Репозиторий Sisyphus
Последнее обновление: 2017-03-30 20:07:16 +0400 | Пакетов: 17794 | Войти или Зарегистрироватся
en ru uk br
Репозитории ALT Linux
свернуть окно
Sisyphus: 52.0-alt1
p8: 52.0-alt0.M80P.1
p7: 45.8.0-alt0.M70P.1
t7: 45.8.0-alt0.M70P.1
Platform6: 17.0.11-alt0.M60P.1
t6: 17.0.11-alt0.M60P.1
Platform5: 10.0.12-alt0.M50P.1
5.0: 3.0.9-alt1.M50.1
4.1: 3.0.9-alt0.M41.1
4.0: 2.0.0.18-alt0.M40.1

Группа :: Сети/WWW
Source RPM: firefox

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR (27/155)   Repocop 

Текущая версия: 52.0-alt1
Собрано: 10 дня назад
Размер архива: 204,8 МБ
Repocop status: ok

Домашняя страница:   http://www.mozilla.org/projects/firefox/

Лицензия: MPL/GPL/LGPL
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Описание:

The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.

Текущий майнтейнер: Alexey Gladkov

Список всех майнтейнеров, принимавших участие
в данной и/или предыдущих сборках пакета:
ACL: Список rpm-пакетов, предоставляемый данным srpm-пакетом:
  • firefox
  • firefox-debuginfo
  • rpm-build-firefox
Recent changes (last three changelog entries):

2017-03-15 Alexey Gladkov <legion at altlinux.ru> 52.0-alt1

    - New release (52.0).
    - Built with internal icu.
    - Fixed:
    + CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
    + CVE-2017-5401: Memory Corruption when handling ErrorResult
    + CVE-2017-5402: Use-after-free working with events in FontFace objects
    + CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
    + CVE-2017-5404: Use-after-free working with ranges in selections
    + CVE-2017-5406: Segmentation fault in Skia with canvas operations
    + CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
    + CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
    + CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
    + CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
    + CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
    + CVE-2017-5412: Buffer overflow read in SVG filters
    + CVE-2017-5413: Segmentation fault during bidirectional operations
    + CVE-2017-5414: File picker can choose incorrect default directory
    + CVE-2017-5415: Addressbar spoofing through blob URL
    + CVE-2017-5416: Null dereference crash in HttpChannel
    + CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
    + CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
    + CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
    + CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
    + CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
    + CVE-2017-5419: Repeated authentication prompts lead to DOS attack
    + CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
    + CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
    + CVE-2017-5421: Print preview spoofing
    + CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
    + CVE-2017-5399: Memory safety bugs fixed in Firefox 52
    + CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

2017-02-08 Alexey Gladkov <legion at altlinux.ru> 51.0.1-alt2

    - Remove RPATH but began to use LD_LIBRARY_PATH (ALT#33085).

2017-01-30 Alexey Gladkov <legion at altlinux.ru> 51.0.1-alt1

    - New release (51.0.1).
    - Fixed:
    + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
    + CVE-2017-5376: Use-after-free in XSL
    + CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
    + CVE-2017-5378: Pointer and frame data leakage of Javascript objects
    + CVE-2017-5379: Use-after-free in Web Animations
    + CVE-2017-5380: Potential use-after-free during DOM manipulations
    + CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
    + CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
    + CVE-2017-5396: Use-after-free with Media Decoder
    + CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
    + CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
    + CVE-2017-5383: Location bar spoofing with unicode characters
    + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
    + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
    + CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
    + CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
    + CVE-2017-5391: Content about: pages can load privileged about: pages
    + CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
    + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
    + CVE-2017-5395: Android location bar spoofing during scrolling
    + CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
    + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
    + CVE-2017-5374: Memory safety bugs fixed in Firefox 51
    + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

 
© 2009–2016 Игорь Зубков