Package firefox-esr: Information
Default inline alert: Version in the repository: 115.11.0-alt1
Source package: firefox-esr
Version: 60.4.0-alt1
Build time: Dec 12, 2018, 01:10 AM in the task #217620
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL/GPL/LGPL
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox-esr (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
firefox-esr (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
Maintainer: Andrey Cherepanov
Last changed
Dec. 11, 2018 Andrey Cherepanov 60.4.0-alt1
- New ESR version (60.4.0) - Fixed: + CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 + CVE-2018-18492 Use-after-free with select element + CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia + CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs + CVE-2018-18498 Integer overflow when calculating buffer sizes for images + CVE-2018-12405 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Oct. 23, 2018 Andrey Cherepanov 60.3.0-alt1
- New ESR version (60.3.0). - Fixed: + CVE-2018-12391 HTTP Live Stream audio data is accessible cross-origin + CVE-2018-12392 Crash with nested event loops + CVE-2018-12393 Integer overflow during Unicode conversion while loading JavaScript + CVE-2018-12395 WebExtension bypass of domain restrictions through header rewriting + CVE-2018-12396 WebExtension content scripts can execute in disallowed contexts + CVE-2018-12397 WebExtension can request access to local files without the warning prompt + CVE-2018-12389 Memory safety bugs fixed in Firefox ESR 60.3 + CVE-2018-12390 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Oct. 2, 2018 Andrey Cherepanov 60.2.2-alt1
- New ESR version (60.2.2) - Fixed: + CVE-2018-12386 Type confusion in JavaScript + CVE-2018-12387 JavaScript JIT compiler inlines Array.prototype.push with multiple arguments