Sisyphus repository
Last update: 2017-11-20 18:06:51 +0300 | SRPMs: 17916 | Sign in or Sign up
en ru uk br
ALT Linux repositories
hide window
Sisyphus: 52.5.0-alt1
p8: 52.5.0-alt0.M80P.1
p7: 45.9.0-alt0.M70P.1
t7: 45.9.0-alt0.M70P.1

Group :: Networking/WWW
Source RPM: firefox-esr

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR (3/6)   Repocop 

Current version: 52.5.0-alt1
Built: 4 days ago
Size: 207 MB
Repocop status: ok

Home page:   http://www.mozilla.org/projects/firefox/

License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:

The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.

Current maintainer: Andrey Cherepanov

List of contributors: ACL: List of rpms provided by this srpm:
  • firefox-esr
  • firefox-esr-debuginfo
Recent changes (last three changelog entries):

2017-11-15 Andrey Cherepanov <cas at altlinux.org> 52.5.0-alt1

    - New ESR version (52.5.0)
    - Fixes:
    + CVE-2017-7828 Use-after-free of PressShell while restyling layout
    + CVE-2017-7830 Cross-origin URL information leak through Resource
    + CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR

2017-09-29 Andrey Cherepanov <cas at altlinux.org> 52.4.0-alt1

    - New ESR version (52.4.0)
    - Fixes:
    + CVE-2017-7793 Use-after-free with Fetch API
    + CVE-2017-7818 Use-after-free during ARIA array manipulation
    + CVE-2017-7819 Use-after-free while resizing images in design mode
    + CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
    + CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
    + CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
    + CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
    + CVE-2017-7823 CSP sandbox directive did not create a unique origin
    + CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

2017-08-08 Andrey Cherepanov <cas at altlinux.org> 52.3.0-alt1

    - New ESR version (52.3.0)
    - Security fixes:
    + CVE-2017-7798: XUL injection in the style editor in devtools
    + CVE-2017-7800: Use-after-free in WebSockets during disconnection
    + CVE-2017-7801: Use-after-free with marquee during window resizing
    + CVE-2017-7809: Use-after-free while deleting attached editor DOM node
    + CVE-2017-7784: Use-after-free with image observers
    + CVE-2017-7802: Use-after-free resizing image elements
    + CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
    + CVE-2017-7786: Buffer overflow while painting non-displayable SVG
    + CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
    + CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
    + CVE-2017-7807: Domain hijacking through AppCache fallback
    + CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
    + CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
    + CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
    + CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
    + CVE-2017-7803: CSP containing 'sandbox' improperly applied
    + CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

 
© 2009–2017 Igor Zubkov