Package firefox: Information
Default inline alert: Version in the repository: 124.0-alt1
Source package: firefox
Version: 96.0-alt1
Build time: Jan 14, 2022, 09:19 PM in the task #293406
Category: Networking/WWW
Report package bugHome page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, ppc64le, i586, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-wayland (x86_64, ppc64le, i586, armh, aarch64)
firefox (x86_64, ppc64le, i586, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-wayland (x86_64, ppc64le, i586, armh, aarch64)
Maintainer: Alexey Gladkov
List of contributors:
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
Last changed
Jan. 12, 2022 Alexey Gladkov 96.0-alt1
- New release (96.0). - Disable webrtc for armh, ppc64le. - Security fixes: + CVE-2022-22746: Calling into reportValidity could have lead to fullscreen window spoof + CVE-2022-22743: Browser window spoof using fullscreen mode + CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode + CVE-2022-22741: Browser window spoof using fullscreen mode + CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner + CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur + CVE-2022-22737: Race condition when playing audio files + CVE-2021-4140: Iframe sandbox bypass with XSLT + CVE-2022-22750: IPC passing of resource handles could have lead to sandbox bypass + CVE-2022-22749: Lack of URL restrictions when scanning QR codes + CVE-2022-22748: Spoofed origin on external protocol launch dialog + CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event + CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection + CVE-2022-22747: Crash when handling empty pkcs7 sequence + CVE-2022-22736: Potential local privilege escalation when loading modules from the install directory. + CVE-2022-22739: Missing throttling on external protocol launch dialog + CVE-2022-22751: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 + CVE-2022-22752: Memory safety bugs fixed in Firefox 96
Dec. 17, 2021 Alexey Gladkov 95.0.1-alt1
- New release (95.0.1).
Dec. 8, 2021 Alexey Gladkov 95.0-alt1
- New release (95.0). - Security fixes: + CVE-2021-43536: URL leakage when navigating while executing asynchronous function + CVE-2021-43537: Heap buffer overflow when using structured clone + CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both + CVE-2021-43539: GC rooting failure when calling wasm instance methods + MOZ-2021-0010: Use-after-free in fullscreen objects on MacOS + CVE-2021-43540: WebExtensions could have installed persistent ServiceWorkers + CVE-2021-43541: External protocol handler parameters were unescaped + CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler + CVE-2021-43543: Bypass of CSP sandbox directive when embedding + CVE-2021-43544: Receiving a malicious URL as text through a SEND intent could have led to XSS + CVE-2021-43545: Denial of Service when using the Location API in a loop + CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed + MOZ-2021-0009: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4