1
0
Commit Graph

6 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
1f7d350ac4 - Mozilla Firefox 69.0.1
* Fixed external programs launching in the background when clicking
    a link from inside Firefox to launch them (bmo#1570845)
  * Usability improvements to the Add-ons Manager for users with
    screen readers (bmo#1567600)
  * Fixed the Captive Portal notification bar not being dismissable
    in some situations after login is complete (bmo#1578633)
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
  * Fixed missing stacks in the Developer Tools Performance section
    (bmo#1578354)
  MFSA 2019-31
  * CVE-2019-11754 (bmo#1580506)
    Pointer Lock is enabled with no user notification
- disable DOH by default

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=768
2019-09-20 07:16:58 +00:00
Wolfgang Rosenauer
0c3a6afdc4 - Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
  * Block Autoplay feature is enhanced to give users the option to block
    any video
  * Users in the US or using the en-US browser, can get a new “New Tab”
    page experience connecting to the best of Pocket's content.
  * Support for the Web Authentication HmacSecret extension via
    Windows Hello introduced.
  * Support for receiving multiple video codecs with this release makes
    it easier for WebRTC conferencing services to mix video from
    different clients.
- requires
  * rust/cargo >= 1.35
  * rust-cbindgen >= 0.9.0
  * mozilla-nss >= 3.45
- rebased patches
  * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765
2019-09-09 06:28:12 +00:00
Wolfgang Rosenauer
a552e67ce1 - Mozilla Firefox 68.1.0
MFSA 2019-26
  * CVE-2019-11751 (bmo#1572838; Windows only)
    Malicious code execution through command line parameters
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
    File manipulation and privilege escalation in Mozilla Maintenance Service
  * CVE-2019-11753 (bmo#1574980; Windows only)
    Privilege escalation with Mozilla Maintenance Service in custom
    Firefox installation location
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
    Sandbox escape through Firefox Sync
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11748 (bmo#1564588)
    Persistence of WebRTC permissions in a third party context
  * CVE-2019-11749 (bmo#1565374)
    Camera information available without prompting using getUserMedia
  * CVE-2019-11750 (bmo#1568397)
    Type confusion in Spidermonkey
  * CVE-2019-11738 (bmo#1452037)
    Content security policy bypass through hash-based sources in directives

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=760
2019-09-04 08:35:37 +00:00
Wolfgang Rosenauer
91c849f4d1 Accepting request 724472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 68.0.2 MFSA 2019-24 (boo#1145665) CVE-2019-11733

OBS-URL: https://build.opensuse.org/request/show/724472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=757
2019-08-19 06:30:53 +00:00
Wolfgang Rosenauer
e50c943778 - Mozilla Firefox 68.0.1
* Fixed missing Full Screen button when watching videos in full
    screen mode on HBO GO (bmo#1562837)
  * Fixed a bug causing incorrect messages to appear for some
    locales when sites try to request the use of the Storage
    Access API (bmo#1558503)
  * Users in Russian regions may have their default search engine
    changed (bmo#1565315)
  * Built-in search engines in some locales do not function
    correctly (bmo#1565779)
  * SupportMenu policy doesn't always work (bmo#1553290)
  * Allow the privacy.file_unique_origin pref to be controlled by
    policy (bmo#1563759)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=753
2019-07-19 14:43:08 +00:00
Wolfgang Rosenauer
c4b62217a3 - Mozilla Firefox 68.0
* Dark mode in reader view
  * Improved extension security and discovery
  * Cryptomining and fingerprinting protections are added to strict
    content blocking settings in Privacy & Security preferences
  * Camera and microphone access now require an HTTPS connection
  MFSA 2019-21 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11718 (bmo#1408349)
    Activity Stream writes unsanitized content to innerHTML
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748
2019-07-09 21:21:11 +00:00