefox 72.0.2
* Various stability fixes
  * Fixed issues opening files with spaces in their path (bmo#1601905)
  * Fixed a hang opening about:logins when a master password is set
    (bmo#1606992)
  * Fixed a web compatibility issue with CSS Shadow Parts which
    shipped in Firefox 72 (bmo#1604989)
  * Fixed inconsistent playback performance for fullscreen 1080p
    videos on some systems (bmo#1608485)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=798
2020-01-22 10:33:47 +00:00
Wolfgang Rosenauer
30f52e970b Accepting request 766087 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build for aarch64/ppc64le (do not update config.sub file
  for libbacktrace)

OBS-URL: https://build.opensuse.org/request/show/766087
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=797
2020-01-22 10:26:26 +00:00
Wolfgang Rosenauer
1b198ccf59 MFSA 2020-01 (bsc#1160305)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=795
2020-01-09 07:35:03 +00:00
Wolfgang Rosenauer
846912c581 MFSA 2020-03 (bsc#1160498)
* CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=794
2020-01-09 07:31:08 +00:00
Wolfgang Rosenauer
214938d990 - Mozilla Firefox 72.0.1
- Mozilla Firefox 72.0
  * block fingerprinting scripts by default
  * new notification pop-ups
  * Picture-in-picture video
  MFSA 2020-01
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17020 (bmo#1597645)
    Content Security Policy not applied to XSL stylesheets applied
    to XML documents
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
    NSS may negotiate TLS 1.2 or below after a TLS 1.3
    HelloRetryRequest had been sent
  * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
    bmo#1595692,bmo#1597321,bmo#1597481)
    Memory safety bugs fixed in Firefox 72
- update create-tar.sh to skip compare-locales
- requires NSPR 4.24 and NSS 3.48
- removed usage of browser-plugins convention for NPAPI plugins
  from start wrapper and changed the RPM macro to the
  /usr/$LIB/mozilla/plugins location (boo#1160302)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=793
2020-01-08 11:59:18 +00:00
Wolfgang Rosenauer
8ef71797b4 - added mozilla-bmo1601707.patch to fix gcc/LTO builds
(bmo#1601707, boo#1158466)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=791
2019-12-18 17:50:22 +00:00
Wolfgang Rosenauer
80c5d44876 - added mozilla-bmo849632.patch to fix big endian issues in skia
used for WebGL

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=790
2019-12-10 08:08:57 +00:00
Wolfgang Rosenauer
7e39194693 - Mozilla Firefox 71.0
* Improvements to Lockwise, our integrated password manager
  * More information about Enhanced Tracking Protection in action
  * Native MP3 decoding on Windows, Linux, and macOS
  * Configuration page (about:config) reimplemented in HTML
  * New kiosk mode functionality, which allows maximum screen space
    for customer-facing displays
  MFSA 2019-36
  * CVE-2019-11756 (bmo#1508776)
    Use-after-free of SFTKSession object
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156) (Windows only)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17014 (bmo#1322864)
    Dragging and dropping a cross-origin resource, incorrectly loaded
    as an image, could result in information disclosure
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
    bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
    bmo#1594181)
    Memory safety bugs fixed in Firefox 71

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=789
2019-12-09 07:58:52 +00:00
Wolfgang Rosenauer
eda563f611 - Mozilla Firefox 70.0.1
* Fix for an issue that caused some websites or page elements using
    dynamic JavaScript to fail to load. (bmo#1592136)
  * Title bar no longer shows in full screen view (bmo#1588747)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=787
2019-11-01 14:24:05 +00:00
Wolfgang Rosenauer
4685228ce1 - Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
  * Firefox Lockwise passwordmanager
  * Improvements to core engine components, for better browsing on more sites
  * Improved privacy and security indicators
  MFSA 2019-34
  * CVE-2018-6156 (bmo#1480088)
    Heap buffer overflow in FEC processing in WebRTC
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11765 (bmo#1562582)
    Incorrect permissions could be granted to a website
  * CVE-2019-17000 (bmo#1441468)
    CSP bypass using object tag with data: URI
  * CVE-2019-17001 (bmo#1587976)
    CSP bypass using object tag when script-src 'none' is specified
  * CVE-2019-17002 (bmo#1561056)
    upgrade-insecure-requests was not being honored for links dragged and dropped

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=786
2019-10-25 09:13:30 +00:00
Wolfgang Rosenauer
e84fb95aec OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=784 2019-10-13 16:17:42 +00:00
Wolfgang Rosenauer
4dc35f45b0 - Mozilla Firefox 69.0.3
* Fixed Yahoo mail users being prompted to download files when
    clicking on emails (bmo#1582848)
- devel package build can easily be disabled now

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=783
2019-10-13 16:07:47 +00:00
Wolfgang Rosenauer
4b9fc308f3 * Fixed a crash when editing files on Office 365 websites (bmo#1579858)
* Fixed a Linux-only crash when changing the playback speed while
    watching YouTube videos (bmo#1582222)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=781
2019-10-04 12:31:42 +00:00
Wolfgang Rosenauer
d5e798fc21 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=780 2019-10-03 20:33:24 +00:00
Wolfgang Rosenauer
5642edf99e - extension preferences moved from branding package to core package
(packaging but not branding specific)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=779
2019-10-03 20:32:17 +00:00
Wolfgang Rosenauer
d303d78eb4 - Mozilla Firefox 69.0.2
- updated supported locale list
- remove obsolete kde.js setting (boo#1151186) and related patch
  firefox-add-kde.js-in-order-to-survive-PGO-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=778
2019-10-03 08:42:59 +00:00
Wolfgang Rosenauer
20099c7557 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=777 2019-09-26 07:18:54 +00:00
Wolfgang Rosenauer
d5ed691777 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=776 2019-09-25 12:32:43 +00:00
Wolfgang Rosenauer
5f35e0f9e2 - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=775
2019-09-25 12:32:05 +00:00
Wolfgang Rosenauer
d712e6b3c2 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=774 2019-09-25 12:13:22 +00:00
Wolfgang Rosenauer
df898f1059 - update create-tar.sh to latest revision and adjusted tar_stamps
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=773
2019-09-25 11:40:52 +00:00
Wolfgang Rosenauer
bbc11438a2 (contributed by Bernhard Wiedemann)
- Make build verbose (contributed by Martin Liška)
- remove obsolete kde.js setting (boo#1151186)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=772
2019-09-25 11:38:27 +00:00
Wolfgang Rosenauer
05dad937b9 Accepting request 733089 from home:bmwiedemann:branches:mozilla:Factory
Allow to build without profile guided optimizations (boo#1040589)

OBS-URL: https://build.opensuse.org/request/show/733089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=771
2019-09-25 08:59:57 +00:00
Wolfgang Rosenauer
42f080f490 Accepting request 732112 from home:marxin:branches:mozilla:Factory
- Make build verbose.

OBS-URL: https://build.opensuse.org/request/show/732112
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=769
2019-09-20 10:17:52 +00:00
Wolfgang Rosenauer
6dbd83543a - Mozilla Firefox 69.0.1
* Fixed external programs launching in the background when clicking
    a link from inside Firefox to launch them (bmo#1570845)
  * Usability improvements to the Add-ons Manager for users with
    screen readers (bmo#1567600)
  * Fixed the Captive Portal notification bar not being dismissable
    in some situations after login is complete (bmo#1578633)
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
  * Fixed missing stacks in the Developer Tools Performance section
    (bmo#1578354)
  MFSA 2019-31
  * CVE-2019-11754 (bmo#1580506)
    Pointer Lock is enabled with no user notification
- disable DOH by default

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=768
2019-09-20 07:16:58 +00:00
Wolfgang Rosenauer
f4232f868e * mozilla-bmo1504834-part1.patch
* mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=766
2019-09-12 21:14:35 +00:00
Wolfgang Rosenauer
c09b76bede - Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
  * Block Autoplay feature is enhanced to give users the option to block
    any video
  * Users in the US or using the en-US browser, can get a new “New Tab”
    page experience connecting to the best of Pocket's content.
  * Support for the Web Authentication HmacSecret extension via
    Windows Hello introduced.
  * Support for receiving multiple video codecs with this release makes
    it easier for WebRTC conferencing services to mix video from
    different clients.
- requires
  * rust/cargo >= 1.35
  * rust-cbindgen >= 0.9.0
  * mozilla-nss >= 3.45
- rebased patches
  * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765
2019-09-09 06:28:12 +00:00
Wolfgang Rosenauer
74d23cbbdc - added a bunch of patches mainly for big endian platforms
* mozilla-bmo1504834-part1.patch
  * mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1511604.patch
  * mozilla-bmo1554971.patch
  * mozilla-bmo1573381.patch
  * mozilla-nestegg-big-endian.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=763
2019-09-05 12:57:01 +00:00
Wolfgang Rosenauer
194c61e40b OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=762 2019-09-04 08:53:33 +00:00
Wolfgang Rosenauer
4232b4520d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=761 2019-09-04 08:45:18 +00:00
Wolfgang Rosenauer
f633f8cbba - Mozilla Firefox 68.1.0
MFSA 2019-26
  * CVE-2019-11751 (bmo#1572838; Windows only)
    Malicious code execution through command line parameters
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
    File manipulation and privilege escalation in Mozilla Maintenance Service
  * CVE-2019-11753 (bmo#1574980; Windows only)
    Privilege escalation with Mozilla Maintenance Service in custom
    Firefox installation location
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
    Sandbox escape through Firefox Sync
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11748 (bmo#1564588)
    Persistence of WebRTC permissions in a third party context
  * CVE-2019-11749 (bmo#1565374)
    Camera information available without prompting using getUserMedia
  * CVE-2019-11750 (bmo#1568397)
    Type confusion in Spidermonkey
  * CVE-2019-11738 (bmo#1452037)
    Content security policy bypass through hash-based sources in directives

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=760
2019-09-04 08:35:37 +00:00
Wolfgang Rosenauer
2313923257 Accepting request 724187 from home:jbrielmaier:ppc64le
Sadly there is now better solution at the moment. A deeper look from upstream is necessary, it also could be some compiler bug. I'll watch the upstream bug closely.

I verified that the workaround actually fixes the problem on my ppc64le workstation :)

OBS-URL: https://build.opensuse.org/request/show/724187
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=758
2019-08-20 07:58:20 +00:00
Wolfgang Rosenauer
067cb127f1 Accepting request 724472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 68.0.2 MFSA 2019-24 (boo#1145665) CVE-2019-11733

OBS-URL: https://build.opensuse.org/request/show/724472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=757
2019-08-19 06:30:53 +00:00
Wolfgang Rosenauer
2ae7171a4c Accepting request 720873 from home:Guillaume_G:branches:mozilla:Factory
Update build constraints to fix arm builds

OBS-URL: https://build.opensuse.org/request/show/720873
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=755
2019-08-06 07:53:11 +00:00
Wolfgang Rosenauer
69f0a4b612 - Mozilla Firefox 68.0.1
* Fixed missing Full Screen button when watching videos in full
    screen mode on HBO GO (bmo#1562837)
  * Fixed a bug causing incorrect messages to appear for some
    locales when sites try to request the use of the Storage
    Access API (bmo#1558503)
  * Users in Russian regions may have their default search engine
    changed (bmo#1565315)
  * Built-in search engines in some locales do not function
    correctly (bmo#1565779)
  * SupportMenu policy doesn't always work (bmo#1553290)
  * Allow the privacy.file_unique_origin pref to be controlled by
    policy (bmo#1563759)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=753
2019-07-19 14:43:08 +00:00
Wolfgang Rosenauer
8923fa08c3 Accepting request 714628 from home:jirislaby:branches:mozilla:Factory
- add fix-build-after-y2038-changes-in-glibc.patch

OBS-URL: https://build.opensuse.org/request/show/714628
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=752
2019-07-15 15:15:08 +00:00
Wolfgang Rosenauer
2c66031f25 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=751 2019-07-11 15:10:52 +00:00
Wolfgang Rosenauer
c6a711605e Accepting request 714438 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714438
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=750
2019-07-11 13:04:54 +00:00
Wolfgang Rosenauer
f1498ec6ec * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=749
2019-07-10 06:15:59 +00:00
Wolfgang Rosenauer
6dafe68fc5 - Mozilla Firefox 68.0
* Dark mode in reader view
  * Improved extension security and discovery
  * Cryptomining and fingerprinting protections are added to strict
    content blocking settings in Privacy & Security preferences
  * Camera and microphone access now require an HTTPS connection
  MFSA 2019-21 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11718 (bmo#1408349)
    Activity Stream writes unsanitized content to innerHTML
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748
2019-07-09 21:21:11 +00:00
Wolfgang Rosenauer
cd62703825 - Enable PGO for x86_64.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=747
2019-07-08 08:37:13 +00:00
Wolfgang Rosenauer
0dcd4b5002 Accepting request 713071 from home:marxin:branches:mozilla:Factory
- Enable PGO for x86_64.

OBS-URL: https://build.opensuse.org/request/show/713071
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=746
2019-07-02 20:43:20 +00:00
Wolfgang Rosenauer
d5e1634312 - Mozilla Firefox 67.0.4
MFSA 2019-19 (boo#1138872)
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=744
2019-06-20 19:02:43 +00:00
Wolfgang Rosenauer
192b3d63ef MFSA 2019-18 (boo#1138614)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=743
2019-06-18 20:41:18 +00:00
Wolfgang Rosenauer
287311f811 - Mozilla Firefox 67.0.3
MFSA 2019-18
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=742
2019-06-18 18:51:07 +00:00