Package firefox-esr: Information

  • Default inline alert: A new version of the package has been build

    Task #: #323806
    Build time: Jun 30, 2023, 10:42 PM
    New version: 102.12.0-alt2
Binary package: firefox-esr
Version: 102.9.0-alt1
Architecture: ppc64le
Build time:  Mar 22, 2023, 07:01 PM in the task #317198
Source package: firefox-esr
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=1ab1a…
Download: firefox-esr-102.9.0-alt1.ppc64le.rpm
Build log: https://git.altlinux.org/tasks/317198/build/100/ppc64le/log
Home page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
ACL:
Pavel Vasenkov
Andrey Cherepanov
@everybody

Last changed

March 22, 2023 Pavel Vasenkov 102.9.0-alt1
- New ESR version.
- Security fixes
  + CVE-2023-25751 Incorrect code generation during JIT compilation
  + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28162 Invalid downcast in Worklets
  + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163 Windows Save As dialog resolved environment variables
  + CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
March 3, 2023 Pavel Vasenkov 102.8.0-alt1
- New ESR version.
- Security fixes
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
  + CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8
Jan. 18, 2023 Pavel Vasenkov 102.7.0-alt1
- New ESR version.
- Security fixes
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top