notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)
- rebased patches
- dropped explicit support for everything older than 12.3
(including SLES11)
* merge firefox-kde.patch and firefox-kde-114.patch
* dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)
- rebased patches
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=419
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=370
- license change from tri license to MPL-2.0
- fix crashreporter restart option (bmo#762780)
- reenabled mozilla-yarr-pcre.patch to fix build for PPC
- require NSS 3.13.5
- remove mozjs pacrunner obsoletes again for now
- adopted mozilla-prefer_plugin_pref.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=284
* rebased patches
- added mozilla-libnotify.patch to allow fallback from libnotify
to xul based events if no notification-daemon is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory
- recommend libcanberra0 for proper sound notifications
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=270
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
Code execution via NoWaiverWrapper
- rebased patches
- enable telemetry prompt
- set intl.locale.matchOS=true in the base package as it causes
too much confusion when it's only available with branding-openSUSE
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=237