Package firefox: Information

Source package: firefox
Version: 51.0.1-alt1
Build time:  Feb 6, 2017, 06:33 PM in the task #177393
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=f62d94b91…
Home page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Maintainer: Alexey Gladkov
List of contributors:
Alexey Gladkov
Ivan Zakharyaschev
Konstantin Lepikhov
    1. libalsa-devel
    2. libvpx-devel
    3. libwireless-devel
    4. libcurl-devel
    5. alternatives
    6. libevent-devel
    7. libshell
    8. autoconf_2.13
    9. autoconf_2.13
    10. makedepend
    11. libffi-devel
    12. libfreetype-devel
    13. glibc-kernheaders
    14. pkgconfig(nspr) >= 4.13.1
    15. pkgconfig(nss) >= 3.28.1
    16. mozilla-common-devel
    17. libstartup-notification-devel
    18. browser-plugins-npapi-devel
    19. libnotify-devel
    20. bzlib-devel
    21. libnss-devel-static
    22. gst-plugins1.0-devel
    23. gstreamer1.0-devel
    24. chrpath
    25. libgio-devel
    26. libopus-devel
    27. doxygen
    28. python-module-distribute
    29. rpm-build-mozilla.org
    30. rpm-macros-alternatives
    31. libX11-devel
    32. libGL-devel
    33. python-modules-compiler
    34. libXScrnSaver-devel
    35. python-modules-json
    36. libXcomposite-devel
    37. python-modules-logging
    38. python-modules-sqlite3
    39. libIDL-devel
    40. libXdamage-devel
    41. libXext-devel
    42. unzip
    43. libXft-devel
    44. imake
    45. libpixman-devel
    46. fontconfig-devel
    47. libXt-devel
    48. libcairo-devel
    49. libgtk+2-devel
    50. xorg-cf-files
    51. libgtk+3-devel
    52. libhunspell-devel
    53. yasm
    54. libproxy-devel
    55. gcc-c++
    56. libjpeg-devel
    57. zip
    58. zlib-devel
    59. libpulseaudio-devel
    60. libicu-devel

Last changed

Jan. 30, 2017 Alexey Gladkov 51.0.1-alt1
- New release (51.0.1).
- Fixed:
  + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
  + CVE-2017-5376: Use-after-free in XSL
  + CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
  + CVE-2017-5378: Pointer and frame data leakage of Javascript objects
  + CVE-2017-5379: Use-after-free in Web Animations
  + CVE-2017-5380: Potential use-after-free during DOM manipulations
  + CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
  + CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
  + CVE-2017-5396: Use-after-free with Media Decoder
  + CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
  + CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
  + CVE-2017-5383: Location bar spoofing with unicode characters
  + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
  + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
  + CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
  + CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
  + CVE-2017-5391: Content about: pages can load privileged about: pages
  + CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
  + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
  + CVE-2017-5395: Android location bar spoofing during scrolling
  + CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
  + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
  + CVE-2017-5374: Memory safety bugs fixed in Firefox 51
  + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
Dec. 15, 2016 Alexey Gladkov 50.1.0-alt1
- New release (50.1.0).
- Fixed:
  + CVE-2016-9894: Buffer overflow in SkiaGL
  + CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
  + CVE-2016-9895: CSP bypass using marquee tag
  + CVE-2016-9896: Use-after-free with WebVR
  + CVE-2016-9897: Memory corruption in libGLES
  + CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
  + CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
  + CVE-2016-9904: Cross-origin information leak in shared atoms
  + CVE-2016-9901: Data from Pocket server improperly sanitized before execution
  + CVE-2016-9902: Pocket extension does not validate the origin of events
  + CVE-2016-9903: XSS injection vulnerability in add-ons SDK
  + CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
  + CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
Dec. 6, 2016 Ivan Zakharyaschev 50.0.2-alt2
- Precise calculation of the dependency on libgtk symbols (ALT#32297) and
  strict verification of unresolved symbols. (Thx legion@ for the original
  hack, which had to be removed in 44.0.2-alt3, but found to be restorable
  by ruslandh@'s work on strict unresolved symbols verification in palemoon.)
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top