2011-06-01 08:05:09 +02:00
|
|
|
From: Hans Petter Jansson <hpj@copyleft.no>
|
|
|
|
|
Wolfgang Rosenauer <wr@rosenauer.org>
|
|
|
|
|
Subject: use libnsssharedhelper if available at compile time
|
2011-12-18 14:13:18 +01:00
|
|
|
(can be disabled by exporting MOZ_XRE_NO_NSSHELPER=1)
|
2011-06-01 08:05:09 +02:00
|
|
|
References:
|
|
|
|
|
|
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 14:26:29 +02:00
|
|
|
diff --git a/old-configure.in b/old-configure.in
|
|
|
|
|
--- a/old-configure.in
|
|
|
|
|
+++ b/old-configure.in
|
2016-08-03 00:00:28 +02:00
|
|
|
@@ -6495,16 +6495,31 @@ if test "$MOZ_ENABLE_SKIA"; then
|
2014-03-18 20:44:32 +01:00
|
|
|
AC_DEFINE(USE_SKIA_GPU)
|
|
|
|
|
AC_SUBST(MOZ_ENABLE_SKIA_GPU)
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
AC_SUBST(MOZ_ENABLE_SKIA)
|
2015-11-03 16:49:03 +01:00
|
|
|
AC_SUBST_LIST(SKIA_INCLUDES)
|
2011-06-01 08:05:09 +02:00
|
|
|
|
|
|
|
|
dnl ========================================================
|
|
|
|
|
+dnl Check for nss-shared-helper
|
|
|
|
|
+dnl ========================================================
|
|
|
|
|
+
|
|
|
|
|
+ PKG_CHECK_MODULES(NSSHELPER, nss-shared-helper,
|
|
|
|
|
+ [MOZ_ENABLE_NSSHELPER=1],
|
|
|
|
|
+ [MOZ_ENABLE_NSSHELPER=])
|
|
|
|
|
+
|
|
|
|
|
+if test "$MOZ_ENABLE_NSSHELPER"; then
|
|
|
|
|
+ AC_DEFINE(MOZ_ENABLE_NSSHELPER)
|
|
|
|
|
+fi
|
|
|
|
|
+AC_SUBST(MOZ_ENABLE_NSSHELPER)
|
2014-12-02 23:01:52 +01:00
|
|
|
+AC_SUBST_LIST(NSSHELPER_CFLAGS)
|
|
|
|
|
+AC_SUBST_LIST(NSSHELPER_LIBS)
|
2011-06-01 08:05:09 +02:00
|
|
|
+
|
|
|
|
|
+dnl ========================================================
|
2014-03-18 20:44:32 +01:00
|
|
|
dnl disable xul
|
2013-06-24 09:57:33 +02:00
|
|
|
dnl ========================================================
|
2014-03-18 20:44:32 +01:00
|
|
|
MOZ_ARG_DISABLE_BOOL(xul,
|
|
|
|
|
[ --disable-xul Disable XUL],
|
|
|
|
|
MOZ_XUL= )
|
|
|
|
|
if test "$MOZ_XUL"; then
|
|
|
|
|
AC_DEFINE(MOZ_XUL)
|
|
|
|
|
else
|
2015-09-22 08:10:40 +02:00
|
|
|
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
|
|
|
|
|
--- a/security/manager/ssl/moz.build
|
|
|
|
|
+++ b/security/manager/ssl/moz.build
|
2016-08-03 00:00:28 +02:00
|
|
|
@@ -159,16 +159,19 @@ if CONFIG['MOZ_XUL']:
|
|
|
|
|
]
|
2014-12-02 23:01:52 +01:00
|
|
|
|
2016-08-03 00:00:28 +02:00
|
|
|
UNIFIED_SOURCES += [
|
|
|
|
|
'md4.c',
|
2014-12-02 23:01:52 +01:00
|
|
|
]
|
|
|
|
|
|
2016-08-03 00:00:28 +02:00
|
|
|
FINAL_LIBRARY = 'xul'
|
|
|
|
|
|
2014-12-02 23:01:52 +01:00
|
|
|
+CXXFLAGS += sorted(CONFIG['NSSHELPER_CFLAGS'])
|
|
|
|
|
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
|
2013-12-11 09:31:54 +01:00
|
|
|
+
|
2016-03-07 17:25:29 +01:00
|
|
|
LOCAL_INCLUDES += [
|
2016-08-03 00:00:28 +02:00
|
|
|
'/dom/base',
|
|
|
|
|
'/dom/crypto',
|
|
|
|
|
'/security/certverifier',
|
|
|
|
|
'/security/pkix/include',
|
2015-09-22 08:10:40 +02:00
|
|
|
]
|
2014-12-02 23:01:52 +01:00
|
|
|
|
2016-08-03 00:00:28 +02:00
|
|
|
LOCAL_INCLUDES += [
|
2015-09-22 08:10:40 +02:00
|
|
|
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
|
|
|
|
|
--- a/security/manager/ssl/nsNSSComponent.cpp
|
|
|
|
|
+++ b/security/manager/ssl/nsNSSComponent.cpp
|
2015-01-14 19:32:16 +01:00
|
|
|
@@ -1,14 +1,21 @@
|
|
|
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
|
|
|
*
|
2012-08-28 20:40:50 +02:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2011-06-01 08:05:09 +02:00
|
|
|
|
|
|
|
|
+#ifdef MOZ_ENABLE_NSSHELPER
|
|
|
|
|
+#pragma GCC visibility push(default)
|
|
|
|
|
+#include <nss-shared-helper.h>
|
|
|
|
|
+#pragma GCC visibility pop
|
|
|
|
|
+#include "prenv.h"
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
#include "nsNSSComponent.h"
|
2013-08-07 14:18:59 +02:00
|
|
|
|
2014-04-27 18:09:32 +02:00
|
|
|
#include "ExtendedValidation.h"
|
|
|
|
|
#include "NSSCertDBTrustDomain.h"
|
2016-08-03 00:00:28 +02:00
|
|
|
#include "ScopedNSSTypes.h"
|
2016-03-07 17:25:29 +01:00
|
|
|
#include "SharedSSLState.h"
|
2016-08-03 00:00:28 +02:00
|
|
|
#include "cert.h"
|
|
|
|
|
#include "certdb.h"
|
|
|
|
|
@@ -1491,17 +1498,31 @@ nsNSSComponent::InitializeNSS()
|
2016-03-07 17:25:29 +01:00
|
|
|
return rv;
|
|
|
|
|
}
|
2014-04-27 18:09:32 +02:00
|
|
|
}
|
2016-03-07 17:25:29 +01:00
|
|
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
|
2015-09-22 08:10:40 +02:00
|
|
|
|
|
|
|
|
if (!nocertdb && !profileStr.IsEmpty()) {
|
2014-04-27 18:09:32 +02:00
|
|
|
// First try to initialize the NSS DB in read/write mode.
|
2016-03-07 17:25:29 +01:00
|
|
|
// Only load PKCS11 modules if we're not in safe mode.
|
2011-06-01 08:05:09 +02:00
|
|
|
+#ifdef MOZ_ENABLE_NSSHELPER
|
2011-12-18 14:13:18 +01:00
|
|
|
+ if (PR_GetEnv("MOZ_XRE_NO_NSSHELPER")) {
|
2016-03-07 17:25:29 +01:00
|
|
|
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
|
2011-06-01 08:05:09 +02:00
|
|
|
+ } else {
|
2014-04-27 18:09:32 +02:00
|
|
|
+ uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
|
|
|
|
|
+ init_rv = ::nsshelp_open_db ("Firefox", profileStr.get(), flags);
|
2011-06-01 08:05:09 +02:00
|
|
|
+
|
|
|
|
|
+ if (init_rv != SECSuccess) {
|
2015-09-22 08:10:40 +02:00
|
|
|
+ MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("can not init NSS using nsshelp_open_db in %s\n", profileStr.get()));
|
2016-03-07 17:25:29 +01:00
|
|
|
+ init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
|
2011-06-01 08:05:09 +02:00
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+#else
|
2016-03-07 17:25:29 +01:00
|
|
|
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
|
2011-06-01 08:05:09 +02:00
|
|
|
+#endif
|
2014-04-27 18:09:32 +02:00
|
|
|
// If that fails, attempt read-only mode.
|
2011-06-01 08:05:09 +02:00
|
|
|
if (init_rv != SECSuccess) {
|
2015-09-22 08:10:40 +02:00
|
|
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
|
2016-03-07 17:25:29 +01:00
|
|
|
init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
|
2014-04-27 18:09:32 +02:00
|
|
|
}
|
|
|
|
|
if (init_rv != SECSuccess) {
|
2015-09-22 08:10:40 +02:00
|
|
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
|
2014-04-27 18:09:32 +02:00
|
|
|
}
|
2015-01-14 19:32:16 +01:00
|
|
|
diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build
|
|
|
|
|
--- a/toolkit/library/moz.build
|
|
|
|
|
+++ b/toolkit/library/moz.build
|
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 14:26:29 +02:00
|
|
|
@@ -209,16 +209,18 @@ if CONFIG['OS_ARCH'] == 'Linux' and CONF
|
2015-01-14 19:32:16 +01:00
|
|
|
OS_LIBS += [
|
|
|
|
|
'rt',
|
|
|
|
|
]
|
2011-06-01 08:05:09 +02:00
|
|
|
|
2015-01-14 19:32:16 +01:00
|
|
|
OS_LIBS += CONFIG['MOZ_CAIRO_OSLIBS']
|
|
|
|
|
OS_LIBS += CONFIG['MOZ_WEBRTC_X11_LIBS']
|
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 14:26:29 +02:00
|
|
|
OS_LIBS += CONFIG['MOZ_SERVO_LIBS']
|
2015-01-14 19:32:16 +01:00
|
|
|
|
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 14:26:29 +02:00
|
|
|
+OS_LIBS += sorted(CONFIG['NSSHELPER_LIBS'])
|
|
|
|
|
+
|
2016-08-03 00:00:28 +02:00
|
|
|
if CONFIG['MOZ_SYSTEM_JPEG']:
|
2015-01-14 19:32:16 +01:00
|
|
|
OS_LIBS += CONFIG['MOZ_JPEG_LIBS']
|
- update to Firefox 30.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address
Sanitizer
* MFSA 2014-50/CVE-2014-1539 (bmo#995603)
Clickjacking through cursor invisability after Flash interaction
* MFSA 2014-51/CVE-2014-1540 (bmo#978862)
Use-after-free in Event Listener Manager
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller
* MFSA 2014-53/CVE-2014-1542 (bmo#991533)
Buffer overflow in Web Audio Speex resampler
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
Buffer overflow in Gamepad API
- rebased patches
- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch
* mozilla-aarch64-bmo-963024.patch
* mozilla-aarch64-bmo-963027.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=384
2014-06-11 10:41:30 +02:00
|
|
|
|
2016-08-03 00:00:28 +02:00
|
|
|
if CONFIG['MOZ_SYSTEM_PNG']:
|
2015-01-14 19:32:16 +01:00
|
|
|
OS_LIBS += CONFIG['MOZ_PNG_LIBS']
|
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 14:26:29 +02:00
|
|
|
|
2016-08-03 00:00:28 +02:00
|
|
|
if CONFIG['MOZ_SYSTEM_HUNSPELL']:
|
- update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
* Embedded YouTube videos now play with HTML5 video if Flash is
not installed
* View and search open tabs from your smartphone or another
computer in a sidebar
* Allow no-cache on back/forward navigations for https resources
security fixes:
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
(boo#983638)
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
bmo#1269729, bmo#1273202, bmo#1273701)
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
Out-of-bounds write with WebGL shader
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
Partial same-origin-policy through setting location.host
through data URI
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
Use-after-free when textures are used in WebGL operations
after recycle pool destruction
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 14:26:29 +02:00
|
|
|
OS_LIBS += CONFIG['MOZ_HUNSPELL_LIBS']
|