From 6a7340e3e1a9a13c174de07d505452760c9f66bfb53c7383b502e66e5b7ea1ae Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Wed, 18 Jul 2012 05:21:02 +0000 Subject: [PATCH] - update to 14.0.1 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-43/CVE-2012-1950 Incorrect URL displayed in addressbar through drag and drop * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-46/CVE-2012-1966 (bmo#734076) XSS through data: URLs * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-55/CVE-2012-1965 (bmo#758990) feed: URLs with an innerURI inherit security context of page * MFSA 2012-56/CVE-2012-1967 (bmo#758344) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=286 --- MozillaFirefox.changes | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 41cae64..bd8aa1c 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -1,7 +1,37 @@ ------------------------------------------------------------------- Sat Jul 14 19:31:51 UTC 2012 - wr@rosenauer.org -- update to 14.0.1 (bnc#) +- update to 14.0.1 (bnc#771583) + * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 + Miscellaneous memory safety hazards + * MFSA 2012-43/CVE-2012-1950 + Incorrect URL displayed in addressbar through drag and drop + * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 + Gecko memory corruption + * MFSA 2012-45/CVE-2012-1955 (bmo#757376) + Spoofing issue with location + * MFSA 2012-46/CVE-2012-1966 (bmo#734076) + XSS through data: URLs + * MFSA 2012-47/CVE-2012-1957 (bmo#750096) + Improper filtering of javascript in HTML feed-view + * MFSA 2012-48/CVE-2012-1958 (bmo#750820) + use-after-free in nsGlobalWindow::PageHidden + * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) + Same-compartment Security Wrappers can be bypassed + * MFSA 2012-50/CVE-2012-1960 (bmo#761014) + Out of bounds read in QCMS + * MFSA 2012-51/CVE-2012-1961 (bmo#761655) + X-Frame-Options header ignored when duplicated + * MFSA 2012-52/CVE-2012-1962 (bmo#764296) + JSDependentString::undepend string conversion results in memory + corruption + * MFSA 2012-53/CVE-2012-1963 (bmo#767778) + Content Security Policy 1.0 implementation errors cause data + leakage + * MFSA 2012-55/CVE-2012-1965 (bmo#758990) + feed: URLs with an innerURI inherit security context of page + * MFSA 2012-56/CVE-2012-1967 (bmo#758344) + Code execution through javascript: URLs - license change from tri license to MPL-2.0 - fix crashreporter restart option (bmo#762780) - require NSS 3.13.5