* Firefox Quantum
* Photon UI
* Unified address and search bar
* AMD VP9 hardware video decoder support
* Added support for Date/Time input
* stricter security sandbox blocking filesystem reading and
writing on Linux systems
* middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
MFSA 2017-24
* CVE-2017-7828 (bmo#1406750. bmo#1412252)
Use-after-free of PressShell while restyling layout
* CVE-2017-7830 (bmo#1408990)
Cross-origin URL information leak through Resource Timing API
* CVE-2017-7831 (bmo#1392026)
Information disclosure of exposed properties on JavaScript proxy
objects
* CVE-2017-7832 (bmo#1408782)
Domain spoofing through use of dotless 'i' character followed
by accent markers
* CVE-2017-7833 (bmo#1370497)
Domain spoofing with Arabic and Indic vowel marker characters
* CVE-2017-7834 (bmo#1358009)
data: URLs opened in new tabs bypass CSP protections
* CVE-2017-7835 (bmo#1402363)
Mixed content blocking incorrectly applies with redirects
* CVE-2017-7836 (bmo#1401339)
Pingsender dynamically loads libcurl on Linux and OS X
* CVE-2017-7837 (bmo#1325923)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
* Added protection against unwanted software downloads
* Suggested Tiles show sites of interest, based on categories
from your recent browsing history
* Hello allows adding a link to conversations to provide context
on what the conversation will be about
* New style for add-on manager based on the in-content
preferences style
* Improved scrolling, graphics, and video playback performance
with off main thread compositing (GNU/Linux only)
* Graphic blocklist mechanism improved: Firefox version ranges
can be specified, limiting the number of devices blocked
security fixes:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
Out-of-bounds read with malformed MP3 file
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
Use-after-free in MediaStream playback
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518)
Arbitrary file overwriting through Mozilla Maintenance Service
with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
Out-of-bounds write with Updater and malicious MAR file
(does not affect openSUSE RPM packages which do not ship the
updater)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=454
