Пакет firefox: Информация
Default inline alert: Версия в репозитории: 112.0.2-alt0.p10.1
Исходный пакет: firefox
Версия: 51.0.1-alt1
Собран: 6 февраля 2017 г. 18:33 в задании #177393
Категория: Сети/WWW
Сообщить об ошибке в пакетеДомашняя страница: http://www.mozilla.org/projects/firefox/
Лицензия: MPL/GPL/LGPL
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Описание:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
Список rpm-пакетов, предоставляемых данным srpm-пакетом:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Сопровождающий: Alexey Gladkov
Последнее изменение
30 января 2017 г. Alexey Gladkov 51.0.1-alt1
- New release (51.0.1). - Fixed: + CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP + CVE-2017-5376: Use-after-free in XSL + CVE-2017-5377: Memory corruption with transforms to create gradients in Skia + CVE-2017-5378: Pointer and frame data leakage of Javascript objects + CVE-2017-5379: Use-after-free in Web Animations + CVE-2017-5380: Potential use-after-free during DOM manipulations + CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer + CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests + CVE-2017-5396: Use-after-free with Media Decoder + CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations + CVE-2017-5382: Feed preview can expose privileged content errors and exceptions + CVE-2017-5383: Location bar spoofing with unicode characters + CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) + CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers + CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions + CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events + CVE-2017-5391: Content about: pages can load privileged about: pages + CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage + CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager + CVE-2017-5395: Android location bar spoofing during scrolling + CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages + CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks + CVE-2017-5374: Memory safety bugs fixed in Firefox 51 + CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
15 декабря 2016 г. Alexey Gladkov 50.1.0-alt1
- New release (50.1.0). - Fixed: + CVE-2016-9894: Buffer overflow in SkiaGL + CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements + CVE-2016-9895: CSP bypass using marquee tag + CVE-2016-9896: Use-after-free with WebVR + CVE-2016-9897: Memory corruption in libGLES + CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees + CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs + CVE-2016-9904: Cross-origin information leak in shared atoms + CVE-2016-9901: Data from Pocket server improperly sanitized before execution + CVE-2016-9902: Pocket extension does not validate the origin of events + CVE-2016-9903: XSS injection vulnerability in add-ons SDK + CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 + CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
6 декабря 2016 г. Ivan Zakharyaschev 50.0.2-alt2
- Precise calculation of the dependency on libgtk symbols (ALT#32297) and strict verification of unresolved symbols. (Thx legion@ for the original hack, which had to be removed in 44.0.2-alt3, but found to be restorable by ruslandh@'s work on strict unresolved symbols verification in palemoon.)