Overview

File _patchinfo of Package patchinfo.14947

<patchinfo incident="14947">
  <issue tracker="bnc" id="1171186">VUL-0: MozillaFirefox: 68.8ESR / 76 release - MFSA 2020-16 / 2020-17</issue>
  <issue tracker="cve" id="2020-12387"/>
  <issue tracker="cve" id="2020-12392"/>
  <issue tracker="cve" id="2020-12389"/>
  <issue tracker="cve" id="2020-6831"/>
  <issue tracker="cve" id="2020-12395"/>
  <issue tracker="cve" id="2020-12393"/>
  <issue tracker="cve" id="2020-12388"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

Update to version 68.8.0 ESR (bsc#1171186):

- CVE-2020-12387: Use-after-free during worker shutdown
- CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
- CVE-2020-12389: Sandbox escape with improperly separated process types
- CVE-2020-6831: Buffer overflow in SCTP chunk input validation
- CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
- CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
- CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places