diff --git a/MozillaFirefox.changes b/MozillaFirefox.changes index ed377dd..af22268 100644 --- a/MozillaFirefox.changes +++ b/MozillaFirefox.changes @@ -2,6 +2,31 @@ Sat Apr 26 12:18:07 UTC 2014 - wr@rosenauer.org - update to Firefox 29.0 (bnc#875378) + * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 + Miscellaneous memory safety hazards + * MFSA 2014-36/CVE-2014-1522 (bmo#995289) + Web Audio memory corruption issues + * MFSA 2014-37/CVE-2014-1523 (bmo#969226) + Out of bounds read while decoding JPG images + * MFSA 2014-38/CVE-2014-1524 (bmo#989183) + Buffer overflow when using non-XBL object as XBL + * MFSA 2014-39/CVE-2014-1525 (bmo#989210) + Use-after-free in the Text Track Manager for HTML video + * MFSA 2014-41/CVE-2014-1528 (bmo#963962) + Out-of-bounds write in Cairo + * MFSA 2014-42/CVE-2014-1529 (bmo#987003) + Privilege escalation through Web Notification API + * MFSA 2014-43/CVE-2014-1530 (bmo#895557) + Cross-site scripting (XSS) using history navigations + * MFSA 2014-44/CVE-2014-1531 (bmo#987140) + Use-after-free in imgLoader while resizing images + * MFSA 2014-45/CVE-2014-1492 (bmo#903885) + Incorrect IDNA domain name matching for wildcard certificates + (fixed by NSS 3.16) + * MFSA 2014-46/CVE-2014-1532 (bmo#966006) + Use-after-free in nsHostResolver + * MFSA 2014-47/CVE-2014-1526 (bmo#988106) + Debugger can bypass XrayWrappers with JavaScript - rebased patches - removed obsolete patches * firefox-browser-css.patch