Package firefox-esr: Information

Source package: firefox-esr
Version: 52.4.0-alt1
Build time:  Sep 30, 2017, 01:14 PM in the task #189704
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=31e9b…
Home page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.
List of rpms provided by this srpm:
firefox-esr (x86_64, i586)
firefox-esr-debuginfo (x86_64, i586)
Maintainer: Andrey Cherepanov
List of contributors:
Andrey Cherepanov
Ivan Zakharyaschev
    1. doxygen
    2. libgtk+2-devel
    3. libgtk+3-devel
    4. libproxy-devel
    5. libX11-devel
    6. libhunspell-devel
    7. libXScrnSaver-devel
    8. libXcomposite-devel
    9. libXdamage-devel
    10. libXext-devel
    11. libXft-devel
    12. libXt-devel
    13. libjpeg-devel
    14. imake
    15. libpulseaudio-devel
    16. libalsa-devel
    17. libvpx-devel
    18. fontconfig-devel
    19. libcairo-devel
    20. libwireless-devel
    21. gcc-c++
    22. libcurl-devel
    23. libshell
    24. pkgconfig(nspr) >= 4.15
    25. pkgconfig(nss) >= 3.31.0
    26. alternatives
    27. libevent-devel
    28. rpm-build-mozilla.org
    29. autoconf_2.13
    30. autoconf_2.13
    31. libstartup-notification-devel
    32. rpm-macros-alternatives
    33. libffi-devel
    34. makedepend
    35. python-module-distribute
    36. libfreetype-devel
    37. python-modules-compiler
    38. python-modules-json
    39. python-modules-logging
    40. python-modules-sqlite3
    41. browser-plugins-npapi-devel
    42. bzlib-devel
    43. mozilla-common-devel
    44. chrpath
    45. libnotify-devel
    46. libnss-devel-static
    47. libgio-devel
    48. unzip
    49. yasm
    50. xorg-cf-files
    51. zip
    52. zlib-devel
    53. glibc-kernheaders
    54. libGL-devel
    55. libIDL-devel
    56. libopus-devel
    57. libpixman-devel
    58. gst-plugins1.0-devel
    59. gstreamer1.0-devel

Last changed

Sept. 29, 2017 Andrey Cherepanov 52.4.0-alt1
- New ESR version (52.4.0)
- Fixes:
  + CVE-2017-7793 Use-after-free with Fetch API
  + CVE-2017-7818 Use-after-free during ARIA array manipulation
  + CVE-2017-7819 Use-after-free while resizing images in design mode
  + CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
  + CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
  + CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
  + CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
  + CVE-2017-7823 CSP sandbox directive did not create a unique origin
  + CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
Aug. 8, 2017 Andrey Cherepanov 52.3.0-alt1
- New ESR version (52.3.0)
- Security fixes:
  + CVE-2017-7798: XUL injection in the style editor in devtools
  + CVE-2017-7800: Use-after-free in WebSockets during disconnection
  + CVE-2017-7801: Use-after-free with marquee during window resizing
  + CVE-2017-7809: Use-after-free while deleting attached editor DOM node
  + CVE-2017-7784: Use-after-free with image observers
  + CVE-2017-7802: Use-after-free resizing image elements
  + CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
  + CVE-2017-7786: Buffer overflow while painting non-displayable SVG
  + CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
  + CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
  + CVE-2017-7807: Domain hijacking through AppCache fallback
  + CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
  + CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
  + CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
  + CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
  + CVE-2017-7803: CSP containing 'sandbox' improperly applied
  + CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
July 11, 2017 Andrey Cherepanov 52.2.1-alt1
- New ESR version (52.2.1)
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top