head 1.2; access; symbols; locks; strict; comment @// @; 1.2 date 2015.05.12.22.48.54; author ryoon; state dead; branches; next 1.1; commitid NJZg0HQjg2n73dly; 1.1 date 2015.04.10.05.40.36; author martin; state Exp; branches; next ; commitid SEFAUA6Cd4sbo0hy; desc @@ 1.2 log @Update to 38.0 Changelog: New New tab-based preferences New Ruby annotation support New Base for the next ESR release. Changed autocomplete=off is no longer supported for username/password fields Changed URL parser avoids doing percent encoding when setting the Fragment part of the URL, and percent decoding when getting the Fragment in line with the URL spec Changed RegExp.prototype.source now returns "(?:)" instead of the empty string for empty regular expressions Changed Improved page load times via speculative connection warmup HTML5 WebSocket now available in Web Workers HTML5 BroadcastChannel API implemented HTML5 Implemented srcset attribute and element for responsive images HTML5 Implemented DOM3 Events KeyboardEvent.code HTML5 Mac OS X: Implemented a subset of the Media Source Extensions (MSE) API to allow native HTML5 playback on YouTube HTML5 Implemented Encrypted Media Extensions (EME) API to support encrypted HTML5 video/audio playback (Windows Vista or later only) HTML5 Automatically download Adobe Primetime Content Decryption Module (CDM) for DRM playback through EME (Windows Vista or later only) Developer Optimized-out variables are now visible in Debugger UI Developer XMLHttpRequest logs in the web console are now visually labelled and can be filtered separately from regular network requests Developer WebRTC now has multistream and renegotiation support Developer copy command added to console Fixed Various security fixes Fixed in Firefox 38 2015-58 Mozilla Windows updater can be run outside of application directory 2015-57 Privilege escalation through IPC channel messages 2015-56 Untrusted site hosting trusted page can intercept webchannel responses 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata 2015-54 Buffer overflow when parsing compressed XML 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown 2015-52 Sensitive URL encoded information written to Android logcat 2015-51 Use-after-free during text processing with vertical text enabled 2015-50 Out-of-bounds read and write in asm.js validation 2015-49 Referrer policy ignored when links opened by middle-click and context menu 2015-48 Buffer overflow with SVG content and CSS 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) @ text @$NetBSD: patch-security_manager_boot_src_CertBlocklist.cpp,v 1.1 2015/04/10 05:40:36 martin Exp $ See https://bugzilla.mozilla.org/show_bug.cgi?id=1153090 --- security/manager/boot/src/CertBlocklist.cpp.orig 2015-04-03 04:30:09.000000000 +0200 +++ security/manager/boot/src/CertBlocklist.cpp 2015-04-10 07:30:39.000000000 +0200 @@@@ -87,7 +87,7 @@@@ CertBlocklistItem::Hash() const // there's no requirement for a serial to be as large as 32 bits; if it's // smaller, fall back to the first octet (otherwise, the last four) if (serialLength >= 4) { - hash = *(uint32_t *)(mSerialData + serialLength - 4); + memcpy(&hash, mSerialData + serialLength - 4, 4); } else { hash = *mSerialData; } @ 1.1 log @Avoid a crash on alignment critical architectures @ text @d1 1 a1 1 $NetBSD$ @