./www/firefox115, Web browser with support for extensions (version 115ESR)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 115.19.0, Package name: firefox115-115.19.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.

Note: Due to upstream's trademark policies, this package identifies as
"Nightly" rather than "Firefox" by default.

This package provides Firefox 115 Extended Support Release.



Package options: sunaudio, webrtc

Master sites: (Expand)

Filesize: 493955.645 KB

Version history: (Expand)

CVS history: (Expand)


   2025-01-07 18:17:34 by Benny Siegert | Files touched by this commit (4) | Package updated
Log message:
firefox115, firefox115-l10n: update to 115.19.0

Security Vulnerabilities fixed in Firefox ESR 115.19

#CVE-2025-0238: Use-after-free when breaking lines in text

Impact: moderate

Assuming a controlled failed memory allocation, an attacker could have
caused a use-after-free, leading to a potentially exploitable crash.

#CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird
128.6

Impact: high

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18,
Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these
bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.
   2024-12-27 09:21:09 by Thomas Klausner | Files touched by this commit (1055) 
Log message:
*: recursive bump for pango requiring fontconfig 2.15
   2024-11-26 20:11:54 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
firefox115: update to 115.18.0

Security Vulnerabilities fixed in Firefox ESR 115.18

#CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL

Impact: high

Certain WebGL operations on Apple silicon M series devices could have lead to
an out-of-bounds write and memory corruption due to a flaw in Apple's GPU
driver.
This bug only affected the application on Apple M series hardware. Other
platforms were unaffected.

#CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims

Impact: moderate

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP
frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web
Compatibility extension. This issue could have exposed users to malicious
frames masquerading as legitimate content.
   2024-11-17 08:17:06 by Thomas Klausner | Files touched by this commit (944) 
Log message:
*: recursive bump for default-on option of at-spi2-core
   2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) 
Log message:
*: recursive bump for icu 76 shlib major version bump
   2024-11-14 00:41:15 by Thomas Klausner | Files touched by this commit (1) 
Log message:
firefox115: mark as not for Python 3.13
   2024-11-08 03:15:10 by David H. Gutteridge | Files touched by this commit (2) | Package updated
Log message:
firefox115: update to 115.17.0

Mozilla Foundation Security Advisory 2024-57
Security Vulnerabilities fixed in Firefox ESR 115.17

CVE-2024-10458: Permission leak via embed or object elements
CVE-2024-10459: Use-after-free in layout with accessibility
CVE-2024-10463: Cross origin video frame leak
   2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) 
Log message:
*: revbump for icu downgrade