---
- branch: MAIN
  date: Sun Dec 18 01:31:00 UTC 2016
  files:
  - new: '1.275'
    old: '1.274'
    path: pkgsrc/www/firefox/Makefile
    pathrev: pkgsrc/www/firefox/Makefile@1.275
    type: modified
  - new: '1.114'
    old: '1.113'
    path: pkgsrc/www/firefox/PLIST
    pathrev: pkgsrc/www/firefox/PLIST@1.114
    type: modified
  - new: '1.265'
    old: '1.264'
    path: pkgsrc/www/firefox/distinfo
    pathrev: pkgsrc/www/firefox/distinfo@1.265
    type: modified
  id: 20161218T013100Z.f03eac7f52d7b71f927f103698882e0f72d6699b
  log: |
    Update to 50.1.0

    Changelog:
     #CVE-2016-9894: Buffer overflow in SkiaGL
     #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
     #CVE-2016-9895: CSP bypass using marquee tag
     #CVE-2016-9896: Use-after-free with WebVR
     #CVE-2016-9897: Memory corruption in libGLES
     #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
     #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
     #CVE-2016-9904: Cross-origin information leak in shared atoms
     #CVE-2016-9901: Data from Pocket server improperly sanitized before execution
     #CVE-2016-9902: Pocket extension does not validate the origin of events
     #CVE-2016-9903: XSS injection vulnerability in add-ons SDK
     #CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
     #CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/firefox'
  unixtime: '1482024660'
  user: ryoon