Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaFirefox-devel-14.0.1-2.4.1 RPM for x86_64

From OpenSuSE 12.2 for x86_64

Name: MozillaFirefox-devel Distribution: openSUSE 12.2
Version: 14.0.1 Vendor: openSUSE
Release: 2.4.1 Build date: Wed Aug 15 17:02:43 2012
Group: Development/Tools/Other Build host: build22
Size: 1784 Source RPM: MozillaFirefox-14.0.1-2.4.1.src.rpm
Summary: Devel package for Firefox
Development files for Firefox to make packaging of addons easier.






* Sun Jul 29 2012
  - Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
* Sat Jul 14 2012
  - update to 14.0.1 (bnc#771583)
    * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
      Miscellaneous memory safety hazards
    * MFSA 2012-43/CVE-2012-1950
      Incorrect URL displayed in addressbar through drag and drop
    * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
      Gecko memory corruption
    * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
      Spoofing issue with location
    * MFSA 2012-46/CVE-2012-1966 (bmo#734076)
      XSS through data: URLs
    * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
      Improper filtering of javascript in HTML feed-view
    * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
      use-after-free in nsGlobalWindow::PageHidden
    * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
      Same-compartment Security Wrappers can be bypassed
    * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
      Out of bounds read in QCMS
    * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
      X-Frame-Options header ignored when duplicated
    * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
      JSDependentString::undepend string conversion results in memory
    * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
      Content Security Policy 1.0 implementation errors cause data
    * MFSA 2012-55/CVE-2012-1965 (bmo#758990)
      feed: URLs with an innerURI inherit security context of page
    * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
      Code execution through javascript: URLs
  - license change from tri license to MPL-2.0
  - fix crashreporter restart option (bmo#762780)
  - require NSS 3.13.5
  - remove mozjs pacrunner obsoletes again for now
  - adopted mozilla-prefer_plugin_pref.patch
  - PPC fixes:
    * reenabled mozilla-yarr-pcre.patch to fix build for PPC
    * add patches for bmo#750620 and bmo#746112
    * fix xpcshell segfault on ppc
* Fri Jun 15 2012
  - update to Firefox 13.0.1
    * bugfix release
  - obsolete libproxy's mozjs pacrunner (bnc#759123)
* Sat Jun 02 2012
  - update to Firefox 13.0 (bnc#765204)
    * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
      Miscellaneous memory safety hazards
    * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
      Content Security Policy inline-script bypass
    * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
      Information disclosure though Windows file shares and shortcut
    * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
      Use-after-free while replacing/inserting a node in a document
    * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
      Buffer overflow and use-after-free issues found using Address
  - require NSS 3.13.4
    * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
  - fix sound notifications when filename/path contains a whitespace
* Wed May 23 2012
  - fix build on arm
* Wed May 16 2012
  - reenabled crashreporter for Factory/12.2
    (fix in mozilla-gcc47.patch)
* Sat Apr 21 2012
  - update to Firefox 12.0 (bnc#758408)
    * rebased patches
    * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
      Miscellaneous memory safety hazards
    * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
      use-after-free in IDBKeyRange
    * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
      Invalid frees causes heap corruption in gfxImageSurface
    * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
      Potential XSS via multibyte content processing errors
    * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
      Potential memory corruption during font rendering using cairo-dwrite
    * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
      WebGL.drawElements may read illegal video memory due to
      FindMaxUshortElement error
    * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
      Page load short-circuit can lead to XSS
    * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
      Ambiguous IPv6 in Origin headers may bypass webserver access
    * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
      Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
      Crash with WebGL content using textImage2D
    * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
      Off-by-one error in OpenType Sanitizer
    * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
      HTTP Redirections and remote content can be read by javascript errors
    * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
      Potential site identity spoofing when loading RSS and Atom feeds
  - added mozilla-libnotify.patch to allow fallback from libnotify
    to xul based events if no notification-daemon is running
  - gcc 4.7 fixes
    * mozilla-gcc47.patch
    * disabled crashreporter temporarily for Factory
  - recommend libcanberra0 for proper sound notifications
* Fri Mar 09 2012
  - update to Firefox 11.0 (bnc#750044)
    * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
      XSS with Drag and Drop and Javascript: URL
    * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
      SVG issues found with Address Sanitizer
    * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
      XSS with multiple Content Security Policy headers
    * MFSA 2012-16/CVE-2012-0458
      Escalation of privilege with Javascript: URL as home page
    * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
      Crash when accessing keyframe cssText after dynamic modification
    * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
      window.fullScreen writeable by untrusted content
    * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
      Miscellaneous memory safety hazards
  - ported and reenabled KDE integration (bnc#746591)
  - explicitely build-require X libs
* Mon Mar 05 2012
  - add Provides: browser(npapi) FATE#313084
* Fri Feb 17 2012
  - better plugin directory resolution (bnc#747320)
* Thu Feb 16 2012
  - update to Firefox 10.0.2 (bnc#747328)
    * CVE-2011-3026 (bmo#727401)
      libpng: integer overflow leading to heap-buffer overflow
* Thu Feb 09 2012
  - update to Firefox 10.0.1 (bnc#746616)
    * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
      use after free in nsXBLDocumentInfo::ReadPrototypeBindings
* Tue Feb 07 2012
  - Use YARR interpreter instead of PCRE on platforms where YARR JIT
    is not supported, since PCRE doesnt build (bmo#691898)
  - fix ppc64 build (bmo#703534)
* Mon Jan 30 2012
  - update to Firefox 10.0 (bnc#744275)
    * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
      Miscellaneous memory safety hazards
    * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
      <iframe> element exposed across domains via name attribute
    * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
      Child nodes from nsDOMAttribute still accessible after removal
      of nodes
    * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
      Frame scripts calling into untrusted objects bypass security
    * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
      Uninitialized memory appended when encoding icon images may
      cause information disclosure
    * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
      Potential Memory Corruption When Decoding Ogg Vorbis files
    * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
      Crash with malformed embedded XSLT stylesheets
  - KDE integration has been disabled since it needs refactoring
  - removed obsolete ppc64 patch
* Sun Jan 22 2012
  - Disable neon for arm as it doesn't build correctly
* Fri Dec 23 2011
  - update to Firefox 9.0.1
    * (strongparent) parentNode of element gets lost (bmo#335998)
* Sun Dec 18 2011
  - fix arm build, don't package crashreporter there
* Sun Dec 18 2011
  - update to Firefox 9 (bnc#737533)
    * MFSA 2011-53/CVE-2011-3660
      Miscellaneous memory safety hazards (rv:9.0)
    * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
      Potentially exploitable crash in the YARR regular expression
    * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
      nsSVGValue out-of-bounds access
    * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
      Key detection without JavaScript via SVG animation
    * MFSA 2011-58/VE-2011-3665 (bmo#701259)
      Crash scaling <video> to extreme sizes
* Sun Nov 27 2011
  - Fix accessibility under GNOME 3 (bnc#732898)
* Sat Nov 12 2011
  - fix ppc64 build
* Sun Nov 06 2011
  - update to Firefox 8 (bnc#728520)
    * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
      Potential XSS against sites using Shift-JIS
    * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
      Miscellaneous memory safety hazards
    * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
      Memory corruption while profiling using Firebug
    * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
      Code execution via NoWaiverWrapper
  - rebased patches
* Thu Oct 20 2011
  - enable telemetry prompt
* Fri Sep 30 2011
  - update to minor release 7.0.1
    * fixed staged addon updates
  - set intl.locale.matchOS=true in the base package as it causes
    too much confusion when it's only available with branding-openSUSE
* Fri Sep 23 2011
  - update to Firefox 7 (bnc#720264)
    * Improve Responsiveness with Memory Reductions
    * Instant Sync
    * WebSocket protocol 8
    * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
      Miscellaneous memory safety hazards
    * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
      Defense against multiple Location headers due to CRLF Injection
    * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
      Code installation through holding down Enter
    * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
      Potentially exploitable WebGL crashes
    * MFSA 2011-42/CVE-2011-3232 (bmo#653672)
      Potentially exploitable crash in the YARR regular expression
    * MFSA 2011-43/CVE-2011-3004 (bmo#653926)
      loadSubScript unwraps XPCNativeWrapper scope parameter
    * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
      Use after free reading OGG headers
    * MFSA 2011-45
      Inferring keystrokes from motion data
  - removed obsolete mozilla-cairo-lcd.patch
  - rebased patches
  - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in (bnc#680758)
* Fri Sep 16 2011
  - fixed loading of kde.js under KDE (bnc#718311)
* Wed Sep 14 2011
  - add dbus-1-glib-devel to BuildRequires (not pulled in
    automatically anymore on 12.1)
  - increase minversions for NSPR and NSS
* Fri Sep 09 2011
  - recreated source archive to get correct source-stamp.txt
* Wed Sep 07 2011
  - security update to 6.0.2 (bnc#714931)
    * Complete blocking of certificates issued by DigiNotar
* Fri Sep 02 2011
  - security update to 6.0.1 (bnc#714931)
    * MFSA 2011-34
      Protection against fraudulent DigiNotar certificates
* Fri Aug 12 2011
  - update to 6.0 (bnc#712224)
    included security fixes MFSA 2011-29
    * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
      Miscellaneous memory safety hazards
    * CVE-2011-2993 (bmo#657267)
      Unsigned scripts can call script inside signed JAR
    * CVE-2011-2988 (bmo#665934)
      Heap overflow in ANGLE library
    * CVE-2011-0084 (bmo#648094)
      Crash in SVGTextElement.getCharNumAtPosition()
    * CVE-2011-2990
      Credential leakage using Content Security Policy reports
    * CVE-2011-2986 (bmo#655836)
      Cross-origin data theft using canvas and Windows D2D
  - removed obsolete curl header dependency (mozilla-curl.patch)
* Fri Jul 22 2011
  - update to 6.0b3
    * removed obsolete patches
    - firefox-shellservice.patch
    - mozilla-gio.patch
    - mozilla-ppc-ipc.patch
    - firefox-linkorder.patch
    - firefox-no-sync-l10n.patch
  - recognize linux3 as platform for
* Fri Jul 01 2011
  - Add x-scheme-handler/ftp to the MimeType key in the .desktop, to
    let desktops know that Firefox can deal with ftp: URIs.
* Fri Jul 01 2011
  - create upstream branding package again (supposedly empty)
  - fix build on SLE11 (changes do not affect/are not applied for
    later versions)
* Wed Jun 22 2011
  - enable startup notification (bnc#701465)
* Mon Jun 20 2011
  - update to 5.0 final
  - included fixes for security issues: (bnc#701296, bnc#700578)
    * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
      Miscellaneous memory safety hazards
    * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
      Use-after-free vulnerability when viewing XUL document with
      script disabled
    * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
      Memory corruption due to multipart/x-mixed-replace images
    * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
      Integer overflow and arbitrary code execution in
    * MFSA 2011-25/CVE-2011-2366
      Stealing of cross-domain images using WebGL textures
    * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
      Multiple WebGL crashes
    * MFSA 2011-27/CVE-2011-2369 (bmo#650001)
      XSS encoding hazard with inline SVG
    * MFSA 2011-28/CVE-2011-2370 (bmo#645699)
      Non-whitelisted site can trigger xpinstall
* Mon Jun 20 2011
  - update to 5.0b7
    * updated supported locales
  - do not build dump_syms static (not needed for us)
    - > fix build for openSUSE 12.1 and above
* Wed Jun 15 2011
  - update to 5.0b6
  - include proper revision information into the build
  - speedier
* Tue May 31 2011
  - update to 5.0b3
  - transformed to standalone Firefox (not xulrunner based)
    (with new Firefox rapid release cycle it makes no sense anymore)
    * imported all relevant xulrunner patches
  - do not compile in build timestamp
* Fri Apr 15 2011
  - security update to 4.0.1 (bnc#689281)
    * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079
      CVE-2011-0080 CVE-2011-0081
      Miscellaneous memory safety hazards
    * MFSA 2011-17/CVE-2011-0068 (bmo#623791)
      WebGLES vulnerabilities
    * MFSA 2011-18/CVE-2011-1202 (bmo#640339)
      XSLT generate-id() function heap address leak
* Wed Mar 30 2011
  - add all available icon sizes
* Tue Mar 29 2011
  - license update: MPLv1.1 or GPLv2+ or LGPLv2+
    Sync licenses with Fedora. MPL does not state ^or later^
* Fri Mar 18 2011
  - update to version 4.0rc2
  - fixed rpm macros delivered with devel package (bnc#679950)
* Wed Feb 23 2011
  - update to version 4.0b12
  - rebased patches
* Fri Feb 04 2011
  - update to version 4.0b11
    * loads of bugfixes compared to last beta
    * added "Do Not Track" option
  - rebased patches
  - disable testpilot
* Fri Jan 28 2011
  - set correct desktop file name within KDE for 11.4 and up
  - add devel package with macros for extensions (from
* Sat Jan 22 2011
  - update to version 4.0b10
  - removed obsolete firefox-shell-bmo624267.patch
  - testpilot moved to distribution/extensions
  - updated locale provides and removed bn-IN from locales
* Tue Jan 11 2011
  - update to version 4.0b9
  - added x-scheme-handler for http and https to desktop file for
    newer Gnome environments
  - fixed default browser check/set for GIO (bmo#611953)
  - removed obsolete firefox-appname.patch (integrated into
    shellservice patch)
  - renamed desktop file to firefox.desktop for 11.4 and newer
  - removed support for 10.3 and older from the spec file
  - removed obsolete "Ximian" categories from desktop file
* Mon Jan 03 2011
  - Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
* Wed Dec 15 2010
  - update to version 4.0beta8
* Tue Nov 30 2010
  - major update to version 4.0beta7
    * based on mozilla-xulrunner20
    * far too many internal changes to list
* Wed Oct 27 2010
  - security update to 3.6.12 (bnc#649492)
    * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
      Heap buffer overflow mixing document.write and DOM insertion
* Wed Oct 06 2010
  - security update to 3.6.11 (bnc#645315)
    * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
      Miscellaneous memory safety hazards
    * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
      Buffer overflow and memory corruption using document.write
    * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
      Use-after-free error in nsBarProp
    * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
      Dangling pointer vulnerability in LookupGetterOrSetter
    * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
      XSS in gopher parser when parsing hrefs
    * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
      Cross-site information disclosure via modal calls
    * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
      SSL wildcard certificate matching IP addresses
    * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
      Unsafe library loading vulnerabilities
    * MFSA 2010-72/CVE-2010-3173
      Insecure Diffie-Hellman key exchange
* Wed Sep 15 2010
  - update to 3.6.10
    * fixing startup topcrash (bmo#594699)
* Thu Aug 26 2010
  - security update to 3.6.9 (bnc#637303)
    * MFSA 2010-49/CVE-2010-3169
      Miscellaneous memory safety hazards
    * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
      Frameset integer overflow vulnerability
    * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
      Dangling pointer vulnerability using DOM plugin array
    * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
      Heap buffer overflow in nsTextFrameUtils::TransformText
    * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
      Dangling pointer vulnerability in nsTreeSelection
    * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
      XUL tree removal crash and remote code execution
    * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
      Crash and remote code execution in normalizeDocument
    * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
      SJOW creates scope chains ending in outer object
    * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
      UTF-7 XSS by overriding document charset using <object> type
    * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
      Copy-and-paste or drag-and-drop into designMode document allows
    * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
      Information leak via XMLHttpRequest statusText
* Wed Jul 28 2010
  - disable crash reporter for non x86/x86_64 to make it build.
* Sat Jul 24 2010
  - security update to 3.6.8 (bnc#622506)
    * MFSA 2010-48/CVE-2010-2755 (bmo#575836)
      Dangling pointer crash regression from plugin parameter array
* Fri Jul 16 2010
  - security update to 3.6.7 (bnc#622506)
    * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
      Miscellaneous memory safety hazards
    * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
      DOM attribute cloning remote code execution vulnerability
    * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
      Use-after-free error in NodeIterator
    * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
      Plugin parameter EnsureCachedAttrParamArrays remote code
      execution vulnerability
    * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
      Arbitrary code execution using SJOW and fast native function
    * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
      nsCSSValue::Array index integer overflow
    * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
      nsTreeSelection dangling pointer remote code execution
    * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
      Remote code execution using malformed PNG image
    * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
      Cross-origin data disclosure via Web Workers and importScripts
    * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
      Same-origin bypass using canvas context
    * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
      Characters mapped to U+FFFD in 8 bit encodings cause subsequent
      character to vanish
    * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
      Multiple location bar spoofing vulnerabilities
    * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
      Cross-domain data theft using CSS
    * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
      Cross-origin data leakage from script filename in error messages
* Sun Jun 27 2010
  - update to 3.6.6 release
    * modifies the crash protection feature to increase the amount
      of time that plugins are allowed to be non-responsive before
      being terminated.
* Wed Jun 23 2010
  - update to final 3.6.4 release (bnc#603356)
    * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
      Crashes with evidence of memory corruption (rv:
    * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
      Freed object reuse across plugin instances
    * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
      Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
      Integer Overflow in XSLT Node Sorting
    * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
      focus() behavior can be used to inject or steal keystrokes
    * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
      Content-Disposition: attachment ignored if
      Content-Type: multipart also present
    * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
      User tracking across sites using Math.random()
* Mon Jun 07 2010
  - update to 3.6.4(build6)
* Sun Apr 18 2010
  - security update to 3.6.4 (Lorentz)
    * enable crashreporter also for x86-64
    * Flash runs in a separate process to avoid crashing Firefox
      (ix86 only; x86-64 still uses nspluginwrapper)
* Thu Apr 01 2010
  - security update to 3.6.3
    * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
      Re-use of freed object due to scope confusion
* Thu Mar 18 2010
  - security update to version 3.6.2 (bnc#586567)
    * MFSA 2010-08/CVE-2010-1028
      WOFF heap corruption due to integer overflow
    * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
      Deleted frame reuse in multipart/x-mixed-replace image
    * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
      XSS via plugins and unprotected Location object
    * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
      Crashes with evidence of memory corruption
    * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
      XSS using addEventListener and setTimeout on a wrapped object
    * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
      Content policy bypass with image preloading
    * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
      Browser chrome defacement via cached XUL stylesheets
    * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
      Asynchronous Auth Prompt attaches to wrong window
    * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
      Crashes with evidence of memory corruption
    * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
      Dangling pointer vulnerability in nsPluginArray
    * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
      Chrome privilege escalation via forced URL drag and drop
    * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
      Update NSS to support TLS renegotiation indication
    * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
      Image src redirect to mailto: URL opens email editor
    * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
      XMLDocument::load() doesn't check nsIContentPolicy
* Mon Jan 18 2010
  - update to 3.6rc2 (already named 3.6.0)
  - removed obsolete orbit-devel build requirement
* Wed Jan 06 2010
  - major update to 3.6rc1
* Fri Dec 25 2009
  - update to version 3.5.7 (bnc#568011)
    * DNS resolution in MakeSN of nsAuthSSPI causing issues for
      proxy servers that support NTLM auth (bmo#535193)
  - added missing lockdown preferences (bnc#567131)
* Thu Dec 17 2009
  - readded firefox-ui-lockdown.patch (bnc#546158)
* Thu Dec 03 2009
  - security update to version 3.5.6 (bnc#559807)
    * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
      Crashes with evidence of memory corruption (rv:
    * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
      Memory safety fixes in liboggplay media library
    * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
      Integer overflow, crash in libtheora video library
    * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
      NTLM reflection vulnerability
    * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
      Location bar spoofing vulnerabilities
    * MFSA 2009-70/VE-2009-3986 (bmo#522430)
      Privilege escalation via chrome window.opener
  - fixed firefox-browser-css.patch (bnc#561027)
* Mon Nov 23 2009
  - rebased patches for fuzz=0
* Thu Nov 05 2009
  - update to version 3.5.5 (bnc#553172)
* Sat Oct 17 2009
  - security update to version 3.5.4 (bnc#545277)
    * MFSA 2009-52/CVE-2009-3370 (bmo#511615)
      Form history vulnerable to stealing
    * MFSA 2009-53/CVE-2009-3274 (bmo#514823)
      Local downloaded file tampering
    * MFSA 2009-54/CVE-2009-3371 (bmo#514554)
      Crash with recursive web-worker calls
    * MFSA 2009-55/CVE-2009-3372 (bmo#500644)
      Crash in proxy auto-configuration regexp parsing
    * MFSA 2009-56/CVE-2009-3373 (bmo#511689)
      Heap buffer overflow in GIF color map parser
    * MFSA 2009-57/CVE-2009-3374 (bmo#505988)
      Chrome privilege escalation in XPCVariant::VariantDataToJS()
    * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
      Heap buffer overflow in string to number conversion
    * MFSA 2009-61/CVE-2009-3375 (bmo#503226)
      Cross-origin data theft through document.getSelection()
    * MFSA 2009-62/CVE-2009-3376 (bmo#511521)
      Download filename spoofing with RTL override
    * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
      Upgrade media libraries to fix memory safety bugs
    * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
      Crashes with evidence of memory corruption
  - removed upstreamed patch
    * firefox-bug506901.patch
* Wed Oct 07 2009
  - fix KDE button order in one more place (bnc#170055)
* Fri Oct 02 2009
  - improve UI colors to be usable with dark themes at all
    (firefox-browser-css.patch) (bnc#503351)
  - extend list of supported architectures as ABI identifier
    (mozilla-abi.patch) (bnc#543460)
* Sun Sep 13 2009
  - added KDE integration patch from
    * support for knotify, making -kde4-addon obsolete
    * KDE-specific support functional (bnc#170055)
  - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
* Thu Sep 10 2009
  - security update to version 3.5.3 (bnc#534458)
    * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
      Crashes with evidence of memory corruption
    * MFSA 2009-49/CVE-2009-3077 (bmo#506871)
      TreeColumns dangling pointer vulnerability
    * MFSA 2009-50/CVE-2009-3078 (bmo#453827)
      Location bar spoofing via tall line-height Unicode characters
    * MFSA 2009-51/CVE-2009-3079 (bmo#454363)
      Chrome privilege escalation with FeedWriter
* Wed Aug 19 2009
  - renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
    as it contains more tweaks to handle non-Gnome environments and
    especially KDE integration:
    * added the ability to set the KDE default browser
      (still part of bnc#170055)
* Fri Aug 07 2009
  - split -translations package into -common and -other
  - remove "set as background" from context menu if not running in
    Gnome (part of bnc#170055)
* Fri Jul 31 2009
  - security update to version 3.5.2
    * MFSA 2009-38/CVE-2009-2470 (bmo#459524)
      Data corruption with SOCKS5 reply containing DNS name longer
      than 15 characters
    * MFSA 2009-44/CVE-2009-2654 (bmo#451898)
      Location bar and SSL indicator spoofing via on
      invalid URL
    * MFSA 2009-45
      Crashes with evidence of memory corruption
    * MFSA 2009-46 (bmo#498897)
      Chrome privilege escalation due to incorrectly cached wrapper
    * various other stability fixes
  - export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
* Tue Jul 28 2009
  - fixed %exclude usage
  - fixed preferences' advanced pane for fresh profiles (bmo#506901)
* Wed Jul 15 2009
  - security update to version 3.5.1
    * MFSA 2009-41
      Corrupt JIT state after deep return from native function
* Mon Jul 06 2009
  - added mozilla-linkorder.patch to fix build with --as-needed
* Tue Jun 30 2009
  - update to final version 3.5 (20090623)
* Tue Jun 23 2009
  - fixed build by linking to a real file
* Thu Jun 18 2009
  - update to version 3.5rc2 (20090617)
  - BuildRequire mozilla-xulrunner191 =
* Sat Jun 06 2009
  - update to version 3.5b99 (20090604)
  - BuildRequire mozilla-xulrunner191 = 1.9.1b99
* Wed May 27 2009
  - fixed typos in improved xulrunner dependencies
* Mon May 11 2009
  - use non-localized Downloads folder (bnc#501724)
* Mon May 04 2009
  - update to new major version 3.5b4
    * based on Gecko 1.9.1 (mozilla-xulrunner191)
    * Private Browsing Mode
    * TraceMonkey JavaScript engine
    * Geolocation support
    * native JSON and web worker threads support
    * speculative parsing for faster content rendering
    * Some HTML5 support
  - updated firefox.schemas
  - improved firefox-no-update.patch
* Tue Apr 28 2009
  - security update to 3.0.10
    * MFSA 2009-23/CVE-2009-1313 (bmo#489647)
      Crash in nsTextFrame::ClearTextRun()
* Thu Apr 16 2009
  - security update to 3.0.9 (bnc#495473)
    * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
      Crashes with evidence of memory corruption (rv:
    * MFSA 2009-15/CVE-2009-0652 (bmo#479336)
      URL spoofing with box drawing character
    * MFSA 2009-16/CVE-2009-1306 (bmo#474536)
      jar: scheme ignores the content-disposition: header on the
      inner URI
    * MFSA 2009-17/CVE-2009-1307 (bmo#481342)
      Same-origin violations when Adobe Flash loaded via
      view-source: scheme
    * MFSA 2009-18/CVE-2009-1308 (bmo#481558)
      XSS hazard using third-party stylesheets and XBL bindings
    * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
      Same-origin violations in XMLHttpRequest and
    * MFSA 2009-20/CVE-2009-1310 (bmo#483086)
      Malicious search plugins can inject code into arbitrary sites
    * MFSA 2009-21/CVE-2009-1311 (bmo#471962)
      POST data sent to wrong site when saving web page with
      embedded frame
    * MFSA 2009-22/CVE-2009-1312 (bmo#475636)
      Firefox allows Refresh header to redirect to javascript: URIs
* Fri Mar 27 2009
  - security update to (bnc#488955,489411)
    * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
      Crash and remote code execution in XSL transformation
    * MFSA 2009-13/CVE-2009-1044 (bmo#484320)
      Arbitrary code execution via XUL tree moveToEdgeShift
  - allow RPM provides for stuff besides shared libraries
    (e.g. mime-types)
* Sun Mar 01 2009
  - security update to 3.0.7 (bnc#478625)
    * MFSA 2009-07 - Crashes with evidence of memory corruption
      CVE-2009-0771 - Layout Engine Crashes
      CVE-2009-0772 - Layout Engine Crashes
      CVE-2009-0773 - crashes in the JavaScript engine
      CVE-2009-0774 - Layout Engine Crashes
    * MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
      Mozilla Firefox XUL Linked Clones Double Free Vulnerability
    * MFSA 2009-09/CVE-2009-0776 (bmo#414540)
      XML data theft via RDFXMLDataSource and cross-domain redirect
    * MFSA 2009-10/CVE-2009-0040 (bmo#478901)
      Upgrade PNG library to fix memory safety hazards
    * MFSA 2009-11/CVE-2009-0777 (bmo#452979)
      URL spoofing with invisible control characters



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jun 10 05:47:38 2017