Package firefox-wayland: Information

    Binary package: firefox-wayland
    Version: 87.0-alt1
    Architecture: x86_64
    Build time:  Mar 24, 2021, 05:52 PM in the task #268304
    Source package: firefox
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=402ddeb52…
    Build log: https://git.altlinux.org/tasks/268304/build/400/x86_64/log
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL-2.0
    Summary: Firefox Wayland launcher.
    Description: 
    The firefox-wayland package contains launcher and desktop file
to run Firefox natively on Wayland.
    Maintainer: Alexey Gladkov
    List of contributors:
    Alexey Gladkov
    Sergey Bolshakov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    Konstantin Lepikhov

    Last changed

    March 24, 2021 Alexey Gladkov 87.0-alt1
    - New release (87.0).
- Security fixes:
  + CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
  + CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
  + CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
  + CVE-2021-23984: Malicious extensions could have spoofed popup information
  + CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
  + CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations
  + CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  + CVE-2021-23988: Memory safety bugs fixed in Firefox 87
    March 1, 2021 Alexey Gladkov 86.0-alt1
    - New release (86.0).
- Security fixes:
  + CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
  + CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
  + CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
  + CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
  + CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
  + CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
  + CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
  + CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
  + CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
  + CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
  + CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
  + CVE-2021-23979: Memory safety bugs fixed in Firefox 86
    Feb. 9, 2021 Alexey Gladkov 85.0.2-alt1
    - New release (85.0.2).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top