Package firefox-esr

Source package: firefox-esr
Version: 91.10.0-alt1
Build time:  Jun 4, 2022, 01:23 AM
 in the task #301215
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=4f6b5…
Home page: http://www.mozilla.org/projects/firefox/
License:  MPL-2.0
Summary:  The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm: 
firefox-esr (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-config-privacy (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-wayland (x86_64, ppc64le, i586, armh, aarch64)
Maintainer: Andrey Cherepanov
List of contributors: 
Pavel Vasenkov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev

ACL: Andrey Cherepanov, Pavel Vasenkov, @everybody
    1. /dev/shm
    2. /proc
    3. alternatives
    4. autoconf_2.13
    5. autoconf_2.13
    6. browser-plugins-npapi-devel
    7. bzlib-devel
    8. chrpath
    9. clang11.0
    10. clang11.0-devel
    11. gst-plugins1.0-devel
    12. gstreamer1.0-devel
    13. fontconfig-devel
    14. libGL-devel
    15. python3-base
    16. python3-module-pip
    17. python3-module-setuptools
    18. python3-modules-sqlite3
    19. rpm-build-mozilla.org
    20. rpm-macros-alternatives
    21. libXt-devel
    22. libcairo-devel
    23. libalsa-devel
    24. libaom-devel
    25. rust >= 1.54.0
    26. rust-cargo >= 1.54.0
    27. libdrm-devel
    28. libhunspell-devel
    29. libnotify-devel
    30. libnss-devel-static
    31. libcurl-devel
    32. libdav1d-devel
    33. libshell
    34. pkgconfig(nspr) >= 4.32
    35. pkgconfig(nss) >= 3.69.0
    36. libvpx-devel
    37. libopus-devel
    38. libevent-devel
    39. libjpeg-devel
    40. libstartup-notification-devel
    41. libstdc++-devel
    42. libpixman-devel
    43. libffi-devel
    44. libwireless-devel
    45. libdbus-devel
    46. libxkbcommon-devel
    47. libdbus-glib-devel
    48. libX11-devel
    49. lld11.0-devel
    50. llvm11.0-devel
    51. python-module-setuptools
    52. python-modules-compiler
    53. libXScrnSaver-devel
    54. libXcomposite-devel
    55. libXcursor-devel
    56. libXdamage-devel
    57. libXext-devel
    58. python-modules-json
    59. python-modules-logging
    60. python-modules-sqlite3
    61. libXft-devel
    62. libXi-devel
    63. libfreetype-devel
    64. libproxy-devel
    65. libpulseaudio-devel
    66. libgio-devel
    67. unzip
    68. mozilla-common-devel
    69. nasm
    70. xorg-cf-files
    71. node
    72. yasm
    73. zip
    74. zlib-devel
    75. libgtk+2-devel
    76. libgtk+3-devel
Last changes:
June 3, 2022 Pavel Vasenkov 91.10.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-31736 Cross-Origin resource's length leaked
  + CVE-2022-31737 Heap buffer overflow in WebGL
  + CVE-2022-31738 Browser window spoof using fullscreen mode
  + CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files
  + CVE-2022-31740 Register allocation problem in WASM on arm64
  + CVE-2022-31741 Uninitialized variable leads to invalid memory read
  + CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
  + CVE-2022-31747 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
May 22, 2022 Pavel Vasenkov 91.9.1-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-1802 Prototype pollution in Top-Level Await implementation
  + CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution
May 4, 2022 Pavel Vasenkov 91.9.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-29914 Fullscreen notification bypass using popups
  + CVE-2022-29909 Bypassing permission prompt in nested browsing contexts
  + CVE-2022-29916 Leaking browser history with CSS variables
  + CVE-2022-29911 iframe Sandbox bypass
  + CVE-2022-29912 Reader mode bypassed SameSite cookies
  + CVE-2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9

Back to Top