forked from pool/MozillaFirefox
MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092) Use-after-free with SVG animations and clip paths * CVE-2018-5155 (bmo#1448774) Use-after-free with SVG animations and text paths * CVE-2018-5157 (bmo#1449898) Same-origin bypass of PDF Viewer to view protected PDF files * CVE-2018-5158 (bmo#1452075) Malicious PDF can inject JavaScript into PDF Viewer * CVE-2018-5159 (bmo#1441941) Integer overflow and out-of-bounds write in Skia * CVE-2018-5160 (bmo#1436117) Uninitialized memory use by WebRTC encoder * CVE-2018-5152 (bmo#1415644, bmo#1427289) WebExtensions information leak through webRequest API * CVE-2018-5153 (bmo#1436809) Out-of-bounds read in mixed content websocket messages * CVE-2018-5163 (bmo#1426353) Replacing cached data in JavaScript Start-up Bytecode Cache * CVE-2018-5164 (bmo#1416045) CSP not applied to all multipart content sent with multipart/x-mixed-replace * CVE-2018-5166 (bmo#1437325) WebExtension host permission bypass through filterReponseData * CVE-2018-5167 (bmo#1447969) Improper linkification of chrome: and javascript: content in web console and JavaScript debugger * CVE-2018-5168 (bmo#1449548) Lightweight themes can be installed without user interaction * CVE-2018-5169 (bmo#1319157) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=658
This commit is contained in:
parent
57e0eca548
commit
19ab3bdb06
@ -9,6 +9,67 @@ Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org
|
||||
* Added support for Web Authentication, allowing the use of USB
|
||||
tokens for authentication to web sites
|
||||
* Locale added: Occitan (oc)
|
||||
MFSA 2018-11 (bsc#1092548)
|
||||
* CVE-2018-5154 (bmo#1443092)
|
||||
Use-after-free with SVG animations and clip paths
|
||||
* CVE-2018-5155 (bmo#1448774)
|
||||
Use-after-free with SVG animations and text paths
|
||||
* CVE-2018-5157 (bmo#1449898)
|
||||
Same-origin bypass of PDF Viewer to view protected PDF files
|
||||
* CVE-2018-5158 (bmo#1452075)
|
||||
Malicious PDF can inject JavaScript into PDF Viewer
|
||||
* CVE-2018-5159 (bmo#1441941)
|
||||
Integer overflow and out-of-bounds write in Skia
|
||||
* CVE-2018-5160 (bmo#1436117)
|
||||
Uninitialized memory use by WebRTC encoder
|
||||
* CVE-2018-5152 (bmo#1415644, bmo#1427289)
|
||||
WebExtensions information leak through webRequest API
|
||||
* CVE-2018-5153 (bmo#1436809)
|
||||
Out-of-bounds read in mixed content websocket messages
|
||||
* CVE-2018-5163 (bmo#1426353)
|
||||
Replacing cached data in JavaScript Start-up Bytecode Cache
|
||||
* CVE-2018-5164 (bmo#1416045)
|
||||
CSP not applied to all multipart content sent with
|
||||
multipart/x-mixed-replace
|
||||
* CVE-2018-5166 (bmo#1437325)
|
||||
WebExtension host permission bypass through filterReponseData
|
||||
* CVE-2018-5167 (bmo#1447969)
|
||||
Improper linkification of chrome: and javascript: content in
|
||||
web console and JavaScript debugger
|
||||
* CVE-2018-5168 (bmo#1449548)
|
||||
Lightweight themes can be installed without user interaction
|
||||
* CVE-2018-5169 (bmo#1319157)
|
||||
Dragging and dropping link text onto home button can set home page
|
||||
to include chrome pages
|
||||
* CVE-2018-5172 (bmo#1436482)
|
||||
Pasted script from clipboard can run in the Live Bookmarks page
|
||||
or PDF viewer
|
||||
* CVE-2018-5173 (bmo#1438025)
|
||||
File name spoofing of Downloads panel with Unicode characters
|
||||
* CVE-2018-5174 (bmo#1447080) (Windows-only)
|
||||
Windows Defender SmartScreen UI runs with less secure behavior
|
||||
for downloaded files in Windows 10 April 2018 Update
|
||||
* CVE-2018-5175 (bmo#1432358)
|
||||
Universal CSP bypass on sites using strict-dynamic in their policies
|
||||
* CVE-2018-5176 (bmo#1442840)
|
||||
JSON Viewer script injection
|
||||
* CVE-2018-5177 (bmo#1451908)
|
||||
Buffer overflow in XSLT during number formatting
|
||||
* CVE-2018-5165 (bmo#1451452)
|
||||
Checkbox for enabling Flash protected mode is inverted in 32-bit
|
||||
Firefox
|
||||
* CVE-2018-5180 (bmo#1444086)
|
||||
heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
|
||||
* CVE-2018-5181 (bmo#1424107)
|
||||
Local file can be displayed in noopener tab through drag and
|
||||
drop of hyperlink
|
||||
* CVE-2018-5182 (bmo#1435908)
|
||||
Local file can be displayed from hyperlink dragged and dropped
|
||||
on addressbar
|
||||
* CVE-2018-5151
|
||||
Memory safety bugs fixed in Firefox 60
|
||||
* CVE-2018-5150
|
||||
Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
|
||||
- removed obsolete patches
|
||||
0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
|
||||
mozilla-bmo1005535.patch
|
||||
|
@ -415,7 +415,7 @@ install -m 644 %{SOURCE9} %{buildroot}%{progdir}/browser/defaults/preferences/fi
|
||||
%if %localize
|
||||
rm -f %{_tmppath}/translations.*
|
||||
touch %{_tmppath}/translations.{common,other}
|
||||
for locale in $(cat $RPM_BUILD_DIR/mozilla/browser/locales/shipped-locales) ; do
|
||||
for locale in $(cat $RPM_BUILD_DIR/%{source_prefix}/browser/locales/shipped-locales) ; do
|
||||
case $locale in
|
||||
ja-JP-mac|en-US|'')
|
||||
;;
|
||||
@ -423,7 +423,7 @@ for locale in $(cat $RPM_BUILD_DIR/mozilla/browser/locales/shipped-locales) ; do
|
||||
pushd $RPM_BUILD_DIR/compare-locales
|
||||
PYTHONPATH=lib \
|
||||
scripts/compare-locales -m ../l10n-merged/$locale \
|
||||
../mozilla/browser/locales/l10n.ini ../l10n $locale
|
||||
../%{source_prefix}/browser/locales/l10n.ini ../l10n $locale
|
||||
popd
|
||||
LOCALE_MERGEDIR=$RPM_BUILD_DIR/l10n-merged/$locale \
|
||||
make -C browser/locales langpack-$locale
|
||||
|
Loading…
Reference in New Issue
Block a user