Package firefox: Information

Source package: firefox
Version: 56.0-alt1
Build time:  Oct 16, 2017, 05:35 AM in the task #190760
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=a5d81fdd9…
Home page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Maintainer: Alexey Gladkov
List of contributors:
Alexey Gladkov
Ivan Zakharyaschev
Konstantin Lepikhov
    1. libgtk+2-devel
    2. libgtk+3-devel
    3. libproxy-devel
    4. /proc
    5. libX11-devel
    6. libhunspell-devel
    7. libpulseaudio-devel
    8. libXScrnSaver-devel
    9. libXcomposite-devel
    10. fontconfig-devel
    11. /dev/shm
    12. libXdamage-devel
    13. libXext-devel
    14. libcairo-devel
    15. libXft-devel
    16. libXt-devel
    17. libjpeg-devel
    18. libvpx-devel
    19. libalsa-devel
    20. gcc-c++
    21. libcurl-devel
    22. libwireless-devel
    23. rust
    24. libshell
    25. rust-cargo
    26. libevent-devel
    27. libffi-devel
    28. llvm4.0
    29. llvm4.0-devel
    30. llvm4.0-libs
    31. libfreetype-devel
    32. alternatives
    33. libstartup-notification-devel
    34. rpm-build-mozilla.org
    35. pkgconfig(nspr) >= 4.17
    36. pkgconfig(nss) >= 3.33.0
    37. rpm-macros-alternatives
    38. autoconf_2.13
    39. autoconf_2.13
    40. mozilla-common-devel
    41. unzip
    42. libgio-devel
    43. browser-plugins-npapi-devel
    44. bzlib-devel
    45. python-module-distribute
    46. python-module-pip
    47. xorg-cf-files
    48. chrpath
    49. clang4.0
    50. clang4.0-devel
    51. libnotify-devel
    52. yasm
    53. libnss-devel-static
    54. python-modules-compiler
    55. zip
    56. python-modules-json
    57. zlib-devel
    58. python-modules-logging
    59. gst-plugins1.0-devel
    60. libGL-devel
    61. python-modules-sqlite3
    62. gstreamer1.0-devel
    63. libpixman-devel
    64. libopus-devel

Last changed

Oct. 8, 2017 Alexey Gladkov 56.0-alt1
- New release (56.0).
- Fixed:
  + CVE-2017-7793: Use-after-free with Fetch API
  + CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode
  + CVE-2017-7818: Use-after-free during ARIA array manipulation
  + CVE-2017-7819: Use-after-free while resizing images in design mode
  + CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
  + CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
  + CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files
  + CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
  + CVE-2017-7813: Integer truncation in the JavaScript parser
  + CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces
  + CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations
  + CVE-2017-7816: WebExtensions can load about: URLs in extension UI
  + CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction
  + CVE-2017-7823: CSP sandbox directive did not create a unique origin
  + CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV
  + CVE-2017-7820: Xray wrapper bypass with new tab and web console
  + CVE-2017-7811: Memory safety bugs fixed in Firefox 56
  + CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
Aug. 29, 2017 Alexey Gladkov 55.0.3-alt1
- New release (55.0.3).
Aug. 13, 2017 Alexey Gladkov 55.0.1-alt1
- New release (55.0.1).
- Fixed:
  + CVE-2017-7798: XUL injection in the style editor in devtools
  + CVE-2017-7800: Use-after-free in WebSockets during disconnection
  + CVE-2017-7801: Use-after-free with marquee during window resizing
  + CVE-2017-7809: Use-after-free while deleting attached editor DOM node
  + CVE-2017-7784: Use-after-free with image observers
  + CVE-2017-7802: Use-after-free resizing image elements
  + CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
  + CVE-2017-7786: Buffer overflow while painting non-displayable SVG
  + CVE-2017-7806: Use-after-free in layer manager with SVG
  + CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
  + CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
  + CVE-2017-7807: Domain hijacking through AppCache fallback
  + CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
  + CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
  + CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
  + CVE-2017-7808: CSP information leak with frame-ancestors containing paths
  + CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
  + CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
  + CVE-2017-7794: Linux file truncation via sandbox broker
  + CVE-2017-7803: CSP containing 'sandbox' improperly applied
  + CVE-2017-7799: Self-XSS XUL injection in about:webrtc
  + CVE-2017-7783: DOS attack through long username in URL
  + CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
  + CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
  + CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
  + CVE-2017-7796: Windows updater can delete any file named update.log
  + CVE-2017-7797: Response header name interning leaks across origins
  + CVE-2017-7780: Memory safety bugs fixed in Firefox 55
  + CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top