Package firefox-esr: Information

    Source package: firefox-esr
    Version: 115.16.1-alt0.c10.1
    Build time:  Nov 7, 2024, 05:06 PM in the task #361475
    Category: Networking/WWW
    Report package bug
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
    written using the XUL user interface language and designed to be
    cross-platform.

    List of RPM packages built from this SRPM:
    firefox-esr (x86_64, i586, aarch64)
    firefox-esr-config-privacy (x86_64, i586, aarch64)
    firefox-esr-debuginfo (x86_64, i586, aarch64)
    firefox-esr-wayland (x86_64, i586, aarch64)

    Maintainer: Andrey Cherepanov


      1. pkgconfig(fontconfig)
      2. pkgconfig(freetype2)
      3. pkgconfig(gio-2.0)
      4. /dev/shm
      5. pkgconfig(graphite2)
      6. pkgconfig(gtk+-2.0)
      7. pkgconfig(gtk+-3.0)
      8. libcairo-devel
      9. pkgconfig(harfbuzz)
      10. pkgconfig(hunspell)
      11. pkgconfig(icu-i18n)
      12. pkgconfig(libcurl)
      13. pkgconfig(libdrm)
      14. pkgconfig(libevent)
      15. pkgconfig(libffi)
      16. /proc
      17. pkgconfig(libjpeg)
      18. pkgconfig(libnotify)
      19. pkgconfig(libproxy-1.0)
      20. pkgconfig(libpulse)
      21. libcurl-devel
      22. pkgconfig(libstartup-notification-1.0)
      23. pkgconfig(nspr) >= 4.35
      24. pkgconfig(nss) >= 3.86
      25. pkgconfig(opus)
      26. pkgconfig(pixman-1)
      27. libdav1d-devel
      28. pkgconfig(vpx)
      29. libdbus-devel
      30. libdbus-glib-devel
      31. pkgconfig(x11)
      32. pkgconfig(xcomposite)
      33. pkgconfig(xcursor)
      34. pkgconfig(xdamage)
      35. pkgconfig(xext)
      36. pkgconfig(xft)
      37. pkgconfig(xi)
      38. pkgconfig(xkbcommon)
      39. pkgconfig(xrandr)
      40. pkgconfig(xscrnsaver)
      41. pkgconfig(xt)
      42. pkgconfig(xtst)
      43. pkgconfig(zlib)
      44. libdrm-devel
      45. libevent-devel
      46. libffi-devel
      47. alternatives
      48. libfreetype-devel
      49. autoconf_2.13
      50. autoconf_2.13
      51. fontconfig-devel
      52. libgio-devel
      53. python3(click)
      54. browser-plugins-npapi-devel
      55. bzlib-devel
      56. libgtk+2-devel
      57. libgtk+3-devel
      58. chrpath
      59. clang15.0
      60. clang15.0-devel
      61. python3(curses)
      62. libhunspell-devel
      63. libjpeg-devel
      64. glibc-kernheaders-generic
      65. python3(hamcrest)
      66. gst-plugins1.0-devel
      67. gstreamer1.0-devel
      68. libnotify-devel
      69. python3(imp)
      70. libnss-devel-static
      71. libopus-devel
      72. libpixman-devel
      73. libproxy-devel
      74. rpm-build-mozilla.org
      75. libpulseaudio-devel
      76. rpm-macros-alternatives
      77. libshell
      78. python3(pip)
      79. libGL-devel
      80. libstartup-notification-devel
      81. libstdc++-devel
      82. python3(setuptools)
      83. python3(sqlite3)
      84. libvpx-devel
      85. libwireless-devel
      86. libX11-devel
      87. python3-base
      88. libXScrnSaver-devel
      89. libXcomposite-devel
      90. libxkbcommon-devel
      91. libXcursor-devel
      92. libXdamage-devel
      93. libXext-devel
      94. libXft-devel
      95. libXi-devel
      96. libXt-devel
      97. libalsa-devel
      98. lld15.0-devel
      99. libaom-devel
      100. llvm15.0-devel
      101. mozilla-common-devel
      102. nasm
      103. node
      104. rust-cargo >= 1.65.0
      105. xorg-cf-files
      106. unzip
      107. yasm
      108. pkgconfig(alsa)
      109. pkgconfig(aom)
      110. pkgconfig(bzip2)
      111. pkgconfig(cairo)
      112. rust >= 1.65.0
      113. pkgconfig(dav1d)
      114. pkgconfig(dbus-1)
      115. pkgconfig(dbus-glib-1)
      116. pkgconfig(dri)
      117. zip
      118. zlib-devel

    Last changed


    Oct. 28, 2024 Pavel Vasenkov 115.16.1-alt0.c10.1
    - Backport new version to c10 branch.
    Oct. 28, 2024 Pavel Vasenkov 115.16.1-alt1
    - New ESR version.
    - Security fixes
      + CVE-2024-5702 Use-after-free in networking
      + CVE-2024-5688 Use-after-free in JavaScript object transplant
      + CVE-2024-5690 External protocol handlers leaked by timing attack
      + CVE-2024-5691 Sandboxed iframes were able to bypass sandbox restrictions to open a new window
      + CVE-2024-5692 Bypass of file name restrictions during saving
      + CVE-2024-5693 Cross-Origin Image leak via Offscreen Canvas
      + CVE-2024-5696 Memory Corruption in Text Fragments
      + CVE-2024-5700 Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
      + CVE-2024-7652 Type Confusion in Async Generators in Javascript Engine
      + CVE-2024-6600 Memory corruption in WebGL API
      + CVE-2024-6601 Race condition in permission assignment
      + CVE-2024-6602 Memory corruption in NSS
      + CVE-2024-6603 Memory corruption in thread creation
      + CVE-2024-6604 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13
      + CVE-2024-7519 Out of bounds memory access in graphics shared memory handling
      + CVE-2024-7521 Incomplete WebAssembly exception handing
      + CVE-2024-7522 Out of bounds read in editor component
      + CVE-2024-7525 Missing permission check when creating a StreamFilter
      + CVE-2024-7526 Uninitialized memory used by WebGL
      + CVE-2024-7527 Use-after-free in JavaScript garbage collection
      + CVE-2024-7529 Document content could partially obscure security prompts
      + CVE-2024-8381 Type confusion when looking up a property name in a "with" block
      + CVE-2024-8382 Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
      + CVE-2024-8384 Garbage collection could mis-color cross-compartment objects in OOM conditions
      + CVE-2024-9392 Compromised content process can bypass site isolation
      + CVE-2024-9393 Cross-origin access to PDF contents through multipart responses
      + CVE-2024-9394 Cross-origin access to JSON contents through multipart responses
      + CVE-2024-9401 Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
      + CVE-2024-9680 Use-after-free in Animation timeline
    May 19, 2024 Pavel Vasenkov 115.11.0-alt1
    - New ESR version.
    - Security fixes
      + CVE-2024-4367 Arbitrary JavaScript execution in PDF.js
      + CVE-2024-4767 IndexedDB files retained in private browsing mode
      + CVE-2024-4768 Potential permissions request bypass via clickjacking
      + CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types
      + CVE-2024-4770 Use-after-free could occur when printing to PDF
      + CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11