Package firefox: Information

Source package: firefox
Version: 148.0-alt0.port
Build time:  Feb 26, 2026, 09:41 AM
Category: Networking/WWW
Report package bug
Home page: https://www.mozilla.org/firefox/
VCS: https://github.com/mozilla-firefox/firefox
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description: 
Mozilla Firefox is an open-source web browser, designed
for standards compliance, performance and portability.
List of RPM packages built from this SRPM:
firefox (loongarch64)
firefox-config-privacy (loongarch64)
firefox-debuginfo (loongarch64)
Maintainer: Ivan A. Melnikov
List of contributors:
Ivan A. Melnikov
Ajrat Makhmutov
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
    1. /dev/shm
    2. /proc
    3. alternatives
    4. browser-plugins-npapi-devel
    5. cbindgen
    6. chrpath
    7. clang20.1
    8. clang20.1-devel
    9. libnss-devel-static
    10. libshell
    11. python3(pip)
    12. libstdc++-devel
    13. glibc-kernheaders-generic
    14. python3(setuptools)
    15. python3(sqlite3)
    16. gst-plugins1.0-devel
    17. gstreamer1.0-devel
    18. python3-base
    19. libwireless-devel
    20. rpm-build-firefox
    21. rpm-macros-alternatives
    22. llvm20.1-devel
    23. mozilla-common-devel
    24. nasm
    25. node
    26. rust >= 1.65.0
    27. rust-cargo >= 1.65.0
    28. unzip
    29. pkgconfig(alsa)
    30. pkgconfig(aom)
    31. pkgconfig(bzip2)
    32. pkgconfig(cairo)
    33. xorg-cf-files
    34. pkgconfig(dav1d)
    35. pkgconfig(dbus-1)
    36. pkgconfig(dbus-glib-1)
    37. pkgconfig(dri)
    38. pkgconfig(fontconfig)
    39. pkgconfig(freetype2)
    40. pkgconfig(gio-2.0)
    41. yasm
    42. pkgconfig(graphite2)
    43. pkgconfig(gtk+-3.0)
    44. zip
    45. pkgconfig(harfbuzz)
    46. pkgconfig(hunspell)
    47. pkgconfig(icu-i18n)
    48. pkgconfig(libcurl)
    49. pkgconfig(libdrm)
    50. pkgconfig(libevent)
    51. pkgconfig(libffi)
    52. pkgconfig(libjpeg)
    53. pkgconfig(libnotify)
    54. pkgconfig(libproxy-1.0)
    55. pkgconfig(libpulse)
    56. pkgconfig(libstartup-notification-1.0)
    57. pkgconfig(nspr) >= 4.35
    58. pkgconfig(nss) >= 3.98
    59. pkgconfig(opus)
    60. pkgconfig(pixman-1)
    61. pkgconfig(vpx)
    62. pkgconfig(x11)
    63. pkgconfig(xcomposite)
    64. pkgconfig(xcursor)
    65. pkgconfig(xdamage)
    66. pkgconfig(xext)
    67. pkgconfig(xft)
    68. pkgconfig(xi)
    69. pkgconfig(xkbcommon)
    70. pkgconfig(xrandr)
    71. pkgconfig(xscrnsaver)
    72. pkgconfig(xt)
    73. pkgconfig(xtst)
    74. pkgconfig(zlib)
    75. python3(click)
    76. python3(curses)
    77. python3(hamcrest)

Last changed

Feb. 26, 2026 Ivan A. Melnikov 148.0-alt0.port
- avoid LLD on riscv64 and loongarch64 (not capable enough yet);
- libwebrtc: fix loongarch64 support (thx asheplyakov@);
- increase polling interval for mozbuild resource monitor
  (fixes FTBFS on riscv64);
- build with clang20 on loongarch64 (for lsx/lasx support)
  and riscv64;
- additional patches to fix building on riscv64 and loongarch64.
Feb. 25, 2026 Ajrat Makhmutov 148.0-alt1
- New version (148.0).
- Fixes:
  + CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component
  + CVE-2026-2794: Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android
  + CVE-2026-2758: Use-after-free in the JavaScript: GC component
  + CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component
  + CVE-2026-2795: Use-after-free in the JavaScript: GC component
  + CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
  + CVE-2026-2761: Sandbox escape in the Graphics: WebRender component
  + CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component
  + CVE-2026-2763: Use-after-free in the JavaScript Engine component
  + CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
  + CVE-2026-2796: JIT miscompilation in the JavaScript: WebAssembly component
  + CVE-2026-2797: Use-after-free in the JavaScript: GC component
  + CVE-2026-2765: Use-after-free in the JavaScript Engine component
  + CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component
  + CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component
  + CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component
  + CVE-2026-2798: Use-after-free in the DOM: Core & HTML component
  + CVE-2026-2769: Use-after-free in the Storage: IndexedDB component
  + CVE-2026-2799: Use-after-free in the DOM: Core & HTML component
  + CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component
  + CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component
  + CVE-2026-2772: Use-after-free in the Audio/Video: Playback component
  + CVE-2026-2773: Incorrect boundary conditions in the Web Audio component
  + CVE-2026-2774: Integer overflow in the Audio/Video component
  + CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component
  + CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
  + CVE-2026-2777: Privilege escalation in the Messaging System component
  + CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
  + CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component
  + CVE-2026-2800: Spoofing issue in the WebAuthn component in Firefox for Android
  + CVE-2026-2780: Privilege escalation in the Netmonitor component
  + CVE-2026-2781: Integer overflow in the Libraries component in NSS
  + CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2026-2782: Privilege escalation in the Netmonitor component
  + CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2026-2802: Race condition in the JavaScript: GC component
  + CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI component
  + CVE-2026-2784: Mitigation bypass in the DOM: Security component
  + CVE-2026-2785: Invalid pointer in the JavaScript Engine component
  + CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component
  + CVE-2026-2786: Use-after-free in the JavaScript Engine component
  + CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component
  + CVE-2026-2787: Use-after-free in the DOM: Window and Location component
  + CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component
  + CVE-2026-2789: Use-after-free in the Graphics: ImageLib component
  + CVE-2026-2806: Uninitialized memory in the Graphics: Text component
  + CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component
  + CVE-2026-2791: Mitigation bypass in the Networking: Cache component
  + CVE-2026-2807: Memory safety bugs fixed in Firefox 148 and Thunderbird 148
  + CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
  + CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
Feb. 20, 2026 Ajrat Makhmutov 147.0.4-alt1
- New version (147.0.4).
- Fixes:
  + CVE-2026-2447: Heap buffer overflow in libvpx
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.2.2
Back to top