#8457: firefox-49.0.2 (CVE-2016-5288 CVE-2016-5287)
-------------------------+--------------------------
Reporter: renodr | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: high | Milestone: 7.11
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------
Description changed by renodr:
Old description:
> New minor version.
>
> https://www.mozilla.org/en-US/firefox/49.0.2/releasenotes/
>
> {{{
> new
> Asynchronous rendering of the Flash plugins is now enabled by default.
> This should improve performance and reduce crashes for sites that use the
> Flash plugin. (Bug 1307108)
>
> fixed
> Change D3D9 default fallback preference to prevent graphical artifacts
> (Bug 1306465)
> Network issue prevents some users from seeing the Firefox UI on startup
> (Bug 1305436)
> Web compatibility issue with Array.prototype.values (Bug 1299593)
> Various security fixes
> Web compatibility issue with file uploads (Bug 1306472)
>
> changed
> Diagnostic information on timing for tab switching (Bug 1304113)
> Reference link to Firefox 49.0.1 release notes
> Fix a Canvas filters graphics issue affecting HTML5 apps (Bug 1304539)
> }}}
>
> Security advisory for firefox-49.0.2 will become available here (not
> there yet):
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
New description:
New minor version.
https://www.mozilla.org/en-US/firefox/49.0.2/releasenotes/
{{{
new
Asynchronous rendering of the Flash plugins is now enabled by default.
This should improve performance and reduce crashes for sites that use the
Flash plugin. (Bug 1307108)
fixed
Change D3D9 default fallback preference to prevent graphical artifacts
(Bug 1306465)
Network issue prevents some users from seeing the Firefox UI on startup
(Bug 1305436)
Web compatibility issue with Array.prototype.values (Bug 1299593)
Various security fixes
Web compatibility issue with file uploads (Bug 1306472)
changed
Diagnostic information on timing for tab switching (Bug 1304113)
Reference link to Firefox 49.0.1 release notes
Fix a Canvas filters graphics issue affecting HTML5 apps (Bug 1304539)
}}}
Security advisory for firefox-49.0.2 will become available here (not there
yet):
https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
{{{
CVE-2016-5287: Crash in nsTArray_base<T>::SwapArrayElements
REPORTER
Philipp
IMPACT
HIGH
Description
A potentially exploitable use-after-free crash during actor destruction
with service workers. This issue does not affect releases earlier than
Firefox 49.
}}}
{{{
CVE-2016-5288: Web content can read cache entries
REPORTER
Developers at Cliqz.com
IMPACT
HIGH
Description
A Cliqz.com developer demonstrated that web content could access
information in the HTTP cache if e10s is disabled. This can reveal some
visited URLs and the contents of those pages. This issue affects Firefox
48 and 49.
}}}
--
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/8457#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
