Пакет firefox: Информация

The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
- New release (68.0).
- Fixed:
  + CVE-2019-9811: Sandbox escape via installation of malicious language pack
  + CVE-2019-11711: Script injection within domain through inner window reuse
  + CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
  + CVE-2019-11713: Use-after-free with HTTP/2 cached stream
  + CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
  + CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  + CVE-2019-11715: HTML parsing error can contribute to content XSS
  + CVE-2019-11716: globalThis not enumerable until accessed
  + CVE-2019-11717: Caret character improperly escaped in origins
  + CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
  + CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
  + CVE-2019-11720: Character encoding XSS vulnerability
  + CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
  + CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
  + CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
  + CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
  + CVE-2019-11725: Websocket resources bypass safebrowsing protections
  + CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
  + CVE-2019-11728: Port scanning through Alt-Svc header
  + CVE-2019-11710: Memory safety bugs fixed in Firefox 68
  + CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
- Added ppc64le support.
- spec: cleaned up rpm-build internal macros.
- New release (67.0.4).
- Fixed:
 + CVE-2019-11708: sandbox escape using Prompt:Open

Пакет firefox: Информация

Последнее изменение