diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index f672708..6c002ac 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -8,6 +8,47 @@ Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org * OpenSearch plugins offered by web pages can now be added from the page action menu for easier installation * Improved support for allowing WebExtensions to manage and hide tabs + MFSA 2018-15 (bsc#1098998) + * CVE-2018-12359 (bmo#1459162) + Buffer overflow using computed size of canvas element + * CVE-2018-12360 (bmo#1459693) + Use-after-free when using focus() + * CVE-2018-12361 (bmo#1463244) + Integer overflow in SwizzleData + * CVE-2018-12358 (bmo#1467852) + Same-origin bypass using service worker and redirection + * CVE-2018-12362 (bmo#1452375) + Integer overflow in SSSE3 scaler + * CVE-2018-5156 (bmo#1453127) + Media recorder segmentation fault when track type is changed during capture + * CVE-2018-12363 (bmo#1464784) + Use-after-free when appending DOM nodes + * CVE-2018-12364 (bmo#1436241) + CSRF attacks through 307 redirects and NPAPI plugins + * CVE-2018-12365 (bmo#1459206) + Compromised IPC child process can list local filenames + * CVE-2018-12371 (bmo#1465686) + Integer overflow in Skia library during edge builder allocation + * CVE-2018-12366 (bmo#1464039) + Invalid data handling during QCMS transformations + * CVE-2018-12367 (bmo#1462891) + Timing attack mitigation of PerformanceNavigationTiming + * CVE-2018-12369 (bmo#1454909) + WebExtension security permission checks bypassed by embedded experiments + * CVE-2018-12370 (bmo#1456652) + SameSite cookie protections bypassed when exiting Reader View + * CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882, + bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671) + Memory safety bugs fixed in Firefox 61 + * CVE-2018-5187 (1461324,bmo#1414829,bmo#1395246,bmo#1467938, + bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568, + bmo#1463884) + Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 + * CVE-2018-5188 (bnc#1456189,bmo#1456975,bmo#1465898,bmo#1392739, + bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, + bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, + bmo#1464079,bmo#1463494,bmo#1458048) + Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 - requires NSS 3.37.3 - requires python >= 3.5 to build - removed obsolete patches