| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: MozillaFirefox-branding-upstream | Distribution: openSUSE 11.2 |
| Version: 3.6.13 | Vendor: openSUSE |
| Release: 0.2.1 | Build date: Mon Dec 13 01:38:09 2010 |
| Group: Productivity/Networking/Web/Browsers | Build host: build19 |
| Size: 6516 | Source RPM: MozillaFirefox-3.6.13-0.2.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.mozilla.org/ | |
| Summary: Upstream branding for MozillaFirefox | |
This package provides upstream look and feel for MozillaFirefox.
GPLv2+ ; LGPLv2.1+ ; MPLv1.1+
* Thu Nov 25 2010 wr@rosenauer.org
- security update to 3.6.13 (bnc#657016)
* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
* MFSA 2010-75/CVE-2010-3769 (bmo#608336)
Buffer overflow while line breaking after document.write with
long string
* MFSA 2010-76/CVE-2010-3771 (bmo#609437)
Chrome privilege escalation with window.open and <isindex> element
* MFSA 2010-77/CVE-2010-3772 (bmo#594547)
Crash and remote code execution using HTML tags inside a XUL tree
* MFSA 2010-78/CVE-2010-3768 (bmo#527276)
Add support for OTS font sanitizer
* MFSA 2010-79/CVE-2010-3775
Java security bypass from LiveConnect loaded via data: URL
meta refresh
* MFSA 2010-80/CVE-2010-3766 (bmo#590771)
Use-after-free error with nsDOMAttribute MutationObserver
* MFSA 2010-81/CVE-2010-3767 (bmo#599468)
Integer overflow vulnerability in NewIdArray
* MFSA 2010-82/CVE-2010-3773 (bmo#554449)
Incomplete fix for CVE-2010-0179
* MFSA 2010-83/VE-2010-3774 (bmo#602780)
Location bar SSL spoofing using network error page
* MFSA 2010-84/CVE-2010-3770 (bmo#601429)
XSS hazard in multiple character encodings
- export a versioned provides for "firefox"
* Wed Oct 27 2010 wr@rosenauer.org
- security update to 3.6.12 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion
* Wed Oct 06 2010 wr@rosenauer.org
- security update to 3.6.11 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753)
Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange
* Wed Sep 15 2010 wr@rosenauer.org
- update to 3.6.10
* fixing startup topcrash (bmo#594699)
* Thu Aug 26 2010 wr@rosenauer.org
- security update to 3.6.9 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument
* MFSA 2010-59/CVE-2010-2762 (bmo#584180)
SJOW creates scope chains ending in outer object
* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using <object> type
attribute
* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS
* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText
* Wed Jul 28 2010 meissner@suse.de
- disable crash reporter for non x86/x86_64 to make it build.
* Sat Jul 24 2010 wr@rosenauer.org
- security update to 3.6.8 (bnc#622506)
* MFSA 2010-48/CVE-2010-2755 (bmo#575836)
Dangling pointer crash regression from plugin parameter array
fix
* Fri Jul 16 2010 wr@rosenauer.org
- security update to 3.6.7 (bnc#622506)
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards
* MFSA 2010-35/CVE-2010-1208 (bmo#572986)
DOM attribute cloning remote code execution vulnerability
* MFSA 2010-36/CVE-2010-1209 (bmo#552110)
Use-after-free error in NodeIterator
* MFSA 2010-37/CVE-2010-1214 (bmo#572985)
Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability
* MFSA 2010-38/CVE-2010-1215 (bmo#567069)
Arbitrary code execution using SJOW and fast native function
* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow
* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability
* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image
* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts
* MFSA 2010-43/CVE-2010-1207 (bmo#571287)
Same-origin bypass using canvas context
* MFSA 2010-44/CVE-2010-1210 (bmo#564679)
Characters mapped to U+FFFD in 8 bit encodings cause subsequent
character to vanish
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
Multiple location bar spoofing vulnerabilities
* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS
* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages
* Sun Jun 27 2010 wr@rosenauer.org
- update to 3.6.6 release
* modifies the crash protection feature to increase the amount
of time that plugins are allowed to be non-responsive before
being terminated.
* Wed Jun 23 2010 wr@rosenauer.org
- update to final 3.6.4 release (bnc#603356)
* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.2.4)
* MFSA 2010-28/CVE-2010-1198 (bmo#532246)
Freed object reuse across plugin instances
* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting
* MFSA 2010-31/CVE-2010-1125 (bmo#552255)
focus() behavior can be used to inject or steal keystrokes
* MFSA 2010-32/CVE-2010-1197 (bmo#537120)
Content-Disposition: attachment ignored if
Content-Type: multipart also present
* MFSA 2010-33/CVE-2008-5913 (bmo#475585)
User tracking across sites using Math.random()
* Mon Jun 07 2010 wr@rosenauer.org
- update to 3.6.4(build6)
* Sun Apr 18 2010 wr@rosenauer.org
- security update to 3.6.4 (Lorentz)
* enable crashreporter also for x86-64
* Flash runs in a separate process to avoid crashing Firefox
(ix86 only; x86-64 still uses nspluginwrapper)
* Thu Apr 01 2010 wr@rosenauer.org
- security update to 3.6.3
* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion
* Thu Mar 18 2010 wr@rosenauer.org
- security update to version 3.6.2 (bnc#586567)
* MFSA 2010-08/CVE-2010-1028
WOFF heap corruption due to integer overflow
* MFSA 2010-09/CVE-2010-0164 (bmo#547143)
Deleted frame reuse in multipart/x-mixed-replace image
* MFSA 2010-10/CVE-2010-0170 (bmo#541530)
XSS via plugins and unprotected Location object
* MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
Crashes with evidence of memory corruption
* MFSA 2010-12/CVE-2010-0171 (bmo#531364)
XSS using addEventListener and setTimeout on a wrapped object
* MFSA 2010-13/CVE-2010-0168 (bmo#540642)
Content policy bypass with image preloading
* MFSA 2010-14/CVE-2010-0169 (bmo#535806)
Browser chrome defacement via cached XUL stylesheets
* MFSA 2010-15/CVE-2010-0172 (bmo#537862)
Asynchronous Auth Prompt attaches to wrong window
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption
* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn't check nsIContentPolicy
* Mon Jan 18 2010 wr@rosenauer.org
- update to 3.6rc2 (already named 3.6.0)
- removed obsolete orbit-devel build requirement
* Wed Jan 06 2010 wr@rosenauer.org
- major update to 3.6rc1
* Fri Dec 25 2009 wr@rosenauer.org
- update to version 3.5.7 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)
- added missing lockdown preferences (bnc#567131)
* Thu Dec 17 2009 wr@rosenauer.org
- readded firefox-ui-lockdown.patch (bnc#546158)
* Thu Dec 03 2009 wr@rosenauer.org
- security update to version 3.5.6 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
- fixed firefox-browser-css.patch (bnc#561027)
* Mon Nov 23 2009 wr@rosenauer.org
- rebased patches for fuzz=0
* Thu Nov 05 2009 wr@rosenauer.org
- update to version 3.5.5 (bnc#553172)
* Sat Oct 17 2009 wr@rosenauer.org
- security update to version 3.5.4 (bnc#545277)
* MFSA 2009-52/CVE-2009-3370 (bmo#511615)
Form history vulnerable to stealing
* MFSA 2009-53/CVE-2009-3274 (bmo#514823)
Local downloaded file tampering
* MFSA 2009-54/CVE-2009-3371 (bmo#514554)
Crash with recursive web-worker calls
* MFSA 2009-55/CVE-2009-3372 (bmo#500644)
Crash in proxy auto-configuration regexp parsing
* MFSA 2009-56/CVE-2009-3373 (bmo#511689)
Heap buffer overflow in GIF color map parser
* MFSA 2009-57/CVE-2009-3374 (bmo#505988)
Chrome privilege escalation in XPCVariant::VariantDataToJS()
* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
Heap buffer overflow in string to number conversion
* MFSA 2009-61/CVE-2009-3375 (bmo#503226)
Cross-origin data theft through document.getSelection()
* MFSA 2009-62/CVE-2009-3376 (bmo#511521)
Download filename spoofing with RTL override
* MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
Upgrade media libraries to fix memory safety bugs
* MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
Crashes with evidence of memory corruption
- removed upstreamed patch
* firefox-bug506901.patch
* Wed Oct 07 2009 llunak@novell.com
- fix KDE button order in one more place (bnc#170055)
* Fri Oct 02 2009 wr@rosenauer.org
- improve UI colors to be usable with dark themes at all
(firefox-browser-css.patch) (bnc#503351)
- extend list of supported architectures as ABI identifier
(mozilla-abi.patch) (bnc#543460)
* Sun Sep 13 2009 wr@rosenauer.org
- added KDE integration patch from llunak@novell.com
(firefox-kde.patch)
* support for knotify, making -kde4-addon obsolete
* KDE-specific support functional (bnc#170055)
- do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
* Thu Sep 10 2009 wr@rosenauer.org
- security update to version 3.5.3 (bnc#534458)
* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
Crashes with evidence of memory corruption
* MFSA 2009-49/CVE-2009-3077 (bmo#506871)
TreeColumns dangling pointer vulnerability
* MFSA 2009-50/CVE-2009-3078 (bmo#453827)
Location bar spoofing via tall line-height Unicode characters
* MFSA 2009-51/CVE-2009-3079 (bmo#454363)
Chrome privilege escalation with FeedWriter
* Wed Aug 19 2009 wr@rosenauer.org
- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
as it contains more tweaks to handle non-Gnome environments and
especially KDE integration:
* added the ability to set the KDE default browser
(still part of bnc#170055)
* Fri Aug 07 2009 wr@rosenauer.org
- split -translations package into -common and -other
(bnc#529180)
- remove "set as background" from context menu if not running in
Gnome (part of bnc#170055)
* Fri Jul 31 2009 wr@rosenauer.org
- security update to version 3.5.2
* MFSA 2009-38/CVE-2009-2470 (bmo#459524)
Data corruption with SOCKS5 reply containing DNS name longer
than 15 characters
* MFSA 2009-44/CVE-2009-2654 (bmo#451898)
Location bar and SSL indicator spoofing via window.open() on
invalid URL
* MFSA 2009-45
Crashes with evidence of memory corruption
* MFSA 2009-46 (bmo#498897)
Chrome privilege escalation due to incorrectly cached wrapper
* various other stability fixes
- export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
* Tue Jul 28 2009 wr@rosenauer.org
- fixed %exclude usage
- fixed preferences' advanced pane for fresh profiles (bmo#506901)
* Wed Jul 15 2009 wr@rosenauer.org
- security update to version 3.5.1
* MFSA 2009-41
Corrupt JIT state after deep return from native function
* Mon Jul 06 2009 wr@rosenauer.org
- added mozilla-linkorder.patch to fix build with --as-needed
* Tue Jun 30 2009 wr@rosenauer.org
- update to final version 3.5 (20090623)
* Tue Jun 23 2009 wr@rosenauer.org
- fixed build by linking to a real file
* Thu Jun 18 2009 wr@rosenauer.org
- update to version 3.5rc2 (20090617)
- BuildRequire mozilla-xulrunner191 = 1.9.1.0
* Sat Jun 06 2009 wr@rosenauer.org
- update to version 3.5b99 (20090604)
- BuildRequire mozilla-xulrunner191 = 1.9.1b99
* Wed May 27 2009 wr@rosenauer.org
- fixed typos in improved xulrunner dependencies
* Mon May 11 2009 wr@rosenauer.org
- use non-localized Downloads folder (bnc#501724)
* Mon May 04 2009 wr@rosenauer.org
- update to new major version 3.5b4
* based on Gecko 1.9.1 (mozilla-xulrunner191)
* Private Browsing Mode
* TraceMonkey JavaScript engine
* Geolocation support
* native JSON and web worker threads support
* speculative parsing for faster content rendering
* Some HTML5 support
- updated firefox.schemas
- improved firefox-no-update.patch
* Tue Apr 28 2009 wr@rosenauer.org
- security update to 3.0.10
* MFSA 2009-23/CVE-2009-1313 (bmo#489647)
Crash in nsTextFrame::ClearTextRun()
* Thu Apr 16 2009 wr@rosenauer.org
- security update to 3.0.9 (bnc#495473)
* MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
Crashes with evidence of memory corruption (rv:1.9.0.9)
* MFSA 2009-15/CVE-2009-0652 (bmo#479336)
URL spoofing with box drawing character
* MFSA 2009-16/CVE-2009-1306 (bmo#474536)
jar: scheme ignores the content-disposition: header on the
inner URI
* MFSA 2009-17/CVE-2009-1307 (bmo#481342)
Same-origin violations when Adobe Flash loaded via
view-source: scheme
* MFSA 2009-18/CVE-2009-1308 (bmo#481558)
XSS hazard using third-party stylesheets and XBL bindings
* MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
* MFSA 2009-20/CVE-2009-1310 (bmo#483086)
Malicious search plugins can inject code into arbitrary sites
* MFSA 2009-21/CVE-2009-1311 (bmo#471962)
POST data sent to wrong site when saving web page with
embedded frame
* MFSA 2009-22/CVE-2009-1312 (bmo#475636)
Firefox allows Refresh header to redirect to javascript: URIs
* Fri Mar 27 2009 wr@rosenauer.org
- security update to 1.9.0.8 (bnc#488955,489411)
* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation
* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift
- allow RPM provides for stuff besides shared libraries
(e.g. mime-types)
* Sun Mar 01 2009 wr@rosenauer.org
- security update to 3.0.7 (bnc#478625)
* MFSA 2009-07 - Crashes with evidence of memory corruption
CVE-2009-0771 - Layout Engine Crashes
CVE-2009-0772 - Layout Engine Crashes
CVE-2009-0773 - crashes in the JavaScript engine
CVE-2009-0774 - Layout Engine Crashes
* MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
Mozilla Firefox XUL Linked Clones Double Free Vulnerability
* MFSA 2009-09/CVE-2009-0776 (bmo#414540)
XML data theft via RDFXMLDataSource and cross-domain redirect
* MFSA 2009-10/CVE-2009-0040 (bmo#478901)
Upgrade PNG library to fix memory safety hazards
* MFSA 2009-11/CVE-2009-0777 (bmo#452979)
URL spoofing with invisible control characters
* Wed Feb 04 2009 hfiguiere@suse.de
- Review and approve changes.
* Wed Jan 28 2009 wr@rosenauer.org
- security update to 3.0.6 (bnc#470074)
* MFSA 2009-06/CVE-2009-0358: Directives to not cache pages ignored
(bmo#441751)
* MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading
HTTPOnly cookies (bmo#380418)
* MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via
local .desktop files (bmo#460425)
* MFSA 2009-03/CVE-2009-0355: Local file stealing with SessionStore
(bmo#466937)
* MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method
and window.eval (bmo#468581)
* MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with
evidence of memory corruption (rv:1.9.0.6) (bmo#452913,
bmo#449006, bmo#331088, bmo#401042, bmo#416461, bmo#422283,
bmo#422301, bmo#431705, bmo#437142, bmo#421839, bmo#420697,
bmo#461027)
* (non security) added lv locale
* Thu Jan 22 2009 hfiguiere@suse.de
- Fix the wrapper script for PowerPC 64-bits (bnc#464753)
* Wed Dec 17 2008 hfiguiere@suse.de
- Review and approve changes.
* Mon Dec 15 2008 wr@rosenauer.org
- security update to 1.9.0.5 (bnc#455804)
for details
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
* removed aboutRights workaround again
* added et locale
* Tue Nov 25 2008 hfiguiere@suse.de
- Review and approve changes.
* Sat Nov 22 2008 wr@rosenauer.org
- replace license agreement with about:rights toolbar
(backported from upcoming FF 3.0.5) (bnc#436054, bmo#456439)
(it's always displayed in en-US)
* Fri Nov 21 2008 hfiguiere@suse.de
- Update firefox-lockdown-ui.patch
* Print Setup is now properly locked down. bnc#431028
* Bookmark editing it now properly locked down. bnc#439335
* Bookmars are properly hidden.
* History is properly locked down. bnc#439343
* Make sure the search bar is not put back when resetting the
toolbar. bnc#439358
* Fri Nov 21 2008 maw@suse.de
- Review and approve changes.
* Thu Nov 13 2008 wr@rosenauer.org
- lockdown cleanup
* removed gecko-lockdown.patch from Firefox (it's in xulrunner)
* stripped out some toolkit stuff from firefox-ui-lockdown
* added extra default preferences for lockdown
* Wed Nov 12 2008 maw@suse.de
- Review and approve changes.
* Tue Nov 11 2008 wr@rosenauer.org
- update to security/maintenance release 3.0.4 (bnc#439841)
* support additional locales (bg, cy, eo, oc)
- removed obsolete configure option (enable-gconf)
* Fri Nov 07 2008 maw@suse.de
- Review and approve changes.
* Tue Nov 04 2008 wr@rosenauer.org
- moved gconf schema into branding packages (bnc#441646)
* Tue Oct 28 2008 hfiguiere@suse.de
- Fix missing %endif (for fix for bnc#434283)
* Mon Oct 27 2008 hfiguiere@suse.de
- Add disable_show_passwords to firefox.schemas. (FATE #301534)
* Mon Oct 27 2008 wr@rosenauer.org
- make biarch dependencies work correctly (bnc#434283)
* Thu Oct 23 2008 hfiguiere@suse.de
- Added firefox-ui-lockdown.patch and gecko-lockdown.patch
* Lockdown: FATE#302023, FATE#302024
* Mon Oct 06 2008 sbrabec@suse.cz
- Conflict with other branding providers (FATE#304881).
* Mon Sep 29 2008 maw@suse.de
- Review and approve changes.
* Mon Sep 29 2008 maw@suse.de
- Remove a reference to a stale patch.
* Sun Sep 28 2008 wr@rosenauer.org
- update to regression fix release 3.0.3
* Fixed a problem where users were unable to retrieve saved
passwords or save new passwords (bmo#454708, bnc#429179#c20,
CVE-2008-4063, CVE-2008-4064, CVE-2008-3836, andCVE-2008-4070)
* Thu Sep 25 2008 maw@suse.de
- Review and approve changes.
* Mon Sep 15 2008 wr@rosenauer.org
- update to security/maintenance release 3.0.2 (bnc#429179)
- removed unused files from sources
- fix more rpmlint complaints and provide a config file to filter
false positives
- disable Gnome crashreporter as it has no value
- brought man-page up to date for the firefox stub
(removing firefox-bin reference)
- en-US locale not longer packaged in translations subpackage
* Fri Aug 15 2008 maw@novell.com
- Review and approve changes.
* Mon Aug 04 2008 wr@rosenauer.org
- Tweak branding split
* Tue Jul 29 2008 vuntz@novell.com
- Create branding package (bnc#390752):
+ search-addons.tar.bz2, bookmarks.html.suse and
firefox-suse-default-prefs.js will be moved to
MozillaFirefox-branding-openSUSE
+ create a MozillaFirefox-branding-upstream package
* Mon Jul 28 2008 mauro@suse.de
- Update to stability/security release 3.0.1 (bnc#407573)
(thanks, Wolfgang)
+ MFSA 2008-36 Crash with malformed GIF file on Mac OS X
+ MFSA 2008-35 Command-line URLs launch multiple tabs when
Firefox not running
+ MFSA 2008-34 Remote code execution by overflowing CSS reference counter
- Set browser.shell.checkDefaultBrowser to true (bnc#404119)
* Tue Jun 17 2008 maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
(bnc#400001 and SWAMP#18164).
* Tue Jun 17 2008 wr@rosenauer.org
- update to version 3.0
- fixed double entry in bookmarks for www.opensuse.org (bnc#396980
* Thu May 15 2008 aj@suse.de
- Add Planet SUSE, forums.o.o and How to participate to default
URLs.
* Fri May 02 2008 maw@suse.de
- network.protocol-handler.app.* prefs are no longer supported;
remove references to them from firefox-suse-default-prefs.js
(bnc#383697).
* Wed Apr 02 2008 maw@suse.de
- Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang).
* Wed Mar 26 2008 maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
- Update to the fourth Firefox 3.0 Beta (2.9.94):
+ Based upon the Gecko 1.9 Web rendering platform, which improves
performance, stability, and rendering correctness; it also
boasts a considerable simplification in its code
+ Security improvements:
* One-click site info
* Malware Protection
* New Web Forgery Protection page
* New SSL error pages
* Add-ons and Plugin version check
* Secure add-on updates
* Effective top-level domain (eTLD) service to better restrict
cookies and other restricted content to a single domain
* Better protection against cross-site JSON data leaks
+ Usability improvements:
* Easier password management
* Simplified add-on installation
* New Download Manager
* Resumable downloading
* Full page zoom
* Podcasts and Videocasts can be associated with your media
playback tools
* Tab scrolling and quickmenu
* Save what you were doing: Firefox will prompt users to save
tabs on exit
* Optimized Open in Tabs behavior
* Location and Search bar size can now be customized with a
simple resizer item
* Text selection improvements
* Find toolbar
* Improved integration with Linux: Firefox's default icons,
buttons, and menu styles now use the native GTK theme
+ Personalization improvements:
* Star button: quickly add bookmarks from the location bar
with a single click; a second click lets you file and tag them
* Tags: associate keywords with your bookmarks to sort them
by topic
* Location bar & auto-complete
* Smart Bookmarks Folder
* Places Organizer: view, organize and search through all
of your bookmarks, tags, and browsing history with multiple
views and smart folders to store your frequent searches
* Web-based protocol handlers
* Download & Install Add-ons
* Easy to use Download Actions
+ Improved platform for web developers:
* New graphics and font handling: new graphics and text
rendering architectures in Gecko 1.9 provides rendering
improvements in CSS, SVG as well as improved display of
fonts with ligatures and complex scripts
* Color management: (set gfx.color_management.enabled on
in about:config and restart the browser to enable.);
Firefox can now adjust images with embedded color profiles
* Offline support: enables web applications to provide
offline functionality (website authors must add support
for offline browsing to their site for this feature
to be available to users)
+ Improved performance:
* Speed: improvements to the JavaScript engine as well as
profile guided optimizations have resulted in significant
improvements in performance; compared to Firefox 2,
web applications like Google Mail and Zoho Office run
twice as fast in Firefox 3 Beta 4, and the popular
SunSpider test from Apple shows improvements over
previous releases
* Memory usage: Several new technologies work together to
reduce the amount of memory used by Firefox 3 Beta 4
over a web browsing session; memory cycles are broken
and collected by an automated cycle collector, a new
memory allocator reduces fragmentation, hundreds of leaks
have been fixed, and caching strategies have been tuned
* Reliability: A user's bookmarks, history, cookies, and
preferences are now stored in a transactionally secure
database format which will prevent data loss even if their
system crashes
- This version depends upon the mozilla-xulrunner190 package
- Drop various stale packages, respin several that have been
kept around, and add a few new ones.
* Mon Feb 11 2008 maw@suse.de
- Security update to version 2.0.0.12 (bnc#354469):
+ MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div
overlay
+ MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet
redirect
+ MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain
text files
+ MFSA 2008-08/CVE-2008-0591 File action dialog tampering
+ MFSA 2008-06/CVE-2008-0419 Web browsing history and forward
navigation stealing
+ MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI
+ MFSA 2008-04/CVE-2008-0417 Stored password corruption
+ MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote
Code Execution
+ MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing
vulnerabilities
+ MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory
corruption (rv:1.8.1.12)
- Reference libaoss.so in start script (bnc#117079)
- Remove mozilla-canvas-1.8.1.10.patch, as it has been upstreamed
- Update firefox-ui-lockdown.patch (FATE#301534, FATE#302023, and
FATE#302024)
- Add application/x-xpinstall mime type to MozillaFirefox.desktop
- Add MozillaFirefox.xml to bind .xpi to application/x-xpinstall
in desktop.
* Thu Jan 17 2008 maw@suse.de
- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).
* Fri Dec 21 2007 maw@suse.de
- Add firefox-348446-empty-lists.patch (bnc#348446).
* Wed Dec 05 2007 maw@suse.de
- Respin proxy-dev.patch (bnc#340678) -- thanks, Anders!
* Tue Nov 27 2007 maw@suse.de
- Security update to version 2.0.0.10 (#341905, #341591):
+ MFSA 2007-39 Referer-spoofing via window.location race condition
+ MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ MFSA 2007-37 jar: URI scheme XSS hazard
+ Fixes for regressions introduced in 2.0.0.8
+ Updated dbus.patch, startup.patch, misc.dif, and configure.patch
- Add mozilla-gcc4.3-fixes.patch
- Add mozilla-canvas-1.8.1.10.patch (#341591#c10).
* Mon Nov 26 2007 maw@suse.de
- Build with -ftree-vrp -fwrapv, per advice in #342603#c17.
* Tue Nov 13 2007 maw@suse.de
- Add firefox-gcc4.3-fixes.patch.
* Fri Oct 19 2007 maw@suse.de
- Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang)
* MFSA 2007-29 Crashes with evidence of memory corruption
* MFSA 2007-30 onUnload Tailgating
* MFSA 2007-31 Digest authentication request splitting
* MFSA 2007-32 File input focus stealing vulnerability
* MFSA 2007-33 XUL pages can hide the window titlebar
* MFSA 2007-34 Possible file stealing through sftp protocol
* MFSA 2007-35 XPCNativeWraper pollution using Script object
complete advisories on
http://www.mozilla.org/projects/security/known-vulnerabilities.html
* Sun Sep 23 2007 maw@suse.de
- Don't explicitly require libaoss.so (#326751).
* Fri Sep 14 2007 maw@suse.de
- Update the Novell Support search plugin in search-addons.tar.bz2
(#297261)
- Set the browser.tabs.loadFolderAndReplace preference to false
by default (#230759).
* Wed Sep 12 2007 dmueller@suse.de
- fix hardlinks accross partitions
* Thu Sep 06 2007 maw@suse.de
- Add http://software.opensuse.org/search?baseproject=openSUSE:10.3
to the default bookmarks (#308223).
* Mon Sep 03 2007 ro@suse.de
- move last change a bit further in specfile
* Fri Aug 31 2007 maw@suse.de
- Mark a .png file as nonexecutable.
* Tue Aug 28 2007 maw@suse.de
- Minor .spec update (#305193)
+ Remove two obsolete patches
+ Correct releasedate
+ Include only the officially supported locales.
* Wed Aug 22 2007 maw@suse.de
- Merge changes from the build service (thanks, Wolfgang):
+ Provide locale dependency information (#302288)
+ Add x11-session.patch, supporting X11 session management
(#227047)
+ Update to version 2.0.0.6
* MFSA 2007-26 Privilege escalation through chrome-loaded
about:blank windows
* MFSA 2007-27 Unescaped URIs passed to external programs
(only relevant on Windows)
- Use %fdupes.
* Tue Aug 21 2007 aj@suse.de
- Adjust bookmarks: Add news.opensuse.org, use new software.o.o
page.
* Thu Aug 16 2007 mauro@suse.de
- Revert previous change.
* Tue Aug 14 2007 mauro@suse.de
- Added support for ymp in the mimetypes.rdf
- Added OneClickInstallUrlHandler for handing the actual call from firefox.
- Fixes bnc #295677
* Mon Jul 23 2007 maw@suse.de
- Security update to version 2.0.0.5 (#288115) which has fixes for:
MFSA 2007-18
CVE-2007-3734 - Browser flaws
CVE-2007-3735 - Javascript flaws
MFSA 2007-19
CVE-2007-3736
MFSA 2007-20
CVE-2007-3089
MFSA 2007-21
CVE-2007-3737
MFSA 2007-22
CVE-2007-3285
MFSA 2007-23
CVE-2007-3670
MFSA 2007-24
CVE-2007-3656
MFSA 2007-25
CVE-2007-3738
* Thu Jun 21 2007 adrian@suse.de
- fix changelog entry order
* Mon Jun 18 2007 maw@suse.de
- Use mozilla.sh.in from the build service (#230681).
* Tue Jun 05 2007 sbrabec@suse.cz
- Removed invalid desktop category "Application" (#254654).
* Tue Jun 05 2007 maw@suse.de
- Security update to version 2.0.0.4
- Refresh configure.patch, startup.patch, and visibility.patch
- Now use l10n-%{version}.tar.bz2 instead of l10n.tar.bz2.
* Mon Apr 30 2007 ro@suse.de
- added unzip to BuildRequires
* Wed Apr 18 2007 mfabian@suse.de
- add Japanese to the languages which get PANGO enabled in the
start script to support the Japanese combining characters
U+3099 U+309A (see bugzilla #262718 comment #29).
* Mon Mar 12 2007 maw@suse.de
- Package gconf stuff.
* Wed Feb 21 2007 maw@suse.de
- Security update to 2.0.0.2 (#244923), which covers:
+ mfsa2007-01
* CVE-2007-0775 - layout engine crashes
* CVE-2007-0776 - SVG
* CVE-2007-0777 - javascript engine corruption
+ mfsa2007-02
* CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
* CVE-2007-0996 - Child frame character set inheritance
* CVE-2006-6077 - Injected password forms
+ mfsa2007-02
+ mfsa2007-03
* CVE-2007-0078
+ mfsa2007-04
* CVE-2007-0079
+ mfsa2007-05
* CVE-2007-0780
* CVE-2007-0800
+ mfsa2007-06
* CVE-2007-0008 - client flaw
* CVE-2007-0009 - server flaw
+ mfsa2007-07
* CVE-2007-0981
- Updates mozilla.sh.in (#230681)
- Fixes #232209
- Updates the man page (#243037)
- Properly propagates exit codes (#241492)
- Adds em-356370.patch (#217374)
* Thu Jan 25 2007 maw@suse.de
- Fixup the Gnome paths, keeping in closer sync with the
buildservice.
* Thu Jan 18 2007 maw@suse.de
- Gnome is now in /usr, so remove references to /opt/gnome
- Install firefox.png with the executable bit not set.
* Wed Jan 10 2007 meissner@suse.de
- readd MozillaFirebird provides (was incorrect in removing it).
* Mon Jan 08 2007 meissner@suse.de
- Do not provide MozillaFirebird, just obsolete it.
* Fri Dec 01 2006 maw@suse.de
- Update gecko-lockdown.patch (#220616).
* Thu Nov 30 2006 maw@suse.de
- Update firefox-suse-default-prefs.js, adding
'pref("browser.backspace_action", 2);' (#217374)
* Thu Nov 30 2006 aj@suse.de
- Fix last change (#224431).
* Wed Nov 29 2006 aj@suse.de
- Change download bookmark (#224431).
- Rename bookmark folder to openSUSE.
* Tue Nov 28 2006 aj@suse.de
- Sync from Buildservice with following critical fixes (thanks
Wolfgang Rosenauer!):
* fixed system-proxies.patch to actually work (#223881).
* Rearrange Bookmarks to pass trademark review.
* Mon Nov 27 2006 aj@suse.de
- Fix tango theme (#223796).
* Mon Nov 27 2006 aj@suse.de
- Use www.opensuse.org as home page.
* Sun Nov 12 2006 aj@suse.de
- Set novell.com as home page.
- Update from BuildService (thanks Wolfgang!):
- fixed crash in htmlparser (#217257, bmo #358797)
- added gconf2 as PreReq (#212505)
- added 32bit libaoss.so as requirement (#216266)
- Removed SUSE searchplugin (Portal not available anymore)
(#216054)
- Removed obsolete xul-picker.patch and system-nspr.patch
- Fixed building on 10.1 and 10.0 (dbus)
- Removed obsolete throbber preference
* Thu Nov 09 2006 jhargadon@suse.de
- updated tango theme
* Sun Oct 29 2006 aj@suse.de
- Another fix for 214125, patch by Wolfgang Rosenauer.
* Thu Oct 26 2006 aj@suse.de
- Fix gcc warnings about undefined operations, patch by
Robert O'Callahan.
- Update system-proxies.patch to fix error box (214125), patch by
Robert O'Callahan.
* Mon Oct 23 2006 aj@suse.de
- Update to current CVS version of 2.0.
- Use www.opensuse.org as default home page for now (#203547).
* Sat Oct 21 2006 aj@suse.de
- Disable non-working plasticfox and tango themes.
* Fri Oct 20 2006 aj@suse.de
- Fix building of locales.
* Fri Oct 20 2006 mkoenig@suse.de
- update to version 2.0rc3:
* New features: Visual Refresh, Built-in phishing protection,
Enhanced search capabilities, Improved tabbed browsing,
Resuming your browsing session, Previewing and subscribing
to Web feeds, Inline spell checking, Live Titles,
Improved Add-ons manager, JavaScript 1.7, Extended search
plugin format, Updates to the extension system,
Client-side session and persistent storage, SVG text
* Tue Oct 17 2006 meissner@suse.de
- disabled debugging.
* Tue Sep 12 2006 stark@suse.de
- security update to version 1.5.0.7
* Mon Aug 21 2006 stark@suse.de
- added greasemonkey helper change (#199920)
- fixed packager.mk for new make version
* Fri Aug 11 2006 stark@suse.de
- fixed crash in dbus component (patch by thoenig #197928)
- use external adresses for PAC configuration (#196506)
* Mon Aug 07 2006 stark@suse.de
- added symlink for Firefox 1.0.x compatibility
* Sat Jul 29 2006 stark@suse.de
- update to regression release 1.5.0.6 (#195043)
* Thu Jul 27 2006 stark@suse.de
- security update to version 1.5.0.5 (#195043)
* observer-lock.patch integrated now
- fixed leak in JS' liveconnect (#186066)
- fixed desktop file for old distributions
(StartupNotify=false)
/usr/lib64/firefox /usr/lib64/firefox/browserconfig.properties /usr/lib64/firefox/defaults /usr/lib64/firefox/defaults/profile/bookmarks.html
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon May 20 05:42:27 2013