Package firefox-esr: Information
Default inline alert: Version in the repository: 115.10.0-alt1
Source package: firefox-esr
Version: 115.6.0-alt1
Build time: Dec 28, 2023, 10:30 PM in the task #336859
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox-esr (x86_64, i586, armh, aarch64)
firefox-esr-config-privacy (x86_64, i586, armh, aarch64)
firefox-esr-debuginfo (x86_64, i586, armh, aarch64)
firefox-esr-wayland (x86_64, i586, armh, aarch64)
firefox-esr (x86_64, i586, armh, aarch64)
firefox-esr-config-privacy (x86_64, i586, armh, aarch64)
firefox-esr-debuginfo (x86_64, i586, armh, aarch64)
firefox-esr-wayland (x86_64, i586, armh, aarch64)
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Alexey Sheplyakov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Pavel Vasenkov
Alexey Sheplyakov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Last changed
Dec. 20, 2023 Pavel Vasenkov 115.6.0-alt1
- New ESR version. - Security fixes + CVE-2023-6856 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + CVE-2023-6865 Potential exposure of uninitialized data in EncryptingOutputStream + CVE-2023-6857 Symlinks may resolve to smaller than expected buffers + CVE-2023-6858 Heap buffer overflow in nsTextFragment + CVE-2023-6859 Use-after-free in PR_GetIdentitiesLayer + CVE-2023-6860 Potential sandbox escape due to VideoBridge lack of texture validation + CVE-2023-6867 Clickjacking permission prompts using the popup transition + CVE-2023-6861 Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode + CVE-2023-6862 Use-after-free in nsDNSService + CVE-2023-6863 Undefined behavior in ShutdownObserver() + CVE-2023-6864 Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
Nov. 23, 2023 Pavel Vasenkov 115.5.0-alt1
- New ESR version. - Security fixes + CVE-2023-6204 Out-of-bound memory access in WebGL2 blitFramebuffer + CVE-2023-6205 Use-after-free in MessagePort::Entangled + CVE-2023-6206 Clickjacking permission prompts using the fullscreen transition + CVE-2023-6207 Use-after-free in ReadableByteStreamQueueEntry::Buffer + CVE-2023-6208 Using Selection API would copy contents into X11 primary selection. + CVE-2023-6209 Incorrect parsing of relative URLs starting with "///" + CVE-2023-6212 Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Nov. 2, 2023 Pavel Vasenkov 115.4.0-alt1
- New ESR version. - Security fixes + CVE-2023-5721 Queued up rendering could have allowed websites to clickjack + CVE-2023-5732 Address bar spoofing via bidirectional characters + CVE-2023-5724 Large WebGL draw could have led to a crash + CVE-2023-5725 WebExtensions could open arbitrary URLs + CVE-2023-5726 Full screen notification obscured by file open dialog on macOS + CVE-2023-5727 Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows + CVE-2023-5728 Improper object tracking during GC in the JavaScript engine could have led to a crash. + CVE-2023-5730 Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1