Пакет firefox-esr: Информация

The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
- Fix last changelog according to https://www.altlinux.org/Vulnerability_Policy.
- New ESR version (68.3.0).
- Fixed:
  + CVE-2019-17008 Use-after-free in worker destruction
  + CVE-2019-13722 Stack corruption due to incorrect number of arguments in WebRTC code
  + CVE-2019-11745 Out of bounds write in NSS when encrypting with a block cipher
  + CVE-2019-17009 Updater temporary files accessible to unprivileged processes
  + CVE-2019-17010 Use-after-free when performing device orientation checks
  + CVE-2019-17005 Buffer overflow in plain text serializer
  + CVE-2019-17011 Use-after-free when retrieving a document in antitracking
  + CVE-2019-17012 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
- New ESR version (68.2.0).
- Fixed:
  + CVE-2019-15903 Heap overflow in expat library in XML_GetCurrentLineNumber
  + CVE-2019-11757 Use-after-free when creating index updates in IndexedDB
  + CVE-2019-11758 Potentially exploitable crash due to 360 Total Security
  + CVE-2019-11759 Stack buffer overflow in HKDF output
  + CVE-2019-11760 Stack buffer overflow in WebRTC networking
  + CVE-2019-11761 Unintended access to a privileged JSONView object
  + CVE-2019-11762 document.domain-based origin isolation has same-origin-property violation
  + CVE-2019-11763 Incorrect HTML parsing results in XSS bypass technique
  + CVE-2019-11764 Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

Пакет firefox-esr: Информация

Последнее изменение