Package firefox-esr: Information

    Binary package: firefox-esr
    Version: 115.8.0-alt2
    Architecture: armh
    Build time:  Mar 7, 2024, 12:03 PM in the task #342227
    Source package: firefox-esr
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=a6ca6…
    Download: firefox-esr-115.8.0-alt2.armh.rpm
    Build log: https://git.altlinux.org/tasks/342227/build/100/armh/log
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
    Description: 
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
    Maintainer: Andrey Cherepanov
    List of contributors:
    Andrey Cherepanov
    Pavel Vasenkov
    Alexey Sheplyakov
    Grigory Ustinov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    ACL:
    Pavel Vasenkov
    Andrey Cherepanov
    @everybody

    Last changed

    March 7, 2024 Andrey Cherepanov 115.8.0-alt2
    - Use maximize icon for CSD restore button missing in some themes (ALT #49606).
    Feb. 21, 2024 Pavel Vasenkov 115.8.0-alt1
    - New ESR version.
- Security fixes
  + CVE-2024-1546 Out-of-bounds memory read in networking channels
  + CVE-2024-1547 Alert dialog could have been spoofed on another site
  + CVE-2024-1548 Fullscreen Notification could have been hidden by select element
  + CVE-2024-1549 Custom cursor could obscure the permission dialog
  + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts
  + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices
  + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
    Feb. 6, 2024 Alexey Sheplyakov 115.7.0-alt2
    - Reverted malicious upstream commit
  https://hg.mozilla.org/integration/autoland/rev/a03a9c72d1db3716adffc6968cfb6eb43c6fcd74
  which forces firefox to autoremove yandex, mail.ru, vk search extensions.
  Note: reverting that (and some similar) commit is a necessary condition to
  make firefox obey the search engine settings specified in policies.json.
  Alas it might be not enough. The problem is that firefox is tightly
  integrated with services provided by Mozilla corporation, such as bookmark
  sync, telemetry, captive portal detection, you name it. Reportedly a similar
  malware has been deployed there, thus yandex search extension (or in fact any
  extension) can be removed remotely (that is, without user consent) if the user
  is signed in into mozilla account, sends telemetry data to mozilla, etc.
  Perhaps it's time to make unmozilla firefox (similarly to ungoogled chromium).
- policies.json: use yandex search by default (Closes: #43516).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.0
    Back to top