Package firefox-esr-config-privacy: Information
Default inline alert: Version in the repository: 115.10.0-alt1
Binary package: firefox-esr-config-privacy
Version: 91.5.0-alt1
Architecture: aarch64
Build time: Jan 12, 2022, 02:38 PM in the task #293330
Source package: firefox-esr
Category: System/Configuration/Networking
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: Firefox configuration with the paranoid privacy settings
Description:
Settings disable: * obsolete ssl protocols; * safebrowsing, trackingprotection and other requests to third-party services; * telemetry; * webrtc; * the social features; * dns and network predictors/prefetch; * and some more... Most likely you don't need to use this package.
Maintainer: Andrey Cherepanov
Last changed
Jan. 11, 2022 Andrey Cherepanov 91.5.0-alt1
- New ESR version. - Security fixes: + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof + CVE-2022-22743 Browser window spoof using fullscreen mode + CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode + CVE-2022-22741 Browser window spoof using fullscreen mode + CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner + CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur + CVE-2022-22737 Race condition when playing audio files + CVE-2021-4140 Iframe sandbox bypass with XSLT + CVE-2022-22748 Spoofed origin on external protocol launch dialog + CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event + CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection + CVE-2022-22747 Crash when handling empty pkcs7 sequence + CVE-2022-22739 Missing throttling on external protocol launch dialog + CVE-2022-22751 Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
Dec. 17, 2021 Andrey Cherepanov 91.4.1-alt1
- New ESR version.
Dec. 6, 2021 Andrey Cherepanov 91.4.0-alt1
- New ESR version. - Security fixes: + CVE-2021-43536 URL leakage when navigating while executing asynchronous function + CVE-2021-43537 Heap buffer overflow when using structured clone + CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both + CVE-2021-43539 GC rooting failure when calling wasm instance methods + CVE-2021-43541 External protocol handler parameters were unescaped + CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler + CVE-2021-43543 Bypass of CSP sandbox directive when embedding + CVE-2021-43545 Denial of Service when using the Location API in a loop + CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed