Package firefox

Source package: firefox
Version: 72.0.2-alt0.1.p9
Build time: March 26, 2020, 10:29 p.m.
in the task #245893
Category: Networking/WWW
Report package bug
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, ppc64le, i586, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-wayland (noarch)
rpm-build-firefox (noarch)
Last changes:
March 24, 2020 Andrey Cherepanov 72.0.2-alt0.1.p9
- Backport new version with security fixed to p9 branch.
Jan. 23, 2020 Alexey Gladkov 72.0.2-alt1
- New release (72.0.2).
- Security fixes:
  + CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
  + CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
  + CVE-2019-17017: Type Confusion in XPCVariant.cpp
  + CVE-2019-17018: Windows Keyboard in Private Browsing Mode may retain word suggestions
  + CVE-2019-17019: Python files could be inadvertently executed upon opening a download
  + CVE-2019-17020: Content Security Policy not applied to XSL stylesheets applied to XML documents
  + CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
  + CVE-2019-17022: CSS sanitization does not escape HTML tags
  + CVE-2019-17023: NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent
  + CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  + CVE-2019-17025: Memory safety bugs fixed in Firefox 72
  + CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Dec. 5, 2019 Alexey Gladkov 71.0-alt1
- New release (71.0).
- Update license tag.
- Security fixes:
  + CVE-2019-11756: Use-after-free of SFTKSession object
  + CVE-2019-17008: Use-after-free in worker destruction
  + CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
  + CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
  + CVE-2019-17014: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure
  + CVE-2019-17009: Updater temporary files accessible to unprivileged processes
  + CVE-2019-17010: Use-after-free when performing device orientation checks
  + CVE-2019-17005: Buffer overflow in plain text serializer
  + CVE-2019-17011: Use-after-free when retrieving a document in antitracking
  + CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  + CVE-2019-17013: Memory safety bugs fixed in Firefox 71

Back to Top