Packages from AltLinux

    Package firefox-esr: Information

    Source package:
    firefox-esr
    Version:
    102.9.0-alt1
    Build time:
    Mar 22, 2023, 07:01 PM in the task #317198
    Category:
    Networking/WWW
    Report package bug
    Gear:
    https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=1ab1a…
    Home page:
    http://www.mozilla.org/projects/firefox/
    License:
    MPL-2.0
    Summary:
    The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
    Description:
    The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
    List of rpms provided by this srpm:
    firefox-esr (x86_64, ppc64le, i586, armh, aarch64)
    firefox-esr-config-privacy (x86_64, ppc64le, i586, armh, aarch64)
    firefox-esr-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
    firefox-esr-wayland (x86_64, ppc64le, i586, armh, aarch64)
    Maintainer:
    Andrey Cherepanov
    List of contributors:
    Pavel Vasenkov
    Andrey Cherepanov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    ACL:
    Pavel Vasenkov
    Andrey Cherepanov
    @everybody
      1. fontconfig-devel
      2. gst-plugins1.0-devel
      3. gstreamer1.0-devel
      4. libgio-devel
      5. libGL-devel
      6. libgtk+2-devel
      7. libgtk+3-devel
      8. libhunspell-devel
      9. libjpeg-devel
      10. libnotify-devel
      11. libnss-devel-static
      12. libopus-devel
      13. libpixman-devel
      14. libproxy-devel
      15. libpulseaudio-devel
      16. libX11-devel
      17. libXScrnSaver-devel
      18. libXcomposite-devel
      19. libXcursor-devel
      20. libXdamage-devel
      21. libXext-devel
      22. libXft-devel
      23. libXi-devel
      24. libXt-devel
      25. libalsa-devel
      26. libaom-devel
      27. libshell
      28. libstartup-notification-devel
      29. libstdc++-devel
      30. libvpx-devel
      31. libwireless-devel
      32. libxkbcommon-devel
      33. lld12.0-devel
      34. llvm12.0-devel
      35. libcairo-devel
      36. mozilla-common-devel
      37. nasm
      38. node
      39. python-module-setuptools
      40. python-modules-compiler
      41. python-modules-json
      42. python-modules-logging
      43. python-modules-sqlite3
      44. pkgconfig(alsa)
      45. pkgconfig(aom)
      46. pkgconfig(bzip2)
      47. pkgconfig(cairo)
      48. pkgconfig(dav1d)
      49. pkgconfig(dbus-1)
      50. pkgconfig(dbus-glib-1)
      51. pkgconfig(dri)
      52. pkgconfig(fontconfig)
      53. pkgconfig(freetype2)
      54. pkgconfig(gio-2.0)
      55. pkgconfig(graphite2)
      56. pkgconfig(gtk+-2.0)
      57. pkgconfig(gtk+-3.0)
      58. pkgconfig(harfbuzz)
      59. pkgconfig(hunspell)
      60. pkgconfig(icu-i18n)
      61. pkgconfig(libcurl)
      62. pkgconfig(libdrm)
      63. pkgconfig(libevent)
      64. pkgconfig(libffi)
      65. pkgconfig(libjpeg)
      66. pkgconfig(libnotify)
      67. pkgconfig(libproxy-1.0)
      68. pkgconfig(libpulse)
      69. pkgconfig(libstartup-notification-1.0)
      70. pkgconfig(nspr) >= 4.33
      71. pkgconfig(nss) >= 3.72
      72. pkgconfig(opus)
      73. pkgconfig(pixman-1)
      74. pkgconfig(vpx)
      75. pkgconfig(x11)
      76. pkgconfig(xcomposite)
      77. pkgconfig(xcursor)
      78. pkgconfig(xdamage)
      79. pkgconfig(xext)
      80. pkgconfig(xft)
      81. pkgconfig(xi)
      82. pkgconfig(xkbcommon)
      83. pkgconfig(xrandr)
      84. pkgconfig(xscrnsaver)
      85. pkgconfig(xt)
      86. pkgconfig(xtst)
      87. pkgconfig(zlib)
      88. libcurl-devel
      89. libdav1d-devel
      90. libdbus-devel
      91. libdbus-glib-devel
      92. libdrm-devel
      93. python3-base
      94. python3-module-pip
      95. python3-module-setuptools
      96. python3-modules-sqlite3
      97. libevent-devel
      98. libffi-devel
      99. libfreetype-devel
      100. rpm-build-mozilla.org
      101. rpm-macros-alternatives
      102. /dev/shm
      103. rust >= 1.60.0
      104. rust-cargo >= 1.60.0
      105. /proc
      106. unzip
      107. xorg-cf-files
      108. yasm
      109. zip
      110. zlib-devel
      111. alternatives
      112. autoconf_2.13
      113. autoconf_2.13
      114. browser-plugins-npapi-devel
      115. bzlib-devel
      116. chrpath
      117. clang12.0
      118. clang12.0-devel

    Last changed

    March 22, 2023 Pavel Vasenkov 102.9.0-alt1
    - New ESR version.
- Security fixes
  + CVE-2023-25751 Incorrect code generation during JIT compilation
  + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28162 Invalid downcast in Worklets
  + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163 Windows Save As dialog resolved environment variables
  + CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
    March 3, 2023 Pavel Vasenkov 102.8.0-alt1
    - New ESR version.
- Security fixes
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
  + CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8
    Jan. 18, 2023 Pavel Vasenkov 102.7.0-alt1
    - New ESR version.
- Security fixes
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v23.03.16
    Back to top