Package firefox: Information
Default inline alert: Version in the repository: 112.0.2-alt0.p10.1
Source package: firefox
Version: 58.0.2-alt1
Build time: Feb 12, 2018, 11:31 PM in the task #200448
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Maintainer: Alexey Gladkov
Last changed
Feb. 11, 2018 Alexey Gladkov 58.0.2-alt1
- New release (58.0.2). - Fixed: + CVE-2018-5091: Use-after-free with DTMF timers + CVE-2018-5092: Use-after-free in Web Workers + CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing + CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory + CVE-2018-5095: Integer overflow in Skia library during edge builder allocation + CVE-2018-5097: Use-after-free when source document is manipulated during XSLT + CVE-2018-5098: Use-after-free while manipulating form input elements + CVE-2018-5099: Use-after-free with widget listener + CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory + CVE-2018-5101: Use-after-free with floating first-letter style elements + CVE-2018-5102: Use-after-free in HTML media elements + CVE-2018-5103: Use-after-free during mouse event handling + CVE-2018-5104: Use-after-free during font face manipulation + CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts + CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker + CVE-2018-5107: Printing process will follow symlinks for local file access + CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs + CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution + CVE-2018-5110: Cursor can be made invisible on OS X + CVE-2018-5111: URL spoofing in addressbar through drag and drop + CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel + CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow + CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts + CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs + CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access + CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right + CVE-2018-5118: Activity Stream images can attempt to load local content through file: + CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers + CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar + CVE-2018-5122: Potential integer overflow in DoCrypt + CVE-2018-5090: Memory safety bugs fixed in Firefox 58 + CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 + CVE-2018-5124: Sanitize HTML fragments created for chrome-privileged documents
Jan. 6, 2018 Alexey Gladkov 57.0.4-alt1
- New release (57.0.4). - Fixed: + Speculative execution side-channel attack ("Spectre") + CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9
Dec. 8, 2017 Alexey Gladkov 57.0.1-alt2