rpm/MozillaFirefox
SHA256
1
0
Fork 0
forked from pool/MozillaFirefox
Code Pull Requests Activity

- update to Firefox 58.0 (bsc#1077291)

Browse Source 
MFSA 2018-02
  * CVE-2018-5091 (bmo#1423086)
    Use-after-free with DTMF timers
  * CVE-2018-5092 (bmo#1418074)
    Use-after-free in Web Workers
  * CVE-2018-5093 (bmo#1415291)
    Buffer overflow in WebAssembly during Memory/Table resizing
  * CVE-2018-5094 (bmo#1415883)
    Buffer overflow in WebAssembly with garbage collection on
    uninitialized memory
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5100 (bmo#1417405)
    Use-after-free when IsPotentiallyScrollable arguments are freed
    from memory
  * CVE-2018-5101 (bmo#1417661)
    Use-after-free with floating first-letter style elements
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=629
This commit is contained in:
Wolfgang Rosenauer 2018-01-23 20:56:02 +00:00 committed by Git OBS Bridge
parent 725614f48e
commit 6156a55b00
1 changed files with 71 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
MozillaFirefox.changes
View File

@ -1,10 +1,79 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jan 20 22:05:35 UTC 2018 - wr@rosenauer.org Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
- update to Firefox 58.0 - update to Firefox 58.0 (bsc#1077291)
* Added Nepali (ne-NP) locale * Added Nepali (ne-NP) locale
* Added support for form autofill for credit card * Added support for form autofill for credit card
* Optimize page load by caching JavaScript internal representation * Optimize page load by caching JavaScript internal representation
MFSA 2018-02
* CVE-2018-5091 (bmo#1423086)
Use-after-free with DTMF timers
* CVE-2018-5092 (bmo#1418074)
Use-after-free in Web Workers
* CVE-2018-5093 (bmo#1415291)
Buffer overflow in WebAssembly during Memory/Table resizing
* CVE-2018-5094 (bmo#1415883)
Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
* CVE-2018-5095 (bmo#1418447)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-5097 (bmo#1387427)
Use-after-free when source document is manipulated during XSLT
* CVE-2018-5098 (bmo#1399400)
Use-after-free while manipulating form input elements
* CVE-2018-5099 (bmo#1416878)
Use-after-free with widget listener
* CVE-2018-5100 (bmo#1417405)
Use-after-free when IsPotentiallyScrollable arguments are freed
from memory
* CVE-2018-5101 (bmo#1417661)
Use-after-free with floating first-letter style elements
* CVE-2018-5102 (bmo#1419363)
Use-after-free in HTML media elements
* CVE-2018-5103 (bmo#1423159)
Use-after-free during mouse event handling
* CVE-2018-5104 (bmo#1425000)
Use-after-free during font face manipulation
* CVE-2018-5105 (bmo#1390882)
WebExtensions can save and execute files on local file system
without user prompts
* CVE-2018-5106 (bmo#1408708)
Developer Tools can expose style editor information cross-origin
through service worker
* CVE-2018-5107 (bmo#1379276)
Printing process will follow symlinks for local file access
* CVE-2018-5108 (bmo#1421099)
Manually entered blob URL can be accessed by subsequent private browsing tabs
* CVE-2018-5109 (bmo#1405599)
Audio capture prompts and starts with incorrect origin attribution
* CVE-2018-5110 (bmo#1423275) (affects only OS X)
Cursor can be made invisible on OS X
* CVE-2018-5111 (bmo#1321619)
URL spoofing in addressbar through drag and drop
* CVE-2018-5112 (bmo#1425224)
Extension development tools panel can open a non-relative URL in the panel
* CVE-2018-5113 (bmo#1425267)
WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
* CVE-2018-5114 (bmo#1421324)
The old value of a cookie changed to HttpOnly remains accessible to scripts
* CVE-2018-5115 (bmo#1409449)
Background network requests can open HTTP authentication in unrelated foreground tabs
* CVE-2018-5116 (bmo#1396399)
WebExtension ActiveTab permission allows cross-origin frame content access
* CVE-2018-5117 (bmo#1395508)
URL spoofing with right-to-left text aligned left-to-right
* CVE-2018-5118 (bmo#1420049)
Activity Stream images can attempt to load local content through file:
* CVE-2018-5119 (bmo#1420507)
Reader view will load cross-origin content in violation of CORS headers
* CVE-2018-5121 (bmo#1402368) (affects only OS X)
OS X Tibetan characters render incompletely in the addressbar
* CVE-2018-5122 (bmo#1413841)
Potential integer overflow in DoCrypt
* CVE-2018-5090
Memory safety bugs fixed in Firefox 58
* CVE-2018-5089
Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- requires NSS 3.34.1 - requires NSS 3.34.1
- requires rust 1.21 - requires rust 1.21
- removed obsolete patches: - removed obsolete patches: