Package firefox-esr-config-privacy: Information

Binary package: firefox-esr-config-privacy
Version: 115.10.0-alt1
Architecture: x86_64
Build time:  Apr 23, 2024, 07:08 PM in the task #345277
Source package: firefox-esr
Category: System/Configuration/Networking
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=77e1e…
Download: firefox-esr-config-privacy-115.10.0-alt1.x86_64.rpm
Build log: https://git.altlinux.org/tasks/345277/build/100/x86_64/log
Home page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: Firefox configuration with the paranoid privacy settings
Description: 
Settings disable:
* obsolete ssl protocols;
* safebrowsing, trackingprotection and other requests to third-party services;
* telemetry;
* webrtc;
* the social features;
* dns and network predictors/prefetch;
* and some more...

Most likely you don't need to use this package.
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev

Last changed

April 16, 2024 Pavel Vasenkov 115.10.0-alt1
- New ESR version.
- Security fixes
  + CVE-2024-3852 GetBoundName in the JIT returned the wrong object
  + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement
  + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection
  + CVE-2024-2609 Permission prompt input delay could expire when not in focus
  + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move
  + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows
  + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames
  + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
April 3, 2024 Pavel Vasenkov 115.9.1-alt1
- New ESR version.
- Security fixes
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
  + CVE-2024-29944 Privileged JavaScript Execution via Event Handlers
March 7, 2024 Andrey Cherepanov 115.8.0-alt2
- Use maximize icon for CSD restore button missing in some themes (ALT #49606).
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top