Package firefox: Information
Default inline alert: Version in the repository: 105.0.1-alt0.c9.1
Source package: firefox
Version: 66.0.1-alt1
Build time: Apr 1, 2019, 04:27 PM in the task #226302
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, i586, aarch64)
firefox-debuginfo (x86_64, i586, aarch64)
rpm-build-firefox (noarch)
firefox (x86_64, i586, aarch64)
firefox-debuginfo (x86_64, i586, aarch64)
rpm-build-firefox (noarch)
Maintainer: Alexey Gladkov
Last changed
March 27, 2019 Alexey Gladkov 66.0.1-alt1
- New release (66.0.1). - Fixed: + CVE-2019-9790: Use-after-free when removing in-use DOM elements + CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey + CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script + CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled + CVE-2019-9794: Command line arguments not discarded during execution + CVE-2019-9795: Type-confusion in IonMonkey JIT compiler + CVE-2019-9796: Use-after-free with SMIL animation controller + CVE-2019-9797: Cross-origin theft of images with createImageBitmap + CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location + CVE-2019-9799: Information disclosure via IPC channel messages + CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content + CVE-2019-9802: Chrome process information leak + CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation + CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS + CVE-2019-9805: Potential use of uninitialized memory in Prio + CVE-2019-9806: Denial of service through successive FTP authorization prompts + CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages + CVE-2019-9809: Denial of service through FTP modal alert error messages + CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs + CVE-2019-9789: Memory safety bugs fixed in Firefox 66 + CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 + CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information + CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
March 2, 2019 Alexey Gladkov 65.0.2-alt1
- New release (65.0.2). - Use libvpx5.
Feb. 19, 2019 Alexey Gladkov 65.0.1-alt1
- New release (65.0.1). - Fixed: + CVE-2018-18356: Use-after-free in Skia + CVE-2019-5785: Integer overflow in Skia + CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext