Package firefox-esr: Information

    Source package: firefox-esr
    Version: 140.8.0-alt1
    Latest version according to Repology
    Build time:  Mar 3, 2026, 09:58 AM in the task #409748
    Category: Networking/WWW
    Report package bug
    Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=47657…
    Home page: https://www.mozilla.org/firefox/
    License: MPL-2.0
    Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
    Description: 
    Mozilla Firefox is an open-source web browser, designed
for standards compliance, performance and portability.
    List of RPM packages built from this SRPM:
    firefox-esr (x86_64, i586, aarch64)
    firefox-esr-config-privacy (x86_64, i586, aarch64)
    firefox-esr-debuginfo (x86_64, i586, aarch64)
    Maintainer: Pavel Vasenkov
    List of contributors:
    Pavel Vasenkov
    Michael Shigorin
    Andrey Cherepanov
    Ajrat Makhmutov
    Alexey Sheplyakov
    Grigory Ustinov
    Alexey Gladkov
    Gleb Fotengauer-Malinovskiy
    Ivan Zakharyaschev
    ACL:
    Pavel Vasenkov
    Andrey Cherepanov
    Ajrat Makhmutov
    Michael Shigorin
    @everybody
      1. /dev/shm
      2. /proc
      3. alternatives
      4. browser-plugins-npapi-devel
      5. cbindgen
      6. chrpath
      7. clang17.0
      8. clang17.0-devel
      9. glibc-kernheaders-generic
      10. gst-plugins1.0-devel
      11. gstreamer1.0-devel
      12. libnss-devel-static
      13. libshell
      14. libstdc++-devel
      15. libwireless-devel
      16. lld17.0-devel
      17. llvm17.0-devel
      18. mozilla-common-devel
      19. nasm
      20. node
      21. pkgconfig(alsa)
      22. pkgconfig(aom)
      23. pkgconfig(bzip2)
      24. pkgconfig(cairo)
      25. pkgconfig(dav1d)
      26. pkgconfig(dbus-1)
      27. pkgconfig(dbus-glib-1)
      28. pkgconfig(dri)
      29. pkgconfig(fontconfig)
      30. pkgconfig(freetype2)
      31. pkgconfig(gio-2.0)
      32. pkgconfig(graphite2)
      33. pkgconfig(gtk+-3.0)
      34. pkgconfig(harfbuzz)
      35. pkgconfig(hunspell)
      36. pkgconfig(icu-i18n)
      37. pkgconfig(libcurl)
      38. pkgconfig(libdrm)
      39. pkgconfig(libevent)
      40. pkgconfig(libffi)
      41. pkgconfig(libjpeg)
      42. pkgconfig(libnotify)
      43. pkgconfig(libproxy-1.0)
      44. pkgconfig(libpulse)
      45. pkgconfig(libstartup-notification-1.0)
      46. pkgconfig(nspr) >= 4.35
      47. pkgconfig(nss) >= 3.98
      48. pkgconfig(opus)
      49. pkgconfig(pixman-1)
      50. pkgconfig(vpx)
      51. pkgconfig(x11)
      52. pkgconfig(xcomposite)
      53. pkgconfig(xcursor)
      54. pkgconfig(xdamage)
      55. pkgconfig(xext)
      56. pkgconfig(xft)
      57. pkgconfig(xi)
      58. pkgconfig(xkbcommon)
      59. pkgconfig(xrandr)
      60. pkgconfig(xscrnsaver)
      61. pkgconfig(xt)
      62. pkgconfig(xtst)
      63. pkgconfig(zlib)
      64. python3(click)
      65. python3(configobj)
      66. python3(curses)
      67. python3(hamcrest)
      68. python3(pip)
      69. python3(setuptools)
      70. python3(sqlite3)
      71. python3-base
      72. rpm-build-firefox
      73. rpm-macros-alternatives
      74. rust >= 1.65.0
      75. rust-cargo >= 1.65.0
      76. unzip
      77. xorg-cf-files
      78. yasm
      79. zip

    Last changed

    March 2, 2026 Pavel Vasenkov 140.8.0-alt1
    - New ESR version.
- Security fixes:
  + CVE-2026-2757 Incorrect boundary conditions in the WebRTC: Audio/Video component
  + CVE-2026-2758 Use-after-free in the JavaScript: GC component
  + CVE-2026-2759 Incorrect boundary conditions in the Graphics: ImageLib component
  + CVE-2026-2760 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
  + CVE-2026-2761 Sandbox escape in the Graphics: WebRender component
  + CVE-2026-2762 Integer overflow in the JavaScript: Standard Library component
  + CVE-2026-2763 Use-after-free in the JavaScript Engine component
  + CVE-2026-2764 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
  + CVE-2026-2765 Use-after-free in the JavaScript Engine component
  + CVE-2026-2766 Use-after-free in the JavaScript Engine: JIT component
  + CVE-2026-2767 Use-after-free in the JavaScript: WebAssembly component
  + CVE-2026-2768 Sandbox escape in the Storage: IndexedDB component
  + CVE-2026-2769 Use-after-free in the Storage: IndexedDB component
  + CVE-2026-2770 Use-after-free in the DOM: Bindings (WebIDL) component
  + CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component
  + CVE-2026-2772 Use-after-free in the Audio/Video: Playback component
  + CVE-2026-2773 Incorrect boundary conditions in the Web Audio component
  + CVE-2026-2774 Integer overflow in the Audio/Video component
  + CVE-2026-2775 Mitigation bypass in the DOM: HTML Parser component
  + CVE-2026-2776 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
  + CVE-2026-2777 Privilege escalation in the Messaging System component
  + CVE-2026-2778 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
  + CVE-2026-2779 Incorrect boundary conditions in the Networking: JAR component
  + CVE-2026-2780 Privilege escalation in the Netmonitor component
  + CVE-2026-2781 Integer overflow in the Libraries component in NSS
  + CVE-2026-2782 Privilege escalation in the Netmonitor component
  + CVE-2026-2783 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2026-2784 Mitigation bypass in the DOM: Security component
  + CVE-2026-2785 Invalid pointer in the JavaScript Engine component
  + CVE-2026-2786 Use-after-free in the JavaScript Engine component
  + CVE-2026-2787 Use-after-free in the DOM: Window and Location component
  + CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component
  + CVE-2026-2789 Use-after-free in the Graphics: ImageLib component
  + CVE-2026-2790 Same-origin policy bypass in the Networking: JAR component
  + CVE-2026-2791 Mitigation bypass in the Networking: Cache component
  + CVE-2026-2792 Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
  + CVE-2026-2793 Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
    Feb. 18, 2026 Pavel Vasenkov 140.7.1-alt1
    - New ESR version.
- Security fixes:
  + CVE-2026-2447 Heap buffer overflow in libvpx
    Jan. 22, 2026 Michael Shigorin 140.7.0-alt3
    - Fix "new version means new blank profile" (Closes: #57602)
  + thanks NixOS guys, see http://github.com/NixOS/nixpkgs/pull/119849
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top