diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index 898366b..6c3d627 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -2,10 +2,53 @@ Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org - update to Firefox 49.0 (boo#999701) + new features + * Updated Firefox Login Manager to allow HTTPS pages to use saved + HTTP logins. + * Added features to Reader Mode that make it easier on the eyes and + the ears + * Improved video performance for users on systems that support + SSE3 without hardware acceleration + * Added context menu controls to HTML5 audio and video that let users + loops files or play files at 1.25x speed + * Improvements in about:memory reports for tracking font memory usage + security related + * MFSA 2016-85 + CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in + mozilla::net::IsValidReferrerPolicy + CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in + nsCaseTransformTextRunFactory::TransformString + CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in + PropertyProvider::GetSpacingInternal + CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin + CVE-2016-5273 (bmo#1280387) - crash in + mozilla::a11y::HyperTextAccessible::GetChildOffset + CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in + mozilla::a11y::DocAccessible::ProcessInvalidationList + CVE-2016-5274 (bmo#1282076) - use-after-free in + nsFrameManager::CaptureFrameState + CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick + CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in + mozilla::gfx::FilterSupport::ComputeSourceNeededRegions + CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in + nsBMPEncoder::AddImageFrame + CVE-2016-5279 (bmo#1249522) - Full local path of files is available + to web pages after drag and drop + CVE-2016-5280 (bmo#1289970) - Use-after-free in + mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap + CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength + CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons + from non-whitelisted schemes + CVE-2016-5283 (bmo#928187) -