Package firefox: Information

The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
- New release (94.0.2).
- New release (94.0).
- Security fixes:
  + CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
  + CVE-2021-38504: Use-after-free in file picker dialog
  + CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
  + CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
  + CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
  + MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
  + CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
  + MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context menu was triggered by a user
  + CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
  + CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
  + MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to see authentication tokens
  + MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
  + MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
- New release (93.0).
- Security fixes:
  + CVE-2021-38496: Use-after-free in MessageTask
  + CVE-2021-38497: Validation message could have been overlaid on another origin
  + CVE-2021-38498: Use-after-free of nsLanguageAtomService object
  + CVE-2021-32810: Data race in crossbeam-deque
  + CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
  + CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  + CVE-2021-38499: Memory safety bugs fixed in Firefox 93

Package firefox: Information

Last changed