Package firefox: Information

    Source package: firefox
    Version: 68.0.1-alt0.M80P.1
    Build time:  Oct 15, 2019, 09:24 PM in the task #236175
    Category: Networking/WWW
    Report package bug
    License: MPL/GPL/LGPL
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
    written using the XUL user interface language and designed to be
    cross-platform.

    List of RPM packages built from this SRPM:
    firefox (x86_64, i586)
    firefox-debuginfo (x86_64, i586)
    firefox-wayland (noarch)
    rpm-build-firefox (noarch)

    Maintainer: Alexey Gladkov


      1. libpulseaudio-devel
      2. gcc
      3. gcc-c++
      4. libgio-devel
      5. lld-devel
      6. python-module-distribute
      7. python-module-pip
      8. alternatives
      9. python-modules-compiler
      10. python-modules-json
      11. python-modules-logging
      12. python-modules-sqlite3
      13. autoconf_2.13
      14. autoconf_2.13
      15. llvm6.0-devel
      16. rust >= 1.35.0
      17. rust-cargo >= 1.35.0
      18. rustfmt
      19. libcairo-devel
      20. /proc
      21. libgtk+2-devel
      22. libgtk+3-devel
      23. libshell
      24. gst-plugins1.0-devel
      25. gstreamer1.0-devel
      26. libhunspell-devel
      27. browser-plugins-npapi-devel
      28. libcurl-devel
      29. bzlib-devel
      30. libnotify-devel
      31. mozilla-common-devel
      32. libnss-devel-static
      33. libdbus-devel
      34. libdbus-glib-devel
      35. rpm-build-mozilla.org
      36. nasm
      37. libstartup-notification-devel
      38. libstdc++-devel
      39. rpm-macros-alternatives
      40. libjpeg-devel
      41. node
      42. python3-base
      43. chrpath
      44. libvpx5-devel
      45. libX11-devel
      46. clang6.0
      47. clang6.0-devel
      48. libevent-devel
      49. libopus-devel
      50. unzip
      51. libXScrnSaver-devel
      52. libXcomposite-devel
      53. libXcursor-devel
      54. libXdamage-devel
      55. libXext-devel
      56. libwireless-devel
      57. libXft-devel
      58. libffi-devel
      59. libXi-devel
      60. pkgconfig(nspr) >= 4.21
      61. pkgconfig(nss) >= 3.45.0
      62. libpixman-devel
      63. xorg-cf-files
      64. libGL-devel
      65. libXt-devel
      66. fontconfig-devel
      67. libalsa-devel
      68. libxkbcommon-devel
      69. yasm
      70. libfreetype-devel
      71. zip
      72. zlib-devel
      73. libproxy-devel

    Last changed


    Sept. 9, 2019 Andrey Cherepanov 68.0.1-alt0.M80P.1
    - Backport new version with security fixes to p8 branch.
    Aug. 1, 2019 Alexey Gladkov 68.0.1-alt1
    - New release (68.0.1).
    July 11, 2019 Alexey Gladkov 68.0-alt1
    - New release (68.0).
    - Fixed:
      + CVE-2019-9811: Sandbox escape via installation of malicious language pack
      + CVE-2019-11711: Script injection within domain through inner window reuse
      + CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
      + CVE-2019-11713: Use-after-free with HTTP/2 cached stream
      + CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
      + CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
      + CVE-2019-11715: HTML parsing error can contribute to content XSS
      + CVE-2019-11716: globalThis not enumerable until accessed
      + CVE-2019-11717: Caret character improperly escaped in origins
      + CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
      + CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
      + CVE-2019-11720: Character encoding XSS vulnerability
      + CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
      + CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
      + CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
      + CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
      + CVE-2019-11725: Websocket resources bypass safebrowsing protections
      + CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
      + CVE-2019-11728: Port scanning through Alt-Svc header
      + CVE-2019-11710: Memory safety bugs fixed in Firefox 68
      + CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8