Группа :: Сети/WWW
Пакет: firefox-esr
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
29 сентября 2023 Pavel Vasenkov <pav at altlinux.org> 115.3.1-alt1
- New ESR version.
- Security fixes
+ CVE-2023-5168 Out-of-bounds write in FilterNodeD2D1
+ CVE-2023-5169 Out-of-bounds write in PathOps
+ CVE-2023-5171 Use-after-free in Ion Compiler
+ CVE-2023-5174 Double-free in process spawning on Windows
+ CVE-2023-5176 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
+ CVE-2023-5217 Heap buffer overflow in libvpx
- Restored build for 32bit archs
- New ESR version.
- Security fixes
+ CVE-2023-3600 Use-after-free in workers
+ CVE-2023-4045 Offscreen Canvas could have bypassed cross-origin restrictions
+ CVE-2023-4046 Incorrect value used during WASM compilation
+ CVE-2023-4047 Potential permissions request bypass via clickjacking
+ CVE-2023-4048 Crash in DOMParser due to out-of-memory conditions
+ CVE-2023-4049 Fix potential race conditions when releasing platform objects
+ CVE-2023-4050 Stack buffer overflow in StorageManager
+ CVE-2023-4052 File deletion and privilege escalation through Firefox uninstaller
+ CVE-2023-4054 Lack of warning when opening appref-ms files
+ CVE-2023-4055 Cookie jar overflow caused unexpected cookie jar state
+ CVE-2023-4056 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
+ CVE-2023-4057 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
+ CVE-2023-4573 Memory corruption in IPC CanvasTranslator
+ CVE-2023-4574 Memory corruption in IPC ColorPickerShownCallback
+ CVE-2023-4575 Memory corruption in IPC FilePickerShownCallback
+ CVE-2023-4576 Integer Overflow in RecordedSourceSurfaceCreation
+ CVE-2023-4577 Memory corruption in JIT UpdateRegExpStatics
+ CVE-2023-4051 Full screen notification obscured by file open dialog
+ CVE-2023-4578 Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
+ CVE-2023-4053 Full screen notification obscured by external program
+ CVE-2023-4580 Push notifications saved to disk unencrypted
+ CVE-2023-4581 XLL file extensions were downloadable without warnings
+ CVE-2023-4582 Buffer Overflow in WebGL glGetProgramiv
+ CVE-2023-4583 Browsing Context potentially not cleared when closing Private Window
+ CVE-2023-4584 Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
+ CVE-2023-4585 Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
+ CVE-2023-4863 Heap buffer overflow in libwebp
- Fixes: Unstable name collisions
Build failure with GCC 13
- New ESR version.
- Security fixes
+ CVE-2023-34414 Click-jacking certificate exceptions through rendering lag
+ CVE-2023-34416 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
- New ESR version.
- Security fixes
+ CVE-2023-32205 Browser prompts could have been obscured by popups
+ CVE-2023-32206 Crash in RLBox Expat driver
+ CVE-2023-32207 Potential permissions request bypass via clickjacking
+ CVE-2023-32211 Content process crash due to invalid wasm code
+ CVE-2023-32212 Potential spoof due to obscured address bar
+ CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
+ CVE-2023-32214 Potential DoS via exposed protocol handlers
+ CVE-2023-32215 Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
- New ESR version.
- Security fixes
+ CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
+ CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
+ CVE-2023-29533 Fullscreen notification obscured
+ CVE-2023-1999 Double-free in libwebp
+ CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
+ CVE-2023-29536 Invalid free from JavaScript code
+ CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
+ CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
+ CVE-2023-29542 Bypass of file download extension restrictions
+ CVE-2023-29545 Windows Save As dialog resolved environment variables
+ CVE-2023-1945 Memory Corruption in Safe Browsing Code
+ CVE-2023-29548 Incorrect optimization result on ARM64
+ CVE-2023-29550 Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
- New ESR version.
- Security fixes
+ CVE-2023-25751 Incorrect code generation during JIT compilation
+ CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
+ CVE-2023-28162 Invalid downcast in Worklets
+ CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
+ CVE-2023-28163 Windows Save As dialog resolved environment variables
+ CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- New ESR version.
- Security fixes
+ CVE-2023-25728 Content security policy leak in violation reports using iframes
+ CVE-2023-25730 Screen hijack via browser fullscreen mode
+ CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
+ CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
+ CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
+ CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
+ CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ CVE-2023-25729 Extensions could have opened external schemes without user knowledge
+ CVE-2023-25732 Out of bounds memory write from EncodeInputStream
+ CVE-2023-25734 Opening local .url files could cause unexpected network loads
+ CVE-2023-25742 Web Crypto ImportKey crashes tab
+ CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
+ CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8
- New ESR version.
- Security fixes
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
- New ESR version.
- Security fixes
+ CVE-2022-46880 Use-after-free in WebGL
+ CVE-2022-46872 Arbitrary file read from a compromised content process
+ CVE-2022-46881 Memory corruption in WebGL
+ CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions
+ CVE-2022-46875 Download Protections were bypassed by .atloc and .ftploc files on Mac OS
+ CVE-2022-46882 Use-after-free in WebGL
+ CVE-2022-46878 Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
- Build with llvm-version 12 instead llvm-version 13 (Closes: #44436)
- New ESR version.
- Security fixes:
+ CVE-2022-45403 Service Workers might have learned size of cross-origin media files
+ CVE-2022-45404 Fullscreen notification bypass
+ CVE-2022-45405 Use-after-free in InputStream implementation
+ CVE-2022-45406 Use-after-free of a JavaScript Realm
+ CVE-2022-45408 Fullscreen notification bypass via windowName
+ CVE-2022-45409 Use-after-free in Garbage Collection
+ CVE-2022-45410 ServiceWorker-intercepted requests bypassed SameSite cookie policy
+ CVE-2022-45411 Cross-Site Tracing was possible via non-standard override headers
+ CVE-2022-45412 Symlinks may resolve to partially uninitialized buffers
+ CVE-2022-45416 Keystroke Side-Channel Leakage
+ CVE-2022-45418 Custom mouse cursor could have been drawn over browser UI
+ CVE-2022-45420 Iframe contents could be rendered outside the iframe
+ CVE-2022-45421 Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
- New ESR version.
- Security fixes:
+ CVE-2022-42927 Same-origin policy violation could have leaked cross-origin URLs
+ CVE-2022-42928 Memory Corruption in JS Engine
+ CVE-2022-42929 Denial of Service via window.print
+ CVE-2022-42932 Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4
- New ESR version.
- Security fixes:
+ CVE-2022-3266 Out of bounds read when decoding H264
+ CVE-2022-40959 Bypassing FeaturePolicy restrictions on transient pages
+ CVE-2022-40960 Data-race when parsing non-UTF-8 URLs in threads
+ CVE-2022-40958 Bypassing Secure Context restriction for cookies with __Host and __Secure prefix
+ CVE-2022-40956 Content-Security-Policy base-uri bypass
+ CVE-2022-40957 Incoherent instruction cache when building WASM on ARM64
+ CVE-2022-40962 Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
- Update language support
- New ESR version.
- Security fixes:
+ CVE-2022-38472 Address bar spoofing via XSLT error handling
+ CVE-2022-38473 Cross-origin XSLT Documents would have inherited the parent's permissions
+ CVE-2022-38476 Data race and potential use-after-free in PK11_ChangePW
+ CVE-2022-38477 Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
+ CVE-2022-38478 Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13
- New ESR version.
- Security fixes:
+ CVE-2022-36319 Mouse Position spoofing with CSS transforms
+ CVE-2022-36318 Directory indexes for bundled resources reflected URL parameters
+ CVE-2022-36314 Opening local <code>.lnk</code> files could cause unexpected network loads
+ CVE-2022-2505 Memory safety bugs fixed in Firefox 103 and 102.1
- New ESR version.
- Security fixes:
+ CVE-2022-34479 A popup window could be resized in a way to overlay the address bar with web content
+ CVE-2022-34470 Use-after-free in nsSHistory
+ CVE-2022-34468 CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
+ CVE-2022-34481 Potential integer overflow in ReplaceElementsAt
+ CVE-2022-31744 CSP bypass enabling stylesheet injection
+ CVE-2022-34472 Unavailable PAC file resulted in OCSP requests being blocked
+ CVE-2022-34478 Microsoft protocols can be attacked if a user accepts a prompt
+ CVE-2022-2200 Undesired attributes could be set as part of prototype pollution
+ CVE-2022-34484 Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
- New ESR version.
- Security fixes:
+ CVE-2022-31736 Cross-Origin resource's length leaked
+ CVE-2022-31737 Heap buffer overflow in WebGL
+ CVE-2022-31738 Browser window spoof using fullscreen mode
+ CVE-2022-31739 Attacker-influenced path traversal when saving downloaded files
+ CVE-2022-31740 Register allocation problem in WASM on arm64
+ CVE-2022-31741 Uninitialized variable leads to invalid memory read
+ CVE-2022-31742 Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information
+ CVE-2022-31747 Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
- New ESR version.
- Security fixes:
+ CVE-2022-1802 Prototype pollution in Top-Level Await implementation
+ CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution
- New ESR version.
- Security fixes:
+ CVE-2022-29914 Fullscreen notification bypass using popups
+ CVE-2022-29909 Bypassing permission prompt in nested browsing contexts
+ CVE-2022-29916 Leaking browser history with CSS variables
+ CVE-2022-29911 iframe Sandbox bypass
+ CVE-2022-29912 Reader mode bypassed SameSite cookies
+ CVE-2022-29917 Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
- New ESR version.
- Security fixes:
+ CVE-2022-1097 Use-after-free in NSSToken objects
+ CVE-2022-28281 Out of bounds write due to unexpected WebAuthN Extensions
+ CVE-2022-1196 Use-after-free after VR Process destruction
+ CVE-2022-28282 Use-after-free in DocumentL10n::TranslateDocument
+ CVE-2022-28285 Incorrect AliasSet used in JIT Codegen
+ CVE-2022-28286 iframe contents could be rendered outside the border
+ CVE-2022-24713 Denial of Service via complex regular expressions
+ CVE-2022-28289 Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
- New ESR version.
- Security fixes:
+ CVE-2022-26383 Browser window spoof using fullscreen mode
+ CVE-2022-26384 iframe allow-scripts sandbox bypass
+ CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
+ CVE-2022-26381 Use-after-free in text reflows
+ CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users
- New ESR version.
- Security fixes:
+ CVE-2022-26485 Use-after-free in XSLT parameter processing
+ CVE-2022-26486 Use-after-free in WebGPU IPC Framework
- New ESR version.
- Security fixes:
+ CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
+ CVE-2022-22754 Extensions could have bypassed permission confirmation during update
+ CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
+ CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
+ CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
+ CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
+ CVE-2022-22763 Script Execution during invalid object state
+ CVE-2022-22764 Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
- New ESR version.
- New ESR version.
- Security fixes:
+ CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
+ CVE-2022-22743 Browser window spoof using fullscreen mode
+ CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
+ CVE-2022-22741 Browser window spoof using fullscreen mode
+ CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
+ CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
+ CVE-2022-22737 Race condition when playing audio files
+ CVE-2021-4140 Iframe sandbox bypass with XSLT
+ CVE-2022-22748 Spoofed origin on external protocol launch dialog
+ CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
+ CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2022-22747 Crash when handling empty pkcs7 sequence
+ CVE-2022-22739 Missing throttling on external protocol launch dialog
+ CVE-2022-22751 Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
- New ESR version.
- New ESR version.
- Security fixes:
+ CVE-2021-43536 URL leakage when navigating while executing asynchronous function
+ CVE-2021-43537 Heap buffer overflow when using structured clone
+ CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both
+ CVE-2021-43539 GC rooting failure when calling wasm instance methods
+ CVE-2021-43541 External protocol handler parameters were unescaped
+ CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler
+ CVE-2021-43543 Bypass of CSP sandbox directive when embedding
+ CVE-2021-43545 Denial of Service when using the Location API in a loop
+ CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed
- Show Home button on toolbar by default (ALT #41360).
- New ESR version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Firefox could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
- New ESR version.
- Security fixes:
+ CVE-2021-38496 Use-after-free in MessageTask
+ CVE-2021-38497 Validation message could have been overlaid on another origin
+ CVE-2021-38498 Use-after-free of nsLanguageAtomService object
+ CVE-2021-32810 Data race in crossbeam-deque
+ CVE-2021-38500 Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2
+ CVE-2021-38501 Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
- New ESR version.
- Security fixes:
+ CVE-2021-38492 Navigating to `mk:` URL scheme could load Internet Explorer
+ CVE-2021-38495 Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1
- New ESR version.
- Security fixes:
+ CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
+ CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT
+ CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode
+ CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux
+ CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion
+ CVE-2021-29990: Memory safety bugs fixed in Firefox 91
- New version (78.13.0).
- Security fixes:
+ CVE-2021-29986 Race condition when resolving DNS names could have led to memory corruption
+ CVE-2021-29988 Memory corruption as a result of incorrect style treatment
+ CVE-2021-29984 Incorrect instruction reordering during JIT optimization
+ CVE-2021-29980 Uninitialized memory in a canvas object could have led to memory corruption
+ CVE-2021-29985 Use-after-free media channels
+ CVE-2021-29989 Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
- New version (78.12.0).
- Security fixes:
+ CVE-2021-29970 Use-after-free in accessibility features of a document
+ CVE-2021-30547 Out of bounds write in ANGLE
+ CVE-2021-29976 Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
- New version (78.11.0).
- Security fixes:
+ CVE-2021-29964 Out of bounds-read when parsing a `WM_COPYDATA` message
+ CVE-2021-29967 Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
- New version (78.10.1).
- Security fixes:
+ CVE-2021-29951 Mozilla Maintenance Service could have been started or stopped by domain users
- New version (78.10.0).
- Security fixes:
+ CVE-2021-23994 Out of bound write due to lazy initialization
+ CVE-2021-23995 Use-after-free in Responsive Design Mode
+ CVE-2021-23998 Secure Lock icon could have been spoofed
+ CVE-2021-23961 More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23999 Blob URLs may have been granted additional privileges
+ CVE-2021-24002 Arbitrary FTP command execution on FTP servers using an encoded URL
+ CVE-2021-29945 Incorrect size computation in WebAssembly JIT could lead to null-reads
+ CVE-2021-29946 Port blocking could be bypassed
- New version (78.9.0).
- Security fixes:
+ CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23984 Malicious extensions could have spoofed popup information
+ CVE-2021-23987 Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 - Do not build for ppc64le.
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
- Rebuild with llvm11.0.
- New version (78.7.1).
- Security fixes:
+ MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
- New version (78.6.1).
- Security fixes:
+ CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
- New version (78.6.0).
- Fixes:
+ CVE-2020-16042 Operations on a BigInt could have caused uninitialized memory to be exposed
+ CVE-2020-26971 Heap buffer overflow in WebGL
+ CVE-2020-26973 CSS Sanitizer performed incorrect sanitization
+ CVE-2020-26974 Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
+ CVE-2020-26978 Internal network hosts could have been probed by a malicious webpage
+ CVE-2020-35111 The proxy.onRequest API did not catch view-source URLs
+ CVE-2020-35112 Opening an extension-less download may have inadvertently launched an executable instead
+ CVE-2020-35113 Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
- Fix build against rust-1.48.
- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
- New version (78.4.1).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for
- Build with nss-3.58.0 (thanks legion@).
- New version (78.4.0).
- Fixes:
+ CVE-2020-15969 Use-after-free in usersctp
+ CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
- New version (78.3.1).
- New release (78.3.0).
- Fixes:
+ CVE-2020-15677 Download origin spoofing via redirect
+ CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element
+ CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free
+ CVE-2020-15673 Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
- Allow sideloading app and system unsigned addons.
- New release (78.2.0).
- Fixes:
+ CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
+ CVE-2020-15664 Attacker-induced prompt for extension installation
+ CVE-2020-15670 Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- Remove python2-base from build requirements.
- New release (78.1.0).
- Fixes:
+ CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker
+ CVE-2020-6514 WebRTC data channel leaks internal address to peer
+ CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy
+ CVE-2020-15653 Bypassing iframe sandbox when allowing popups
+ CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15656 Type confusion for special arguments in IonMonkey
+ CVE-2020-15658 Overriding file type when saving to disk
+ CVE-2020-15657 DLL hijacking due to incorrect loading path
+ CVE-2020-15654 Custom cursor can overlay user interface
+ CVE-2020-15659 Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1
- New ESR version (78.0.2) (based on legion@ spec and patches).
- Package localization files bundled (only kk,ru,uk locales are suppored).
- New release (78.0.2).
- Fixes:
+ MFSA-2020-0003: X-Frame-Options bypass using object or embed tags
- New release (78.0.1).
- Fixes:
+ CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing
+ CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster
+ CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
+ CVE-2020-12418: Information disclosure due to manipulated URL object
+ CVE-2020-12419: Use-after-free in nsGlobalWindowInner
+ CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
+ CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack
+ CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
+ CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library
+ CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process
+ CVE-2020-12425: Out of bound read in Date.parse()
+ CVE-2020-12426: Memory safety bugs fixed in Firefox 78
- New ESR version (68.9.0).
- Fixes:
+ CVE-2020-12399 Timing attack on DSA signatures in NSS library
+ CVE-2020-12405 Use-after-free in SharedWorkerService
+ CVE-2020-12406 JavaScript Type confusion with NativeTypes
+ CVE-2020-12410 Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
- Disable User-Agent patch due to possible infomation leak.
- Add ALT operating system string to browser User-Agent (ALT #38475).
- New ESR version (68.8.0).
- Fixes:
+ CVE-2020-12387 Use-after-free during worker shutdown
+ CVE-2020-12388 Sandbox escape with improperly guarded Access Tokens
+ CVE-2020-12389 Sandbox escape with improperly separated process types
+ CVE-2020-6831 Buffer overflow in SCTP chunk input validation
+ CVE-2020-12392 Arbitrary local file access with 'Copy as cURL'
+ CVE-2020-12393 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2020-12395 Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
- New ESR version (68.7.0).
- Fixes:
+ CVE-2020-6828 Preference overwrite via crafted Intent from malicious Android application
+ CVE-2020-6827 Custom Tabs in Firefox for Android could have the URI spoofed
+ CVE-2020-6821 Uninitialized memory could be read when using the WebGL copyTexSubImage method
+ CVE-2020-6822 Out of bounds write in GMPDecodeData when processing large images
+ CVE-2020-6825 Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
- New ESR version (68.6.1).
- Fixed:
+ CVE-2020-6819 Use-after-free while running the nsDocShell destructor
+ CVE-2020-6820 Use-after-free when handling a ReadableStream
- New ESR version (68.6.0).
- Fix license tag according to SPDX.
- Fixed:
+ CVE-2020-6805 Use-after-free when removing data about origins
+ CVE-2020-6806 BodyStream::OnInputStreamReady was missing protections against state confusion
+ CVE-2020-6807 Use-after-free in cubeb during stream destruction
+ CVE-2020-6811 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2019-20503 Out of bounds reads in sctp_load_addresses_from_init
+ CVE-2020-6812 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
+ CVE-2020-6814 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
- New ESR version (68.5.0).
- Fixed:
+ CVE-2020-6796 Missing bounds check on shared memory read in the parent process
+ CVE-2020-6797 Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
+ CVE-2020-6798 Incorrect parsing of template tag could result in JavaScript injection
+ CVE-2020-6799 Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
+ CVE-2020-6800 Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
- New ESR version (68.4.2).
- Bugs fixed:
+ Fixed various issues opening files with spaces in their path (bug 1601905, bug 1602726).
- New ESR version (68.4.1).
- Fixed:
+ CVE-2019-17015 Memory corruption in parent process during new content process initialization on Windows
+ CVE-2019-17016 Bypass of @namespace CSS sanitization during pasting
+ CVE-2019-17017 Type Confusion in XPCVariant.cpp
+ CVE-2019-17021 Heap address disclosure in parent process during content process initialization on Windows
+ CVE-2019-17022 CSS sanitization does not escape HTML tags
+ CVE-2019-17024 Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
- Fix last changelog according to https://www.altlinux.org/Vulnerability_Policy.
- New ESR version (68.3.0).
- Fixed:
+ CVE-2019-17008 Use-after-free in worker destruction
+ CVE-2019-13722 Stack corruption due to incorrect number of arguments in WebRTC code
+ CVE-2019-11745 Out of bounds write in NSS when encrypting with a block cipher
+ CVE-2019-17009 Updater temporary files accessible to unprivileged processes
+ CVE-2019-17010 Use-after-free when performing device orientation checks
+ CVE-2019-17005 Buffer overflow in plain text serializer
+ CVE-2019-17011 Use-after-free when retrieving a document in antitracking
+ CVE-2019-17012 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
- New ESR version (68.2.0).
- Fixed:
+ CVE-2019-15903 Heap overflow in expat library in XML_GetCurrentLineNumber
+ CVE-2019-11757 Use-after-free when creating index updates in IndexedDB
+ CVE-2019-11758 Potentially exploitable crash due to 360 Total Security
+ CVE-2019-11759 Stack buffer overflow in HKDF output
+ CVE-2019-11760 Stack buffer overflow in WebRTC networking
+ CVE-2019-11761 Unintended access to a privileged JSONView object
+ CVE-2019-11762 document.domain-based origin isolation has same-origin-property violation
+ CVE-2019-11763 Incorrect HTML parsing results in XSS bypass technique
+ CVE-2019-11764 Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- Fix open context menu (thanks george@).
- New ESR version (68.1.0).
- Fixed:
+ CVE-2019-11751 Malicious code execution through command line parameters
+ CVE-2019-11746 Use-after-free while manipulating video
+ CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742 Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736 File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753 Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752 Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812 Sandbox escape through Firefox Sync
+ CVE-2019-11743 Cross-origin access to unload event attributes
+ CVE-2019-11748 Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749 Camera information available without prompting using getUserMedia
+ CVE-2019-11750 Type confusion in Spidermonkey
+ CVE-2019-11738 Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11735 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 - Build in 8 jobs.
- New ESR version (68.0.2).
- Fixed:
+ CVE-2019-11733 Stored passwords in 'Saved Logins' can be copied without master password entry
- New ESR version (68.0.1).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
- Fix Russian description encoding.
- New ESR version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
- Added ppc64le support.
- spec: cleaned up rpm-build internal macros.
- New ESR version (60.7.2).
- Fixed:
+ CVE-2019-11708 sandbox escape using Prompt:Open
- New ESR version (60.7.1).
- Fixed:
+ CVE-2019-11707 Type confusion in Array.pop
- Fix build with Rust > 1.33.
- New ESR version (60.7.0).
- Fixed:
+ CVE-2019-9815 Disable hyperthreading on content JavaScript threads on macOS
+ CVE-2019-9816 Type confusion with object groups and UnboxedObjects
+ CVE-2019-9817 Stealing of cross-domain images using canvas
+ CVE-2019-9818 Use-after-free in crash generation server
+ CVE-2019-9819 Compartment mismatch with fetch API
+ CVE-2019-9820 Use-after-free of ChromeEventHandler by DocShell
+ CVE-2019-11691 Use-after-free in XMLHttpRequest
+ CVE-2019-11692 Use-after-free removing listeners in the event listener manager
+ CVE-2019-11693 Buffer overflow in WebGL bufferdata on Linux
+ CVE-2019-7317 Use-after-free in png_image_free of libpng library
+ CVE-2019-9797 Cross-origin theft of images with createImageBitmap
+ CVE-2018-18511 Cross-origin theft of images with ImageBitmapRenderingContext
+ CVE-2019-11694 Uninitialized memory memory leakage in Windows sandbox
+ CVE-2019-11698 Theft of user history data through drag and drop of hyperlinks to and from bookmarks
+ CVE-2019-5798 Out-of-bounds read in Skia
+ CVE-2019-9800 Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- New ESR version (60.6.2).
- Hotfix for addon signing cert has not been applied.
- New ESR version (60.6.1).
- Fixed:
+ CVE-2019-9810 IonMonkey MArraySlice has incorrect alias information
+ CVE-2019-9813 Ionmonkey type confusion with __proto__ mutations
- New ESR version (60.6.0).
- Fixed:
+ CVE-2019-9790 Use-after-free when removing in-use DOM elements
+ CVE-2019-9791 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
+ CVE-2019-9792 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
+ CVE-2019-9793 Improper bounds checks when Spectre mitigations are disabled
+ CVE-2019-9794 Command line arguments not discarded during execution
+ CVE-2019-9795 Type-confusion in IonMonkey JIT compiler
+ CVE-2019-9796 Use-after-free with SMIL animation controller
+ CVE-2019-9801 Windows programs that are not 'URL Handlers' are exposed to web content
+ CVE-2018-18506 Proxy Auto-Configuration file can define localhost access to be proxied
+ CVE-2019-9788 Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
- Rebuild vith libvpx5.
- New ESR version (60.5.2).
- New ESR version (60.5.1).
- Fixed:
+ CVE-2018-18356 Use-after-free in Skia
+ CVE-2019-5785 Integer overflow in Skia
+ CVE-2018-18335 Buffer overflow in Skia with accelerated Canvas 2D
- New ESR version (60.5.0).
- Fixed:
+ CVE-2018-18500 Use-after-free parsing HTML5 stream
+ CVE-2018-18505 Privilege escalation through IPC channel messages
+ CVE-2018-18501 Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- Rebuild with llvm7.0 (ALT #35858).
- Build with gcc on %ix86.
- New ESR version (60.4.0)
- Fixed:
+ CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492 Use-after-free with select element
+ CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18498 Integer overflow when calculating buffer sizes for images
+ CVE-2018-12405 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
- New ESR version (60.3.0).
- Fixed:
+ CVE-2018-12391 HTTP Live Stream audio data is accessible cross-origin
+ CVE-2018-12392 Crash with nested event loops
+ CVE-2018-12393 Integer overflow during Unicode conversion while loading JavaScript
+ CVE-2018-12395 WebExtension bypass of domain restrictions through header rewriting
+ CVE-2018-12396 WebExtension content scripts can execute in disallowed contexts
+ CVE-2018-12397 WebExtension can request access to local files without the warning prompt
+ CVE-2018-12389 Memory safety bugs fixed in Firefox ESR 60.3
+ CVE-2018-12390 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- New ESR version (60.2.2)
- Fixed:
+ CVE-2018-12386 Type confusion in JavaScript
+ CVE-2018-12387 JavaScript JIT compiler inlines Array.prototype.push with multiple arguments
- New ESR version (60.2.1).
- Fixed:
+ CVE-2018-12385 Crash in TransportSecurityInfo due to cached data
+ CVE-2018-12383 Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
- New ESR version (60.2.0).
- Fixed:
+ CVE-2018-12377 Use-after-free in refresh driver timers
+ CVE-2018-12378 Use-after-free in IndexedDB
+ CVE-2018-12379 Out-of-bounds write with malicious MAR file
+ CVE-2017-16541 Proxy bypass using automount and autofs
+ CVE-2018-12381 Dragging and dropping Outlook email message results in page navigation
+ CVE-2018-12376 Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
- New ESR version (60.1.0).
- Fixed:
+ CVE-2018-12359 Buffer overflow using computed size of canvas element
+ CVE-2018-12360 Use-after-free when using focus()
+ CVE-2018-12361 Integer overflow in SwizzleData
+ CVE-2018-12362 Integer overflow in SSSE3 scaler
+ CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture
+ CVE-2018-12363 Use-after-free when appending DOM nodes
+ CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365 Compromised IPC child process can list local filenames
+ CVE-2018-12371 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-12366 Invalid data handling during QCMS transformations
+ CVE-2018-12367 Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-12368 No warning when opening executable SettingContent-ms files
+ CVE-2018-12369 WebExtension security permission checks bypassed by embedded experiments
+ CVE-2018-5187 Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- Fix build for aarch64 (thanks legion@).
- New ESR version (60.0.2).
- Fixed:
+ CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia
- New ESR version (60.0.1).
- Fixed:
+ CVE-2018-5154: Use-after-free with SVG animations and clip paths
+ CVE-2018-5155: Use-after-free with SVG animations and text paths
+ CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5160: Uninitialized memory use by WebRTC encoder
+ CVE-2018-5152: WebExtensions information leak through webRequest API
+ CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
+ CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
+ CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
+ CVE-2018-5166: WebExtension host permission bypass through filterReponseData
+ CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
+ CVE-2018-5168: Lightweight themes can be installed without user interaction
+ CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
+ CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
+ CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
+ CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
+ CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
+ CVE-2018-5176: JSON Viewer script injection
+ CVE-2018-5177: Buffer overflow in XSLT during number formatting
+ CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
+ CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
+ CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
+ CVE-2018-5151: Memory safety bugs fixed in Firefox 60
+ CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- New ESR version (52.8.0).
- Fixes:
+ CVE-2018-5183 Backport critical security fixes in Skia
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5157 Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158 Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- New ESR version (52.7.4).
- New ESR version (52.7.3)
- Fixes:
+ CVE-2018-5148 Use-after-free in compositor
- New ESR version (52.7.2)
- New ESR version (52.7.1)
- New ESR version (52.7.0).
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130 Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131 Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7
- Enable ALSA support (ALT #34608)
- New ESR version (52.6.0)
- Fixes:
+ CVE-2018-5095 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-5096 Use-after-free while editing form elements
+ CVE-2018-5097 Use-after-free when source document is manipulated during XSLT
+ CVE-2018-5098 Use-after-free while manipulating form input elements
+ CVE-2018-5099 Use-after-free with widget listener
+ CVE-2018-5102 Use-after-free in HTML media elements
+ CVE-2018-5103 Use-after-free during mouse event handling
+ CVE-2018-5104 Use-after-free during font face manipulation
+ CVE-2018-5117 URL spoofing with right-to-left text aligned left-to-right
+ CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - Continue fix of Speculative execution side-channel attack ("Spectre")
- New ESR version (52.5.3)
- Fixes:
+ Speculative execution side-channel attack ("Spectre")
- New ESR version (52.5.2)
- Fixes:
+ CVE-2017-7843 Web worker in Private Browsing mode can write IndexedDB data - Build with DBUS support (ALT #34302)
- New ESR version (52.5.0)
- Fixes:
+ CVE-2017-7828 Use-after-free of PressShell while restyling layout
+ CVE-2017-7830 Cross-origin URL information leak through Resource
+ CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR
- New ESR version (52.4.0)
- Fixes:
+ CVE-2017-7793 Use-after-free with Fetch API
+ CVE-2017-7818 Use-after-free during ARIA array manipulation
+ CVE-2017-7819 Use-after-free while resizing images in design mode
+ CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7823 CSP sandbox directive did not create a unique origin
+ CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
- New ESR version (52.3.0)
- Security fixes:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7806: Use-after-free in layer manager with SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
- New ESR version (52.2.1)
- New ESR version (52.2.0)
- Security fixes:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
+ CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
+ CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
- New ESR version (52.1.1)
- Set plugin.load_flash_only setting to false to allow use all NPAPI plugins
- Security fixes since 52.0:
+ CVE-2016-10196: Vulnerabilities in Libevent library
+ CVE-2017-5031: Use after free in ANGLE
+ CVE-2017-5428: integer overflow in createImageBitmap()
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR
+ CVE-2017-5435: Use-after-free during transaction processing in the
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during
+ CVE-2017-5444: Buffer overflow while parsing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5454: Sandbox escape allowing file system read access through
+ CVE-2017-5455: Sandbox escape through internal feed reader APIs
+ CVE-2017-5456: Sandbox escape allowing local file system access
+ CVE-2017-5464: Memory corruption with accessibility and DOM
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html
+ CVE-2017-5467: Memory corruption when drawing Skia content
- New release (52.0) based on legion@ build.
- Built with internal icu.
- Fixed:
+ CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+ CVE-2017-5401: Memory Corruption when handling ErrorResult
+ CVE-2017-5402: Use-after-free working with events in FontFace objects
+ CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
+ CVE-2017-5404: Use-after-free working with ranges in selections
+ CVE-2017-5406: Segmentation fault in Skia with canvas operations
+ CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
+ CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
+ CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
+ CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
+ CVE-2017-5412: Buffer overflow read in SVG filters
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ CVE-2017-5414: File picker can choose incorrect default directory
+ CVE-2017-5415: Addressbar spoofing through blob URL
+ CVE-2017-5416: Null dereference crash in HttpChannel
+ CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+ CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
+ CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
+ CVE-2017-5419: Repeated authentication prompts lead to DOS attack
+ CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
+ CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
+ CVE-2017-5421: Print preview spoofing
+ CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
+ CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+ CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions
- New ESR version
- Require fresh libnss for correct https open
- New ESR version
- Fix build with GCC 6.1
- New ESR version
- Make it pass strict verification of unresolved ELF symbols; this will also
protect us from missing dependencies on libgtk symbols. (Thx legion@ for
the original hack, removed in 44.0.2-alt3, but found to be restorable by
ruslandh@'s work on strict unresolved symbols verification in palemoon.)
- New ESR version
- Security fixes:
+ MFSA 2016-92 Firefox SVG Animation Remote Code Execution
- New ESR version
- New ESR version
- New ESR version
- Security fixes:
+ MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
+ MFSA 2016-79 Use-after-free when applying SVG effects
+ MFSA 2016-78 Type confusion in display transformation
+ MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
+ MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
+ MFSA 2016-73 Use-after-free in service workers with nested sync events
+ MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
+ MFSA 2016-70 Use-after-free when using alt key and toplevel menus
+ MFSA 2016-67 Stack underflow during 2D graphics rendering
+ MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
+ MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
+ MFSA 2016-63 Favicon network connection can persist when page is closed
- New ESR version
- Security fixes:
+ MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
+ MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
+ MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
+ MFSA 2016-53 Out-of-bounds write with WebGL shader
+ MFSA 2016-52 Addressbar spoofing though the SELECT element
+ MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
+ MFSA 2016-50 Buffer overflow parsing HTML5 fragments
- Build with GTK+ 2.x (ALT #32120)
- New ESR version
- New ESR version
- Security fixes:
+ MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()
+ MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets
+ MFSA 2016-39 Miscellaneous memory safety hazards
- New ESR version (switch to 45.x)
- New ESR version
- Rebuild with new rpm
- New ESR version
- Security fixes:
+ MFSA 2016-37 Font vulnerabilities in the Graphite 2 library
+ MFSA 2016-35 Buffer overflow during ASN.1 decoding in NSS
+ MFSA 2016-34 Out-of-bounds read in HTML parser following a failed allocation
+ MFSA 2016-31 Memory corruption with malicious NPAPI plugin
+ MFSA 2016-28 Addressbar spoofing though history navigation and Location protocol property
+ MFSA 2016-27 Use-after-free during XML transformations
+ MFSA 2016-25 Use-after-free when using multiple WebRTC data channels
+ MFSA 2016-24 Use-after-free in SetBody
+ MFSA 2016-23 Use-after-free in HTML5 string parser
+ MFSA 2016-21 Displayed page address can be overridden
+ MFSA 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
+ MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports
+ MFSA 2016-16 Miscellaneous memory safety hazards
+ MFSA 2015-136 Same-origin policy violation using performance.getEntries and history navigation
+ MFSA 2015-81 Use-after-free in MediaStream playback
- New ESR version
- Security fixes:
+ MFSA 2016-14 Vulnerabilities in Graphite 2
- New ESR version
- Security fixes:
+ MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation
+ MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
+ MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
- New ESR version
- Security fixes:
+ MFSA 2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
- New ESR version
- New ESR version
- Security fixes:
+ MFSA 2015-149 Cross-site reading attack through data and view-source URIs
+ MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
+ MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
+ MFSA 2015-145 Underflow through code inspection
+ MFSA 2015-139 Integer overflow allocating extremely large textures
+ MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
- New ESR version
- Security fixes:
+ MFSA 2015-133 NSS and NSPR memory corruption issues
+ MFSA 2015-132 Mixed content WebSocket policy bypass through workers
+ MFSA 2015-131 Vulnerabilities found through code inspection
+ MFSA 2015-130 JavaScript garbage collection crash with Java applet
+ MFSA 2015-128 Memory corruption in libjar through zip files
+ MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
+ MFSA 2015-123 Buffer overflow during image interactions in canvas
+ MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
- Use GStreamer 1.0 (ALT #31305)
- New ESR version
- Security fixes:
+ MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
+ MFSA 2015-112 Vulnerabilities found through code inspection
+ MFSA 2015-111 Errors in the handling of CORS preflight request headers
+ MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
+ MFSA 2015-106 Use-after-free while manipulating HTML media content
+ MFSA 2015-105 Buffer overflow while decoding WebM video
+ MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
+ MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
- New ESR version
- Security fixes:
+ MFSA 2015-95 Add-on notification bypass through data URLs
+ MFSA 2015-94 Use-after-free when resizing canvas element during restyling
- New ESR version
- Security fixes:
+ MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
+ MFSA 2015-90 Vulnerabilities found through code inspection
+ MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
+ MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
+ MFSA 2015-87 Crash when using shared memory in JavaScript
+ MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
+ MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance
Service with hard links
+ MFSA 2015-83 Overflow issues in libstagefright
+ MFSA 2015-82 Redefinition of non-configurable JavaScript object
properties
+ MFSA 2015-80 Out-of-bounds read with malformed MP3 file
- New ESR version
- Security fixes:
+ MFSA 2015-78 Same origin violation and local file stealing via PDF reader
- New ESR version
- Security fixes:
+ MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
+ MFSA 2015-69 Privilege escalation through internal workers
+ MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
+ MFSA 2015-66 Vulnerabilities found through code inspection
+ MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
+ MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
+ MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
+ MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
+ MFSA 2015-61 Type confusion in Indexed Database Manager
+ MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
- New ESR version
+ 2015-19 Out-of-bounds read and write while rendering SVG content
+ 2015-16 Use-after-free in IndexedDB
+ 2015-12 Invoking Mozilla updater will load locally stored DLL files
- Package ESR version as firefox-esr
- Fixed:
+ MFSA 2015-06 Read-after-free in WebRTC
+ MFSA 2015-04 Cookie injection through Proxy Authenticate responses
+ MFSA 2015-03 sendBeacon requests lack an Origin header