Package firefox-esr: Information

Source package: firefox-esr
Version: 91.6.0-alt1
Build time:  Feb 16, 2022, 07:25 PM in the task #295122
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=35ed6…
Home page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm:
firefox-esr (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-config-privacy (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
firefox-esr-wayland (x86_64, ppc64le, i586, armh, aarch64)
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
    1. libgtk+3-devel
    2. libhunspell-devel
    3. /proc
    4. libpulseaudio-devel
    5. libX11-devel
    6. libjpeg-devel
    7. libcairo-devel
    8. fontconfig-devel
    9. /dev/shm
    10. libXScrnSaver-devel
    11. libXcomposite-devel
    12. libvpx-devel
    13. libXcursor-devel
    14. libXdamage-devel
    15. libXext-devel
    16. libcurl-devel
    17. libXft-devel
    18. libXi-devel
    19. libdav1d-devel
    20. libdbus-devel
    21. python3-base
    22. libdbus-glib-devel
    23. libXt-devel
    24. rust >= 1.54.0
    25. libalsa-devel
    26. rust-cargo >= 1.54.0
    27. libaom-devel
    28. libshell
    29. libwireless-devel
    30. python3-module-pip
    31. libdrm-devel
    32. python3-module-setuptools
    33. libxkbcommon-devel
    34. python3-modules-sqlite3
    35. libevent-devel
    36. libffi-devel
    37. alternatives
    38. libfreetype-devel
    39. libstartup-notification-devel
    40. libstdc++-devel
    41. lld11.0-devel
    42. llvm11.0-devel
    43. pkgconfig(nspr) >= 4.32
    44. autoconf_2.13
    45. autoconf_2.13
    46. pkgconfig(nss) >= 3.69.0
    47. libnotify-devel
    48. libnss-devel-static
    49. unzip
    50. rpm-macros-alternatives
    51. browser-plugins-npapi-devel
    52. bzlib-devel
    53. rpm-build-mozilla.org
    54. mozilla-common-devel
    55. libopus-devel
    56. chrpath
    57. clang11.0
    58. clang11.0-devel
    59. nasm
    60. python-module-setuptools
    61. node
    62. python-modules-compiler
    63. python-modules-json
    64. python-modules-logging
    65. python-modules-sqlite3
    66. libpixman-devel
    67. zip
    68. gst-plugins1.0-devel
    69. libGL-devel
    70. libgio-devel
    71. xorg-cf-files
    72. gstreamer1.0-devel
    73. yasm
    74. libproxy-devel
    75. zlib-devel
    76. libgtk+2-devel

Last changed

Feb. 9, 2022 Pavel Vasenkov 91.6.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
  + CVE-2022-22754 Extensions could have bypassed permission confirmation during update
  + CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
  + CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
  + CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
  + CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
  + CVE-2022-22763 Script Execution during invalid object state
  + CVE-2022-22764 Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Jan. 27, 2022 Pavel Vasenkov 91.5.1-alt1
- New ESR version.
Jan. 11, 2022 Andrey Cherepanov 91.5.0-alt1
- New ESR version.
- Security fixes:
  + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
  + CVE-2022-22743 Browser window spoof using fullscreen mode
  + CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
  + CVE-2022-22741 Browser window spoof using fullscreen mode
  + CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
  + CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
  + CVE-2022-22737 Race condition when playing audio files
  + CVE-2021-4140 Iframe sandbox bypass with XSLT
  + CVE-2022-22748 Spoofed origin on external protocol launch dialog
  + CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
  + CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
  + CVE-2022-22747 Crash when handling empty pkcs7 sequence
  + CVE-2022-22739 Missing throttling on external protocol launch dialog
  + CVE-2022-22751 Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top