Package firefox-esr: Information

    Source package: firefox-esr
    Version: 140.7.0-alt1
    Latest version according to Repology
    Build time:  Jan 14, 2026, 03:37 PM in the task #405046
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=ad45b…
    Home page: https://www.mozilla.org/firefox/
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
    Description: 
    Mozilla Firefox is an open-source web browser, designed
for standards compliance, performance and portability.
    List of RPM packages built from this SRPM:
    firefox-esr (x86_64, i586, aarch64)
    firefox-esr-config-privacy (x86_64, i586, aarch64)
    firefox-esr-debuginfo (x86_64, i586, aarch64)
    Maintainer: Pavel Vasenkov
    List of contributors:
    Pavel Vasenkov
    Andrey Cherepanov
    Ajrat Makhmutov
    Alexey Sheplyakov
    Grigory Ustinov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    ACL:
    Pavel Vasenkov
    Andrey Cherepanov
    Ajrat Makhmutov
    @everybody
      1. python3-base
      2. rpm-build-firefox
      3. rpm-macros-alternatives
      4. /dev/shm
      5. /proc
      6. libwireless-devel
      7. rust >= 1.65.0
      8. rust-cargo >= 1.65.0
      9. alternatives
      10. unzip
      11. xorg-cf-files
      12. yasm
      13. zip
      14. browser-plugins-npapi-devel
      15. cbindgen
      16. chrpath
      17. clang17.0
      18. clang17.0-devel
      19. lld17.0-devel
      20. llvm17.0-devel
      21. libnss-devel-static
      22. mozilla-common-devel
      23. nasm
      24. node
      25. libshell
      26. libstdc++-devel
      27. pkgconfig(alsa)
      28. pkgconfig(aom)
      29. pkgconfig(bzip2)
      30. pkgconfig(cairo)
      31. pkgconfig(dav1d)
      32. pkgconfig(dbus-1)
      33. pkgconfig(dbus-glib-1)
      34. pkgconfig(dri)
      35. pkgconfig(fontconfig)
      36. pkgconfig(freetype2)
      37. pkgconfig(gio-2.0)
      38. pkgconfig(graphite2)
      39. pkgconfig(gtk+-3.0)
      40. pkgconfig(harfbuzz)
      41. pkgconfig(hunspell)
      42. pkgconfig(icu-i18n)
      43. pkgconfig(libcurl)
      44. pkgconfig(libdrm)
      45. pkgconfig(libevent)
      46. pkgconfig(libffi)
      47. pkgconfig(libjpeg)
      48. pkgconfig(libnotify)
      49. pkgconfig(libproxy-1.0)
      50. pkgconfig(libpulse)
      51. pkgconfig(libstartup-notification-1.0)
      52. pkgconfig(nspr) >= 4.35
      53. pkgconfig(nss) >= 3.98
      54. pkgconfig(opus)
      55. pkgconfig(pixman-1)
      56. pkgconfig(vpx)
      57. glibc-kernheaders-generic
      58. gst-plugins1.0-devel
      59. gstreamer1.0-devel
      60. pkgconfig(x11)
      61. pkgconfig(xcomposite)
      62. pkgconfig(xcursor)
      63. pkgconfig(xdamage)
      64. pkgconfig(xext)
      65. pkgconfig(xft)
      66. pkgconfig(xi)
      67. pkgconfig(xkbcommon)
      68. pkgconfig(xrandr)
      69. pkgconfig(xscrnsaver)
      70. pkgconfig(xt)
      71. pkgconfig(xtst)
      72. pkgconfig(zlib)
      73. python3(click)
      74. python3(configobj)
      75. python3(curses)
      76. python3(hamcrest)
      77. python3(pip)
      78. python3(setuptools)
      79. python3(sqlite3)

    Last changed

    Jan. 14, 2026 Pavel Vasenkov 140.7.0-alt1
    - New ESR version.
- Security fixes:
  + CVE-2026-0877 Mitigation bypass in the DOM: Security component
  + CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
  + CVE-2026-0879 Sandbox escape due to incorrect boundary conditions in the Graphics component
  + CVE-2026-0880 Sandbox escape due to integer overflow in the Graphics component
  + CVE-2026-0882 Use-after-free in the IPC component
  + CVE-2025-14327 Spoofing issue in the Downloads Panel component
  + CVE-2026-0883 Information disclosure in the Networking component
  + CVE-2026-0884 Use-after-free in the JavaScript Engine component
  + CVE-2026-0885 Use-after-free in the JavaScript: GC component
  + CVE-2026-0886 Incorrect boundary conditions in the Graphics component
  + CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component
  + CVE-2026-0890 Spoofing issue in the DOM: Copy & Paste and Drag & Drop component
  + CVE-2026-0891 Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
    Dec. 10, 2025 Pavel Vasenkov 140.6.0-alt1
    - New ESR version.
- Security fixes:
  + CVE-2025-14321 Use-after-free in the WebRTC: Signaling component
  + CVE-2025-14322 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
  + CVE-2025-14323 Privilege escalation in the DOM: Notifications component
  + CVE-2025-14324 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14325 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14328 Privilege escalation in the Netmonitor component
  + CVE-2025-14329 Privilege escalation in the Netmonitor component
  + CVE-2025-14330 JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2025-14331 Same-origin policy bypass in the Request Handling component
  + CVE-2025-14333 Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
    Nov. 14, 2025 Pavel Vasenkov 140.5.0-alt1
    - New ESR version.
- Security fixes:
  + CVE-2025-13012 Race condition in the Graphics component
  + CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component
  + CVE-2025-13018 Mitigation bypass in the DOM: Security component
  + CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component
  + CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component
  + CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component
  + CVE-2025-13014 Use-after-free in the Audio/Video component
  + CVE-2025-13015 Spoofing issue in Firefox
- provides x-www-browser (Closes: #44717).
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v25.10.0
    Back to top