forked from pool/MozillaFirefox
- update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system * Yandex set as default search provider for the Turkish locale * Bing search now uses HTTPS for secure searching * Improved protection against site impersonation via OneCRL centralized certificate revocation * Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc * some more behaviour changes for TLS security fixes: * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Miscellaneous memory safety hazards * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) Add-on lightweight theme installation approval bypassed through MITM attack * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) Out of bounds read in QCMS library * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) Cursor clickjacking with flash and images (OS X only) * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) Incorrect memory management for simple-type arrays in WebRTC * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) Memory corruption crashes in Off Main Thread Compositing * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=433
This commit is contained in:
parent
c579f3ef60
commit
9f194c0737
@ -1,7 +1,44 @@
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org
|
Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org
|
||||||
|
|
||||||
- update to Firefox 37.0
|
- update to Firefox 37.0 (bnc#925368)
|
||||||
|
* Heartbeat user rating system
|
||||||
|
* Yandex set as default search provider for the Turkish locale
|
||||||
|
* Bing search now uses HTTPS for secure searching
|
||||||
|
* Improved protection against site impersonation via OneCRL
|
||||||
|
centralized certificate revocation
|
||||||
|
* Opportunistically encrypt HTTP traffic where the server supports
|
||||||
|
HTTP/2 AltSvc
|
||||||
|
* some more behaviour changes for TLS
|
||||||
|
security fixes:
|
||||||
|
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
|
||||||
|
Miscellaneous memory safety hazards
|
||||||
|
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
|
||||||
|
Use-after-free when using the Fluendo MP3 GStreamer plugin
|
||||||
|
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
|
||||||
|
Add-on lightweight theme installation approval bypassed through
|
||||||
|
MITM attack
|
||||||
|
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
|
||||||
|
resource:// documents can load privileged pages
|
||||||
|
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
|
||||||
|
Out of bounds read in QCMS library
|
||||||
|
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
|
||||||
|
Cursor clickjacking with flash and images (OS X only)
|
||||||
|
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
|
||||||
|
Incorrect memory management for simple-type arrays in WebRTC
|
||||||
|
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
|
||||||
|
CORS requests should not follow 30x redirections after preflight
|
||||||
|
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
|
||||||
|
Memory corruption crashes in Off Main Thread Compositing
|
||||||
|
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
|
||||||
|
Use-after-free due to type confusion flaws
|
||||||
|
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
|
||||||
|
Same-origin bypass through anchor navigation
|
||||||
|
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
|
||||||
|
PRNG weakness allows for DNS poisoning on Android (only)
|
||||||
|
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
|
||||||
|
Windows can retain access to privileged content on navigation
|
||||||
|
to unprivileged pages
|
||||||
- removed obsolete patches
|
- removed obsolete patches
|
||||||
* mozilla-bmo1088588.patch
|
* mozilla-bmo1088588.patch
|
||||||
* mozilla-bmo1108834.patch
|
* mozilla-bmo1108834.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user