Package firefox-esr: Information

Source package: firefox-esr
Version: 115.8.0-alt1
Build time:  Mar 5, 2024, 08:25 PM in the task #341263
Category: Networking/WWW
Report package bug
Gear: https://git.altlinux.org/gears/f/firefox-esr.git?a=tree;hb=0a5ee…
Home page: http://www.mozilla.org/projects/firefox/
License: MPL-2.0
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser (ESR version)
Description: 
The Mozilla Firefox project is a redesign of Mozilla's browser component,
written using the XUL user interface language and designed to be
cross-platform.
List of rpms provided by this srpm:
firefox-esr (x86_64, i586, armh, aarch64)
firefox-esr-config-privacy (x86_64, i586, armh, aarch64)
firefox-esr-debuginfo (x86_64, i586, armh, aarch64)
firefox-esr-wayland (x86_64, i586, armh, aarch64)
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Alexey Sheplyakov
Grigory Ustinov
Andrey Cherepanov
Alexey Gladkov
Gleb Fotengauer-Malinovskiy
Ivan Zakharyaschev
    1. /dev/shm
    2. libshell
    3. /proc
    4. fontconfig-devel
    5. libstartup-notification-devel
    6. libstdc++-devel
    7. alternatives
    8. autoconf_2.13
    9. autoconf_2.13
    10. libvpx-devel
    11. browser-plugins-npapi-devel
    12. libwireless-devel
    13. bzlib-devel
    14. libxkbcommon-devel
    15. chrpath
    16. clang15.0
    17. clang15.0-devel
    18. lld15.0-devel
    19. llvm15.0-devel
    20. glibc-kernheaders-generic
    21. mozilla-common-devel
    22. nasm
    23. gst-plugins1.0-devel
    24. gstreamer1.0-devel
    25. node
    26. pkgconfig(alsa)
    27. pkgconfig(aom)
    28. pkgconfig(bzip2)
    29. pkgconfig(cairo)
    30. pkgconfig(dav1d)
    31. pkgconfig(dbus-1)
    32. pkgconfig(dbus-glib-1)
    33. pkgconfig(dri)
    34. pkgconfig(fontconfig)
    35. pkgconfig(freetype2)
    36. pkgconfig(gio-2.0)
    37. libGL-devel
    38. pkgconfig(graphite2)
    39. pkgconfig(gtk+-2.0)
    40. pkgconfig(gtk+-3.0)
    41. pkgconfig(harfbuzz)
    42. pkgconfig(hunspell)
    43. pkgconfig(icu-i18n)
    44. pkgconfig(libcurl)
    45. pkgconfig(libdrm)
    46. pkgconfig(libevent)
    47. pkgconfig(libffi)
    48. pkgconfig(libjpeg)
    49. pkgconfig(libnotify)
    50. pkgconfig(libproxy-1.0)
    51. pkgconfig(libpulse)
    52. pkgconfig(libstartup-notification-1.0)
    53. pkgconfig(nspr) >= 4.35
    54. pkgconfig(nss) >= 3.86
    55. pkgconfig(opus)
    56. pkgconfig(pixman-1)
    57. pkgconfig(vpx)
    58. python3-base
    59. pkgconfig(x11)
    60. pkgconfig(xcomposite)
    61. pkgconfig(xcursor)
    62. pkgconfig(xdamage)
    63. pkgconfig(xext)
    64. pkgconfig(xft)
    65. pkgconfig(xi)
    66. pkgconfig(xkbcommon)
    67. pkgconfig(xrandr)
    68. pkgconfig(xscrnsaver)
    69. pkgconfig(xt)
    70. pkgconfig(xtst)
    71. pkgconfig(zlib)
    72. python3(click)
    73. rpm-build-mozilla.org
    74. rpm-macros-alternatives
    75. python3(curses)
    76. libX11-devel
    77. libXScrnSaver-devel
    78. libXcomposite-devel
    79. libXcursor-devel
    80. libXdamage-devel
    81. libXext-devel
    82. libXft-devel
    83. libXi-devel
    84. libXt-devel
    85. libalsa-devel
    86. libaom-devel
    87. python3(hamcrest)
    88. python3(imp)
    89. libcairo-devel
    90. libgtk+2-devel
    91. libgtk+3-devel
    92. libgio-devel
    93. libdrm-devel
    94. libcurl-devel
    95. python3(pip)
    96. libevent-devel
    97. libnotify-devel
    98. libpixman-devel
    99. libdav1d-devel
    100. libhunspell-devel
    101. python3(setuptools)
    102. python3(sqlite3)
    103. rust >= 1.65.0
    104. libdbus-devel
    105. rust-cargo >= 1.65.0
    106. unzip
    107. libffi-devel
    108. libjpeg-devel
    109. libdbus-glib-devel
    110. libnss-devel-static
    111. libfreetype-devel
    112. libproxy-devel
    113. xorg-cf-files
    114. yasm
    115. libpulseaudio-devel
    116. zip
    117. zlib-devel
    118. libopus-devel

Last changed

Feb. 21, 2024 Pavel Vasenkov 115.8.0-alt1
- New ESR version.
- Security fixes
  + CVE-2024-1546 Out-of-bounds memory read in networking channels
  + CVE-2024-1547 Alert dialog could have been spoofed on another site
  + CVE-2024-1548 Fullscreen Notification could have been hidden by select element
  + CVE-2024-1549 Custom cursor could obscure the permission dialog
  + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts
  + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices
  + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
Feb. 6, 2024 Alexey Sheplyakov 115.7.0-alt2
- Reverted malicious upstream commit
  https://hg.mozilla.org/integration/autoland/rev/a03a9c72d1db3716adffc6968cfb6eb43c6fcd74
  which forces firefox to autoremove yandex, mail.ru, vk search extensions.
  Note: reverting that (and some similar) commit is a necessary condition to
  make firefox obey the search engine settings specified in policies.json.
  Alas it might be not enough. The problem is that firefox is tightly
  integrated with services provided by Mozilla corporation, such as bookmark
  sync, telemetry, captive portal detection, you name it. Reportedly a similar
  malware has been deployed there, thus yandex search extension (or in fact any
  extension) can be removed remotely (that is, without user consent) if the user
  is signed in into mozilla account, sends telemetry data to mozilla, etc.
  Perhaps it's time to make unmozilla firefox (similarly to ungoogled chromium).
- policies.json: use yandex search by default (Closes: #43516).
Feb. 4, 2024 Pavel Vasenkov 115.7.0-alt1
- New ESR version.
- Security fixes
  + CVE-2024-0741 Out of bounds write in ANGLE
  + CVE-2024-0742 Failure to update user input timestamp
  + CVE-2024-0746 Crash when listing printers on Linux
  + CVE-2024-0747 Bypass of Content Security Policy when directive unsafe-inline was set
  + CVE-2024-0749 Phishing site popup could show local origin in address bar
  + CVE-2024-0750 Potential permissions request bypass via clickjacking
  + CVE-2024-0751 Privilege escalation through devtools
  + CVE-2024-0753 HSTS policy on subdomain could bypass policy of upper domain
  + CVE-2024-0755 Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top