stability and regression fixes
* Systems with first generation NVidia Optimus graphics cards
may crash on start-up
* Users who import cookies from Google Chrome can end up with
broken websites
* Large animated images may fail to play and may stop other
images from loading
- update to Firefox 38.0 (bnc#930622)
* New tab-based preferences
* Ruby annotation support
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
security fixes:
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
Miscellaneous memory safety hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995)
Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
Buffer overflow with SVG content and CSS
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
Referrer policy ignored when links opened by middle-click and
context menu
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
Out-of-bounds read and write in asm.js validation
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
Use-after-free during text processing with vertical text enabled
* MFSA 2015-53/CVE-2015-2715 (bmo#988698)
Use-after-free due to Media Decoder Thread creation during shutdown
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
Buffer overflow when parsing compressed XML
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=441
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL
centralized certificate revocation
* Opportunistically encrypt HTTP traffic where the server supports
HTTP/2 AltSvc
* some more behaviour changes for TLS
security fixes:
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
Add-on lightweight theme installation approval bypassed through
MITM attack
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
resource:// documents can load privileged pages
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
Out of bounds read in QCMS library
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
Cursor clickjacking with flash and images (OS X only)
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
Incorrect memory management for simple-type arrays in WebRTC
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
CORS requests should not follow 30x redirections after preflight
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
Memory corruption crashes in Off Main Thread Compositing
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=433
Bugfixes:
* Disable the usage of the ANY DNS query type (bmo#1093983)
* Hello may become inactive until restart (bmo#1137469)
* Print preferences may not be preserved (bmo#1136855)
* Hello contact tabs may not be visible (bmo#1137141)
* Accept hostnames that include an underscore character ("_")
(bmo#1136616)
* WebGL may use significant memory with Canvas2d (bmo#1137251)
* Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
ARM and PPC
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=425
* mozilla-xremote-client was removed
* added libclearkey.so media plugin
* Pinned tiles on the new tab page can be synced
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
more scalable, and more responsive web.
* Locale added: Uzbek (uz)
- rebased patches
- requires NSS 3.17.4
- update to Firefox 35.0.1
* With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
* Kerberos authentication did not work with alias (bmo#1108971)
* SVG / CSS animation had a regression causing rendering issues on
websites like openstreemap.org (bmo#1083079)
* On Godaddy webmail, Firefox could crash (bmo#1113121)
* document.baseURI did not get updated to document.location after
base tag was removed from DOM for site with a CSP (bmo#1121857)
* With a Right-to-left (RTL) version of Firefox, the text selection
could be broken (bmo#1104036)
* CSP had a change in behavior with regard to case sensitivity
resources loading (bmo#1122445)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=422
notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)
- rebased patches
- dropped explicit support for everything older than 12.3
(including SLES11)
* merge firefox-kde.patch and firefox-kde-114.patch
* dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)
- rebased patches
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=419
* Fix a startup crash with some combination of hardware and drivers
33.0.1
* Firefox displays a black screen at start-up with certain
graphics drivers
- adjusted _constraints for ARM
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=408
* just a version bump for our builds
* fixed the in application update process for certain environments
(in application update is not enabled in openSUSE and Linux
is unaffected in any case)
- build with --disable-optimize for 13.1 and above for i586 to
workaround miscompilations (bnc#896624)
- update to Firefox 32.0.1
* fixed stability issues for computers with multiple graphics cards
* mixed content icon may be incorrectly displayed instead of lock
icon for SSL sites in 32.0 (
* WebRTC: setRemoteDescription() silently fails if no success
callback is specified (bmo#1063971)
- update to Firefox 32.0 (bnc#894370)
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
- rebased patches
- requires NSS 3.16.4
- removed upstreamed patch
* mozilla-aarch64-bmo-810631.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=396
* Seer disabled by default (bmo#1005958)
* Session Restore failed with a corrupted sessionstore.js file
(bmo#1001167)
* pdf.js printing white page (bmo#1003707, bnc#876833)
- general.useragent.locale gets overwritten with en-US while it
should be using the active langpack's setting
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=382
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=379
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=370