Package firefox-esr

Source package: firefox-esr
Version: 60.8.0-alt0.M80C.1
Build time:  Jul 19, 2019, 02:41 PM
 in the task #234617
Category: Networking/WWW
Report package bug
License:  MPL/GPL/LGPL
Summary:  The Mozilla Firefox project is a redesign of Mozilla's browser
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.
List of rpms provided by this srpm: 
firefox-esr (x86_64, i586)
firefox-esr-debuginfo (x86_64, i586)
Last changes:
July 10, 2019 Andrey Cherepanov 60.8.0-alt0.M80C.1
- Backport new version with security fixes to c8 branch.
July 9, 2019 Andrey Cherepanov 60.8.0-alt1
- New ESR version (60.8.0).
- Fixed:
  + CVE-2019-9811 Sandbox escape via installation of malicious language pack
  + CVE-2019-11711 Script injection within domain through inner window reuse
  + CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
  + CVE-2019-11713 Use-after-free with HTTP/2 cached stream
  + CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  + CVE-2019-11715 HTML parsing error can contribute to content XSS
  + CVE-2019-11717 Caret character improperly escaped in origins
  + CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
  + CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
  + CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
July 3, 2019 Gleb Fotengauer-Malinovskiy 60.7.2-alt2
- Added ppc64le support.
- spec: cleaned up rpm-build internal macros.

Back to Top