Пакет firefox: Информация
Default inline alert: Версия в репозитории: 105.0.1-alt0.c9.1
Исходный пакет: firefox
Версия: 56.0-alt1
Собран: 16 октября 2017 г. 5:35 в задании #190760
Категория: Сети/WWW
Сообщить об ошибке в пакетеДомашняя страница: http://www.mozilla.org/projects/firefox/
Лицензия: MPL/GPL/LGPL
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Описание:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
Список rpm-пакетов, предоставляемых данным srpm-пакетом:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Сопровождающий: Alexey Gladkov
Последнее изменение
8 октября 2017 г. Alexey Gladkov 56.0-alt1
- New release (56.0). - Fixed: + CVE-2017-7793: Use-after-free with Fetch API + CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode + CVE-2017-7818: Use-after-free during ARIA array manipulation + CVE-2017-7819: Use-after-free while resizing images in design mode + CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE + CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes + CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files + CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings + CVE-2017-7813: Integer truncation in the JavaScript parser + CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces + CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations + CVE-2017-7816: WebExtensions can load about: URLs in extension UI + CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction + CVE-2017-7823: CSP sandbox directive did not create a unique origin + CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV + CVE-2017-7820: Xray wrapper bypass with new tab and web console + CVE-2017-7811: Memory safety bugs fixed in Firefox 56 + CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
29 августа 2017 г. Alexey Gladkov 55.0.3-alt1
- New release (55.0.3).
13 августа 2017 г. Alexey Gladkov 55.0.1-alt1
- New release (55.0.1). - Fixed: + CVE-2017-7798: XUL injection in the style editor in devtools + CVE-2017-7800: Use-after-free in WebSockets during disconnection + CVE-2017-7801: Use-after-free with marquee during window resizing + CVE-2017-7809: Use-after-free while deleting attached editor DOM node + CVE-2017-7784: Use-after-free with image observers + CVE-2017-7802: Use-after-free resizing image elements + CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM + CVE-2017-7786: Buffer overflow while painting non-displayable SVG + CVE-2017-7806: Use-after-free in layer manager with SVG + CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements + CVE-2017-7787: Same-origin policy bypass with iframes through page reloads + CVE-2017-7807: Domain hijacking through AppCache fallback + CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID + CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher + CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts + CVE-2017-7808: CSP information leak with frame-ancestors containing paths + CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections + CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates + CVE-2017-7794: Linux file truncation via sandbox broker + CVE-2017-7803: CSP containing 'sandbox' improperly applied + CVE-2017-7799: Self-XSS XUL injection in about:webrtc + CVE-2017-7783: DOS attack through long username in URL + CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives + CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection + CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values + CVE-2017-7796: Windows updater can delete any file named update.log + CVE-2017-7797: Response header name interning leaks across origins + CVE-2017-7780: Memory safety bugs fixed in Firefox 55 + CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3