Package firefox-esr: Information
Source package: firefox-esr
Version: 128.2.0-alt1
Build time: Sep 8, 2024, 06:07 PM in the task #357090
Category: Networking/WWW
Report package bugHome page: https://www.mozilla.org/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
List of RPM packages built from this SRPM:
firefox-esr (x86_64, i586, aarch64)
firefox-esr-config-privacy (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
firefox-esr (x86_64, i586, aarch64)
firefox-esr-config-privacy (x86_64, i586, aarch64)
firefox-esr-debuginfo (x86_64, i586, aarch64)
Maintainer: Ajrat Makhmutov
List of contributors:
Ajrat Makhmutov
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Ajrat Makhmutov
Pavel Vasenkov
Andrey Cherepanov
Alexey Sheplyakov
Grigory Ustinov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Last changed
Sept. 7, 2024 Ajrat Makhmutov 128.2.0-alt1
- New ESR version. - Security fixes: + CVE-2024-8385: WASM type confusion involving ArrayTypes + CVE-2024-8381: Type confusion when looking up a property name in a "with" block + CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran + CVE-2024-8383: Firefox did not ask before openings news: links in an external application + CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions + CVE-2024-8386: SelectElements could be shown over another site if popups are allowed + CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
Aug. 6, 2024 Ajrat Makhmutov 128.1.0-alt1
- New ESR version. - Security fixes: + CVE-2024-7518: Fullscreen notification dialog can be obscured by document content + CVE-2024-7519: Out of bounds memory access in graphics shared memory handling + CVE-2024-7520: Type confusion in WebAssembly + CVE-2024-7521: Incomplete WebAssembly exception handing + CVE-2024-7522: Out of bounds read in editor component + CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims + CVE-2024-7525: Missing permission check when creating a StreamFilter + CVE-2024-7526: Uninitialized memory used by WebGL + CVE-2024-7527: Use-after-free in JavaScript garbage collection + CVE-2024-7528: Use-after-free in IndexedDB + CVE-2024-7529: Document content could partially obscure security prompts + CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines
July 24, 2024 Ajrat Makhmutov 128.0-alt2
- Apply all the changes from regular firefox, the main ones: + Enable VAAPI. + Merge firefox-esr-wayland to firefox-esr. + Enforce window name to associate icon and title with window. + Update the url tag. + Update the description.