Package firefox-wayland: Information

    Binary package: firefox-wayland
    Version: 72.0.2-alt0.1.p9
    Architecture: noarch
    Build time:  Mar 26, 2020, 10:29 PM in the task #245893
    Source package: firefox
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=0dc6830af…
    Download: firefox-wayland-72.0.2-alt0.1.p9.noarch.rpm
    Build log: https://git.altlinux.org/tasks/245893/build/500/x86_64/log
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL-2.0
    Summary: Firefox Wayland launcher.
    Description: 
    The firefox-wayland package contains launcher and desktop file
to run Firefox natively on Wayland.
    Maintainer: Alexey Gladkov
    List of contributors:
    Andrey Cherepanov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    Konstantin Lepikhov

    Last changed

    March 24, 2020 Andrey Cherepanov 72.0.2-alt0.1.p9
    - Backport new version with security fixed to p9 branch.
    Jan. 23, 2020 Alexey Gladkov 72.0.2-alt1
    - New release (72.0.2).
- Security fixes:
  + CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
  + CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
  + CVE-2019-17017: Type Confusion in XPCVariant.cpp
  + CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
  + CVE-2019-17019: Python files could be inadvertently executed upon opening a download
  + CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
  + CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
  + CVE-2019-17022: CSS sanitization does not escape HTML tags
  + CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent
  + CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  + CVE-2019-17025: Memory safety bugs fixed in Firefox 72
  + CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
    Dec. 5, 2019 Alexey Gladkov 71.0-alt1
    - New release (71.0).
- Update license tag.
- Security fixes:
  + CVE-2019-11756: Use-after-free of SFTKSession object
  + CVE-2019-17008: Use-after-free in worker destruction
  + CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
  + CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
  + CVE-2019-17014: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure
  + CVE-2019-17009: Updater temporary files accessible to unprivileged processes
  + CVE-2019-17010: Use-after-free when performing device orientation checks
  + CVE-2019-17005: Buffer overflow in plain text serializer
  + CVE-2019-17011: Use-after-free when retrieving a document in antitracking
  + CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  + CVE-2019-17013: Memory safety bugs fixed in Firefox 71
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top