Package firefox-esr: Information
Default inline alert: Version in the repository: 128.2.0-alt1
Source package: firefox-esr
Version: 128.1.0-alt1
Build time: Aug 7, 2024, 01:42 PM in the task #354542
Category: Networking/WWW
Report package bugHome page: https://www.mozilla.org/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
List of RPM packages built from this SRPM:
firefox-esr (x86_64, i586, aarch64)
firefox-esr-config-privacy (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
firefox-esr (x86_64, i586, aarch64)
firefox-esr-config-privacy (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
Maintainer: Ajrat Makhmutov
List of contributors:
Ajrat Makhmutov
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Ajrat Makhmutov
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Last changed
Aug. 6, 2024 Ajrat Makhmutov 128.1.0-alt1
- New ESR version. - Security fixes: + CVE-2024-7518: Fullscreen notification dialog can be obscured by document content + CVE-2024-7519: Out of bounds memory access in graphics shared memory handling + CVE-2024-7520: Type confusion in WebAssembly + CVE-2024-7521: Incomplete WebAssembly exception handing + CVE-2024-7522: Out of bounds read in editor component + CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims + CVE-2024-7525: Missing permission check when creating a StreamFilter + CVE-2024-7526: Uninitialized memory used by WebGL + CVE-2024-7527: Use-after-free in JavaScript garbage collection + CVE-2024-7528: Use-after-free in IndexedDB + CVE-2024-7529: Document content could partially obscure security prompts + CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines
July 24, 2024 Ajrat Makhmutov 128.0-alt2
- Apply all the changes from regular firefox, the main ones: + Enable VAAPI. + Merge firefox-esr-wayland to firefox-esr. + Enforce window name to associate icon and title with window. + Update the url tag. + Update the description.
July 15, 2024 Ajrat Makhmutov 128.0-alt1
- New ESR version. - Security fixes: + CVE-2024-5702: Use-after-free in networking + CVE-2024-5688: Use-after-free in JavaScript object transplant + CVE-2024-5690: External protocol handlers leaked by timing attack + CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window + CVE-2024-5692: Bypass of file name restrictions during saving + CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas + CVE-2024-5696: Memory Corruption in Text Fragments + CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 + CVE-2024-6600: Memory corruption in WebGL API + CVE-2024-6601: Race condition in permission assignment + CVE-2024-6602: Memory corruption in NSS + CVE-2024-6603: Memory corruption in thread creation + CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13