Commit Graph

94 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
ee64c038d1 - Mozilla Firefox 73.0
* Added support for setting a default zoom level applicable for all
    web content
  * High-contrast mode has been updated to allow background images
  * Improved audio quality when playing back audio at a faster or
    slower speed
  * Added NextDNS as alternative option for DNS over HTTPS
  MFSA 2020-05 (bsc#1163368)
  * CVE-2020-6796 (bmo#1610426)
    Missing bounds check on shared memory read in the parent process
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6799 (bmo#1606596) (Windows only)
    Arbitrary code execution when opening pdf links from other
    applications, when Firefox is configured as default pdf reader
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
    Memory safety bugs fixed in Firefox 73
- updated requirements
  * rust >= 1.39
  * NSS >= 3.49.2
  * rust-cbindgen >= 0.12.0
- rebased patches
- removed obsolete patch
  * mozilla-bmo1601707.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=802
2020-02-12 14:14:39 +00:00
Wolfgang Rosenauer
4685228ce1 - Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
  * Firefox Lockwise passwordmanager
  * Improvements to core engine components, for better browsing on more sites
  * Improved privacy and security indicators
  MFSA 2019-34
  * CVE-2018-6156 (bmo#1480088)
    Heap buffer overflow in FEC processing in WebRTC
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11765 (bmo#1562582)
    Incorrect permissions could be granted to a website
  * CVE-2019-17000 (bmo#1441468)
    CSP bypass using object tag with data: URI
  * CVE-2019-17001 (bmo#1587976)
    CSP bypass using object tag when script-src 'none' is specified
  * CVE-2019-17002 (bmo#1561056)
    upgrade-insecure-requests was not being honored for links dragged and dropped

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=786
2019-10-25 09:13:30 +00:00
Wolfgang Rosenauer
20099c7557 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=777 2019-09-26 07:18:54 +00:00
Wolfgang Rosenauer
c09b76bede - Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
  * Block Autoplay feature is enhanced to give users the option to block
    any video
  * Users in the US or using the en-US browser, can get a new “New Tab”
    page experience connecting to the best of Pocket's content.
  * Support for the Web Authentication HmacSecret extension via
    Windows Hello introduced.
  * Support for receiving multiple video codecs with this release makes
    it easier for WebRTC conferencing services to mix video from
    different clients.
- requires
  * rust/cargo >= 1.35
  * rust-cbindgen >= 0.9.0
  * mozilla-nss >= 3.45
- rebased patches
  * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765
2019-09-09 06:28:12 +00:00
Wolfgang Rosenauer
f633f8cbba - Mozilla Firefox 68.1.0
MFSA 2019-26
  * CVE-2019-11751 (bmo#1572838; Windows only)
    Malicious code execution through command line parameters
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
    File manipulation and privilege escalation in Mozilla Maintenance Service
  * CVE-2019-11753 (bmo#1574980; Windows only)
    Privilege escalation with Mozilla Maintenance Service in custom
    Firefox installation location
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
    Sandbox escape through Firefox Sync
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11748 (bmo#1564588)
    Persistence of WebRTC permissions in a third party context
  * CVE-2019-11749 (bmo#1565374)
    Camera information available without prompting using getUserMedia
  * CVE-2019-11750 (bmo#1568397)
    Type confusion in Spidermonkey
  * CVE-2019-11738 (bmo#1452037)
    Content security policy bypass through hash-based sources in directives

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=760
2019-09-04 08:35:37 +00:00
Wolfgang Rosenauer
6dafe68fc5 - Mozilla Firefox 68.0
* Dark mode in reader view
  * Improved extension security and discovery
  * Cryptomining and fingerprinting protections are added to strict
    content blocking settings in Privacy & Security preferences
  * Camera and microphone access now require an HTTPS connection
  MFSA 2019-21 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11718 (bmo#1408349)
    Activity Stream writes unsanitized content to innerHTML
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748
2019-07-09 21:21:11 +00:00
Wolfgang Rosenauer
8cd65e5d45 - Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
  * Tabs can now be pinned from the Page Actions menu in the address bar
  * Users can block known cryptominers and fingerprinters in the
    Custom settings or their Content Blocking preferences
  * The Import Data from Another Browser feature is now also available
    from the File menu
  * Firefox will now protect you against running older versions which
    can lead to data corruption and stability issues
  * Easier access to your list of saved logins from the main menu and
    login autocomplete
  * We’ve added a toolbar menu for your Firefox Account to provide more
    transparency for when you are synced, sharing data across devices
    and with Firefox. Personalize the appearance of the menu with your
    own avatar
  * Enable FIDO U2F API, and permit registrations for Google Accounts
  * Enabled AV1 support on Linux
  MFSA 2019-13
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736
2019-05-22 20:38:29 +00:00
Wolfgang Rosenauer
935818b21a - Mozilla Firefox 66.0
* Increased content processes to 8
  * Added capability to search through open tabs from the tab overflow menu
  * New backend for the storage.local WebExtensions API, providing
    I/O performance improvements when the extension updates a small
    subset of the stored data
  * WebExtension keyboard shortcuts can now be managed or overridden
    from about:addons
  * Improved scrolling behavior: Firefox will now attempt to keep content
    from jumping around while a page is loading by supporting scroll
    anchoring
  * New about:privatebrowsing with search
  * A certificate error page now notifies the user of the name of the
    certificate issuer that breaks HTTPs connections on intercepted
    connections to help troubleshooting possible anti-virus software
    issues.
  * Fixed an performance issue some Linux users experienced with the
    Downloads panel (bmo#1517101)
  * Firefox now blocks all autoplay media with sound by default. Users
    can add individual sites to an exceptions list or turn the blocking
    off.
  * System title bar is hidden by default to match Gnome guideline
  MFSA 2019-07 (bsc#1129821)
  * CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=723
2019-03-19 22:01:55 +00:00
Wolfgang Rosenauer
cd3a885859 missing proper changelog before Factory submission
- Mozilla Firefox 65.0
- requires
  NSS 3.41
  rust/carge 1.30
  rust-cbindgen 0.6.7
-rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=709
2019-01-29 18:07:12 +00:00
Wolfgang Rosenauer
7766ab4eee - update to Firefox 64.0
* Better recommendations: You may see suggestions in regular browsing
    mode for new and relevant Firefox features, services, and extensions
    based on how you use the web (for US users only)
  * Enhanced tab management: You can now select multiple tabs from the
    tab bar and close, move, bookmark, or pin them quickly and easily
  * Easier performance management: The new Task Manager page found at
    about:performance lets you see how much energy each open tab consumes
    and provides access to close tabs to conserve power
  * Improved performance for Mac and Linux users, by enabling link time
    optimization (Clang LTO).
  * Added option to remove add-ons using the context menu on their
    toolbar buttons
  * RSS feed preview and live bookmarks are available only via add-ons
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
    Website operators are strongly encouraged to replace any remaining
    Symantec TLS certificates as soon as possible
  MFSA 2018-29 (bsc#1119105)
  * CVE-2018-12407 bmo#1505973
    Buffer overflow with ANGLE library when using VertexBuffer11 module
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=699
2018-12-12 11:35:28 +00:00
Wolfgang Rosenauer
297e7a3a3b - update to Firefox 63.0
* WebExtensions now run in their own process on Linux
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
    tabs and cycles through tabs in recently used order. This new
    default behavior is activated only in new profiles and can be
    changed in preferences.
  * Added support for Web Components custom elements and shadow DOM
- requires NSPR 4.20, NSS 3.39 and Rust 1.28

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=691
2018-10-29 15:21:53 +00:00
Wolfgang Rosenauer
805c5ffd2d - update to Firefox 62.0 (build2)
- requires NSS >= 3.38
- removed obsolete patches
  mozilla-bmo1464766.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=682
2018-09-05 07:16:27 +00:00
Wolfgang Rosenauer
7d22873a53 - update to Firefox 61.0
* Performance enhancements
  * Various improvements for dark theme support will provide a more
    consistent experience across the entire Firefox UI
  * OpenSearch plugins offered by web pages can now be added from the
    page action menu for easier installation
  * Improved support for allowing WebExtensions to manage and hide tabs
- requires NSS 3.37.3
- requires python >= 3.5 to build
- removed obsolete patches
  mozilla-i586-DecoderDoctorLogger.patch
  mozilla-i586-domPrefs.patch
  mozilla-fix-skia-aarch64.patch
  mozilla-bmo1375074.patch
  mozilla-enable-csd.patch
- patch for new no-return warnings (mozilla-no-return.patch)
- do not disable system installed locales (mozilla-bmo1464766.patch)

- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=673
2018-06-25 20:56:47 +00:00
Wolfgang Rosenauer
b9772b7369 - update to Firefox 60.0
* Added a policy engine that allows customized Firefox deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * Applied Quantum CSS to render browser UI
  * Added support for Web Authentication, allowing the use of USB
    tokens for authentication to web sites
  * Locale added: Occitan (oc)
- removed obsolete patches
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
- requires NSPR 4.19 and NSS 3.36.1
- requires rust 1.24 or higher

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=655
2018-05-08 13:14:23 +00:00
Wolfgang Rosenauer
d012ef8e28 - update to Firefox 59.0
* Performance enhancements
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
  * added features for Firefox Screenshots
  * Enhanced WebExtensions API
  * Improved RTC capabilities
  MFSA 2018-06 (bsc#1085130)
  * CVE-2018-5127 (bmo#1430557)
    Buffer overflow manipulating SVG animatedPathSegList
  * CVE-2018-5128 (bmo#1431336)
    Use-after-free manipulating editor selection ranges
  * CVE-2018-5129 (bmo#1428947)
    Out-of-bounds write with malformed IPC messages
  * CVE-2018-5130 (bmo#1433005)
    Mismatched RTP payload type can trigger memory corruption
  * CVE-2018-5131 (bmo#1440775)
    Fetch API improperly returns cached copies of no-store/no-cache resources
  * CVE-2018-5132 (bmo#1408194)
    WebExtension Find API can search privileged pages
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
    Value of the app.support.baseURL preference is not properly sanitized
  * CVE-2018-5134 (bmo#1429379)
    WebExtensions may use view-source: URLs to bypass content restrictions
  * CVE-2018-5135 (bmo#1431371)
    WebExtension browserAction can inject scripts into unintended contexts
  * CVE-2018-5136 (bmo#1419166)
    Same-origin policy violation with data: URL shared workers
  * CVE-2018-5137 (bmo#1432870)
    Script content can access legacy extension non-contentaccessible resources
  * CVE-2018-5138 (bmo#1432624) (Android only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=636
2018-03-13 19:46:06 +00:00
Wolfgang Rosenauer
cc0d23689c - update to Firefox 58.0
* Added Nepali (ne-NP) locale
  * Added support for form autofill for credit card
  * Optimize page load by caching JavaScript internal representation
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
  mozilla-bindgen-systemlibs.patch
  mozilla-bmo1360278.patch
  mozilla-bmo1399611-csd.patch
  mozilla-rust-1.23.patch
- rebased patches
- updated man-page

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=628
2018-01-23 09:55:12 +00:00
Wolfgang Rosenauer
0dde590739 - update to Firefox 57.0b14
* Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
2017-11-14 23:17:59 +00:00
Wolfgang Rosenauer
5b2c5261ce - update to Firefox 56.0 (boo#1060445)
* Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
- requires NSPR 4.16 and NSS 3.32.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=603
2017-09-28 08:44:46 +00:00
Wolfgang Rosenauer
f786a71dcd - update to Firefox 55.0.3
* Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)

- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)

- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=601
2017-09-05 10:10:37 +00:00
Wolfgang Rosenauer
7041dd299b - update to Firefox 52.0
* requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Windows 8 touch screen support for multiprocess Firefox
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
- removed obsolete patches
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-disable-skia-be.patch
  * mozilla-skia-overflow.patch
  * mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=572
2017-03-07 08:35:10 +00:00
Wolfgang Rosenauer
944690d724 - update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
  * Added support for FLAC (Free Lossless Audio Codec) playback
  * Added support for WebGL 2
  * Added Georgian (ka) and Kabyle (kab) locales
  * Support saving passwords for forms without 'submit' events
  * Improved video performance for users without GPU acceleration
  * Zoom indicator is shown in the URL bar if the zoom level is not
    at default level
  * View passwords from the prompt before saving them
  * Remove Belarusian (be) locale
  * Use Skia for content rendering (Linux)
  * MFSA 2017-01
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5377: Memory corruption with transforms to create
                   gradients in Skia (bmo#1306883, boo#1021826)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5379: Use-after-free in Web Animations
                   (bmo#1309198,boo#1021827)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5389: WebExtensions can install additional add-ons via
                   modified host requests (bmo#1308688, boo#1021828)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=567
2017-01-25 10:27:08 +00:00
Wolfgang Rosenauer
7738c5ac69 - update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
  new features
  * Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently
    used order
    View a page in Reader Mode by using Ctrl+Alt+R
  * Added option to Find in page that allows users to limit search to
    whole words only
  * Added download protection for a large number of executable file
    types on Windows, Mac and Linux
  * Fixed rendering of dashed and dotted borders with rounded corners
    (border-radius)
  * Added a built-in Emoji set for operating systems without native
    Emoji fonts (Windows 8.0 and lower and Linux)
  * Blocked versions of libavcodec older than 54.35.1
  * additional locale
  security fixes:
  * MFSA 2016-89
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
                   (bmo#1292443)
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
    CVE-2016-5293: Write to arbitrary file with updater and moz
                   maintenance service using updater.log hardlink
		   (Windows only) (bmo#1246945)
    CVE-2016-5294: Arbitrary target directory for result files of
                   update process (Windows only) (bmo#1246972)
    CVE-2016-5297: Incorrect argument length checking in Javascript
                   (bmo#1303678)
    CVE-2016-9064: Addons update must verify IDs match between

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=555
2016-11-15 18:06:29 +00:00
Wolfgang Rosenauer
70d32ab4da - update to Firefox 49.0 (boo#999701)
- removed obsolete patches:
  * mozilla-aarch64-48bit-va.patch
  * mozilla-exclude-nametablecpp.patch
  * mozilla-old_configure-bmo1282843.patch
- requires NSS 3.25

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=547
2016-09-20 16:19:47 +00:00
Wolfgang Rosenauer
5344c90ddf OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=535 2016-08-02 22:00:28 +00:00
Wolfgang Rosenauer
97b8712767 - update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
     bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
     bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
     bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
     bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 12:26:29 +00:00
Wolfgang Rosenauer
1ffc48d5aa OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=505 2016-04-29 20:50:21 +00:00
Wolfgang Rosenauer
a5366a93b9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=504 2016-04-29 06:30:10 +00:00
Wolfgang Rosenauer
9a29a52fb9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=503 2016-04-28 15:19:54 +00:00
Wolfgang Rosenauer
619e95e8d7 - update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
  * WebRTC fixes to improve performance and stability
  * Added support for document.elementsFromPoint
  * Added HKDF support for Web Crypto API
  * requires NSPR 4.12 and NSS 3.22.3
  * added patch to fix unchecked return value
    mozilla-check_return.patch
  * Gtk3 builds not supported at the moment
  security fixes:
  * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
    Miscellaneous memory safety hazards
  * MFSA 2016-40/CVE-2016-2809 (bmo#1212939)
    Privilege escalation through file deletion by Maintenance Service updater
    (Windows only)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681)
    Content provider permission bypass allows malicious application
    to access data (Android only)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776)
    Use-after-free and buffer overflow in Service Workers
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650)
    Disclosure of user actions through JavaScript with motion and
    orientation sensors (only affects mobile variants)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721)
    Buffer overflow in libstagefright with CENC offsets
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743)
    CSP not applied to pages sent with multipart/x-mixed-replace
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462)
    Elevation of privilege with chrome.tabs.update API in web extensions
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=500
2016-04-27 07:09:13 +00:00
Wolfgang Rosenauer
93c01803cf - update to Firefox 45.0 (boo#969894)
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
    Service Worker Manager out-of-bounds read in Service Worker Manager
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
    Memory corruption when modifying a file being read by FileReader
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=491
2016-03-08 22:37:32 +00:00
Wolfgang Rosenauer
755a4c6acf - update to Firefox 45.0
* requires NSPR 4.12 / NSS 3.21.1
  * Instant browser tab sharing through Hello
  * Synced Tabs button in button bar
  * Tabs synced via Firefox Accounts from other devices are now shown
    in dropdown area of Awesome Bar when searching
  * Introduce a new preference (network.dns.blockDotOnion) to allow
    blocking .onion at the DNS level
  * Tab Groups (Panorama) feature removed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=490
2016-03-07 16:25:29 +00:00
Wolfgang Rosenauer
ad7b475f23 - update to Firefox 44.0 (boo#963520)
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931
    Miscellaneous memory safety hazards
  * MFSA 2016-02/CVE-2016-1933 (bmo#1231761)
    Out of Memory crash when parsing GIF format images
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
  * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)
    Firefox allows for control characters to be set in cookie names
  * MFSA 2016-06/CVE-2016-1937 (bmo#724353)
    Missing delay following user click events in protocol handler dialog
  * MFSA 2016-07/CVE-2016-1938 (bmo#1190248)
    Errors in mp_div and mp_exptmod cryptographic functions in NSS
    (fixed by requiring NSS 3.21)
  * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
    Addressbar spoofing attacks
  * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
    (bmo#1186621, bmo#1214782, bmo#1232096)
    Unsafe memory manipulation found through code inspection
  * MFSA 2016-11/CVE-2016-1947 (bmo#1237103)
    Application Reputation service disabled in Firefox 43
  * requires NSPR 4.11
  * requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=480
2016-01-26 22:39:03 +00:00
Wolfgang Rosenauer
312b68ac0e - update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
  * Users can opt-in to receive search suggestions from the Awesome Bar
  * WebRTC streaming on multiple monitors
  * User selectable second block list for Private Browsing's Tracking
    Protection
  security fixes:
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=473
2015-12-17 00:06:36 +00:00
Wolfgang Rosenauer
5182c1fb3f - update to Firefox 42.0 (bnc#952810)
* Private Browsing with Tracking Protection blocks certain Web
    elements that could be used to record your behavior across sites
  * Control Center that contains site security and privacy controls
  * Login Manager improvements
  * WebRTC improvements
  * Indicator added to tabs that play audio with one-click muting
  * Media Source Extension for HTML5 video available for all sites
- requires NSPR 4.10.10 and NSS 3.19.4
- removed obsolete patches
  * mozilla-arm-disable-edsp.patch
  * mozilla-icu-strncat.patch
  * mozilla-skia-be-le.patch
  * toolkit-download-folder.patch
- fixed build with enable-libproxy (bmo#1220399)
  * mozilla-libproxy.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=467
2015-11-03 15:49:03 +00:00
Wolfgang Rosenauer
b032824c09 - update to Firefox 41.0 (bnc#)
- rebased patches
- removed obsolete patches
  * mozilla-arm64-libjpeg-turbo.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=458
2015-09-22 06:10:40 +00:00
Wolfgang Rosenauer
ccadb573ea - update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
  * Suggested Tiles show sites of interest, based on categories
    from your recent browsing history
  * Hello allows adding a link to conversations to provide context
    on what the conversation will be about
  * New style for add-on manager based on the in-content
    preferences style
  * Improved scrolling, graphics, and video playback performance
    with off main thread compositing (GNU/Linux only)
  * Graphic blocklist mechanism improved: Firefox version ranges
    can be specified, limiting the number of devices blocked
  security fixes:
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=454
2015-08-12 07:11:49 +00:00
Wolfgang Rosenauer
fa8a849f6c - update to Firefox 39.0
* Share Hello URLs with social networks
  * Support for 'switch' role in ARIA 1.1 (web accessibility)
  * SafeBrowsing malware detection lookups enabled for downloads
    (Mac OS X and Linux)
  * Support for new Unicode 8.0 skin tone emoji
  * Removed support for insecure SSLv3 for network communications
  * Disable use of RC4 except for temporarily whitelisted hosts
  * NPAPI Plug-in performance improved via asynchronous initialization
- dropped mozilla-prefer_plugin_pref.patch as this feature is
  likely not worth maintaining further
- rebased patches
- require NSS 3.19.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=449
2015-06-24 19:26:58 +00:00
Wolfgang Rosenauer
192c5f2ac8 - update to Firefox 38.0.6
* fixes bmo#1171730 which is not really relevant to oS builds
- fix KDE regression from 38.0.5 builds (bsc#933439)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=447
2015-06-07 20:02:48 +00:00
Wolfgang Rosenauer
ed16f0e9b3 - update to Firefox 38.0.5
* Keep track of articles and videos with Pocket
  * Clean formatting for articles and blog posts with Reader View
  * Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=445
2015-06-01 08:32:35 +00:00
Wolfgang Rosenauer
0e97ac3151 - update to 31.7.0 (bnc#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=440
2015-05-10 20:12:38 +00:00
Wolfgang Rosenauer
c1e85da825 - update to Firefox 37.0
- removed obsolete patches
  * mozilla-bmo1088588.patch
  * mozilla-bmo1108834.patch
- requires NSPR 4.10.8
  mozilla-bmo1005535.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=432
2015-04-01 05:22:19 +00:00
Wolfgang Rosenauer
e562ad22f9 - update to Firefox 36.0 (bnc#917597)
* mozilla-xremote-client was removed
  * added libclearkey.so media plugin
  * Pinned tiles on the new tab page can be synced
  * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
    more scalable, and more responsive web.
  * Locale added: Uzbek (uz)
- rebased patches
- requires NSS 3.17.4

- update to Firefox 35.0.1
  * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
  * Kerberos authentication did not work with alias (bmo#1108971)
  * SVG / CSS animation had a regression causing rendering issues on
    websites like openstreemap.org (bmo#1083079)
  * On Godaddy webmail, Firefox could crash (bmo#1113121)
  * document.baseURI did not get updated to document.location after
    base tag was removed from DOM for site with a CSP (bmo#1121857)
  * With a Right-to-left (RTL) version of Firefox, the text selection
    could be broken (bmo#1104036)
  * CSP had a change in behavior with regard to case sensitivity
    resources loading (bmo#1122445)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=422
2015-02-23 20:32:13 +00:00
Wolfgang Rosenauer
30cfca53f8 - update to Firefox 35.0 (bnc#910669)
notable features:
  * Firefox Hello with new rooms-based conversations model
  * Implemented HTTP Public Key Pinning Extension (for enhanced
    authentication of encrypted connections)
- rebased patches
- dropped explicit support for everything older than 12.3
  (including SLES11)
  * merge firefox-kde.patch and firefox-kde-114.patch
  * dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
  either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
  crashes (bnc#908892)
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=419
2015-01-14 18:32:16 +00:00
Wolfgang Rosenauer
734ae25549 - update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
  * Default search engine changed to Yandex for Belarusian, Kazakh,
    and Russian locales
  * Improved search bar (en-US only)
  * Firefox Hello real-time communication client
  * Easily switch themes/personas directly in the Customizing mode
  * Implementation of HTTP/2 (draft14) and ALPN
  * Disabled SSLv3
  * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
    Miscellaneous memory safety hazards
  * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
    XBL bindings accessible via improper CSS declarations
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
    CSP leaks redirect data via violation reports
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=415
2014-12-02 22:01:52 +00:00
Wolfgang Rosenauer
e1f9f9b9cf - update to Firefox 33.0 (bnc#900941)
New features:
  * OpenH264 support (sandboxed)
  * Enhanced Tiles
  * Improved search experience through the location bar
  * Slimmer and faster JavaScript strings
  * New CSP (Content Security Policy) backend
  * Support for connecting to HTTP proxy over HTTPS
  * Improved reliability of the session restoration
  * Proprietary window.crypto properties/functions removed
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
  * mozilla-ppc.patch
  * mozilla-libproxy-compat.patch
- added basic appdata information

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=399
2014-10-13 18:00:43 +00:00
Wolfgang Rosenauer
577191d5c5 - update to Firefox 32.0.2
* just a version bump for our builds
  * fixed the in application update process for certain environments
    (in application update is not enabled in openSUSE and Linux
    is unaffected in any case)
- build with --disable-optimize for 13.1 and above for i586 to
  workaround miscompilations (bnc#896624)

- update to Firefox 32.0.1
  * fixed stability issues for computers with multiple graphics cards
  * mixed content icon may be incorrectly displayed instead of lock
    icon for SSL sites in 32.0 (
  * WebRTC: setRemoteDescription() silently fails if no success
    callback is specified (bmo#1063971)

- update to Firefox 32.0 (bnc#894370)
  * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
- rebased patches
- requires NSS 3.16.4
- removed upstreamed patch
  * mozilla-aarch64-bmo-810631.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=396
2014-09-22 16:35:40 +00:00
Wolfgang Rosenauer
873c6e1670 - update to Firefox 31.0 (bnc#887746)
- use EGL on ARM
- rebased patches
- requires NSS 3.16.2
- requires python-devel (not only python)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=389
2014-07-21 09:32:46 +00:00
Wolfgang Rosenauer
572efd6147 - update to Firefox 30.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
    (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
     bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
     bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
     bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
     bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
     bmo#1009952, bmo#1011007)
    Miscellaneous memory safety hazards (rv:30.0)
  * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
    (bmo#989994, bmo#999274, bmo#1005584)
    Use-after-free and out of bounds issues found using Address
    Sanitizer
  * MFSA 2014-50/CVE-2014-1539 (bmo#995603)
    Clickjacking through cursor invisability after Flash interaction
  * MFSA 2014-51/CVE-2014-1540 (bmo#978862)
    Use-after-free in Event Listener Manager
  * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
    Use-after-free with SMIL Animation Controller
  * MFSA 2014-53/CVE-2014-1542 (bmo#991533)
    Buffer overflow in Web Audio Speex resampler
  * MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
    Buffer overflow in Gamepad API
- rebased patches
- removed obsolete patches
  * firefox-browser-css.patch
  * mozilla-aarch64-bmo-962488.patch
  * mozilla-aarch64-bmo-963023.patch
  * mozilla-aarch64-bmo-963024.patch
  * mozilla-aarch64-bmo-963027.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=384
2014-06-11 08:41:30 +00:00
Wolfgang Rosenauer
c83cd3e02d - update to Firefox 29.0 (bnc#875378)
- rebased patches
- removed obsolete patches
  * firefox-browser-css.patch
  * mozilla-aarch64-599882cfb998.diff
  * mozilla-aarch64-bmo-963028.patch
  * mozilla-aarch64-bmo-963029.patch
  * mozilla-aarch64-bmo-963030.patch
  * mozilla-aarch64-bmo-963031.patch
- requires NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
- add mozilla-aarch64-599882cfb998.patch,
- Add patch for bmo#973977
- Refresh mozilla-ppc64le-xpcom.patch patch
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=378
2014-04-27 16:09:32 +00:00
Wolfgang Rosenauer
8915242f46 - update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
    Miscellaneous memory safety hazards
  * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
    Out of bounds read during WAV file decoding
  * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
    crypto.generateCRMFRequest does not validate type of key
  * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
    Spoofing attack on WebRTC permission prompt
  * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
    onbeforeunload and Javascript navigation DOS
  * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
    WebGL content injection from one domain to rendering in another
  * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
    Content Security Policy for data: documents not preserved by
    session restore
  * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
    Information disclosure through polygon rendering in MathML
  * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
    Memory corruption in Cairo during PDF font rendering
  * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
    SVG filters information disclosure through feDisplacementMap
  * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
    Privilege escalation using WebIDL-implemented APIs
  * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
    Use-after-free in TypeObject
  * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
    Out-of-bounds read/write through neutering ArrayBuffer objects
  * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
    Out-of-bounds write through TypedArrayObject after neutering

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=370
2014-03-18 19:44:32 +00:00