ALT Linux - p11 - Maintainer - Pavel Vasenkov

New_version_with_CVE

firefox-esr-140.7.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

Jan. 14, 2026 Pavel Vasenkov:

- New ESR version.
- Security fixes:
  + CVE-2026-0877 Mitigation bypass in the DOM: Security component
  + CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
  + CVE-2026-0879 Sandbox escape due to incorrect boundary conditions in the Graphics component
  + CVE-2026-0880 Sandbox escape due to integer overflow in the Graphics component
  + CVE-2026-0882 Use-after-free in the IPC component
  + CVE-2025-14327 Spoofing issue in the Downloads Panel component
  + CVE-2026-0883 Information disclosure in the Networking component
  + CVE-2026-0884 Use-after-free in the JavaScript Engine component
  + CVE-2026-0885 Use-after-free in the JavaScript: GC component
  + CVE-2026-0886 Incorrect boundary conditions in the Graphics component
  + CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component
  + CVE-2026-0890 Spoofing issue in the DOM: Copy & Paste and Drag & Drop component
  + CVE-2026-0891 Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

New_version_with_CVE

firefox-esr-140.6.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

Dec. 10, 2025 Pavel Vasenkov:

- New ESR version.
- Security fixes:
  + CVE-2025-14321 Use-after-free in the WebRTC: Signaling component
  + CVE-2025-14322 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
  + CVE-2025-14323 Privilege escalation in the DOM: Notifications component
  + CVE-2025-14324 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14325 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14328 Privilege escalation in the Netmonitor component
  + CVE-2025-14329 Privilege escalation in the Netmonitor component
  + CVE-2025-14330 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14331 Same-origin policy bypass in the Request Handling component
  + CVE-2025-14333 Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146

New_version_with_CVE

firefox-esr-140.5.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

Nov. 14, 2025 Pavel Vasenkov:

- New ESR version.
- Security fixes:
  + CVE-2025-13012 Race condition in the Graphics component
  + CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018 Mitigation bypass in the DOM: Security component
  + CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014 Use-after-free in the Audio/Video component
  + CVE-2025-13015 Spoofing issue in Firefox
- provides x-www-browser (Closes: #44717).

New_version

jsoup-1.14.3-alt1_7jpp11

Java library for working with real-world HTML

New_version_with_CVE

firefox-esr-140.2.0-alt2

The Mozilla Firefox project is a redesign of Mozilla's browser

New_version_with_CVE

firefox-esr-128.10.1-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

New_version_with_CVE

firefox-esr-128.10.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

April 30, 2025 Pavel Vasenkov:

- New ESR version.
- Security fixes:
  + CVE-2025-2817 Privilege escalation in Firefox Updater
  + CVE-2025-4082 WebGL shader attribute memory corruption in Firefox for macOS
  + CVE-2025-4083 Process isolation bypass using "javascript:" URI links in cross-origin frames
  + CVE-2025-4084 Potential local code execution in "copy as cURL" command
  + CVE-2025-4087 Unsafe attribute access during XPath parsing
  + CVE-2025-4091 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10
  + CVE-2025-4093 Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10

New_version_with_CVE

firefox-esr-128.9.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

New_version_with_CVE

firefox-esr-128.8.1-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

New_version_with_CVE

firefox-esr-128.8.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

March 4, 2025 Pavel Vasenkov:

- New ESR version.
- Security fixes:
  + CVE-2024-43097 Overflow when growing an SkRegion's RunArray
  + CVE-2025-1930 AudioIPC StreamData could trigger a use-after-free in the Browser process
  + CVE-2025-1931 Use-after-free in WebTransportChild
  + CVE-2025-1932 Inconsistent comparator in XSLT sorting led to out-of-bounds access
  + CVE-2025-1933 JIT corruption of WASM i32 return values on 64-bit CPUs
  + CVE-2025-1934 Unexpected GC during RegExp bailout processing
  + CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar
  + CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
  + CVE-2025-1937 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  + CVE-2025-1938 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

New_version_with_CVE

firefox-esr-128.7.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

Feb. 13, 2025 Pavel Vasenkov:

- New ESR version.
- Security fixes:
  + CVE-2025-1009 Use-after-free in XSLT
  + CVE-2025-1010 Use-after-free in Custom Highlight
  + CVE-2025-1011 A bug in WebAssembly code generation could result in a crash
  + CVE-2025-1012 Use-after-free during concurrent delazification
  + CVE-2024-11704 Potential double-free vulnerability in PKCS#7 decryption handling
  + CVE-2025-1013 Potential opening of private browsing tabs in normal browsing windows
  + CVE-2025-1014 Certificate length was not properly checked
  + CVE-2025-1016 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and
  + CVE-2025-1017 Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7

New_version

firefox-esr-128.6.0-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

Jan. 9, 2025 Ajrat Makhmutov:

- New ESR version.
- Security fixes:
  + CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
  + CVE-2025-0238: Use-after-free when breaking lines in text
  + CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
  + CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module
  + CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation
  + CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6
  + CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6

New_version

firefox-esr-128.5.2-alt1

The Mozilla Firefox project is a redesign of Mozilla's browser

Maintainer Pavel Vasenkov in the p11 branch: Information

Last changes

#405113 sent by Pavel Vasenkov

#402832 sent by Pavel Vasenkov

#400131 sent by Pavel Vasenkov

#400629 sent by Pavel Vasenkov

#393714 sent by Pavel Vasenkov

#384919 sent by Pavel Vasenkov

#383010 sent by Pavel Vasenkov

#382317 sent by Pavel Vasenkov

#379707 sent by Pavel Vasenkov

#377017 sent by Pavel Vasenkov

#374623 sent by Pavel Vasenkov

#369303 sent by Pavel Vasenkov

#367404 sent by Pavel Vasenkov