Репозиторій Sisyphus
Останнє оновлення: 2018-06-23 13:06:36 +0400 | Пакетів: 18576 | Sign in or Sign up
en ru uk br
ALT Linux repositories
згорнути вікно
Sisyphus: 60.0.2-alt2
p8: 52.8.0-alt0.M80P.1
p7: 45.9.0-alt0.M70P.1
t7: 45.9.0-alt0.M70P.1

Групa :: Мережі/WWW
Source RPM: firefox-esr

 Головна   Зміни   Спек   Patches   Sources   Завантажити   Gear   Bugs and FR (3/8)   Repocop 

Поточна версія: 60.0.2-alt2
Built: 5 дня назад
Розмір архіва: 257,5 МБ
Repocop status: ok

Домашня сторінка:   http://www.mozilla.org/projects/firefox/

Ліцензія: MPL/GPL/LGPL
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Опис:

The Mozilla Firefox project is a redesign of Mozilla's browser
component, written using the XUL user interface language and designed to
be cross-platform.

Поточний майнтейнер: Andrey Cherepanov

List of contributors: ACL: Перелік rpm-пакетів, що надаються цим srpm-пакетом:
  • firefox-esr
  • firefox-esr-debuginfo
Recent changes (last three changelog entries):

2018-06-18 Andrey Cherepanov <cas at altlinux.org> 60.0.2-alt2

    - Fix build for aarch64 (thanks legion@).

2018-06-11 Andrey Cherepanov <cas at altlinux.org> 60.0.2-alt1

    - New ESR version (60.0.2).
    - Fixed:
    + CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia

2018-06-05 Andrey Cherepanov <cas at altlinux.org> 60.0.1-alt1

    - New ESR version (60.0.1).
    - Fixed:
    + CVE-2018-5154: Use-after-free with SVG animations and clip paths
    + CVE-2018-5155: Use-after-free with SVG animations and text paths
    + CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
    + CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
    + CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
    + CVE-2018-5160: Uninitialized memory use by WebRTC encoder
    + CVE-2018-5152: WebExtensions information leak through webRequest API
    + CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
    + CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
    + CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
    + CVE-2018-5166: WebExtension host permission bypass through filterReponseData
    + CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
    + CVE-2018-5168: Lightweight themes can be installed without user interaction
    + CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
    + CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
    + CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
    + CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
    + CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
    + CVE-2018-5176: JSON Viewer script injection
    + CVE-2018-5177: Buffer overflow in XSLT during number formatting
    + CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
    + CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
    + CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
    + CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
    + CVE-2018-5151: Memory safety bugs fixed in Firefox 60
    + CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

 
© 2009–2018 Ігор Зубков