Package firefox-esr: Information

    Source package: firefox-esr
    Version: 91.5.0-alt0.c9.1
    Build time:  Jan 28, 2022, 08:22 PM in the task #293347
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=f256b…
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
    List of rpms provided by this srpm:
    firefox-esr (x86_64, ppc64le, i586, armh, aarch64)
    firefox-esr-config-privacy (noarch)
    firefox-esr-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
    firefox-esr-wayland (noarch)
    Maintainer: Andrey Cherepanov
    List of contributors:
    Andrey Cherepanov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
      1. libXdamage-devel
      2. libpulseaudio-devel
      3. libXext-devel
      4. libcairo-devel
      5. libjpeg-devel
      6. libXft-devel
      7. libXi-devel
      8. libvpx-devel
      9. libXt-devel
      10. python3-base
      11. /dev/shm
      12. libcurl-devel
      13. libdav1d-devel
      14. libalsa-devel
      15. libwireless-devel
      16. libdbus-devel
      17. libaom-devel
      18. python3-module-pip
      19. libdbus-glib-devel
      20. python3-module-setuptools
      21. python3-modules-sqlite3
      22. alternatives
      23. libxkbcommon-devel
      24. libdrm-devel
      25. libshell
      26. autoconf_2.13
      27. autoconf_2.13
      28. libevent-devel
      29. rust >= 1.54.0
      30. /proc
      31. rust-cargo >= 1.54.0
      32. libffi-devel
      33. browser-plugins-npapi-devel
      34. libfreetype-devel
      35. bzlib-devel
      36. chrpath
      37. clang11.0
      38. clang11.0-devel
      39. lld11.0-devel
      40. llvm11.0-devel
      41. libstartup-notification-devel
      42. libstdc++-devel
      43. pkgconfig(nspr) >= 4.32
      44. pkgconfig(nss) >= 3.69.0
      45. libgio-devel
      46. unzip
      47. rpm-build-mozilla.org
      48. mozilla-common-devel
      49. rpm-macros-alternatives
      50. xorg-cf-files
      51. libnotify-devel
      52. libnss-devel-static
      53. gst-plugins1.0-devel
      54. yasm
      55. nasm
      56. gstreamer1.0-devel
      57. zip
      58. zlib-devel
      59. node
      60. libgtk+2-devel
      61. libgtk+3-devel
      62. libopus-devel
      63. fontconfig-devel
      64. libGL-devel
      65. libhunspell-devel
      66. python-module-setuptools
      67. libpixman-devel
      68. libX11-devel
      69. libXScrnSaver-devel
      70. libXcomposite-devel
      71. python-modules-compiler
      72. libXcursor-devel
      73. python-modules-json
      74. python-modules-logging
      75. libproxy-devel
      76. python-modules-sqlite3

    Last changed

    Jan. 12, 2022 Andrey Cherepanov 91.5.0-alt0.c9.1
    - Backport new version with security fixes.
    Jan. 11, 2022 Andrey Cherepanov 91.5.0-alt1
    - New ESR version.
- Security fixes:
  + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
  + CVE-2022-22743 Browser window spoof using fullscreen mode
  + CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
  + CVE-2022-22741 Browser window spoof using fullscreen mode
  + CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
  + CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
  + CVE-2022-22737 Race condition when playing audio files
  + CVE-2021-4140 Iframe sandbox bypass with XSLT
  + CVE-2022-22748 Spoofed origin on external protocol launch dialog
  + CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
  + CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
  + CVE-2022-22747 Crash when handling empty pkcs7 sequence
  + CVE-2022-22739 Missing throttling on external protocol launch dialog
  + CVE-2022-22751 Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
    Dec. 17, 2021 Andrey Cherepanov 91.4.1-alt1
    - New ESR version.
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top