MozillaFirefox

pool/MozillaFirefox

SHA256

Fork 1

0079985d4c security fixes: * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only) * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Wolfgang Rosenauer 2015-02-25 06:18:57 +0000
e38465171c - update to Firefox 36.0 (bnc#917597) * mozilla-xremote-client was removed * added libclearkey.so media plugin * Pinned tiles on the new tab page can be synced * Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web. * Locale added: Uzbek (uz) - rebased patches - requires NSS 3.17.4 Wolfgang Rosenauer 2015-02-23 20:32:13 +0000
a3c36a4044 Accepting request 281360 from mozilla:Factory Stephan Kulow 2015-01-21 20:50:40 +0000
ed1e6f20d0 security fixes: * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects Wolfgang Rosenauer 2015-01-15 06:02:33 +0000
1bda786938 - update to Firefox 35.0 (bnc#910669) notable features: * Firefox Hello with new rooms-based conversations model * Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections) - rebased patches - dropped explicit support for everything older than 12.3 (including SLES11) * merge firefox-kde.patch and firefox-kde-114.patch * dropped mozilla-sle11.patch - reworked specfile to build conditionally based on release channel either Firefox or Firefox Developer Edition - added mozilla-openaes-decl.patch to fix implicit declarations - obsolete tracker-miner-firefox < 0.15 because it leads to startup crashes (bnc#908892) - rebased patches Wolfgang Rosenauer 2015-01-14 18:32:16 +0000
c1b6757734 Accepting request 266182 from mozilla:Factory Dominique Leuenberger 2014-12-25 22:19:56 +0000
d89c587eeb Accepting request 265117 from home:Ledest:bashisms Wolfgang Rosenauer 2014-12-15 18:32:23 +0000
8847c1e873 Accepting request 263819 from mozilla:Factory Dominique Leuenberger 2014-12-06 12:47:23 +0000
4a13134b83 - update to Firefox 34.0.5 (bnc#908009) * Default search engine changed to Yahoo! for North America * Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales * Improved search bar (en-US only) * Firefox Hello real-time communication client * Easily switch themes/personas directly in the Customizing mode * Implementation of HTTP/2 (draft14) and ALPN * Disabled SSLv3 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches - limit linker memory usage for %ix86 Wolfgang Rosenauer 2014-12-02 22:01:52 +0000
084700b2e7 Accepting request 260773 from mozilla:Factory Dominique Leuenberger 2014-11-13 08:16:50 +0000
140e4a12ee - requires NSS 3.17.2 Wolfgang Rosenauer 2014-11-10 16:05:57 +0000
b5acd11036 - update to Firefox 33.1 * Adding DuckDuckGo as a search option (upstream) * Forget Button added * Enhanced Tiles * Privacy tour introduced - fix typo in GStreamer Recommends - use proper macros for ARM Wolfgang Rosenauer 2014-11-10 15:49:04 +0000
87ecd127f4 Accepting request 260182 from mozilla:Factory Stephan Kulow 2014-11-07 08:05:20 +0000
849a660683 Accepting request 259749 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2014-11-06 20:54:53 +0000
ab979e2eb7 Accepting request 259483 from devel:ARM:Factory Wolfgang Rosenauer 2014-11-04 23:02:38 +0000
ff6e50aa3e Accepting request 259011 from mozilla:Factory Stephan Kulow 2014-11-01 07:14:01 +0000
113f1f2433 - update to Firefox 33.0.2 * Fix a startup crash with some combination of hardware and drivers 33.0.1 * Firefox displays a black screen at start-up with certain graphics drivers - adjusted _constraints for ARM Wolfgang Rosenauer 2014-10-30 12:43:09 +0000
b0bbfbf8c8 - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) Wolfgang Rosenauer 2014-10-25 08:51:04 +0000
43013532ef OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=406 Wolfgang Rosenauer 2014-10-20 11:39:30 +0000
fd45b34aba - use Firefox default optimization flags instead of -Os Wolfgang Rosenauer 2014-10-19 19:45:31 +0000
159486ad08 Accepting request 257650 from home:Vindex17:branches:mozilla:Factory Wolfgang Rosenauer 2014-10-19 19:40:39 +0000
005374e051 Accepting request 256768 from mozilla:Factory Stephan Kulow 2014-10-18 07:08:20 +0000
d318a42021 Accepting request 256323 from mozilla:Factory Stephan Kulow 2014-10-15 14:41:15 +0000
3d4d28e3ed - fix build for all ppc by not enabling elf-hack Wolfgang Rosenauer 2014-10-15 14:13:02 +0000
8cec21d43a - fix build for ppc64 and ppc64le by not enabling elf-hack (bnc#901213) Wolfgang Rosenauer 2014-10-15 08:16:22 +0000
637aa82eee Security: * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) Wolfgang Rosenauer 2014-10-14 17:22:36 +0000
2f02270073 - update to Firefox 33.0 (bnc#900941) New features: * OpenH264 support (sandboxed) * Enhanced Tiles * Improved search experience through the location bar * Slimmer and faster JavaScript strings * New CSP (Content Security Policy) backend * Support for connecting to HTTP proxy over HTTPS * Improved reliability of the session restoration * Proprietary window.crypto properties/functions removed - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches: * mozilla-ppc.patch * mozilla-libproxy-compat.patch - added basic appdata information Wolfgang Rosenauer 2014-10-13 18:00:43 +0000
84b6b45dba Accepting request 251469 from mozilla:Factory Stephan Kulow 2014-09-24 11:09:13 +0000
ab5934fcc8 - use some more build flags to align with upstream Wolfgang Rosenauer 2014-09-22 17:07:48 +0000
6d0dbb410f - update to Firefox 32.0.2 * just a version bump for our builds * fixed the in application update process for certain environments (in application update is not enabled in openSUSE and Linux is unaffected in any case) - build with --disable-optimize for 13.1 and above for i586 to workaround miscompilations (bnc#896624) Wolfgang Rosenauer 2014-09-22 16:35:40 +0000
fa32576a33 Accepting request 247292 from mozilla:Factory Stephan Kulow 2014-09-04 05:55:56 +0000
5bd4ec3405 * MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality Wolfgang Rosenauer 2014-09-02 18:09:51 +0000
894acf7ddc - update to Firefox 31.1.0esr (bnc#894370) - changes to support compilation on 11.4 * explicit xz BuildRequires * mozilla-nullptr-gcc45.patch * remove unresolved makeinfo BuildRequires Wolfgang Rosenauer 2014-09-01 09:59:18 +0000
0b181e39af Accepting request 245272 from home:sbehlert:branches:mozilla:Factory Tomáš Chvátal 2014-09-01 09:07:28 +0000
09e90f8945 Accepting request 241955 from mozilla:Factory Stephan Kulow 2014-07-25 10:27:18 +0000
62729f3b1a * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web Audio buffering for playback * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due to incorrect control message ordering * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog customization event spoofing * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973, bmo#1026022, bmo#997795) Certificate parsing broken by non-standard character encoding * MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin access through redirect Wolfgang Rosenauer 2014-07-23 05:15:12 +0000
51d960176f - update to Firefox 31.0 (bnc#887746) - use EGL on ARM - rebased patches - requires NSS 3.16.2 - requires python-devel (not only python) Wolfgang Rosenauer 2014-07-21 09:32:46 +0000
46f07576a3 Accepting request 241651 from home:mayerjosua:mozilla Wolfgang Rosenauer 2014-07-20 18:10:31 +0000
8e6af1b246 Accepting request 236875 from mozilla:Factory Stephan Kulow 2014-06-16 19:42:55 +0000
3fe418d0af * mozilla-ppc64le-build.patch Wolfgang Rosenauer 2014-06-11 12:36:21 +0000
8d269f7222 * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR Wolfgang Rosenauer 2014-06-11 11:12:30 +0000
83b187e5a4 - update to Firefox 30.0 (bnc#881874) * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0) * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer * MFSA 2014-50/CVE-2014-1539 (bmo#995603) Clickjacking through cursor invisability after Flash interaction * MFSA 2014-51/CVE-2014-1540 (bmo#978862) Use-after-free in Event Listener Manager * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller * MFSA 2014-53/CVE-2014-1542 (bmo#991533) Buffer overflow in Web Audio Speex resampler * MFSA 2014-54/CVE-2014-1543 (bmo#1011859) Buffer overflow in Gamepad API - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-bmo-962488.patch * mozilla-aarch64-bmo-963023.patch * mozilla-aarch64-bmo-963024.patch * mozilla-aarch64-bmo-963027.patch Wolfgang Rosenauer 2014-06-11 08:41:30 +0000
e7eb53608d Accepting request 233497 from mozilla:Factory Stephan Kulow 2014-05-13 18:47:36 +0000
25ebccd71b - update to Firefox 29.0.1 * Seer disabled by default (bmo#1005958) * Session Restore failed with a corrupted sessionstore.js file (bmo#1001167) * pdf.js printing white page (bmo#1003707, bnc#876833) - general.useragent.locale gets overwritten with en-US while it should be using the active langpack's setting Wolfgang Rosenauer 2014-05-11 18:09:20 +0000
06471563a9 Accepting request 232128 from mozilla:Factory Stephan Kulow 2014-04-30 13:09:39 +0000
e3fa498b57 - update to Thunderbird 24.5.0 (bnc#875378) * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver - use shipped-locales as the authoritative source for supported locales (some unsupported locales disappear from -other package) Wolfgang Rosenauer 2014-04-29 21:30:39 +0000
e05b18faa7 * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards * MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video * MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver * MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript Wolfgang Rosenauer 2014-04-29 21:22:41 +0000
9d19809515 - update to Firefox 29.0 (bnc#875378) - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-599882cfb998.diff * mozilla-aarch64-bmo-963028.patch * mozilla-aarch64-bmo-963029.patch * mozilla-aarch64-bmo-963030.patch * mozilla-aarch64-bmo-963031.patch - requires NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks - add mozilla-aarch64-599882cfb998.patch, - Add patch for bmo#973977 - Refresh mozilla-ppc64le-xpcom.patch patch - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system Wolfgang Rosenauer 2014-04-27 16:09:32 +0000
2c214197fe Accepting request 229901 from mozilla:Factory Stephan Kulow 2014-04-14 07:25:08 +0000
eda8b9c884 Accepting request 229482 from devel:ARM:Factory Wolfgang Rosenauer 2014-04-13 14:47:41 +0000
b9869158e3 Accepting request 228401 from mozilla:Factory Stephan Kulow 2014-04-02 15:25:09 +0000
27336c8295 Accepting request 227348 from openSUSE:Factory:PowerPC Wolfgang Rosenauer 2014-03-25 08:26:07 +0000
98c325ede9 Accepting request 227064 from openSUSE:Factory:PowerPC Wolfgang Rosenauer 2014-03-22 08:18:58 +0000
d93cab4865 Accepting request 226811 from mozilla:Factory Stephan Kulow 2014-03-21 12:33:51 +0000
bf382156d6 * JS math correctness issue (bmo#941381) Wolfgang Rosenauer 2014-03-20 06:30:56 +0000
ee63deb207 - update to Firefox 28.0 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering Wolfgang Rosenauer 2014-03-18 19:44:32 +0000
7ab95461c2 Accepting request 224415 from mozilla:Factory Stephan Kulow 2014-03-04 12:54:58 +0000
a86d99f987 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=368 Wolfgang Rosenauer 2014-02-24 10:45:40 +0000
50b17a10ad Accepting request 223589 from mozilla:Factory Stephan Kulow 2014-02-24 09:02:38 +0000
2e55657fde - update to Firefox 27.0.1 * Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval * JS math correctness issue (bnc#941381) - incorporate Google API key for geolocation (bnc#864170) - updated list of "other" locales in RPM requirements Wolfgang Rosenauer 2014-02-23 10:04:06 +0000
8b72302da8 Accepting request 220926 from mozilla:Factory Stephan Kulow 2014-02-05 15:23:10 +0000
ae4d3e2240 - update to Firefox 27.0 (bnc#861847) * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes * MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log * MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script * MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects Wolfgang Rosenauer 2014-02-05 05:58:54 +0000
8f3bc80ce6 - update to Firefox 27.0 (bnc#) - requires NSS 3.15.4 or higher - rebased/reworked patches - removed obsolete mozilla-bug929439.patch Wolfgang Rosenauer 2014-02-03 15:34:42 +0000
b4dfb3825d Accepting request 212678 from mozilla:Factory Tomáš Chvátal 2014-01-03 13:53:49 +0000
89fd780e78 * mozilla-ppc64le.patch: general support * mozilla-libffi-ppc64le.patch: libffi backport * mozilla-xpcom-ppc64le.patch: port xpcom Wolfgang Rosenauer 2014-01-02 21:31:24 +0000
65e2d4d5d7 Accepting request 211248 from openSUSE:Factory:PowerLE Wolfgang Rosenauer 2014-01-02 20:02:50 +0000
5d847b2c7c Accepting request 210489 from mozilla:Factory Stephan Kulow 2013-12-11 14:41:36 +0000
2dbba8a23d - update to Firefox 26.0 (bnc#854367, bnc#854370) * rebased patches * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) Wolfgang Rosenauer 2013-12-11 08:31:54 +0000
2f23e6d0f2 Accepting request 205261 from mozilla:Factory Stephan Kulow 2013-11-01 06:04:50 +0000
bf5fb37f98 - update to Firefox 25.0 (bnc#847708) * rebased patches * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates Wolfgang Rosenauer 2013-10-30 14:45:02 +0000
6200e47cda Accepting request 201362 from mozilla:Factory Stephan Kulow 2013-09-30 07:32:01 +0000
a7dffc4885 - as GStreamer is not automatically required anymore but loaded dynamically if available, require it explicitely - recommend optional GStreamer plugins for comprehensive media support Wolfgang Rosenauer 2013-09-29 11:39:09 +0000
2a341ad78d Accepting request 199437 from mozilla:Factory Stephan Kulow 2013-09-23 08:05:39 +0000
6b873baefc * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - enable gstreamer explicitely via pref (gecko.js) Wolfgang Rosenauer 2013-09-17 19:07:39 +0000
2e928833fe - move greek to the translations-common package (bnc#840551) Wolfgang Rosenauer 2013-09-16 15:40:25 +0000
f2371498fd Accepting request 199275 from home:lnussel:branches:mozilla:Factory Wolfgang Rosenauer 2013-09-16 15:35:15 +0000
d2200a49cd - update to Firefox 24.0 (bnc#840485) - enable gstreamer via pref (gecko.js) - require NSS 3.15.1 Wolfgang Rosenauer 2013-09-16 07:57:05 +0000
c41b1d9c6c Accepting request 196711 from mozilla:Factory Stephan Kulow 2013-08-30 09:42:57 +0000
88e647fe19 - update to Firefox 23.0.1 * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (bmo#901527) Wolfgang Rosenauer 2013-08-27 07:42:59 +0000
b51015b0c5 Accepting request 186295 from mozilla:Factory Tomáš Chvátal 2013-08-11 09:21:20 +0000
2e3fd693c1 - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 Wolfgang Rosenauer 2013-08-07 12:18:59 +0000
59f9d9db14 Accepting request 182307 from mozilla:Factory Stephan Kulow 2013-07-06 05:03:17 +0000
a7d7992747 Accepting request 181923 from devel:ARM:Factory Wolfgang Rosenauer 2013-07-05 12:52:24 +0000
a3c9d92cea Accepting request 180910 from mozilla:Factory Stephan Kulow 2013-06-26 18:24:31 +0000
54a50e7495 * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name Wolfgang Rosenauer 2013-06-25 18:23:54 +0000
09a0ed1d17 - update to Firefox 22.0 (bnc#825935) * removed obsolete patches + mozilla-qcms-ppc.patch + mozilla-gstreamer-760140.patch * GStreamer support does not build on 12.1 anymore (build only on 12.2 and later) - Fix qcms altivec include (mozilla-qcms-ppc.patch) Wolfgang Rosenauer 2013-06-24 07:57:33 +0000
675860d987 Accepting request 178599 from mozilla:Factory Stephan Kulow 2013-06-13 15:12:13 +0000
0fe7f2e888 Accepting request 178590 from home:k0da:ppc Wolfgang Rosenauer 2013-06-12 07:22:47 +0000
852735f718 Accepting request 175906 from mozilla:Factory Stephan Kulow 2013-05-17 06:26:14 +0000
a45dcbe95d increase memory requirements Wolfgang Rosenauer 2013-05-16 05:49:33 +0000
b0b9e15388 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=335 Wolfgang Rosenauer 2013-05-15 20:58:21 +0000
4ed42ee8c7 * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer Wolfgang Rosenauer 2013-05-14 18:15:06 +0000
e44b8338d6 - update to Firefox 21.0 (bnc#819204) * removed upstreamed patch firefox-712763.patch * removed disabled mozilla-disable-neon-option.patch Wolfgang Rosenauer 2013-05-14 14:33:59 +0000
3b6e30a401 Accepting request 163449 from mozilla:Factory Stephan Kulow 2013-04-14 08:35:29 +0000
dbffa7026c - revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch) Wolfgang Rosenauer 2013-04-09 10:48:15 +0000
5dcfd81645 Accepting request 163032 from mozilla:Factory Stephan Kulow 2013-04-07 12:23:39 +0000
55c5e9e709 Accepting request 162909 from home:AndreasSchwab:ff Wolfgang Rosenauer 2013-04-06 19:20:40 +0000
8f1260d3d5 Accepting request 162345 from mozilla:Factory Stephan Kulow 2013-04-06 06:58:08 +0000
ef84b5208b * mozilla-webrtc-ppc.patch included upstream Wolfgang Rosenauer 2013-04-03 07:46:27 +0000
10b98266f1 - update to Firefox 20.0 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) Wolfgang Rosenauer 2013-04-02 19:00:31 +0000

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory