Package firefox: Information

    Binary package: firefox
    Version: 63.0.1-alt1
    Architecture: i586
    Build time:  Nov 13, 2018, 10:03 PM in the task #216395
    Source package: firefox
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=b0e16664d…
    Build log: https://git.altlinux.org/tasks/216395/build/400/i586/log
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL/GPL/LGPL
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
    Maintainer: Alexey Gladkov
    List of contributors:
    Alexey Gladkov
    Ivan Zakharyaschev
    Konstantin Lepikhov

    Last changed

    Nov. 13, 2018 Alexey Gladkov 63.0.1-alt1
    - New release (63.0.1).
- Fixed:
  + CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
  + CVE-2018-12392: Crash with nested event loops
  + CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
  + CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
  + CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
  + CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
  + CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
  + CVE-2018-12399: Spoofing of protocol registration notification bar
  + CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
  + CVE-2018-12401: DOS attack through special resource URI parsing
  + CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
  + CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
  + CVE-2018-12388: Memory safety bugs fixed in Firefox 63
  + CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
    Oct. 4, 2018 Alexey Gladkov 62.0.3-alt1
    - New release (62.0.3).
- Fixed:
  + CVE-2018-12386: Type confusion in JavaScript
  + CVE-2018-12387: A vulnerability where the JavaScript JIT compiler
  + CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
  + CVE-2018-12377: Use-after-free in refresh driver timers
  + CVE-2018-12378: Use-after-free in IndexedDB
  + CVE-2018-12379: Out-of-bounds write with malicious MAR file
  + CVE-2017-16541: Proxy bypass using automount and autofs
  + CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
  + CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android
  + CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
  + CVE-2018-12375: Memory safety bugs fixed in Firefox 62
  + CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
    July 6, 2018 Alexey Gladkov 61.0.1-alt1
    - New release (61.0.1).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top