rpm/MozillaFirefox
SHA256
1
0
Fork 0
forked from pool/MozillaFirefox
Code Pull Requests Activity

MFSA 2018-11 (bsc#1092548)

Browse Source 
* CVE-2018-5154 (bmo#1443092)
    Use-after-free with SVG animations and clip paths
  * CVE-2018-5155 (bmo#1448774)
    Use-after-free with SVG animations and text paths
  * CVE-2018-5157 (bmo#1449898)
    Same-origin bypass of PDF Viewer to view protected PDF files
  * CVE-2018-5158 (bmo#1452075)
    Malicious PDF can inject JavaScript into PDF Viewer
  * CVE-2018-5159 (bmo#1441941)
    Integer overflow and out-of-bounds write in Skia
  * CVE-2018-5160 (bmo#1436117)
    Uninitialized memory use by WebRTC encoder
  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
    WebExtensions information leak through webRequest API
  * CVE-2018-5153 (bmo#1436809)
    Out-of-bounds read in mixed content websocket messages
  * CVE-2018-5163 (bmo#1426353)
    Replacing cached data in JavaScript Start-up Bytecode Cache
  * CVE-2018-5164 (bmo#1416045)
    CSP not applied to all multipart content sent with
    multipart/x-mixed-replace
  * CVE-2018-5166 (bmo#1437325)
    WebExtension host permission bypass through filterReponseData
  * CVE-2018-5167 (bmo#1447969)
    Improper linkification of chrome: and javascript: content in
    web console and JavaScript debugger
  * CVE-2018-5168 (bmo#1449548)
    Lightweight themes can be installed without user interaction
  * CVE-2018-5169 (bmo#1319157)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=658
This commit is contained in:
Wolfgang Rosenauer 2018-05-09 19:58:20 +00:00 committed by Git OBS Bridge
parent 57e0eca548
commit 19ab3bdb06
2 changed files with 63 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
MozillaFirefox.changes
View File

@ -9,6 +9,67 @@ Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org
* Added support for Web Authentication, allowing the use of USB * Added support for Web Authentication, allowing the use of USB
tokens for authentication to web sites tokens for authentication to web sites
* Locale added: Occitan (oc) * Locale added: Occitan (oc)
MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092)
Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774)
Use-after-free with SVG animations and text paths
* CVE-2018-5157 (bmo#1449898)
Same-origin bypass of PDF Viewer to view protected PDF files
* CVE-2018-5158 (bmo#1452075)
Malicious PDF can inject JavaScript into PDF Viewer
* CVE-2018-5159 (bmo#1441941)
Integer overflow and out-of-bounds write in Skia
* CVE-2018-5160 (bmo#1436117)
Uninitialized memory use by WebRTC encoder
* CVE-2018-5152 (bmo#1415644, bmo#1427289)
WebExtensions information leak through webRequest API
* CVE-2018-5153 (bmo#1436809)
Out-of-bounds read in mixed content websocket messages
* CVE-2018-5163 (bmo#1426353)
Replacing cached data in JavaScript Start-up Bytecode Cache
* CVE-2018-5164 (bmo#1416045)
CSP not applied to all multipart content sent with
multipart/x-mixed-replace
* CVE-2018-5166 (bmo#1437325)
WebExtension host permission bypass through filterReponseData
* CVE-2018-5167 (bmo#1447969)
Improper linkification of chrome: and javascript: content in
web console and JavaScript debugger
* CVE-2018-5168 (bmo#1449548)
Lightweight themes can be installed without user interaction
* CVE-2018-5169 (bmo#1319157)
Dragging and dropping link text onto home button can set home page
to include chrome pages
* CVE-2018-5172 (bmo#1436482)
Pasted script from clipboard can run in the Live Bookmarks page
or PDF viewer
* CVE-2018-5173 (bmo#1438025)
File name spoofing of Downloads panel with Unicode characters
* CVE-2018-5174 (bmo#1447080) (Windows-only)
Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
* CVE-2018-5175 (bmo#1432358)
Universal CSP bypass on sites using strict-dynamic in their policies
* CVE-2018-5176 (bmo#1442840)
JSON Viewer script injection
* CVE-2018-5177 (bmo#1451908)
Buffer overflow in XSLT during number formatting
* CVE-2018-5165 (bmo#1451452)
Checkbox for enabling Flash protected mode is inverted in 32-bit
Firefox
* CVE-2018-5180 (bmo#1444086)
heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
* CVE-2018-5181 (bmo#1424107)
Local file can be displayed in noopener tab through drag and
drop of hyperlink
* CVE-2018-5182 (bmo#1435908)
Local file can be displayed from hyperlink dragged and dropped
on addressbar
* CVE-2018-5151
Memory safety bugs fixed in Firefox 60
* CVE-2018-5150
Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- removed obsolete patches - removed obsolete patches
0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
mozilla-bmo1005535.patch mozilla-bmo1005535.patch

4
MozillaFirefox.spec
View File

@ -415,7 +415,7 @@ install -m 644 %{SOURCE9} %{buildroot}%{progdir}/browser/defaults/preferences/fi
%if %localize %if %localize
rm -f %{_tmppath}/translations.* rm -f %{_tmppath}/translations.*
touch %{_tmppath}/translations.{common,other} touch %{_tmppath}/translations.{common,other}
for locale in $(cat $RPM_BUILD_DIR/mozilla/browser/locales/shipped-locales) ; do for locale in $(cat $RPM_BUILD_DIR/%{source_prefix}/browser/locales/shipped-locales) ; do
case $locale in case $locale in
ja-JP-mac|en-US|'') ja-JP-mac|en-US|'')
;; ;;
@ -423,7 +423,7 @@ for locale in $(cat $RPM_BUILD_DIR/mozilla/browser/locales/shipped-locales) ; do
pushd $RPM_BUILD_DIR/compare-locales pushd $RPM_BUILD_DIR/compare-locales
PYTHONPATH=lib \ PYTHONPATH=lib \
scripts/compare-locales -m ../l10n-merged/$locale \ scripts/compare-locales -m ../l10n-merged/$locale \
../mozilla/browser/locales/l10n.ini ../l10n $locale ../%{source_prefix}/browser/locales/l10n.ini ../l10n $locale
popd popd
LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \ LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \
make -C browser/locales langpack-$locale make -C browser/locales langpack-$locale