Пакет firefox-esr: Информация

Исходный пакет: firefox-esr
Версия: 91.11.0-alt1
Собран:  29 июня 2022 г. 20:04
 в задании #302834
Категория: Сети/WWW
Сообщить об ошибке в пакете
Лицензия: MPL-2.0 
О пакете:  The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
Список rpm-пакетов, предоставляемых данным srpm-пакетом: 
firefox-esr (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-config-privacy (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-wayland (x86_64, ppc64le, i586, armh, aarch64)
Сопровождающий: Andrey Cherepanov
Список участников: 
Pavel Vasenkov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev

Права: Andrey CherepanovPavel Vasenkov,  @everybody
Последние изменения:
29 июня 2022 г. Pavel Vasenkov 91.11.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-34479 A popup window could be resized in a way to overlay the address bar with web content
  + CVE-2022-34470 Use-after-free in nsSHistory
  + CVE-2022-34468 CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
  + CVE-2022-34481 Potential integer overflow in ReplaceElementsAt
  + CVE-2022-31744 CSP bypass enabling stylesheet injection
  + CVE-2022-34472 Unavailable PAC file resulted in OCSP requests being blocked
  + CVE-2022-34478 Microsoft protocols can be attacked if a user accepts a prompt
  + CVE-2022-2200 Undesired attributes could be set as part of prototype pollution
  + CVE-2022-34484 Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
3 июня 2022 г. Pavel Vasenkov 91.10.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-31736 Cross-Origin resource's length leaked
  + CVE-2022-31737 Heap buffer overflow in WebGL
  + CVE-2022-31738 Browser window spoof using fullscreen mode
  + CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files
  + CVE-2022-31740 Register allocation problem in WASM on arm64
  + CVE-2022-31741 Uninitialized variable leads to invalid memory read
  + CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
  + CVE-2022-31747 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
22 мая 2022 г. Pavel Vasenkov 91.9.1-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-1802 Prototype pollution in Top-Level Await implementation
  + CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution