Package firefox: Information
Default inline alert: A new version of the package has been build
Default inline alert: Version in the repository: 125.0.1-alt1
Source package: firefox
Version: 95.0-alt1
Build time: Dec 8, 2021, 11:35 PM in the task #291654
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, ppc64le, i586, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-wayland (x86_64, ppc64le, i586, armh, aarch64)
firefox (x86_64, ppc64le, i586, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-wayland (x86_64, ppc64le, i586, armh, aarch64)
Maintainer: Alexey Gladkov
List of contributors:
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
Last changed
Dec. 8, 2021 Alexey Gladkov 95.0-alt1
- New release (95.0). - Security fixes: + CVE-2021-43536: URL leakage when navigating while executing asynchronous function + CVE-2021-43537: Heap buffer overflow when using structured clone + CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both + CVE-2021-43539: GC rooting failure when calling wasm instance methods + MOZ-2021-0010: Use-after-free in fullscreen objects on MacOS + CVE-2021-43540: WebExtensions could have installed persistent ServiceWorkers + CVE-2021-43541: External protocol handler parameters were unescaped + CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler + CVE-2021-43543: Bypass of CSP sandbox directive when embedding + CVE-2021-43544: Receiving a malicious URL as text through a SEND intent could have led to XSS + CVE-2021-43545: Denial of Service when using the Location API in a loop + CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed + MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Nov. 19, 2021 Alexey Gladkov 94.0.2-alt1
- New release (94.0.2).
Nov. 2, 2021 Alexey Gladkov 94.0-alt1
- New release (94.0). - Security fixes: + CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets + CVE-2021-38504: Use-after-free in file picker dialog + CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data + CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning + CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports + MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs + CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing + MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context menu was triggered by a user + CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain + CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS + MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to see authentication tokens + MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains + MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3