Package firefox: Information

    Source package: firefox
    Version: 51.0.1-alt0.M80P.1
    Build time:  Feb 7, 2017, 10:58 PM in the task #177727
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=12176bc2c…
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL/GPL/LGPL
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
    List of rpms provided by this srpm:
    firefox (x86_64, i586)
    firefox-debuginfo (x86_64, i586)
    rpm-build-firefox (noarch)
    Maintainer: Alexey Gladkov
    List of contributors:
    Andrey Cherepanov
    Alexey Gladkov
    Ivan Zakharyaschev
    Konstantin Lepikhov
      1. alternatives
      2. libwireless-devel
      3. libshell
      4. libevent-devel
      5. autoconf_2.13
      6. autoconf_2.13
      7. libffi-devel
      8. libfreetype-devel
      9. libstartup-notification-devel
      10. makedepend
      11. browser-plugins-npapi-devel
      12. glibc-kernheaders
      13. bzlib-devel
      14. chrpath
      15. mozilla-common-devel
      16. gst-plugins1.0-devel
      17. libgio-devel
      18. doxygen
      19. gstreamer1.0-devel
      20. libnotify-devel
      21. libnss-devel-static
      22. libGL-devel
      23. libopus-devel
      24. libIDL-devel
      25. pkgconfig(nspr) >= 4.13.1
      26. pkgconfig(nss) >= 3.28.1
      27. fontconfig-devel
      28. libpixman-devel
      29. libX11-devel
      30. libproxy-devel
      31. libXScrnSaver-devel
      32. imake
      33. rpm-build-mozilla.org
      34. libgtk+2-devel
      35. libgtk+3-devel
      36. libXcomposite-devel
      37. libXdamage-devel
      38. libXext-devel
      39. libXft-devel
      40. rpm-macros-alternatives
      41. python-module-distribute
      42. libXt-devel
      43. libhunspell-devel
      44. libalsa-devel
      45. gcc-c++
      46. libpulseaudio-devel
      47. libicu-devel
      48. python-modules-compiler
      49. python-modules-json
      50. unzip
      51. python-modules-logging
      52. python-modules-sqlite3
      53. libjpeg-devel
      54. xorg-cf-files
      55. yasm
      56. libcairo-devel
      57. libcurl-devel
      58. zip
      59. libvpx-devel
      60. zlib-devel

    Last changed

    Feb. 7, 2017 Andrey Cherepanov 51.0.1-alt0.M80P.1
    - Backport new version to p8 branch
    Jan. 30, 2017 Alexey Gladkov 51.0.1-alt1
    - New release (51.0.1).
- Fixed:
  + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
  + CVE-2017-5376: Use-after-free in XSL
  + CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
  + CVE-2017-5378: Pointer and frame data leakage of Javascript objects
  + CVE-2017-5379: Use-after-free in Web Animations
  + CVE-2017-5380: Potential use-after-free during DOM manipulations
  + CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
  + CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
  + CVE-2017-5396: Use-after-free with Media Decoder
  + CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
  + CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
  + CVE-2017-5383: Location bar spoofing with unicode characters
  + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
  + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
  + CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
  + CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
  + CVE-2017-5391: Content about: pages can load privileged about: pages
  + CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
  + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
  + CVE-2017-5395: Android location bar spoofing during scrolling
  + CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
  + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
  + CVE-2017-5374: Memory safety bugs fixed in Firefox 51
  + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
    Dec. 17, 2016 Andrey Cherepanov 50.1.0-alt0.M80P.1
    - Backport new version to p8 branch
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top