1
0

- update to Firefox 45.0 (boo#969894)

* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
    Service Worker Manager out-of-bounds read in Service Worker Manager
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
    Memory corruption when modifying a file being read by FileReader
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=491
This commit is contained in:
Wolfgang Rosenauer 2016-03-08 22:37:32 +00:00 committed by Git OBS Bridge
parent 2d4b618151
commit a4caa64ef9
2 changed files with 64 additions and 79 deletions

View File

@ -1,7 +1,7 @@
-------------------------------------------------------------------
Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org
- update to Firefox 45.0
- update to Firefox 45.0 (boo#969894)
* requires NSPR 4.12 / NSS 3.21.1
* Instant browser tab sharing through Hello
* Synced Tabs button in button bar
@ -10,6 +10,60 @@ Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org
* Introduce a new preference (network.dns.blockDotOnion) to allow
blocking .onion at the DNS level
* Tab Groups (Panorama) feature removed
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
Local file overwriting and potential privilege escalation through
CSP reports
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
CSP reports fail to strip location information for embedded iframe pages
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
Linux video memory DOS with Intel drivers
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
Memory leak in libstagefright when deleting an array during MP4
processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
Displayed page address can be overridden
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
Service Worker Manager out-of-bounds read in Service Worker Manager
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
Use-after-free when using multiple WebRTC data channels
* MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
Memory corruption when modifying a file being read by FileReader
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
Addressbar spoofing though history navigation and Location protocol
property
* MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
Same-origin policy violation using perfomance.getEntries and
history navigation with session restore
* MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
Buffer overflow in Brotli decompression
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
Memory corruption with malicious NPAPI plugin
* MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
CVE-2016-1976/CVE-2016-1972
WebRTC and LibVPX vulnerabilities found through code inspection
* MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
Use-after-free in GetStaticInstance in WebRTC
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
Out-of-bounds read in HTML parser following a failed allocation
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
Buffer overflow during ASN.1 decoding in NSS
(fixed by requiring 3.21.1)
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
Use-after-free during processing of DER encoded keys in NSS
(fixed by requiring 3.21.1)
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Font vulnerabilities in the Graphite 2 library
-------------------------------------------------------------------
Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de

View File

@ -1,11 +1,11 @@
# HG changeset patch
# Parent 816422471b9d80e8302d4347d32bc929d0c0dfe7
# Parent 25d63ce139ad6e957d2565e3b83d01dfa36ea314
diff --git a/browser/base/content/browser-kde.xul b/browser/base/content/browser-kde.xul
new file mode 100644
--- /dev/null
+++ b/browser/base/content/browser-kde.xul
@@ -0,0 +1,1250 @@
@@ -0,0 +1,1181 @@
+#filter substitution
+<?xml version="1.0"?>
+# -*- Mode: HTML -*-
@ -99,15 +99,6 @@ new file mode 100644
+ <menuitem id="context_unpinTab" label="&unpinTab.label;" hidden="true"
+ accesskey="&unpinTab.accesskey;"
+ oncommand="gBrowser.unpinTab(TabContextMenu.contextTab);"/>
+ <menu id="context_tabViewMenu" label="&moveToGroup.label;"
+ accesskey="&moveToGroup.accesskey;">
+ <menupopup id="context_tabViewMenuPopup"
+ onpopupshowing="if (event.target == this) TabView.moveToGroupPopupShowing(event);">
+ <menuseparator id="context_tabViewNamedGroups" hidden="true"/>
+ <menuitem id="context_tabViewNewGroup" label="&moveToNewGroup.label;"
+ oncommand="TabView.moveTabTo(TabContextMenu.contextTab, null);"/>
+ </menupopup>
+ </menu>
+ <menuitem id="context_openTabInWindow" label="&moveToNewWindow.label;"
+ accesskey="&moveToNewWindow.accesskey;"
+ tbattr="tabbrowser-multiple"
@ -127,7 +118,7 @@ new file mode 100644
+ accesskey="&bookmarkAllTabs.accesskey;"
+ command="Browser:BookmarkAllTabs"/>
+ <menuitem id="context_closeTabsToTheEnd" label="&closeTabsToTheEnd.label;" accesskey="&closeTabsToTheEnd.accesskey;"
+ oncommand="gBrowser.removeTabsToTheEndFrom(TabContextMenu.contextTab);"/>
+ oncommand="gBrowser.removeTabsToTheEndFrom(TabContextMenu.contextTab, {animate: true});"/>
+ <menuitem id="context_closeOtherTabs" label="&closeOtherTabs.label;" accesskey="&closeOtherTabs.accesskey;"
+ oncommand="gBrowser.removeAllTabsBut(TabContextMenu.contextTab);"/>
+ <menuseparator/>
@ -269,14 +260,6 @@ new file mode 100644
+ <box id="UITourHighlight"></box>
+ </panel>
+
+ <panel id="abouthome-search-panel" orient="vertical" type="arrow" hidden="true"
+ onclick="this.hidePopup()">
+ <hbox id="abouthome-search-panel-manage"
+ onclick="openPreferences('paneSearch')">
+ <label>&changeSearchSettings.button;</label>
+ </hbox>
+ </panel>
+
+ <panel id="social-share-panel"
+ class="social-panel"
+ type="arrow"
@ -327,26 +310,6 @@ new file mode 100644
+ orient="horizontal"
+ hidden="true"/>
+
+ <menupopup id="processHangOptions"
+ onpopupshowing="ProcessHangMonitor.refreshMenu(window);">
+ <menuitem id="processHangTerminateScript"
+ oncommand="ProcessHangMonitor.terminateScript(window)"
+ accesskey="&processHang.terminateScript.accessKey;"
+ label="&processHang.terminateScript.label;"/>
+ <menuitem id="processHangDebugScript"
+ oncommand="ProcessHangMonitor.debugScript(window)"
+ accesskey="&processHang.debugScript.accessKey;"
+ label="&processHang.debugScript.label;"/>
+ <menuitem id="processHangTerminatePlugin"
+ oncommand="ProcessHangMonitor.terminatePlugin(window)"
+ accesskey="&processHang.terminatePlugin.accessKey;"
+ label="&processHang.terminatePlugin.label;"/>
+ <menuitem id="processHangTerminateProcess"
+ oncommand="ProcessHangMonitor.terminateProcess(window)"
+ accesskey="&processHang.terminateProcess.accessKey;"
+ label="&processHang.terminateProcess.label;"/>
+ </menupopup>
+
+ <menupopup id="toolbar-context-menu"
+ onpopupshowing="onViewToolbarsPopupShowing(event, document.getElementById('viewToolbarsMenuSeparator'));">
+ <menuitem oncommand="gCustomizeMode.addToPanel(document.popupNode)"
@ -508,17 +471,6 @@ new file mode 100644
+
+ <tooltip id="dynamic-shortcut-tooltip"
+ onpopupshowing="UpdateDynamicShortcutTooltipText(this);"/>
+
+ <menupopup id="emeNotificationsPopup">
+ <menuitem id="emeNotificationsNotNow"
+ label="&emeNotificationsNotNow.label;"
+ acceskey="&emeNotificationsNotNow.accesskey;"
+ oncommand="gEMEHandler.onNotNow(this);"/>
+ <menuitem id="emeNotificationsDontAskAgain"
+ label="&emeNotificationsDontAskAgain.label;"
+ acceskey="&emeNotificationsDontAskAgain.accesskey;"
+ oncommand="gEMEHandler.onDontAskAgain(this);"/>
+ </menupopup>
+ </popupset>
+
+#ifdef CAN_DRAW_IN_TITLEBAR
@ -626,12 +578,6 @@ new file mode 100644
+ removable="false">
+ <menupopup id="alltabs-popup"
+ position="after_end">
+ <menuitem id="menu_tabview"
+ class="menuitem-iconic"
+ key="key_tabview"
+ label="&viewTabGroups.label;"
+ command="Browser:ToggleTabView"
+ observes="tabviewGroupsNumber"/>
+ <menuitem id="alltabs_undoCloseTab"
+ class="menuitem-iconic"
+ key="key_undoCloseTab"
@ -740,7 +686,7 @@ new file mode 100644
+ <image id="plugins-notification-icon" class="notification-anchor-icon" role="button"
+ aria-label="&urlbar.pluginsNotificationAnchor.label;"/>
+ <image id="web-notifications-notification-icon" class="notification-anchor-icon" role="button"
+ aria-label="&urlbar.webNotsNotificationAnchor.label;"/>
+ aria-label="&urlbar.webNotsNotificationAnchor3.label;"/>
+ <image id="webRTC-shareDevices-notification-icon" class="notification-anchor-icon" role="button"
+ aria-label="&urlbar.webRTCShareDevicesNotificationAnchor.label;"/>
+ <image id="webRTC-sharingDevices-notification-icon" class="notification-anchor-icon" role="button"
@ -774,13 +720,11 @@ new file mode 100644
+ onclick="gIdentityHandler.handleIdentityButtonEvent(event);"
+ onkeypress="gIdentityHandler.handleIdentityButtonEvent(event);"
+ ondragstart="gIdentityHandler.onDragStart(event);">
+ <hbox id="identity-icons"
+ consumeanchor="identity-box">
+ <image id="tracking-protection-icon"/>
+ <image id="page-proxy-favicon"
+ onclick="PageProxyClickHandler(event);"
+ pageproxystate="invalid"/>
+ </hbox>
+ <image id="identity-icon"
+ consumeanchor="identity-box"
+ onclick="PageProxyClickHandler(event);"/>
+ <image id="tracking-protection-icon"/>
+ <image id="connection-icon"/>
+ <hbox id="identity-icon-labels">
+ <label id="identity-icon-label" class="plain" flex="1"/>
+ <label id="identity-icon-country-label" class="plain"/>
@ -1091,19 +1035,6 @@ new file mode 100644
+ type="checkbox"
+ label="&fullScreenCmd.label;"
+ tooltip="dynamic-shortcut-tooltip"/>
+
+#ifdef MOZ_SERVICES_SYNC
+ <toolbarbutton id="sync-button"
+ class="toolbarbutton-1 chromeclass-toolbar-additional"
+ label="&syncToolbarButton.label;"
+ oncommand="gSyncUI.handleToolbarButton()"/>
+#endif
+
+ <toolbarbutton id="tabview-button" class="toolbarbutton-1 chromeclass-toolbar-additional"
+ label="&tabGroupsButton.label;"
+ command="Browser:ToggleTabView"
+ tooltip="dynamic-shortcut-tooltip"
+ observes="tabviewGroupsNumber"/>
+ </toolbarpalette>
+ </toolbox>
+