------------------------------------------------------------------- Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com - Mozilla Firefox 49.0.1: * Mitigate a startup crash issue caused by Websense - bmo#1304783 ------------------------------------------------------------------- Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org - update to Firefox 49.0 (boo#999701) new features * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. * Added features to Reader Mode that make it easier on the eyes and the ears * Improved video performance for users on systems that support SSE3 without hardware acceleration * Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed * Improvements in about:memory reports for tracking font memory usage security related * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons from non-whitelisted schemes CVE-2016-5283 (bmo#928187) -