Package firefox-esr

Source package: firefox-esr
Version: 60.7.0-alt0.M80C.1
Build time:  Jul 2, 2019, 05:45 PM
 in the task #228967
Category: Networking/WWW
Report package bug
License:  MPL/GPL/LGPL
Summary:  The Mozilla Firefox project is a redesign of Mozilla's browser
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.
List of rpms provided by this srpm: 
firefox-esr (x86_64, i586)
firefox-esr-debuginfo (x86_64, i586)
Maintainer: Andrey Cherepanov
List of contributors: 
Andrey Cherepanov
Ivan Zakharyaschev
Last changes:
May 22, 2019 Andrey Cherepanov 60.7.0-alt0.M80C.1
- Backport new version to c8 branch.
May 21, 2019 Andrey Cherepanov 60.7.0-alt1
- New ESR version (60.7.0).
- Fixed:
  + CVE-2019-9815 Disable hyperthreading on content JavaScript threads on macOS
  + CVE-2019-9816 Type confusion with object groups and UnboxedObjects
  + CVE-2019-9817 Stealing of cross-domain images using canvas
  + CVE-2019-9818 Use-after-free in crash generation server
  + CVE-2019-9819 Compartment mismatch with fetch API
  + CVE-2019-9820 Use-after-free of ChromeEventHandler by DocShell
  + CVE-2019-11691 Use-after-free in XMLHttpRequest
  + CVE-2019-11692 Use-after-free removing listeners in the event listener manager
  + CVE-2019-11693 Buffer overflow in WebGL bufferdata on Linux
  + CVE-2019-7317 Use-after-free in png_image_free of libpng library
  + CVE-2019-9797 Cross-origin theft of images with createImageBitmap
  + CVE-2018-18511 Cross-origin theft of images with ImageBitmapRenderingContext
  + CVE-2019-11694 Uninitialized memory memory leakage in Windows sandbox
  + CVE-2019-11698 Theft of user history data through drag and drop of hyperlinks to and from bookmarks
  + CVE-2019-5798 Out-of-bounds read in Skia
  + CVE-2019-9800 Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
May 5, 2019 Andrey Cherepanov 60.6.2-alt0.M80C.1
- Backport new version to c8 branch.

Back to Top