Пакет firefox: Информация

Исходный пакет: firefox
Версия: 55.0.1-alt1
Собран:  15 августа 2017 г. 3:32 в задании #187059
Категория: Сети/WWW
Сообщить об ошибке в пакете
Gear: https://git.altlinux.org/gears/f/firefox.git?a=tree;hb=1bc74fec4…
Домашняя страница: http://www.mozilla.org/projects/firefox/
Лицензия: MPL/GPL/LGPL
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Описание: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
Список rpm-пакетов, предоставляемых данным srpm-пакетом:
firefox (x86_64, i586)
firefox-debuginfo (x86_64, i586)
rpm-build-firefox (noarch)
Сопровождающий: Alexey Gladkov
Список участников:
Alexey Gladkov
Ivan Zakharyaschev
Konstantin Lepikhov
    1. libalsa-devel
    2. libvpx-devel
    3. libcurl-devel
    4. /dev/shm
    5. libwireless-devel
    6. alternatives
    7. libevent-devel
    8. /proc
    9. libshell
    10. autoconf_2.13
    11. autoconf_2.13
    12. libffi-devel
    13. libstartup-notification-devel
    14. libfreetype-devel
    15. browser-plugins-npapi-devel
    16. bzlib-devel
    17. pkgconfig(nspr) >= 4.13.1
    18. pkgconfig(nss) >= 3.28.1
    19. chrpath
    20. rust
    21. rust-cargo
    22. libGL-devel
    23. makedepend
    24. libIDL-devel
    25. rpm-build-mozilla.org
    26. rpm-macros-alternatives
    27. libgio-devel
    28. mozilla-common-devel
    29. libnotify-devel
    30. libnss-devel-static
    31. python-module-distribute
    32. glibc-kernheaders
    33. doxygen
    34. libX11-devel
    35. libcairo-devel
    36. unzip
    37. libopus-devel
    38. libXScrnSaver-devel
    39. libXcomposite-devel
    40. libXdamage-devel
    41. libXext-devel
    42. libXft-devel
    43. python-modules-compiler
    44. python-modules-json
    45. python-modules-logging
    46. python-modules-sqlite3
    47. libgtk+2-devel
    48. libXt-devel
    49. libgtk+3-devel
    50. xorg-cf-files
    51. libhunspell-devel
    52. yasm
    53. fontconfig-devel
    54. libjpeg-devel
    55. zip
    56. zlib-devel
    57. gst-plugins1.0-devel
    58. gstreamer1.0-devel
    59. libpixman-devel
    60. libproxy-devel
    61. libpulseaudio-devel
    62. imake
    63. gcc-c++

Последнее изменение

13 августа 2017 г. Alexey Gladkov 55.0.1-alt1
- New release (55.0.1).
- Fixed:
  + CVE-2017-7798: XUL injection in the style editor in devtools
  + CVE-2017-7800: Use-after-free in WebSockets during disconnection
  + CVE-2017-7801: Use-after-free with marquee during window resizing
  + CVE-2017-7809: Use-after-free while deleting attached editor DOM node
  + CVE-2017-7784: Use-after-free with image observers
  + CVE-2017-7802: Use-after-free resizing image elements
  + CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
  + CVE-2017-7786: Buffer overflow while painting non-displayable SVG
  + CVE-2017-7806: Use-after-free in layer manager with SVG
  + CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
  + CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
  + CVE-2017-7807: Domain hijacking through AppCache fallback
  + CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
  + CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
  + CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
  + CVE-2017-7808: CSP information leak with frame-ancestors containing paths
  + CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
  + CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
  + CVE-2017-7794: Linux file truncation via sandbox broker
  + CVE-2017-7803: CSP containing 'sandbox' improperly applied
  + CVE-2017-7799: Self-XSS XUL injection in about:webrtc
  + CVE-2017-7783: DOS attack through long username in URL
  + CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
  + CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
  + CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
  + CVE-2017-7796: Windows updater can delete any file named update.log
  + CVE-2017-7797: Response header name interning leaks across origins
  + CVE-2017-7780: Memory safety bugs fixed in Firefox 55
  + CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
12 июля 2017 г. Alexey Gladkov 54.0.1-alt1
- New release (54.0.1).
25 июня 2017 г. Alexey Gladkov 54.0-alt1
- New release (54.0).
- Fixed:
  + CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
  + CVE-2017-7749: Use-after-free during docshell reloading
  + CVE-2017-7750: Use-after-free with track elements
  + CVE-2017-7751: Use-after-free with content viewer listeners
  + CVE-2017-7752: Use-after-free with IME input
  + CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
  + CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
  + CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
  + CVE-2017-7757: Use-after-free in IndexedDB
  + CVE-2017-7778: Vulnerabilities in the Graphite 2 library
  + CVE-2017-7758: Out-of-bounds read in Opus encoder
  + CVE-2017-7759: Android intent URLs can cause navigation to local file system
  + CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
  + CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
  + CVE-2017-7762: Addressbar spoofing in Reader mode
  + CVE-2017-7763: Mac fonts render some unicode characters as spaces
  + CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
  + CVE-2017-7765: Mark of the Web bypass when saving executable files
  + CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
  + CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
  + CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
  + CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
  + CVE-2017-5471: Memory safety bugs fixed in Firefox 54
  + CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.1
Наверх