Overview

File _patchinfo of Package patchinfo.17660

<patchinfo incident="17660">
  <issue tracker="bnc" id="1180039">VUL-0: MozillaFirefox, MozillaThunderbird: update to 78.6.0 ESR / 84.0</issue>
  <issue tracker="cve" id="2020-26973"/>
  <issue tracker="cve" id="2020-35111"/>
  <issue tracker="cve" id="2020-16042"/>
  <issue tracker="cve" id="2020-26974"/>
  <issue tracker="cve" id="2020-35113"/>
  <issue tracker="cve" id="2020-26978"/>
  <issue tracker="cve" id="2020-35112"/>
  <issue tracker="cve" id="2020-26971"/>
  <packager>cgrobertson</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.6.0 ESR
  * Fixed: Various stability, functionality, and security fixes
  MFSA 2020-55 (bsc#1180039)
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places