Package firefox

Source package: firefox
Version: 94.0.2-alt1
Build time: Nov. 19, 2021, 4:44 p.m.
in the task #290037
Category: Networking/WWW
Report package bug
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, ppc64le, i586, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-wayland (x86_64, ppc64le, i586, armh, aarch64)
Last changes:
Nov. 19, 2021 Alexey Gladkov 94.0.2-alt1
- New release (94.0.2).
Nov. 2, 2021 Alexey Gladkov 94.0-alt1
- New release (94.0).
- Security fixes:
  + CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
  + CVE-2021-38504: Use-after-free in file picker dialog
  + CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
  + CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning
  + CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
  + MOZ-2021-0003: Universal XSS in Firefox for Android via QR Code URLs
  + CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
  + MOZ-2021-0004: Web Extensions could access pre-redirect URL when their context menu was triggered by a user
  + CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
  + CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
  + MOZ-2021-0005: 'Copy Image Link' context menu action could have been abused to see authentication tokens
  + MOZ-2021-0006: URL Parsing may incorrectly parse internationalized domains
  + MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Oct. 6, 2021 Alexey Gladkov 93.0-alt1
- New release (93.0).
- Security fixes:
  + CVE-2021-38496: Use-after-free in MessageTask
  + CVE-2021-38497: Validation message could have been overlaid on another origin
  + CVE-2021-38498: Use-after-free of nsLanguageAtomService object
  + CVE-2021-32810: Data race in crossbeam-deque
  + CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
  + CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  + CVE-2021-38499: Memory safety bugs fixed in Firefox 93

Back to Top