Sisyphus repository
Last update: 2018-06-19 02:05:52 +0400 | SRPMs: 18566 | Sign in or Sign up
en ru uk br
ALT Linux repositories
hide window
Sisyphus: 60.0.2-alt2
p8: 52.8.0-alt0.M80P.1
p7: 45.9.0-alt0.M70P.1
t7: 45.9.0-alt0.M70P.1

Group :: Networking/WWW
Source RPM: firefox-esr

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR (3/8)   Repocop 

Current version: 60.0.2-alt2
Built: about 16 hours ago
Size: 258 MB
Repocop status: skip

Home page:   http://www.mozilla.org/projects/firefox/

License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:

The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.

Current maintainer: Andrey Cherepanov

List of contributors: ACL: List of rpms provided by this srpm:
  • firefox-esr
  • firefox-esr-debuginfo
Recent changes (last three changelog entries):

2018-06-18 Andrey Cherepanov <cas at altlinux.org> 60.0.2-alt2

    - Fix build for aarch64 (thanks legion@).

2018-06-11 Andrey Cherepanov <cas at altlinux.org> 60.0.2-alt1

    - New ESR version (60.0.2).
    - Fixed:
    + CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia

2018-06-05 Andrey Cherepanov <cas at altlinux.org> 60.0.1-alt1

    - New ESR version (60.0.1).
    - Fixed:
    + CVE-2018-5154: Use-after-free with SVG animations and clip paths
    + CVE-2018-5155: Use-after-free with SVG animations and text paths
    + CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
    + CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
    + CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
    + CVE-2018-5160: Uninitialized memory use by WebRTC encoder
    + CVE-2018-5152: WebExtensions information leak through webRequest API
    + CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
    + CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
    + CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
    + CVE-2018-5166: WebExtension host permission bypass through filterReponseData
    + CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
    + CVE-2018-5168: Lightweight themes can be installed without user interaction
    + CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
    + CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
    + CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
    + CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
    + CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
    + CVE-2018-5176: JSON Viewer script injection
    + CVE-2018-5177: Buffer overflow in XSLT during number formatting
    + CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
    + CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
    + CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
    + CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
    + CVE-2018-5151: Memory safety bugs fixed in Firefox 60
    + CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

 
© 2009–2018 Igor Zubkov