Package firefox-esr

Source package: firefox-esr
Version: 91.9.0-alt0.c9.1
Build time:  May 13, 2022, 02:31 PM
 in the task #299807
Category: Networking/WWW
Report package bug
License:  MPL-2.0
Summary:  The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
List of rpms provided by this srpm: 
firefox-esr (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-config-privacy (noarch)
firefox-esr-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-wayland (noarch)
Last changes:
May 11, 2022 Pavel Vasenkov 91.9.0-alt0.c9.1
- Backport new version with security fixes.
May 4, 2022 Pavel Vasenkov 91.9.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-29914 Fullscreen notification bypass using popups
  + CVE-2022-29909 Bypassing permission prompt in nested browsing contexts
  + CVE-2022-29916 Leaking browser history with CSS variables
  + CVE-2022-29911 iframe Sandbox bypass
  + CVE-2022-29912 Reader mode bypassed SameSite cookies
  + CVE-2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
April 6, 2022 Pavel Vasenkov 91.8.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-1097 Use-after-free in NSSToken objects
  + CVE-2022-28281 Out of bounds write due to unexpected WebAuthN Extensions
  + CVE-2022-1196 Use-after-free after VR Process destruction
  + CVE-2022-28282 Use-after-free in DocumentL10n::TranslateDocument
  + CVE-2022-28285 Incorrect AliasSet used in JIT Codegen
  + CVE-2022-28286 iframe contents could be rendered outside the border
  + CVE-2022-24713 Denial of Service via complex regular expressions
  + CVE-2022-28289 Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

Back to Top