Package firefox-esr: Information

    Binary package: firefox-esr
    Version: 115.11.0-alt1
    Architecture: aarch64
    Build time:  May 19, 2024, 09:48 PM in the task #347636
    Source package: firefox-esr
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=ab17c…
    Download: firefox-esr-115.11.0-alt1.aarch64.rpm
    Build log: https://git.altlinux.org/tasks/347636/build/100/aarch64/log
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
    Maintainer: Andrey Cherepanov
    List of contributors:
    Pavel Vasenkov
    Andrey Cherepanov
    Alexey Sheplyakov
    Grigory Ustinov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    ACL:
    Pavel Vasenkov
    Andrey Cherepanov
    @everybody

    Last changed

    May 19, 2024 Pavel Vasenkov 115.11.0-alt1
    - New ESR version.
- Security fixes
  + CVE-2024-4367 Arbitrary JavaScript execution in PDF.js
  + CVE-2024-4767 IndexedDB files retained in private browsing mode
  + CVE-2024-4768 Potential permissions request bypass via clickjacking
  + CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types
  + CVE-2024-4770 Use-after-free could occur when printing to PDF
  + CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
    April 16, 2024 Pavel Vasenkov 115.10.0-alt1
    - New ESR version.
- Security fixes
  + CVE-2024-3852 GetBoundName in the JIT returned the wrong object
  + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement
  + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection
  + CVE-2024-2609 Permission prompt input delay could expire when not in focus
  + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move
  + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows
  + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames
  + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
    April 3, 2024 Pavel Vasenkov 115.9.1-alt1
    - New ESR version.
- Security fixes
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
  + CVE-2024-29944 Privileged JavaScript Execution via Event Handlers
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top