Package firefox-wayland: Information

    Binary package: firefox-wayland
    Version: 103.0-alt1
    Architecture: aarch64
    Build time:  Jul 27, 2022, 11:36 PM in the task #304397
    Source package: firefox
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=b8e0e61bf…
    Download: firefox-wayland-103.0-alt1.aarch64.rpm
    Build log: https://git.altlinux.org/tasks/304397/build/200/aarch64/log
    Home page: http://www.mozilla.org/projects/firefox/
    License: MPL-2.0
    Summary: Firefox Wayland launcher.
    Description: 
    The firefox-wayland package contains launcher and desktop file
to run Firefox natively on Wayland.
    Maintainer: Alexey Gladkov
    List of contributors:
    Alexey Gladkov
    Sergey Bolshakov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    Konstantin Lepikhov

    Last changed

    July 26, 2022 Alexey Gladkov 103.0-alt1
    - New release (103.0).
- Security fixes:
  + CVE-2022-36319: Mouse Position spoofing with CSS transforms
  + CVE-2022-36317: Long URL would hang Firefox for Android
  + CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters
  + CVE-2022-36314: Opening local <code>.lnk</code> files could cause unexpected network loads
  + CVE-2022-36315: Preload Cache Bypasses Subresource Integrity
  + CVE-2022-36316: Performance API leaked whether a cross-site resource is redirecting
  + CVE-2022-36320: Memory safety bugs fixed in Firefox 103
  + CVE-2022-2505: Memory safety bugs fixed in Firefox 103 and 102.1
    June 29, 2022 Alexey Gladkov 102.0-alt1
    - New release (102.0).
- Use internal libevent.
- Security fixes:
  + CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content
  + CVE-2022-34470: Use-after-free in nsSHistory
  + CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
  + CVE-2022-34482: Drag and drop of malicious image could have led to malicious executable and potential code execution
  + CVE-2022-34483: Drag and drop of malicious image could have led to malicious executable and potential code execution
  + CVE-2022-34476: ASN.1 parser could have been tricked into accepting malformed ASN.1
  + CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
  + CVE-2022-34474: Sandboxed iframes could redirect to external schemes
  + CVE-2022-34469: TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android
  + CVE-2022-34471: Compromised server could trick a browser into an addon downgrade
  + CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked
  + CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt
  + CVE-2022-2200: Undesired attributes could be set as part of prototype pollution
  + CVE-2022-34480: Free of uninitialized pointer in lg_init
  + CVE-2022-34477: MediaError message property leaked information on cross-origin same-site pages
  + CVE-2022-34475: HTML Sanitizer could have been bypassed via same-origin script via use tags
  + CVE-2022-34473: HTML Sanitizer could have been bypassed via use tags
  + CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
  + CVE-2022-34485: Memory safety bugs fixed in Firefox 102
    June 10, 2022 Alexey Gladkov 101.0.1-alt1
    - New release (101.0.1).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top