Package firefox-esr: Information
Source package: firefox-esr
Version: 115.16.1-alt0.c10.1
Build time: Nov 7, 2024, 05:06 PM in the task #361475
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of RPM packages built from this SRPM:
firefox-esr (x86_64, i586, aarch64)
firefox-esr-config-privacy (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
firefox-esr-wayland (x86_64, i586, aarch64)
firefox-esr (x86_64, i586, aarch64)
firefox-esr-config-privacy (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
firefox-esr-wayland (x86_64, i586, aarch64)
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Last changed
Oct. 28, 2024 Pavel Vasenkov 115.16.1-alt0.c10.1
- Backport new version to c10 branch.
Oct. 28, 2024 Pavel Vasenkov 115.16.1-alt1
- New ESR version. - Security fixes + CVE-2024-5702 Use-after-free in networking + CVE-2024-5688 Use-after-free in JavaScript object transplant + CVE-2024-5690 External protocol handlers leaked by timing attack + CVE-2024-5691 Sandboxed iframes were able to bypass sandbox restrictions to open a new window + CVE-2024-5692 Bypass of file name restrictions during saving + CVE-2024-5693 Cross-Origin Image leak via Offscreen Canvas + CVE-2024-5696 Memory Corruption in Text Fragments + CVE-2024-5700 Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 + CVE-2024-7652 Type Confusion in Async Generators in Javascript Engine + CVE-2024-6600 Memory corruption in WebGL API + CVE-2024-6601 Race condition in permission assignment + CVE-2024-6602 Memory corruption in NSS + CVE-2024-6603 Memory corruption in thread creation + CVE-2024-6604 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13 + CVE-2024-7519 Out of bounds memory access in graphics shared memory handling + CVE-2024-7521 Incomplete WebAssembly exception handing + CVE-2024-7522 Out of bounds read in editor component + CVE-2024-7525 Missing permission check when creating a StreamFilter + CVE-2024-7526 Uninitialized memory used by WebGL + CVE-2024-7527 Use-after-free in JavaScript garbage collection + CVE-2024-7529 Document content could partially obscure security prompts + CVE-2024-8381 Type confusion when looking up a property name in a "with" block + CVE-2024-8382 Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran + CVE-2024-8384 Garbage collection could mis-color cross-compartment objects in OOM conditions + CVE-2024-9392 Compromised content process can bypass site isolation + CVE-2024-9393 Cross-origin access to PDF contents through multipart responses + CVE-2024-9394 Cross-origin access to JSON contents through multipart responses + CVE-2024-9401 Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 + CVE-2024-9680 Use-after-free in Animation timeline
May 19, 2024 Pavel Vasenkov 115.11.0-alt1
- New ESR version. - Security fixes + CVE-2024-4367 Arbitrary JavaScript execution in PDF.js + CVE-2024-4767 IndexedDB files retained in private browsing mode + CVE-2024-4768 Potential permissions request bypass via clickjacking + CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types + CVE-2024-4770 Use-after-free could occur when printing to PDF + CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11