Package firefox: Information
Default inline alert: Version in the repository: 112.0.2-alt0.p10.1
Source package: firefox
Version: 63.0.1-alt1
Build time: Nov 13, 2018, 10:03 PM in the task #216395
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, i586, aarch64)
firefox-debuginfo (x86_64, i586, aarch64)
rpm-build-firefox (noarch)
firefox (x86_64, i586, aarch64)
firefox-debuginfo (x86_64, i586, aarch64)
rpm-build-firefox (noarch)
Maintainer: Alexey Gladkov
Last changed
Nov. 13, 2018 Alexey Gladkov 63.0.1-alt1
- New release (63.0.1). - Fixed: + CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin + CVE-2018-12392: Crash with nested event loops + CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript + CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting + CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts + CVE-2018-12397: Missing warning prompt when WebExtension requests local file access + CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs + CVE-2018-12399: Spoofing of protocol registration notification bar + CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android + CVE-2018-12401: DOS attack through special resource URI parsing + CVE-2018-12402: SameSite cookies leak when pages are explicitly saved + CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP + CVE-2018-12388: Memory safety bugs fixed in Firefox 63 + CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Oct. 4, 2018 Alexey Gladkov 62.0.3-alt1
- New release (62.0.3). - Fixed: + CVE-2018-12386: Type confusion in JavaScript + CVE-2018-12387: A vulnerability where the JavaScript JIT compiler + CVE-2018-12385: Crash in TransportSecurityInfo due to cached data + CVE-2018-12377: Use-after-free in refresh driver timers + CVE-2018-12378: Use-after-free in IndexedDB + CVE-2018-12379: Out-of-bounds write with malicious MAR file + CVE-2017-16541: Proxy bypass using automount and autofs + CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation + CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android + CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords + CVE-2018-12375: Memory safety bugs fixed in Firefox 62 + CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
July 6, 2018 Alexey Gladkov 61.0.1-alt1
- New release (61.0.1).