Пакет firefox: Информация

Исходный пакет: firefox
Версия: 51.0.1-alt1
Собран:  6 февраля 2017 г. 18:33 в задании #177393
Категория: Сети/WWW
Сообщить об ошибке в пакете
Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=f62d94b91…
Домашняя страница: http://www.mozilla.org/projects/firefox/
Лицензия: MPL/GPL/LGPL
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Описание: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
Список rpm-пакетов, предоставляемых данным srpm-пакетом:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Сопровождающий: Alexey Gladkov
Список участников:
Alexey Gladkov
Ivan Zakharyaschev
Konstantin Lepikhov
    1. libX11-devel
    2. libhunspell-devel
    3. libXScrnSaver-devel
    4. libicu-devel
    5. fontconfig-devel
    6. libpulseaudio-devel
    7. imake
    8. libXcomposite-devel
    9. libcairo-devel
    10. libXdamage-devel
    11. libjpeg-devel
    12. libvpx-devel
    13. libXext-devel
    14. libXft-devel
    15. libcurl-devel
    16. libXt-devel
    17. gcc-c++
    18. libwireless-devel
    19. libalsa-devel
    20. libevent-devel
    21. libshell
    22. libffi-devel
    23. libfreetype-devel
    24. libstartup-notification-devel
    25. pkgconfig(nspr) >= 4.13.1
    26. pkgconfig(nss) >= 3.28.1
    27. alternatives
    28. makedepend
    29. python-module-distribute
    30. autoconf_2.13
    31. autoconf_2.13
    32. libnotify-devel
    33. unzip
    34. libnss-devel-static
    35. doxygen
    36. python-modules-compiler
    37. python-modules-json
    38. rpm-build-mozilla.org
    39. mozilla-common-devel
    40. python-modules-logging
    41. python-modules-sqlite3
    42. libgio-devel
    43. bzlib-devel
    44. libopus-devel
    45. browser-plugins-npapi-devel
    46. xorg-cf-files
    47. chrpath
    48. rpm-macros-alternatives
    49. glibc-kernheaders
    50. gst-plugins1.0-devel
    51. gstreamer1.0-devel
    52. yasm
    53. zip
    54. libIDL-devel
    55. zlib-devel
    56. libGL-devel
    57. libgtk+2-devel
    58. libgtk+3-devel
    59. libpixman-devel
    60. libproxy-devel

Последнее изменение

30 января 2017 г. Alexey Gladkov 51.0.1-alt1
- New release (51.0.1).
- Fixed:
  + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
  + CVE-2017-5376: Use-after-free in XSL
  + CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
  + CVE-2017-5378: Pointer and frame data leakage of Javascript objects
  + CVE-2017-5379: Use-after-free in Web Animations
  + CVE-2017-5380: Potential use-after-free during DOM manipulations
  + CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
  + CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
  + CVE-2017-5396: Use-after-free with Media Decoder
  + CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
  + CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
  + CVE-2017-5383: Location bar spoofing with unicode characters
  + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
  + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
  + CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
  + CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
  + CVE-2017-5391: Content about: pages can load privileged about: pages
  + CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
  + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
  + CVE-2017-5395: Android location bar spoofing during scrolling
  + CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
  + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
  + CVE-2017-5374: Memory safety bugs fixed in Firefox 51
  + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
15 декабря 2016 г. Alexey Gladkov 50.1.0-alt1
- New release (50.1.0).
- Fixed:
  + CVE-2016-9894: Buffer overflow in SkiaGL
  + CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
  + CVE-2016-9895: CSP bypass using marquee tag
  + CVE-2016-9896: Use-after-free with WebVR
  + CVE-2016-9897: Memory corruption in libGLES
  + CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
  + CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
  + CVE-2016-9904: Cross-origin information leak in shared atoms
  + CVE-2016-9901: Data from Pocket server improperly sanitized before execution
  + CVE-2016-9902: Pocket extension does not validate the origin of events
  + CVE-2016-9903: XSS injection vulnerability in add-ons SDK
  + CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
  + CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
6 декабря 2016 г. Ivan Zakharyaschev 50.0.2-alt2
- Precise calculation of the dependency on libgtk symbols (ALT#32297) and
  strict verification of unresolved symbols. (Thx legion@ for the original
  hack, which had to be removed in 44.0.2-alt3, but found to be restorable
  by ruslandh@'s work on strict unresolved symbols verification in palemoon.)
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.3
Наверх