Package firefox-esr: Information

    Binary package: firefox-esr
    Version: 102.9.0-alt1
    Architecture: armh
    Build time:  Mar 22, 2023, 07:01 PM in the task #317198
    Source package: firefox-esr
    Category: Networking/WWW
    Report package bug
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
    written using the XUL user interface language and designed to be
    cross-platform.

    Maintainer: Andrey Cherepanov



    Last changed


    March 22, 2023 Pavel Vasenkov 102.9.0-alt1
    - New ESR version.
    - Security fixes
      + CVE-2023-25751 Incorrect code generation during JIT compilation
      + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
      + CVE-2023-28162 Invalid downcast in Worklets
      + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
      + CVE-2023-28163 Windows Save As dialog resolved environment variables
      + CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
    March 3, 2023 Pavel Vasenkov 102.8.0-alt1
    - New ESR version.
    - Security fixes
      + CVE-2023-25728 Content security policy leak in violation reports using iframes
      + CVE-2023-25730 Screen hijack via browser fullscreen mode
      + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
      + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
      + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
      + CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
      + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
      + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
      + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
      + CVE-2023-25734 Opening local .url files could cause unexpected network loads
      + CVE-2023-25742 Web Crypto ImportKey crashes tab
      + CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
      + CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8
    Jan. 18, 2023 Pavel Vasenkov 102.7.0-alt1
    - New ESR version.
    - Security fixes
      + CVE-2022-46871 libusrsctp library out of date
      + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
      + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
      + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
      + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
      + CVE-2022-46877 Fullscreen notification bypass
      + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
      + CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7