Package firefox: Information
Default inline alert: Version in the repository: 127.0-alt1
Source package: firefox
Version: 121.0-alt1
Build time: Dec 21, 2023, 04:59 AM in the task #336902
Category: Networking/WWW
Report package bugHome page: https://www.mozilla.org/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Description:
The Mozilla Firefox project is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform.
List of rpms provided by this srpm:
firefox (x86_64, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, armh, aarch64)
firefox (x86_64, armh, aarch64)
firefox-config-privacy (noarch)
firefox-debuginfo (x86_64, armh, aarch64)
Maintainer: Alexey Gladkov
List of contributors:
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
Alexey Gladkov
Sergey Bolshakov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
Konstantin Lepikhov
Last changed
Dec. 20, 2023 Alexey Gladkov 121.0-alt1
- New release (121.0). - Security fixes: + CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + CVE-2023-6135: NSS susceptible to "Minerva" attack + CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream + CVE-2023-6857: Symlinks may resolve to smaller than expected buffers + CVE-2023-6858: Heap buffer overflow in nsTextFragment + CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer + CVE-2023-6866: TypedArrays lack sufficient exception handling + CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation + CVE-2023-6867: Clickjacking permission prompts using the popup transition + CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode + CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID key + CVE-2023-6869: Content can paint outside of sandboxed iframe + CVE-2023-6870: Android Toast notifications may obscure fullscreen event notifications + CVE-2023-6871: Lack of protocol handler warning in some instances + CVE-2023-6872: Browsing history leaked to syslogs via GNOME + CVE-2023-6863: Undefined behavior in ShutdownObserver() + CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 + CVE-2023-6873: Memory safety bugs fixed in Firefox 121
Dec. 1, 2023 Alexey Gladkov 120.0.1-alt1
- New release (120.0.1).
Nov. 21, 2023 Alexey Gladkov 120.0-alt1
- New release (120.0). - Security fixes: + CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer + CVE-2023-6205: Use-after-free in MessagePort::Entangled + CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition + CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer + CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. + CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" + CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up + CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode + CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 + CVE-2023-6213: Memory safety bugs fixed in Firefox 120