Package firefox-esr-config-privacy: Information
Default inline alert: Version in the repository: 115.11.0-alt1
Binary package: firefox-esr-config-privacy
Version: 115.6.0-alt1
Architecture: aarch64
Build time: Dec 28, 2023, 10:30 PM in the task #336859
Source package: firefox-esr
Category: System/Configuration/Networking
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: Firefox configuration with the paranoid privacy settings
Description:
Settings disable: * obsolete ssl protocols; * safebrowsing, trackingprotection and other requests to third-party services; * telemetry; * webrtc; * the social features; * dns and network predictors/prefetch; * and some more... Most likely you don't need to use this package.
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Alexey Sheplyakov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Pavel Vasenkov
Alexey Sheplyakov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Last changed
Dec. 20, 2023 Pavel Vasenkov 115.6.0-alt1
- New ESR version. - Security fixes + CVE-2023-6856 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + CVE-2023-6865 Potential exposure of uninitialized data in EncryptingOutputStream + CVE-2023-6857 Symlinks may resolve to smaller than expected buffers + CVE-2023-6858 Heap buffer overflow in nsTextFragment + CVE-2023-6859 Use-after-free in PR_GetIdentitiesLayer + CVE-2023-6860 Potential sandbox escape due to VideoBridge lack of texture validation + CVE-2023-6867 Clickjacking permission prompts using the popup transition + CVE-2023-6861 Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode + CVE-2023-6862 Use-after-free in nsDNSService + CVE-2023-6863 Undefined behavior in ShutdownObserver() + CVE-2023-6864 Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
Nov. 23, 2023 Pavel Vasenkov 115.5.0-alt1
- New ESR version. - Security fixes + CVE-2023-6204 Out-of-bound memory access in WebGL2 blitFramebuffer + CVE-2023-6205 Use-after-free in MessagePort::Entangled + CVE-2023-6206 Clickjacking permission prompts using the fullscreen transition + CVE-2023-6207 Use-after-free in ReadableByteStreamQueueEntry::Buffer + CVE-2023-6208 Using Selection API would copy contents into X11 primary selection. + CVE-2023-6209 Incorrect parsing of relative URLs starting with "///" + CVE-2023-6212 Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Nov. 2, 2023 Pavel Vasenkov 115.4.0-alt1
- New ESR version. - Security fixes + CVE-2023-5721 Queued up rendering could have allowed websites to clickjack + CVE-2023-5732 Address bar spoofing via bidirectional characters + CVE-2023-5724 Large WebGL draw could have led to a crash + CVE-2023-5725 WebExtensions could open arbitrary URLs + CVE-2023-5726 Full screen notification obscured by file open dialog on macOS + CVE-2023-5727 Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows + CVE-2023-5728 Improper object tracking during GC in the JavaScript engine could have led to a crash. + CVE-2023-5730 Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1